I'm accessing a rest api.
I have to do POST. The webservice is hosted behind the basic authentication.
To access the given endpoint I have to also send an authorization header.
case 1:
curl GET http://username:password#example.com/endpoint1 => works
case 2:
curl GET http://#example.com/endpoint1 -H "Authorization: Basic base64_encode(username:password)" => works
case 3:
curl POST http://#example.com/endpoint2 -H "Authorization: Basic base64_encode(username:password), Basic another_auth_token" => does not work
case 4:
curl POST http://username:password#example.com/endpoint2 -H "Authorization: Basic another_auth_token" => does not work
Also tried using php curl curl_setopt($ch, CURLOPT_USERPWD, 'username:password') and it didn't work.
Tried adding headers, Content-Type: application/json and application/x-www-form-urlencoded and it didn't work.
I need curl POST with the two authorization headers to work.
Any pointers what could be missing?
Just pass '-H Authorization' twice:
curl -X POST http://example.com/endpoint2 \
-H "Authorization: Basic base64_encode_username_colo_password" \
-H "Authorization: Basic another_auth_token"
I get:
POST / HTTP/1.1
Host: localhost:10101
User-Agent: curl/7.47.0
Accept: */*
Authorization: Basic base64_encode_username_colo_password
Authorization: Basic another_auth_token
Keep in mind, though, that the server (and downstream servers as well) has to be able to deal with multiple authorization headers.
curl -X POST
'https://api.amazon / shopify or "your URL"/'
-H 'Authorization: Bearer {token}' // or/AND your USER KEY and PASS in Base 64
-H 'Accept: application/json'
-H 'Content-Type: application/json'
for body parameter in CURL You should use -d'{your body in json}after the last Header param.(-H)
Related
I'm trying to control my Sonos One (Gen 1) speaker through cloud APIs but all the POST request return 500 Internal Server Error without error message.
I generated an access_token as described in the documentation and was able to obtain information about the 'households' inside my network, finally both the group id and the player id.
I tried to obtain information about the status of the group by performing a GET on the following endpoint and it worked:
https://api.ws.sonos.com/control/api/v1/groups/{{group_id}}/playback
Same with other GET requestes (e.g. groupVolume).
The problem arise when I try to make a POST (e.g. changing the volume or playing an audioClip), it returns 500 Internal Server Error without any body.
For all the requests I am using Postman including as Headers:
Content-Type: application/json
Authorization: Bearer [token]
Content-Length: ??? (automatically inserted by postman)
while for the body of the change volume request I select the raw option and then select JSON(application/json) option.
The body is:
{
"volume": 80
}
The endpoint is the following: https://api.ws.sonos.com/control/api/v1/groups/{{group_id}}/groupVolume
I also tried controlling the player with node (Package) and it works.
Also tried to use Wireshark to see what requests the node-sonos package is performing but it seems it's not using the Cloud APIs.
I expect the player to change volume, but the API doesn't do anything and doesn't return any error message.
EDIT:
The cURL request from POSTMAN is the following:
curl -X POST \
https://api.ws.sonos.com/control/api/v1/players/<playerID>/audioClip \
-H 'authorization: Bearer XXX' \
-H 'cache-control: no-cache' \
-H 'content-type: application/json' \
-H 'postman-token: XXX' \
-d '{
"appId": "edu.myInstitute.myName",
"clipType": "CUSTOM",
"name": "Test",
"streamUrl": "http://...mp3_file_url"
}'
I am new using PostMan; normally I use curl:
this one to get the JTW
curl -X POST -H "X-Requested-With: XMLHttpRequest" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{ "username": "peris","password": "3nRam0nD3L3s0l1v3s" }' "http://139.152.231.107:1133/canPeris/auth"
and this other one using the JTW obtained before
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer eyJhbGciJIUzUxMiJ9.eyJzdWIiOiJsb3Blei5hbnRvbmlvODVAZ21haWwuY29tIiwiZXhwIjoxNTkwMDQ3NTg4LCJpYXQiOjE1Mh9.3vlQBgfA22ffJZqNic2lVSHiMR6YudlCFoldfwzdk-clz6_XyOvCVTrMihXtYBaJuPI515zTwAnaQBV_h4yquA" "http://139.152.231.107:1133/canPeris/api/v1/users/3/menus/vegans"
I am using this to generate the token
return io.jsonwebtoken.Jwts.builder()
.setClaims(claims)
.setSubject(subject)
.setIssuedAt(createdDate)
.setExpiration(expirationDate)
.signWith(SignatureAlgorithm.HS512, secret)
.compact();
but in the postMan Signature method I haven't found the HS512
I think this can solve your problem.
Goto to Auth tab and select Bearer Token:
Add your Token:
Add the header Content-Type: Application/json, if necessary:
Send your request.
