4

The endpoint I'm trying to reach requires HTTPS and Basic Authentication. My team was given an API key, and the documentation states to use the key as the username, and to leave the password blank.

Here is the example CURL request from the documentation:

curl -i -k -u '<api_key>': -XPOST --data-urlencode data@/path/to/test/file.json "https://<your_subdomain>.vendor.org/api/v1/assessments/import"; echo ""

When I execute the following using the Postman extension for Chrome, I get a successful response from the server: enter image description here

I'm trying to execute this locally using PHP (XAMPP install). The following is getting a response from the server saying the username/password is incorrect:

function curlPost($url, $headers, $username, $password, $data) {
 $ch = curl_init();
 curl_setopt($ch, CURLOPT_URL, $url);
 curl_setopt($ch, CURLOPT_CAINFO, 'certificate.pem');
 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
 curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
 curl_setopt($ch, CURLOPT_HEADER, true);
 curl_setopt($ch, CURLOPT_USERPWD, $username . ":" . $password);
 curl_setopt($ch, CURLOPT_TIMEOUT, 30);
 curl_setopt($ch, CURLOPT_POST, true);
 curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
 print_r(curl_exec($ch));
 // print_r(curl_getinfo($ch));
 // print_r(curl_error($ch));
 curl_close($ch);
}

$data = '{"key":"value", "key":"value"}';
curlPost('https://domain.com/api/data', ['Content-Type: application/xml'], 'api_key', '', $data);
{"success":false,"errors":["Email\/Username or password incorrect. Please try again."],"warnings":[],"info":[],"meta":[],"results":[]}

The JSON string used in $data was copied and pasted from a successful Postman request.

The certificate.pem is in the same folder as the script, and read/write permissions have been given to everyone. I have tried exporting the specific certificate for our vendor's site from my machine as well as the CA bundle linked in the top response to this post. I was able to use it to successfully hit the vendor's api-key-test endpoint via PHP/CURL.

I'm pretty new to this. Would you mind helping me wrap my head around what I'm missing? While I've copied and pasted a ton, the function is largely my own. The parameter for headers will be used for other things.

Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
user3630824
  • 465
  • 2
  • 7
  • 14
  • This might help you: http://stackoverflow.com/questions/28395/passing-post-values-with-curl - Essentially, based on your selection of "form-data" in the Postman screenshot, you'll need to pass cURL an array, not an encoded string like you currently have in `$data`. – Stuart Wagner Jun 26 '15 at 19:52
  • Never mind, it's something else. Your data is currently formatted as JSON. Do a `json_decode($data, true)` when you pass it to cURL and see if that works. – Stuart Wagner Jun 26 '15 at 19:55
  • @StuartWagner Nope :( Still giving me errors about username/password. When I sent invalid objects using Postman I always got an error message regarding the object I sent. Even if you're right, I think there's a bigger problem around SSL certification or basic authentication. I would REALLY like to not have to touch php.ini. – user3630824 Jun 26 '15 at 20:00
  • Are you running this from the same system? I'm surprised Postman is able to get through your authentication but your own code gets stuck. – Stuart Wagner Jun 26 '15 at 20:05
  • Also, try adding `curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);` above the auth option. – Stuart Wagner Jun 26 '15 at 20:10
  • Here is the example curl command from the documentation: curl -i -k -u '': -XPOST --data-urlencode data@/path/to/test/file.json "https://.vendor.org/api/v1/assessments/import"; echo "" – user3630824 Jun 26 '15 at 20:21
  • Have you tried not using `CURLOPT_USERPWD`, but passing the appropriate header directly instead? `Authorization: Basic ` + base64 encoded `api_key:` – CBroe Jun 26 '15 at 20:45

1 Answers1

1

Basic Authentication with the HTTP Authorization header uses the Base64 encoded value of "username:password" (without the double quotes)

So I'm assuming in your case you would need to Base64 encode "yourApiKeyValue:" and put that in a Authorization header in your cURL command

MDN reference - HTTP Authentication

Edit: This may also be helpful

How do I make a request using http basic authentication-with-php-curl

Aaron Krone
  • 192
  • 2
  • 12