1

i've made successful authentication with the following python script to a REST API:

import requests, base64
import json

VendorId = "a"
VendorPassword = "b"
UserId = "c"
UserPassword = "d"
PropertyId = "e"
authurl = "https://url/api/auth"
usrPass = '' + VendorId + ":" + VendorPassword

b64Val = base64.b64encode(usrPass)
payload = { "UserId" : UserId, "UserPassword" : UserPassword, "PropertyId" : PropertyId}
r = requests.post(authurl, headers = {"Authorization":b64Val}, data = payload)

and i want to do it through curl (completely inexperienced). What i've figured out until now is the following:

curl -H "{'Authorization': 'abCdEfgHijKlmnop=='}" -X POST -v "https://url/api/auth" -d "batch={'PropertyId': 'e', 'UserId': 'c', 'UserPassword': 'd'}";

but i get the following 502 error from the REST API...

If i don't use a header i have the following error:

< X-SERVICENAME-Auth-Error: Missing vendor credentials in HTTP auth header

I just want an insight on what i'm missing here, does the header syntax is wrong, or maybe the curl arguments misplaced?

Thanks in advance for any idea/tutorial/advice!

Improve this question

2 Answers 2

Reset to default
1

Your header setting is wrong, it will be:

-H "Authorization: abCdEfgHijKlmnop=="

Also, if you have the authorization user:password then you can use:

-u user:password
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you for your correction! I actually get a 502 error with your suggestion and my previous curl command. The 403 error comes when i don't use the header, sorry for the misunderstanding! Also i can't use unencoded strings the api of the service declares it. I need to use base64 encoding.
1

You already solved this in python and wrote a script that generates a successful request. I would definitely start from there. Since you only need a single request, comparing their outputs should suffice for a trivial protocol such as HTTP.

Try modifying the above scripts to make requests to 127.0.0.1 and some arbitrary ports as shown below. Adapt this to your preferred tools:

ncat --recv-only -l 8080 > desired &
ncat --recv-only -l 8081 > in_question &
python your_desired_auth_script.py 127.0.0.1 8080
curl 127.0.0.1:8081/api/auth "parameters not resulting in authorization..."
vimdiff desired in_question

Just modify your python script to accept host and port arguments or hardcode them. Don't forget the request path. If you don't instantly spot the mistake, reconstruct the exact request with curl while reading its documentation. After succeeding you can incrementally deviate until you find which difference causes it.

Improve this answer

2 Comments

Quite overkill methodology but still an interesting one, i'll try the "read curl's documentation" part :)
I 'd call it an overkill only for more complex problems. For a single request, the diff output can orient you very fast. Know the difference the current result has from your goal.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.