2

So I got the data that is being sent to a specific server. Now I want to do the same using curl from my local machine to play around with specific repsonses from the server and learn more about curl as well.

Here is part of my data 

POST /auth HTTP/1.1
platform: android
X-Auth-Token: <censored>
Content-Type: application/json; charset=utf-8
Host: api.blabla.com
Accept-Encoding: gzip

And the data that is being sent:

{"blabla_token": "sdsadsad", "blahblah_id": "23213", "locale": "us"}

Now when I try cURL in my dos shell, I try

curl --insecure -X POST https://api.blabla.com/auth --data '{"blabla_token": "sdsadsad", "blahblah_id": "23213", "locale": "us"}'

The response I get from cURL is this:

{"code":401,"error":"blablaTokenRequired"}

Even though I specified the token. So there are two possible scenarios because the token is correct:

  1. It has something to do with the SSL thing? (I use --insecure because I get an SSL error otherwise)
  2. Something about my command is not correct but I can't figure out what.

Can someone kindly help me out? I am trying everything I can without success

Alexander Mander
  • 119
  • 3
  • 13

2 Answers2

1

I am not sure if I understand your application specific right, but probably one thing you need to take into account:

man curl says:

-d, --data <data>
             (HTTP)  Sends the specified data in a POST request to the HTTP    server, in the same way that a browser does when
          a user has filled in an HTML form and presses the submit button. This will cause curl to pass the data  to  the
          server using the content-type application/x-www-form-urlencoded.  Compare to -F, --form.

          -d,  --data  is the same as --data-ascii. --data-raw is almost the same but does not have a special interpreta‐
          tion of the @ character. To post data purely binary, you should instead use the --data-binary option.  To  URL-
          encode the value of a form field you may use --data-urlencode.

As I can't see in your example the necessity of sending data as HTML form input, probably your application expects just a "raw" POST body and then you have to try this:

curl --insecure -X POST https://api.blabla.com/auth --data--binary '{"blabla_token": "sdsadsad", "blahblah_id": "23213", "locale": "us"}'

PS and for sure this is error is not about using --insecure which just asks curl to neglect ssl verification

Alexey Melezhik
  • 962
  • 9
  • 27
  • 1
    --insecure will just make curl ignore any ssl certificate verification errors, and trust everything :p – hanshenrik Feb 08 '16 at 08:25
  • yes, you are correct. I was inaccurate. But I only wanted to stay that is seems using --insecure does not result here in 404 error, at least it very looks like this. – Alexey Melezhik Feb 08 '16 at 10:47
1

you forgot the headers and enabling compressed encoding (gzip), however, i believe you can't force curl to only support gzip encoding using the curl command line alone, you will have to use libcurl, this will make the request say "Accept-Encoding: gzip,deflate" on most systems, using --compressed .. if that's not acceptable to you, rewrite it using libcurl (where you can force it to say only "gzip", if you wish, via CURLOPT_ENCODING )

curl -X POST https://api.blabla.com/auth --data '{"blabla_token": "sdsadsad", "blahblah_id": "23213", "locale": "us"}' --header 'platform: android' --header 'X-Auth-Token: <censored>' --header 'Content-Type: application/json; charset=utf-8' --header 'Host: api.blabla.com' --compressed

another gotcha: on some systems, there will be a default useragent header (like debian 6), while on some systems, curl comes without a default useragent (like debian 8).. you might want to use --user-agent '' too

hanshenrik
  • 19,904
  • 4
  • 43
  • 89