If you planing automate the access token acquisition and use in another request, I recommend read about postman tests and variables: https://medium.com/#codebyjeff/using-postman-environment-variables-auth-tokens-ea9c4fe9d3d7
At the moment, in order to restart a Mule application, I need to:
Log into Mule via a browser
Navigate to the Runtime Manager
Select my environment
Locate my application
Navigate to Settings
Then restart
I know that MuleSoft have a Management API (CloudHub API), but I cannot find an example of how to restart an application via a REST call.
If anyone has a working example or can point me in the right direction I would appreciate it.
Thanks
Just in case if anyone wants to know how to restart a Mule application hosted on CloudHub via REST API.
Call this API
https://anypoint.mulesoft.com/cloudhub/api/applications/{domain}/status with payload "RESTART"
API Endpoint: /applications/{domain}/status
Method: POST
Example payload in request body:
{
"status": " 'RESTART' or 'stop' or 'start' ",
"staticIpAddress": "10.4.6.22"
}
Postman code snippet: update the bearer token, domain and environment id
curl --request POST \
--url https://anypoint.mulesoft.com/cloudhub/api/applications/{cloudhub-app-
domain}/status \
--header 'Authorization: Bearer token' \
--header 'Content-Type: application/json' \
--header 'Postman-Token: 42539dcd-1d33-4b66-80d9-6cfcc4ed8f77' \
--header 'X-ANYPNT-ENV-ID: environment ID' \
--header 'cache-control: no-cache' \
--data '{\n "status":"RESTART"\n}'
First, you need to install the runtime manager agent
https://docs.mulesoft.com/runtime-manager/installing-and-configuring-runtime-manager-agent
Second, you can find an example in below link:
https://docs.mulesoft.com/runtime-manager/managing-applications-and-domains
Operation: Restart an Application
PUT http://localhost:9999/mule/applications/myapp/restart HTTP/1.1
Content-Type: application/json
Further to developer9's answer, here's how to obtain the Bearer token:
https://anypoint.mulesoft.com/exchange/portals/anypoint-platform/f1e97bc6-315a-4490-82a7-23abe036327a.anypoint-platform/access-management-api/version/v1/pages/Authentication/
To access Platform APIs, you must obtain a token from either the login
endpoint or using the OAuth authorization process.
To authenticate using a username and password, you must invoke the /login API.
POST /accounts/login HTTP/1.1
Content-Type: application/json
{
"username" : "joe",
"password" : "password"
}
This returns the following response and token:
{
"access_token": "d127e2ec-a703-4e2a-8629-e9158804748b",
"token_type": "bearer"
}
You can then use that in the restart (or other API request). Eg (note, update the bearer token, domain and environment id)
curl --request POST \
--url https://anypoint.mulesoft.com/cloudhub/api/applications/{cloudhub-app-
domain}/status \
--header 'Authorization: Bearer d127e2ec-a703-4e2a-8629-e9158804748b' \
--header 'Content-Type: application/json' \
--header 'Postman-Token: 42539dcd-1d33-4b66-80d9-6cfcc4ed8f77' \
--header 'X-ANYPNT-ENV-ID: environment ID' \
--header 'cache-control: no-cache' \
--data '{\n "status":"RESTART"\n}'
I make a POST request to REST API to upload a file. In Postman everything works fine. I add Basic authorization and custom CSRF (XSRF) token which I get from the server.
I want to make the same using cURL. I copied the code from Postman, and it does not seem to work.
I believe that the error is related to CSRF because if I turn off CSRF on server and make the same cURL call without CSRF token, everything works fine.
Now some more details:
That's what the command for cURL which Postman gives:
curl -X POST -H "XSRF: 79f51981-8e85-4e26-be1b-bf63aed92a42" -H "Authorization: Basic bbhjbjb=" -H "Cache-Control: no-cache" -H "Postman-Token: 76a7a43b-f407-15a2-aaff-5242b44d0f47" -H "Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW" -F "package=#C:\Downloads\hello-world.zip" "http://host:port/api/import"
And that's the reply I get with --verbose
timeout on name lookup is not supported
Trying ::1...
Connected to localhost (::1) port 7777 (#0)
POST /api/import HTTP/1.1
Host: localhost:7777
User-Agent: curl/7.47.1
Accept: /
XSRF: 79f51981-8e85-4e26-be1b-bf63aed92a42
Authorization: Basic bbhjbjb=
Cache-Control: no-cache
Postman-Token: 76a7a43b-f407-15a2-aaff-5242b44d0f47
Content-Length: 31281
Expect: 100-continue
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW;
boundary=------------------------742d3475ac5f6aba
< HTTP/1.1 302 Found
< Set-Cookie: JSESSIONID=1qfjmbntrthxll;Path=/api < Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Set-Cookie: XSRF=b29bd143-cc80-49ad-b495-711125678o;Path=/;Expires=Thu, 15-Dec-2016 10:28:46 GMT
< XSRF: b29bd143-cc80-49ad-b495-711125678o < Location:
http://localhost:7777/api/login/error.jsp?errorMessage=Access Denied
< Content-Length: 0
< Server: Jetty(9.2.17.v20160517)
HTTP error before end of send, stop sending
Closing connection 0
I am probably missing something very obvious here, but don't know what yet.
