So I got the data that is being sent to a specific server. Now I want to do the same using curl from my local machine to play around with specific repsonses from the server and learn more about curl as well.
Here is part of my data
POST /auth HTTP/1.1
platform: android
X-Auth-Token: <censored>
Content-Type: application/json; charset=utf-8
Host: api.blabla.com
Accept-Encoding: gzip
And the data that is being sent:
{"blabla_token": "sdsadsad", "blahblah_id": "23213", "locale": "us"}
Now when I try cURL in my dos shell, I try
curl --insecure -X POST https://api.blabla.com/auth --data '{"blabla_token": "sdsadsad", "blahblah_id": "23213", "locale": "us"}'
The response I get from cURL is this:
{"code":401,"error":"blablaTokenRequired"}
Even though I specified the token. So there are two possible scenarios because the token is correct:
It has something to do with the SSL thing? (I use --insecure because I get an SSL error otherwise)
Something about my command is not correct but I can't figure out what.
Can someone kindly help me out? I am trying everything I can without success
I am not sure if I understand your application specific right, but probably one thing you need to take into account:
man curl says:
-d, --data <data>
(HTTP) Sends the specified data in a POST request to the HTTP server, in the same way that a browser does when
a user has filled in an HTML form and presses the submit button. This will cause curl to pass the data to the
server using the content-type application/x-www-form-urlencoded. Compare to -F, --form.
-d, --data is the same as --data-ascii. --data-raw is almost the same but does not have a special interpreta‐
tion of the # character. To post data purely binary, you should instead use the --data-binary option. To URL-
encode the value of a form field you may use --data-urlencode.
As I can't see in your example the necessity of sending data as HTML form input, probably your application expects just a "raw" POST body and then you have to try this:
curl --insecure -X POST https://api.blabla.com/auth --data--binary '{"blabla_token": "sdsadsad", "blahblah_id": "23213", "locale": "us"}'
PS and for sure this is error is not about using --insecure which just asks curl to neglect ssl verification
you forgot the headers and enabling compressed encoding (gzip), however, i believe you can't force curl to only support gzip encoding using the curl command line alone, you will have to use libcurl, this will make the request say "Accept-Encoding: gzip,deflate" on most systems, using --compressed .. if that's not acceptable to you, rewrite it using libcurl (where you can force it to say only "gzip", if you wish, via CURLOPT_ENCODING )
curl -X POST https://api.blabla.com/auth --data '{"blabla_token": "sdsadsad", "blahblah_id": "23213", "locale": "us"}' --header 'platform: android' --header 'X-Auth-Token: <censored>' --header 'Content-Type: application/json; charset=utf-8' --header 'Host: api.blabla.com' --compressed
another gotcha: on some systems, there will be a default useragent header (like debian 6), while on some systems, curl comes without a default useragent (like debian 8).. you might want to use --user-agent '' too
Related
I want to execute an api call to a Saas platform. When I generate the api keys with my account in the platform then i get 2 things:-
api key id : 631f39f37564not/631f39f475646real/635c1192756key
Secret key : -----BEGIN RSA PRIVATE KEY----- ABCDE1234 -----END RSA PRIVATE KEY-----
I am executing the api with my following bash script
#!/bin/bash
export FIELD=90
HOST=https://example.com
PUT_BODY="{\"value\":\"${FIELD}\",\"valueObjectType\":\"String\"}"
curl -sk -X PUT "${HOST}/api/v3/xyz/endpoint" \
-H 'content-type: application/json' \
-H 'x-requested-with: XMLHttpRequest' \
-H "referer: ${HOST}/" \
-H "Authorization: apikey 631f39f37564not/631f39f475646real/635c1192756key" \
-d"${PUT_BODY}" | jq '.'
I get 401 unauthorized error
{
"error": {
"status_code": 401,
"status": "Unauthorized"
}
}
Is -H "Authorization: apikey 631f39f37564not/631f39f475646real/635c1192756key" the correct way to specify the apikey or do i need to append secret also in the request?
Edit: I cannot use bearer token, need to use api key only.
I converted your curl to PHP and changed the URL to my test site that response with the request header. Because you did not provide a link to the api documentation, I do not know if the request header is what they want.
I find the output request header is the first step in trouble shooting curl requests.
This is what my test site received:
BODY=
${PUT_BODY}
BODY urlencoded
${PUT_BODY}
Your request headers:
Content-Length: 11
Content-Type: application/json
Accept: */*
Referer: ${HOST}/
X-Requested-With: XMLHttpRequest
What is missing? The authorization not included?
So let's try another way.
When the is a key and secret they are usually posted as post data in a POST request.
Yours is a PUT request? No documentation.
When I tried your
"Authorization: apikey 631f39f37564not/631f39f475646real/635c1192756key"
curl ignored it and it was not in the request header.
Why the application/json content type header?
I would expect
Content-Type: application/x-www-form-urlencoded
And I would expect the key and secret to be posted as post data:
-d 'key=<key>&secret=<secret>'
But no documentation.
If it is supposed to be a PUT then the key and secret would be in the query string following the URL.
${HOST}/api/v3/xyz/endpoint?key=<key?&secret=<secret>"
Your api key does not look good. Again no documentation.
The secret is even not in your request. You say "need to use api key only".
If that is true, why does the secret exist?
WSO2 API manger how to change --header 'Accept: application/json' to --header 'Accept: application/xml'?
I have added some APIs to WSO2 API Publisher. I can connect via API Console for some API but some failed. I noticed the one failing due to --header Accept: application/json'- all other which connected successfully has --header 'Accept: application/xml.
