I'm using WP All Import to import an XML file. Their website states password protected files may be accessed via Basic HTTP Authentication, appending user credentials to the requested URL as such http://username:password#link-to-file. When attempted, the following error is returned:
RETS ReplyCode="20036" ReplyText="Missing User-Agent request header field."
The error is expected as the URL does not include headers required for authentication. From what I've researched, this method of passing credentials via the URL has been deprecated as it is unsecure. Do I need to create a function to pass the credentials to the server? I take it it's not quite as simple as "Basic HTTP Authentication."
I've contacted WP Import and thought I'd tap Stack while waiting. Any advice would be appreciated. Thank you
Related
I'm trying to replicate a post request done normally by a website form via postman but the server returns 500 error.
the form website URL that I'm dealing with is here.
what I have done so far is investigate the network request using chrome or safari dev tools, copy the request as cURL, import the cURL in postman and do the request.
what can be the possible reasons for the failure and what are the alternative ways to achieve the same result?
Postman Headers:
Most probably you must have used invalid request body. The browser shows parsed json body and you might have copied incomple request body.
To get full body click view source and copy the full content.
I am getting a login untried when trying to access a Rest API with authentication. I am using WS Play within Lagom. The login request looks something like:
val reqLogin = ws.url(loginURL)
.withAuth(userName, password, WSAuthScheme.BASIC)
.execute()
The message from the follow-up query is a 401 unauthorized error. Here is how I attempt the query after the above login attempt:
val loginResponse = Await.result(reqLogin, Duration(60, "seconds"))
val cookies = loginResponse.cookies
val queryResponse = ws.url(queryURL)
.withCookies(cookies.toSeq :_*)
.execute()
val queryResponseOutput = Await.result(queryResponse, Duration(60, "seconds"))
In the first request, you are logging in using HTTP Basic authentication. Does the site that you're using support HTTP basic authentication? Typically when a site does support it, it won't send you a cookie, rather, it will expect the login credentials to be sent with every request. So, when using HTTP basic authentication, there should be no need to login at the login URL, instead, add the username and password to the request to queryUrl. If that doesn't work, then that could mean the site you are making requests on doesn't support HTTP Basic authentication.
The other type of login is to submit the username and password in a login form, and then site you are logging into will send you back a cookie which you can use for subsequent requests. That appears to be what you're trying to do, but to do that, you can't use the withAuth method, rather, you have to find out what the username/password parameters are in the sites login form, and send a form with those parameters set. I can't tell you what those parameters are, that is entirely dependent on the site you're logging into, you'll have to look at the documentation for that site, or at the HTML it outputs on the login page. When you get back the response to the login request, you should check the response code to see if it was successful. The documentation for how to submit form parameters using Play WS can be found here, here's an example of what it might look like:
val reqLogin = ws.url(loginURL)
.post(Map(
"yourusernameparameter" -> Seq(userName),
"yourpasswordparameter" -> Seq(password)
))
To make clear, the yourusernameparameter and yourpasswordparameter fields above need to be replaced with whatever the site you're logging into requires. You may also need to enter CSRF tokens.
I'm trying to use the Firefox Rest client extension to test out my Magento REST API. I followed this guide but I keep getting the "signature_invalid" error when making the final request to receive the access token.
Guide: http://devdocs.magento.com/guides/m1x/api/rest/testing_rest_resources.html
The URL I use for the final request is:
http://mymagento/oauth/token?oauth_callback=http://httpbin.org/get&oauth_token=99e48f7d46d3a2f8fef704865fe2f4e4&oauth_secret=eda948ee46250f335146f6f4c5f7d622&oauth_verifier=1d977f0b96f3ae07fff515c590ec6709
And these are the readers:
OAuth oauth_version="1.0", oauth_signature_method="HMAC-SHA1",
oauth_callback="http%3A%2F%2Fhttpbin.org%2Fget",
oauth_token="99e48f7d46d3a2f8fef704865fe2f4e4",
oauth_secret="eda948ee46250f335146f6f4c5f7d622",
oauth_verifier="1d977f0b96f3ae07fff515c590ec6709",
oauth_nonce="OmOzMMy2Z60m5sV", oauth_timestamp="1495611445",
oauth_consumer_key="abc77ce5a53e67333af04807dea1356b",
oauth_signature="tE6xzRXZIc4BPQ3Dxc80ddoitLg%3D"
The nonce, timestamp and signature are automaticly refreshed each request.
I'm using Magento CE 1.9.2.2.
I have also tried Postman, but that tool gives me a nonce_used error with every request, even though it's automaticly refreshed... Permissions are correctly set up as explained here: http://inchoo.net/magento/configure-magento-rest-and-oauth-settings/
Everything goes fine using the Rest client extension untill the final request where I want to receive the access token.
I found the solution... The local browser had cached the oauth responses...
I have written my own API which requires basic authentication, such as:
user:james
pass:1111
I can call resources using urls such as:
http://api.james.com/myapi/orders/get
I wish to be able to use the REST client in PHPStorm but I cannot work out how to send my authentication details. Does anyone know how to do this? Do you have to setup a Proxy server, or can you pass the authentication somehow in the URI above?
Any help would be appreciated.
Regards
James
For usage Basic Auth you will need send header 'Authorization', for example:
Authorization: Basic amFuc29uQG1haWwucnU6MTIzNDU2
Value of this header you can get from debug console of your browser (firebug in FireFox or developer tools in Chrome). Start GET request from your browser, when you will need authorize - do it. Than open debug console 'network' tab and try this request one more time.
Now you will find in headers new one 'Authorization', that formed by browser when you was authorized.
Just copy content of this header and use it in PhpStorm REST-client.
I am trying to access a REST web service using HTTP GET request.
For a example following URI provides Rest web service that return all the available parts for the given category.
http://localhost:8080/mycompany/parts/category
I want to authenticate/authorize users who are accessing above REST request in each time and I want to pass User authentication details (User Name and Token) with the HTTP Get Request.
Is there a possibility to cater to the above requirement in REST HTTP GET request (using HTTP header or query parameters)?
or
Is it better to use HTTP POST instead of HTTP GET?
Since you are getting information, you should use "Get". Here's the code that I use (it is Restlet based) for adding the oauth_token to the request...
import org.restlet.data.Reference;
import org.restlet.ext.oauth.OAuthUser;
import org.restlet.representation.Representation;
import org.restlet.resource.ClientResource;
Reference commitsRef = new Reference(Consts.RESOURCE_BASE + "commitments/");
OAuthUser u = (OAuthUser) request.getClientInfo().getUser();
String token = u.getAccessToken();
ref.addQueryParameter("oauth_token", token);
ClientResource commitsResource = new ClientResource(getContext(), commitsRef);
Representation commitsRep = commitsResource.get();
As mentioned, this is Restlet based, but there is probably something similar in the framework you are using. (And if you are not using a framework, Restlet can make this easier).
if you are using restlet than good because restlet have rich api for rest framework
but without this if you want to authenticate than
you can do same thing with GET or POST
but send your credential data trough cookie
and read same cookie using #CookieParam from server side
in this way you can easily authenticate user.