0

I am trying to send a request (POST) to an API using the XMLHTTP.6.0 object.

When running the same procedure in Postman it works like a charm - but when running it in VB over IIS (ASP) the responding server seems to not even receive the authorization headers specified.

Have been trying to figure out why this occurs all day without no luck.

Anyone have av idea why the Authorization header is no retreived by the remote server?

<%
Function ASPPostJSON(url)
Dim objXmlHttp

Set objXmlHttp = Server.CreateObject("Msxml2.XMLHTTP.6.0")

  objXmlHttp.Open "POST", url, false, "nouser", "nopwd"
  objXmlHttp.setRequestHeader "Accept", "*/*"
  objXmlHttp.SetRequestHeader "Authorization", "Basic VGVzdEZpbmFuczpHUTJUR05KUUdFWURNTlJURzQzR0laUldHNVFXR1pSVA=="
  objXmlHttp.SetRequestHeader "cache-control", "no-cache"
  objXmlHttp.SetRequestHeader "content-length", "26"
  objXmlHttp.SetRequestHeader "Content-Type", "application/json"

'send the json string to the API server
 objXmlHttp.Send "{""PNR"": 194803234857 }"

'If objXmlHttp.Status = 200 Then
 ASPPostJSON = CStr(objXmlHttp.ResponseText)
'end if

'return the response from the API server
 Response.write(ASPPostJSON)
 Set objXmlHttp = Nothing

End Function

'call the function and pass the API URL
 call ASPPostJSON("https://api.testserver.com/v2/person")
%>
Simon
  • 1
  • 1
    What does `ResponseText` contain? Do you get a response, is it just missing the `Authorization` header? The question is missing some key information, can you [edit] the Postman request into the question so we can compare? – user692942 Oct 12 '18 at 06:09
  • You might want to put your data in a variable and use len(varname) to fill the content-length property. I found that content lenght is quite critical. – Erik Oosterwaal Oct 12 '18 at 10:43
  • Erik Oosterwaal is right. Your content length is 22, not 26. Use len instead. On my side, I use this object : `server.createObject("WinHttp.WinHttpRequest.5.1")` Everything else is the same. – DanB Oct 12 '18 at 13:15
  • Also, why are you passing a username and password in the `Open()` method when you already have an authorization header? I'm fairly sure one will cancel out the other, hence why no authorization header makes it through the end point. – user692942 Oct 12 '18 at 22:18
  • Possible duplicate of [Providing authentication info via msxml2.ServerXMLHTTP](https://stackoverflow.com/questions/20712635/providing-authentication-info-via-msxml2-serverxmlhttp) – user692942 Oct 12 '18 at 22:27

0 Answers0