I want to set a header for getting the token from flipkart. I dont know how to set a header in curl. My header should like
curl -u <appid>:<app-secret> https://sandbox-api.flipkart.net/oauth-service/oauth/token\?grant_type\=client_credentials\&scope=Seller_Api
It looks like you're trying to do HTTP basic authentication, or at least that's what the -u option of curl does when used alone like this.
In PHP you would set up basic authentication for a curl request like this, assuming $ch is your curl instance (which you can get with curl_init):
curl_setopt($ch, CURLOPT_USERPWD, 'appid:appsecret');
See the curl documentation on curl_setopt for more information.
In curl command you have to do like this,
curl -u your-app-id:your-app-token https://sandbox-api.flipkart.net/oauth-service/oauth/token\?grant_type\=client_credentials\&scope=Seller_Api
you will get the result like this on success,
{"access_token":"394b7d-418a-43f6-8fd5-e67aea2c4b","token_type":"bearer","expires_in":4657653,"scope":"Seller_Api"}
by using this token you can make further api call's like for example listing api,
curl -H "Authorization:Bearer your-access-token" -H "Content-Type: application/json" -d 'json-here-see-format-in-api-example' https://url-end-point-refer-api-docs
note: you have to create app id and secret in "https://sandbox-api.flipkart.net/oauth-register/login" for sandbox. Don't store the access token it will get expired in certain period of time.
link for api doc's - "https://seller.flipkart.com/api-docs/fmsapi_index.html"
Related
I am making a Chrome Extension that talks to a website via an api. I want it to pass information about a current tab to my website via a cors request.
I have a POST api request already working. It looks like this:
...
var url = "https://webiste.com/api/v1/users/sendInfo"
...
xhr.send(JSON.stringify({user_name:user_name, password:password, info:info}));
Its corresponding curl statement is something like this:
curl -X POST https://website.com/api/v1/users/sendInfo -d '{ username:"username", password:"password", info: "Lot's of info" }' --header "Content-type: application/json
But, this is not as secure as we want. I was told to mirror the curl command below:
curl --basic -u username:password <request url> -d '{ "info": "Lot's of info" }'
But, one cannot just write curl into javascript.
If someone could either supply javascript that acts like this curl statement or explain exactly what is going on in that basic option of the curl script I think that I could progress from there.
The curl command is setting a basic Authorization header. This can be done in JavaScript like
var url = "https://webiste.com/api/v1/users/sendInfo",
username = "...",
password = "...";
xhr.open('POST', url, true, username, password);
xhr.send(...);
This encodes the username/password using base 64, and sets the Authorization header.
Edit As arcyqwerty mentioned, this is no more secure than sending username/password in the request body JSON. The advantage of using the basic authentication approach is that it's a standard way of specifying user credentials which integrates well with many back-ends. If you need security, make sure to send your data over HTTPS.
curl is the curl binary which fetches URLs.
--basic tells curl to use "HTTP Basic Authentication"
-u username:password tells curl supply a given username/password for the authentication. This authentication information is base64 encoded in the request. Note the emphasis on encoded which is different from encrypted. HTTP basic auth is not secure (although it can be made more secure by using an HTTPS channel)
-d tells curl to send the following as the data for the request
You may be able to specify HTTP basic authentication in your request by making the request to https://username:password#website.com/api/v1/users/sendInfo
i'm having a hard time authorizing a user login since i just dont know the right syntax. I want to modify https://github.com/ZWEISCHNEIDER/fastbill to enable said login API-wise.
The current header bit looks like this and works
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'header' => 'Authorization: Basic ' . base64_encode($this->email.':'.$this->apiKey)
)
);
With this i can connect to the general API and get all the information. In the documentation of the API it requires me to put the following additional info into the header (left -u line there for better understanding) in order to receive user-bound information only.
-u {E-Mail-Address}:{API-Key} \
-H 'X-Username: {User-Emailaddress}'\
-H 'X-Password: {User-Password}' \
How do i adapt the 'header' content-string to fit X-Username:$username and X-Password:$pwd in there?
(api doc: https://www.fastbill.com/api/fastbill/en/fundamentals.html#authentification)
thanks in advance
ok i'm sorry, this did not have anything to do with malformed header requests from my side -- the api simply won't let me access like i planned using a regular api key
I am using the codeigniter rest server api library.
When I enter http://localhost/RESTapi/api/question?X-API-KEY=XXX in Postman with the PUT method
I'm getting:
{
"status": false,
"error": "Invalid API key "
}
It works fine with GET method
How can I fix this issue?
I've seen some API's that do not look at the GET params if you make a POST or PUT request for credentials or are inconsistent in how they do it.
Really, credentials should go in headers either via the Authorize header or a custom one for many reasons like 'not logging credentials to access logs', but I digress.
In this case you can try:
Put (no pun) the X-API-KEY=XXX inside the body of the PUT just to see if this works
See if/how the library accepts the API key in a header
Looking at this library in particular (https://github.com/chriskacerguis/codeigniter-restserver), they do support the header X-API-KEY. This should be where you put the key for ALL requests--it's best practice not to pass them as url params.