Also it keep return Response Code 0 with Response Headers:
"error": "no response from server"
I have tried to update this but still the same: /opt/wso2am-2.1.0/repository/deployment/server/synapse-configs/default/sequences/_auth_failure_handler_.xml
Please advise.
In the publisher where you define the resources for your API, you can specify the "Produces" field (set it to application/xml), that should be used as the default value from the API Store test console.
Regardless that - the client could post any Accept header in the request. The "Produces" field is only an indication, it doesn't enforce the header value.
I suggest you test the calls anyway using the curl (SoapUI, Postman or any other feasible tool) so you can see what the service REALLY returns. The "Response Code 0" message usually means some error response (400, 500, .. anything) it's just not necessarily shown in the DEV console.
Have fun
I'm trying to list some info API style :) and what i have done till now is the following:
Using "curl" i can get the token out, with the token i can list the tenants, but after that i can't list the servers and other information. From the conductore if i execute the "nova --debug list --all-tenants" i get the results and get the commands that are executed with curl. So when im trying this from outside i get an error "404" The resource could not be found.
curl -i 'http://x.x.x.x:8774/v2/tenants/' -X GET -H "X-Auth-Token: <Token_ID>" -H "X-Auth-Project-Id: admin" -H "User-Agent: python-novaclient" -H "Accept: application/json"
And with the following command i don't get errors but i get some strange results:
curl -i 'http://x.x.x.x:8774/v2.0/<Tenant_ID>/servers' -X ET -H "X-Auth-Token: <Token_ID>" -H "X-Auth-Project-Id: <Tenant_ID>" -H "User-Agent: python-novaclient" -H "Accept: application/json"
and the output is:
HTTP/1.1 300 Multiple Choices
Content-Type: application/json
Content-Length: 357 Date: Sun, 03 Apr
2016 21:59:48 GMT Connection: close
{"choices": [{"status": "CURRENT",
"media-types": [{"base":
"application/xml", "type":
"application/vnd.openstack.compute+xml;version=2"},
{"base": "application/json", "type":
"application/vnd.openstack.compute+json;version=2"}],
"id": "v2.0", "links": [{"href":
"http://x.x.x.x:8774/v2/v2.0/<Tenant_ID>/servers",
"rel": "self"}]}]}
So my question is what is wrong here, i get output for tokens and listing tenants but i can't get output for listing servers ??
Thanks in advanced !
I tried to find what is wrong with your curl - made requests to my host, but the answer is in the surface-response, obviously :)
You are trying to connect to nova service with version 2.0, but you have endpoint only with version=2 by default, so version must be 2.
Go to http://x.x.x.x/horizon/project/access_and_security/
and check the "API Access" tab, there are endpoints look to the compute one and use it to connect to service.
For example my compute service have endpoint:
Compute http://controller:8774/v2/004e4c0366b74300b875adfd2c1bca4c
Take them to connect to services by curl.
I'm working on an app using Pushbullet's API, but I'm running into odd errors when running through the sample code at https://docs.pushbullet.com/v2/pushes/.
I'm executing the following cURL command (in Windows):
curl -k -u <MY_API_KEY>: -X POST https://api.pushbullet.com/v2/pushes --header 'Content-Type: application/json' --data-binary '{"type": "note", "title": "Note Title", "body": "Note Body"}'
...but it keeps generating the following error:
{"error": {"type":"invalid_request","message":"The param 'type' has an invalid value.","param":"type","cat":"\u003e:3"}}
It also produces this error:
The other commands for the other endpoints in the documentation work fine...it's just this one.
Got any suggestions? Thanks for the help! :)
It looks like windows doesn't support those kinds of quotes on the command line. Here's an example that works:
curl https://api.pushbullet.com/v2/pushes -X POST -u <access token>: --header "Content-Type: application/json" --data-binary "{\"type\": \"note\", \"title\":\"Note Title\", \"body\": \"Note Body\"}"
I think I'm going to try to replace the curl examples with something that has less confusing behavior.
I figured it out - I don't really know why, but the cURL command wasn't working through the DOS prompt, and also wasn't working using the Postman REST client for Chrome, but I got it working in the DHC extension for Chrome. The trick was setting the Authorization header to "Basic", which resolves the Pushbullet access token to some other form, and makes a successful the HTTP request.
Hope this helps someone down the road if they run into this on Windows!
I'm trying to add a user to a Github repository via their API, but I always get a 502 Bad Gateway error.
With curl I send a request like this (<...> replaced by a real owner, repo, etc.):
curl -i -H 'Authorization: token xxxxxxxxxx' -XPUT https://api.github.com/repos/<owner>/<repo>/collaborators/<username>
I also tried it with this url:
curl -i -H 'Authorization: token xxxxxxxxxx' -XPUT https://api.github.com/teams/<id>/members/<username>
As token I used a newly created Personal Access Tokens
But both times I get this back
HTTP/1.0 502 Bad Gateway
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<html><body><h1>502 Bad Gateway</h1>
The server returned an invalid or incomplete response.
</body></html>
A GET on each URL works fine but a DELETE doesn't work either. So maybe it has to do with curl.
Quoting the reply from GitHub's support with changes in italic:
You're just getting trolled by HTTP and curl.
When you make a PUT request with no body, curl doesn't explicitly set a Content-Length header for that request. However, PUT requests with no Content-Length confuse servers and they respond in weird ways.
Can you please try explicitly setting the Content-Lenght header to 0, or supplying an empty body when making that request (so that curl can set the header for you)? You can accomplish that adding -d "" in your command.