I have been using postman to explore a REST interface. When using Postman's code generation feature, regardless of which programming language I select, Postman will always add a postman-token attribute in the header. Why is it there?
See for example PHP Curl:
<?php
$curl = curl_init();
curl_setopt_array($curl, array(CURLOPT_URL => "https://myURL.com,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => array(
"authorization: Basic abcdefghijklmnop",
"cache-control: no-cache",
"postman-token: wt53gwg-e9bb-645d-g53d-e42f8765aut0"
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
This is primarily used to bypass a bug in Chrome. If an XMLHttpRequest is pending and another request is sent with the same parameters then Chrome returns the same response for both of them. Sending a random token avoids this issue. This can also help you distinguish between request on the server side.
See docs/settings postman.
Related
I'm creating a crawler to capture some public information.
However, it is returning:
Access Denied
You don't have permission to access "http://www.americanas.com.br/" on this server.
Using Postman to test a request, cURL works perfectly. I even got the code generated by Postman (as shown below), but when I use it directly on my PHP server, return the error informed above.
My cURL code:
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://www.americanas.com.br/",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => array(
"cache-control: no-cache",
"postman-token: 112ebf89-1bb7-aa7a-0645-cdeabcf96488"
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if($err) echo "cURL Error #:" . $err;
else echo $response;
exit();
I found that there are sites with more complex locks. In these cases, it is necessary to use more complete crawler solutions.
The one I'm using and is working is Proxycawl (https://proxycrawl.com/).
Your postman is querying https://www.americanas.com.br/ while from the error message we can suppose that in your crawler you are querying http://www.americanas.com.br/
I have an auth.php file that should make a request to an API with some headers, data and stuff.
I tried Postman, and gave me a response almost immediately.
I copied the code (PHP > cURL) and tried it, and it would be waiting for MYPRIVATESITE.com for 30 seconds (I set the timeout to that), and then just cURL ERROR: TIMED OUT (or something like that).
What did I do wrong? It works with e.g. postman, so why not my website?
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://discordapp.com/api/v6/oauth2/token",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "client_id=PRIVATEID&client_secret=PRIVATEKEY&grant_type=authorization_code&code=$code&redirect_uri=https%3A%2F%2Fkanebot.epizy.com%2Fauth.php&scope=identify%20guilds&undefined=",
CURLOPT_HTTPHEADER => array(
"Content-Type: application/x-www-form-urlencoded",
"cache-control: no-cache"
)
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
Note: The PRIVATEKEY and PRIVATEID are there, I just remove them because I don't want anyone else to steal it. It's defined, and it worked (read up).
The $code is also defined.
You are missing the & operator in your POSTFIELDS between the client_secret and the grant_type
try to add the & and see if its working after (it will sure solve one of the problems you have)
client_id=PRIVATEID&client_secret=PRIVATEKEYgrant_type=authorization_code&code=$code&redirect_uri=https%3A%2F%2Fkanebot.epizy.com%2Fauth.php&scope=identify%20guilds&undefined=
I am writing a php in this i got error message in output
Method not allowed. Must be one of: PUT
here is my php codes
$h[]='Content-Type: application/json; charset=UTF-8';
$h[]='User-Agent: okhttp/3.9.1';
$postdata='{"my_link":"abcd1234"}';
$url=http://myurl.com
$ch=curl_init();
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_USERAGENT,$agent);
curl_setopt($ch,CURLOPT_VERBOSE,1);
curl_setopt($ch,CURLOPT_POST,TRUE);
curl_setopt($ch,CURLOPT_POSTFIELDS,$postdata);
curl_setopt($ch,CURLOPT_HTTPHEADER,$h);
curl_setopt($ch,CURLOPT_HEADER,1);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,TRUE);
curl_setopt($ch,CURLOPT_FOLLOWLOCATION,TRUE);
$output=curl_exec($ch);
echo "$output";
How to solve this problem guys help me out for this
Try this, by way of example. request tested with Postman:
<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_PORT => "53632",
CURLOPT_URL => "http://myurl.com:53632/api/todo/1",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "PUT",
CURLOPT_POSTFIELDS => " {'my_link': 'abcd1234' }",
CURLOPT_HTTPHEADER => array(
"Cache-Control: no-cache",
"Content-Type: application/json"
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err)
{
echo "cURL Error #:" . $err;
}
else
{
echo $response;
}
You can use a custom request method:
CURLOPT_CUSTOMREQUEST => "PUT"//GET,DELETE
http://php.net/manual/en/function.curl-setopt.php
A custom request method to use instead of "GET" or "HEAD" when doing a
HTTP request. This is useful for doing "DELETE" or other, more obscure
HTTP requests.
