PHP CURL error 403

Question

I'm trying to get some data in CURL. For this i need to do it in 2 step :
-get my token code and custom url
-Fetch the data i need

for the first part i did

$url = 'https://url.com/login';

$params = array( "KeyName" => "KeyValue");
$params = json_encode($params);
$ch = curl_init( $url );
curl_setopt( $ch, CURLOPT_POST, 1);
curl_setopt( $ch, CURLOPT_POSTFIELDS, $params);
curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_ENCODING, "");
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

//recovery of token and URL
$response = curl_exec($ch);
$value = json_decode($response);
$value_token = $value->data->token;
$url = $value->data->url;

i get both values without a problem but when i try the next step i get an error 403. here is my code :

$params = array( "X-Session-Token" => "$value_token");
$params = json_encode($params);
$url = $url ."/api";

$ch = curl_init( $url );
curl_setopt( $ch, CURLOPT_POST, 1);
curl_setopt( $ch, CURLOPT_POSTFIELDS, $params);
curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch , CURLINFO_HTTP_CODE);
echo $httpCode ."<- code http<br>";
if ($response === false) $response = curl_error($ch);
    echo stripslashes($response) ."<br>"; //return 1
curl_close($ch);
$val = json_decode($response);

I've already done it succesfully in command promt. here is the command prompt for the second request :

curl "https://custom-url.com/api" \
-H "Accept: application/json, text/*;q=0.2" \
-H "Accept-Charset: utf8" \
-H "Accept-Encoding: gzip, deflate" \
-H "Access-Control-Request-Headers: x-session-token" \
-H "X-Session-Token: MyToken" \
--compressed

Update
here is the request with the updated header :

$ch = curl_init( $url );
curl_setopt( $ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-Session-Token' => $value_token,'Access-Control-Request-Headers' => 'X-Session-Token', 'Accept' => 'application/json, text/*;q=0.2', 'Accept-Encoding' => 'gzip, deflate', 'Access-Control-Allow-Origin' =>'*'));
curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);

curl_exec($ch);

$info = curl_getinfo($ch);
print_r("<br>print : ". $info['request_header']);

print_r return : POST /api HTTP/1.1 Host: website.com Accept: / Content-Type: application/x-www-form-urlencoded Expect: 100-continue

score 0 · Answer 1 · answered Jul 24 '18 at 11:55

0

Have you tried adding a request header? Try adding curl_setopt($ch, CURLOPT_HEADER, true);and see if that helps.

answered Jul 24 '18 at 11:55

Taral

3
3

i get : "HTTP/1.1 403 Forbidden Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Content-Type, X-Session-Token Content-Length: 0" – kyli Jul 24 '18 at 11:57
Try adding HTTPHEADER like this. `$header[] = "Content-type: application/json"; curl_setopt($ch, CURLOPT_HTTPHEADER, $header);` – Taral Jul 24 '18 at 12:26
It didn't change. the first request to get the token and url is also in json and didn't need to be specified to get the result in return. – kyli Jul 24 '18 at 12:48

DannyZB · Answer 2 · 2018-07-24T17:19:36.753

0

If we are talking of session tokens here, every API would have a different standard for accepting tokens. Some are encoded as Bearer tokens, some need to be in the URL, and some need a POST variable.

This sounds like a case where it's a special header:

curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'X-Session-Token' => $value_token
));

or, if you want to exactly match the commandline CURL request:

curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'X-Session-Token' => $value_token,
    'Access-Control-Request-Headers' => 'X-Session-Token'
));

edited Jul 24 '18 at 17:19

answered Jul 24 '18 at 16:50

DannyZB

523
2
16

I tried to put thoses parameter to the header but it keep giving me the same error 403. – kyli Jul 25 '18 at 07:40
update with the full code. need to see it in context – DannyZB Jul 25 '18 at 10:07
`$ch = curl_init( $adresse ); curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-Session-Token' => $value_token,'AccessControl-RequestHeaders' => 'X-Session-Token', 'Accept' => 'application/json, text/*;q=0.2', 'Accept-Encoding' => 'gzip, deflate', 'Access-Control-Allow-Origin' =>'*')); curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); $response = curl_exec($ch);` – kyli Jul 25 '18 at 10:23
You have a bunch of typos there. 1. It's "$address" -> did you write it correctly? 2. It's "Access-Control-Request-headers" and not "AccessControl-RequestHeaders" – DannyZB Jul 25 '18 at 13:50
Sorry i wrote those typos wrong in the comment but they are correct in the original code. – kyli Jul 25 '18 at 14:09
Hmm .. we need to know what was actually sent .. try doing https://stackoverflow.com/questions/17092677/how-to-get-info-on-sent-php-curl-request and post the data you get – DannyZB Jul 26 '18 at 10:40
Also.. do you send both requests from the same ip? What happens if you "shell_exec" the commmandline curl from php? Do you get 403? – DannyZB Jul 26 '18 at 10:41
Both request where sent from the same ip. I just tested both curl commands in "shell_exec" and they work perfectly fine. seems like i'll use this method instead of the other – kyli Jul 26 '18 at 12:25
Please use the thread I posted to get what's sent with curl. That would help us leave an answer useful to future people who visit this thread (-: the curl thing is a small trick for you to keep working while we find the cause - we just need to see what curl command was actually used by php – DannyZB Jul 26 '18 at 21:03
Here is the result : ` POST /api HTTP/1.1 Host: website.com Accept: */* Content-Type: application/x-www-form-urlencoded Expect: 100-continue `. I can't post the real host so i changed it. – kyli Jul 27 '18 at 08:00
I don't see any of the new headers set .. Post your edited code in it's entirety in the original question and the answer may be obvious from there – DannyZB Jul 28 '18 at 09:55

PHP CURL error 403

2 Answers2