Looks like I am redirected to login page, not being authenticated correctly, but do not know why (I do send XSRF in cURL). I tried also adding sessionid in cURL - also didn't work.
Any ideas and directions about where to search would be very appreciated!!!
As mentioned in this post, add following option
--cookie "csrftoken=XXXXXX;sessionid=YYYYYYY"
along with
-H "X-CSRFToken: XXXXX"
It is unclear how your server side code is implemented. One visible difference can be seen here is the UserAgent string in request header User-Agent: curl/7.47.1. You may try with adding -A "Mozilla/5.0" with your curl request.
About the comment above regarding XSRF 1-time token; Your server is returning Set-Cookie header in response. It can happen that the postman is using that as cookie for second time request, and that's why it works for it over and over. You can try adding -H "Cookie: XSRF=b29bd143-cc80-49ad-b495-711125678o" at the end of your curl and see if that makes any difference.
Those are all wild guess. Better you add some code at your server side that can print the request-headers. Then make two requests, one from curl and other one from postman. After that check the difference between the request headers. That will give you some clue.
In the end it turned out that the session id was required (adding JSESSIONID in cURL solved the problem).
Without more info on the server side code, I'm not sure either. If you're making your call from cURL, and not Postman, do you really need the Postman-Token header? Maybe it will work if you remove -H "Postman-Token: 76a7a43b-f407-15a2-aaff-5242b44d0f47" from the code.
curl -X POST \
-H "XSRF: 79f51981-8e85-4e26-be1b-bf63aed92a42" \
-H "Authorization: Basic bbhjbjb=" \
-H "Cache-Control: no-cache" \
-H "Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW" \
-F "package=#C:\Downloads\hello-world.zip" \
"http://host:port/api/import"
I am trying to add 100 of users to a group in crowd and I want to automate it using curl and crowd's rest api. At first I am just trying to add a singleuser to a group and then auotmate it using shell script. Following this document, I pass the command as
curl -X POST{"name":"groupname"} -ik -u application:password-H 'Content-Type: application/json' -H 'Accept: application/json' https://localhost/crowd/rest/usermanagement/1/user/group/direct?username=username.
I am getting the following error.
HTTP/1.1 405 Method Not Allowed
Server: Apache-Coyote/1.1
X-Embedded-Crowd-Version: Crowd/2.8.3
X-Crowd-User-Management-Version: 1.4
Set-Cookie: JSESSIONID=17490A660F9A2267B378CD767CEADDF8; Path=/crowd/; Secure; HttpOnly
Allow: HEAD,DELETE,POST,GET,OPTIONS
X-Content-Type-Options: nosniff
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 1013
Date: Mon, 29 Jun 2015 02:56:15 GMT
FYI: I am using a application to authenticate against crowd via rest. Please suggest on what I need to do and how should I do.
P.S. I also need to figure out on adding hudreds of groups to crowd too.
You are missing a space between POST and your data.
To post data use:
-d, --data
(HTTP) Sends the specified data in a POST request to the HTTP server,
in the same way that a browser does when a user has filled in an HTML
form and presses the submit button. This will cause curl to pass the
data to the server using the content-type
application/x-www-form-urlencoded. Compare to -F, --form.
So the command should be:
curl -X POST -d {"name":"groupname"} -ik -u application:password -H 'Content-Type: application/json' -H 'Accept: application/json' https://localhost/crowd/rest/usermanagement/1/user/group/direct?username=username
From Crowds Docs,
Authentication Access to all resources (using any method) requires the
client to be authenticated via basic authentication. See RFC 2617.
Your environment must retain cookies set by the Crowd server and
retransmit them on subsequent calls, otherwise Crowd will have to
re-authenticate the application on every REST call.
So first authenticate your self and store the cookies, (make note of --cookie-jar parameter)
curl -i -u application_name:application_password --data '{"value": "my_password"}' http://localhost:8095/crowd/rest/usermanagement/1/authentication?username=my_username --header 'Content-Type: application/json' --header 'Accept: application/json' --cookie-jar cookies.txt
So as per docs on subsequent calls use the cookies (using --cookie parameter)
curl -X POST -d {"name":"groupname"} -ik -u application:password -H 'Content-Type: application/json' -H 'Accept: application/json' https://localhost/crowd/rest/usermanagement/1/user/group/direct?username=username --cookie cookies.txt