Note:
Don't do this without making sure the server supports the custom
request method first.
I am using moodle rest plugins for mobile web-services and from this tutorial I have enabled rest API and other related services as per the documentation when I try to test the web service then I got following error
{"exception":"moodle_exception","errorcode":"noauthheader","message":"No Authorization header found in request sent to Moodle"}
I have the cross check the moodle token even try may new tokens but no luck
here is me test php code to check the web-services:
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "mydomain.com/webservice/restful/server.php/core_course_get_courses",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => '{"options": {"ids":[2]}}',
CURLOPT_HTTPHEADER => array(
"accept: application/json",
"authorization: {4838e6771cdbfd1eefbf37b3839587d9}",
"cache-control: no-cache",
"content-type: application/json",
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
please let me know, what i am doing wronge
thanks
Absolutely baffled by this problem. I have a curl script, when pasted in a separate file, put the url of the file in a browser and hit enter, it works. But when the same script is to be triggered under a function. It doesn't run.
The script sends card details for payment processing e.g. It sends details to mastercard which deducts pay and returns a response to be acted upon
Here is the script (NOTE I have changed some details for privacy):
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://cardsapi.example.com/step1.php?cvv=467&cardno=123456789011&ccexpmonth=02&ccexpyear=18&amount=15000&email=example#example.com&names=TestUser&transaction_id=111111111&callback=http://cardsapi.example.com",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => array(
"Authorization: Bearer UVZoQk9rcFhDcWxlR1RPSnJBa1RaRkZQSjdZdlVSRzdZTThHVldLUU1jZz06MTIzNDU6UTIydkozVll4RzFMWUV2MkViSDl5UVN3NFFRanZrNVJoVThQM0pXTXRIRT06MTk3LjI0OC4xNDkuNjI6MDQvMDAvMTcgMTIwMA==",
"Cache-Control: no-cache",
"Postman-Token: 98defbc9-f5af-3b48-b416-b9d31325df07",
"content-type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW"
),
)
);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
If I put this code in something like curlscript.php and run it ex. http://localhost/scripts/curlscript.php , it works. But when I put the code under a function e.g. send_process_pay() in a file e.g. process_pay.php it doesn't trigger. process_pay.php validates the data, triggers function if ok and acts upon response from MasterCard/VISA etc.
How can I make it run under a function?
EDIT:
This is how it is housed in a function and called:
function send_process_pay(){
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://cardsapi.example.com/step1.php?cvv=467&cardno=123456789011&ccexpmonth=02&ccexpyear=18&amount=15000&email=example#example.com&names=TestUser&transaction_id=111111111&callback=http://cardsapi.example.com",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => array(
"Authorization: Bearer UVZoQk9rcFhDcWxlR1RPSnJBa1RaRkZQSjdZdlVSRzdZTThHVldLUU1jZz06MTIzNDU6UTIydkozVll4RzFMWUV2MkViSDl5UVN3NFFRanZrNVJoVThQM0pXTXRIRT06MTk3LjI0OC4xNDkuNjI6MDQvMDAvMTcgMTIwMA==",
"Cache-Control: no-cache",
"Postman-Token: 98defbc9-f5af-3b48-b416-b9d31325df07",
"content-type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW"
),
)
);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
return $response;
}
}
and then:
if(data_valid){
$the_response = send_process_pay();
}
So when the data is valid, the response is stored in a variable.So other proccesses are activated depending on response
Update:
Having had a look at the code, the cURL script is indeed working. The difference between running the file over putting it as a function is that, when running a file, the response, which is html with a javascript auto-submit executes but in the function, the reponse (html) is returned but not executed.
The problem now is to figure out how to run the response so that the auto-submit javascript function in it works.