-1

there is the website https://cebcare.ceb.lk/Incognito/DemandMgmtSchedule and in there I can see an API call to https://cebcare.ceb.lk/Incognito/GetLoadSheddingEvents with StartTime and EndTime as form data.

I tried to send post request to above endpoint in Node.js using axios but I get the error AxiosError: unable to verify the first certificate and code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'

Then I saw that there are 2 Headers RequestVerificationToken and Cookie. I grabbed them and did a Postman request and got back a response with 200. But in Node.js when I do like

const data = {
  StartTime: startDate,
  EndTime: endDate,
};

const response = await axios.post(URL, data, {
  "Content-Type": "multipart/form-data",
  Cookie:
    ".AspNetCore.Antiforgery.ThOcTlhnrMo=CfDJ8Nr2EC612OFAjHvozOYXtlRQE9n05fuSOD0jEvKY0unmx8QyMYxdCfmotrhzVIKzurnhpkY_MtfAP9cmpR11u8rzt7_xz4IkuWMURwfelg7ymSJ8GaksLVwEgbMIkEDfrvjb5II6EzzTaLA5RiXRDXU",
  RequestVerificationToken:
    "CfDJ8Nr2EC612OFAjHvozOYXtlRBtAUjb36TUpOhI0yuLADjcckB_h1xKJWHDwl0MrqyE4_4pU_YXUkeh5uI66UBXedMcMmihENJ5hpfW_vBgNWZJ-JtliiE4UYvxNJCvvhmGvIWSKWeeqx-llCxrPio9Tw",
});

I get the same error as above

Is there a way to fix this. Or somehow bypass the Cookie and RequestVerificationToken. Or can I hardcode these 2 values and send request?

EDIT I did the following after looking at the linked post

const httpsAgent = new https.Agent({ rejectUnauthorized: false });

const response = await axios.post(URL, data, {
  httpsAgent,
  "Content-Type": "multipart/form-data",
  Cookie:
    ".AspNetCore.Antiforgery.ThOcTlhnrMo=CfDJ8Nr2EC612OFAjHvozOYXtlRQE9n05fuSOD0jEvKY0unmx8QyMYxdCfmotrhzVIKzurnhpkY_MtfAP9cmpR11u8rzt7_xz4IkuWMURwfelg7ymSJ8GaksLVwEgbMIkEDfrvjb5II6EzzTaLA5RiXRDXU",
  RequestVerificationToken:
    "CfDJ8Nr2EC612OFAjHvozOYXtlRBtAUjb36TUpOhI0yuLADjcckB_h1xKJWHDwl0MrqyE4_4pU_YXUkeh5uI66UBXedMcMmihENJ5hpfW_vBgNWZJ-JtliiE4UYvxNJCvvhmGvIWSKWeeqx-llCxrPio9Tw",
});

but now I'm getting Bad Request 400. But in postman Im getting the results for the same Cookie and RequestVerificationToken

Nil
  • 1,209
  • 9
  • 20
binga58
  • 153
  • 7
  • Please research before posting in accordance with [ask]; this is a duplicate of [How to configure axios to use SSL certificate?](https://stackoverflow.com/questions/51363855/how-to-configure-axios-to-use-ssl-certificate) – esqew Dec 20 '22 at 16:34
  • @esqew thank you for directing me. but I can't seem to figure out what's going on – binga58 Dec 20 '22 at 16:48

1 Answers1

2

The third parameter of the axios post function takes an "Options" object - as for your case to pass the headers you should write like this:

{ 
   headers: {
     'Content-Type:'multipart/form-data',
     Cookie: "",
     RequestVerificationToken: ""
   } 
}
Tyler2P
  • 2,324
  • 26
  • 22
  • 31
Francesco Scassillo
  • 36
  • 2
  • oh cool. now I get the results thank you! – binga58 Dec 20 '22 at 16:53
  • btw do you think I can use the Cookie and RequestVerificationToken forever if I am creating an API for myself using the data fetched from above call. – binga58 Dec 20 '22 at 16:55
  • i'm sorry, what do you mean? – Francesco Scassillo Dec 20 '22 at 17:06
  • hi what I meant was for me to get the data I need to send in the value for Cookie and RequestVerificationToken. I got those values copied from the network tab in https://cebcare.ceb.lk/Incognito/DemandMgmtSchedule. Can I hardcode those 2 values in my express server or do they change in a way that I cannot call the API anymore – binga58 Dec 21 '22 at 03:29