Here's the commandline example using curl from their Github project.
curl -X POST -H "X-API-KEY: some_key_here" http://example.com/books
In PHP you can use curl to set header like this:
curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-API-KEY: XXX'));
Good Morning,
I'm looking for a way to update the dropdown values in a column in my Smartsheet. Going off the Smartsheet API 2.0, I managed to come up with the following code to use with curl, but I'm getting the following error when running it in CMD.
Here is the code I'm using:
curl https://api.smartsheet.com/2.0/sheets/7654838910642052/columns/4 -H "Authorization: Bearer 6cn0otb4tdjueqzuflgnkzff17" -X PUT -d '{"title":"Weekend Date","index":4, "type" : "PICKLIST", "options" :["31-OCT-2015"]}' -k
The error message I get from CMD, is as follows:
C:\New>curl https://api.smartsheet.com/2.0/sheets/7654838910642052/columns/4 -H "Authorization: Bearer 5cn0otb4tdjueqzuflgnkzff17" -X PUT -d '{"title"
:"Weekend Date","index":4, "type" : "PICKLIST", "options" :["31-OCT-2015"]}' -k
{"errorCode":1124,"message":"Invalid Content-Type header. Media type not supported."}curl: (6) Could not resolve host: type; Host not found
¶hA▓╔ôÒ±$═»ù0♠~¡lk§☺▄ÜQK¡^ Õf ƒîa♀ÛæçÂ"õ8Ê╝±↕åÊJcurl: (6) Could not resolve host: PICKLIST,; Host not found
curl: (6) Could not resolve host: options; Host not found
curl: (3) [globbing] error: bad range specification after pos 3
Would appreciate any help I can get!!! This error is really annoying, and I have spent a good few hours trying to fix it.
** Note that I have changed the access token for security reasons, but the token I am using is definitely valid **
As Joseph suggested in his answer, you'll certainly want to verify that the value you're specifying for {columnId} in the URL is valid. However, the error you're getting is likely unrelated to that issue.
What's likely happening is that cURL is automatically setting the Content-Type header for you to the value "application/x-www-form-urlcoded" -- which is not a valid content type for this request to Smartsheet. You can resolve this error by simply setting the Content-Type header yourself in the request (i.e., add this: -H "Content-Type: application/json" to the request).
For example, my request to update the picklist options for a column such that the only option is "31-OCT-2015" looks like this:
curl https://api.smartsheet.com/2.0/sheets/{sheetId}/columns/{columnId} -H "Authorization: Bearer YOUR_TOKEN" -H "Content-Type: application/json" -X PUT -d "{\"type\":\"PICKLIST\", \"options\":[\"31-OCT-2015\"]}" -k
Note that to update picklist options, the only attributes I need to set in the JSON are type and options. Also note that I used (escaped) double quotes in the JSON instead of single quotes -- you may or may not need to do this (depending on your platform).
It looks like the path you're using may be incorrect. I can see there's a "4" included in the path where the Column ID should be. For updating Column(s), you'd use the following path:
curl
https://api.smartsheet.com/2.0/sheets/{sheetId}/columns/{columnId}
You can find the API reference here.
We're using Commission Junction's REST service, which requires we sent an API key in the Authorization header.
We set the header like this:
$ch = curl_init();
curl_setopt_array($ch, array(
// set url, timeouts, encoding headers etc.
CURLOPT_URL => 'https://....',
// ...
));
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Authorization: ' . CJ_API_KEY,
'User-Agent: ' . OUR_USER_AGENT
));
$response = curl_exec($ch);
$info = curl_getinfo($ch);
The problem is that the Authorization header isn't sent (we debugged this by using a local url and doing a var_export($_SERVER) which shows a User-Agent header is set, but not the Authorization header.)
If we change the header name to X-Authorization, it gets sent - but this hasn't helped us as the service specifically requires the Authorization header.
How do we get PHP + cURL to send an arbitrary Authorization header?
The Authorization header isn't included in PHP's $_SERVER variable. To properly debug a request you should use apache_request_headers() which shows we were sending the Authorization header exactly as we wanted.
The problem then moved on to figuring out exactly what to put in the Authorization header given some pretty bad documentation.
When the header is set by the client, then the Authorization-header from the request is included in $_SERVER — not sure if this is something new, but it is now. HTTP-headers get prefixed in the $_SERVER array with HTTP_ which may be something you previously overlooked.
Also, apache_request_headers() is a function which is only defined when you use Apache as a web server. So everyone with nginx etc. is left out.
Demo
On the server-side:
<?php
// server.php
var_dump($_SERVER['HTTP_AUTHORIZATION']);
Test
Start a webserver (requires PHP 5.4):
$ php -S 0.0.0.0:31337 -t .
Make sure server.php is in the current directory.
Use cURL to test:
$ curl -H 'Authorization: FOO' http://0.0.0.0:31337/server.php
string(3) "FOO"
Works. :)