topic Re: 403 error when sending json from php in Application Development and Automation Discussions

403 error when sending json from php

former_member813802 — Thu, 21 Jul 2022 16:54:53 GMT

How to make a request using HTTP basic authentication with PHP curl?

I am sending a json from php to a Sap web service but it tells me a 403 forbidden error when I see the response, I tried sending the json with postman and it works

find that you have to make a get request first to get a token, and with that a post request is made to send that data

here my functions

with the first one I get a token that is the one that allows to send the data to sap and the second function sent the data is called $payload. but when printing the response, the code 403 forbidden appears

<code> $token = getCSRFToken($username,$password,$url);
$upload = uploadData($payload,$token['x-csrf-token'][0],$token['set-cookie'][1],$username,$password,$url);
function uploadData($json,$token,$cookie,$username,$password,$url) {
    
    $ch = curl_init($url);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array (
    'x-csrf-token: ' . $token,
    'Cookie: ' . $cookie,
    'Content-Type: application/json',
    'Content-Length: ' . strlen($json),
    'Accept: application/json'
    ));
    curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $json);
    curl_setopt($ch, CURLOPT_VERBOSE, 1);
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);

    $result = curl_exec($ch);
    echo $result;
    
    return curl_getinfo($ch);

}

function getCSRFToken($username,$password,$url) {

  $ch = curl_init($url);
  $request_headers = array();
  $request_headers[] = 'X-CSRF-Token: Fetch';
  $request_headers[] = 'Content-Type: application/json';
  $request_headers[] = 'Accept: application/json';
  curl_setopt($ch, CURLOPT_HTTPHEADER, $request_headers);
  curl_setopt($ch, CURLOPT_POST, 0);
  curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($ch, CURLOPT_VERBOSE, 1);
  curl_setopt($ch, CURLOPT_HEADER, 1);
  curl_setopt($ch, CURLOPT_NOBODY, true);
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
  curl_setopt($ch, CURLOPT_HEADERFUNCTION, function($curl, $header) use (&$headers)
  {
    $len  = strlen($header);
    $header = explode(':', $header, 2);
    if (count($header) < 2) { // ignore invalid headers
    return $len;
  }

  $name = strtolower(trim($header[0]));
  if (is_array($headers) && !array_key_exists($name, $headers)) {
    $headers[$name] = [trim($header[1])];
  } else {
    $headers[$name][] = trim($header[1]);
  }
  return $len;

  });

  $tmpfname = '/tmp/cookie.dat';
  curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  curl_setopt($ch, CURLOPT_COOKIEJAR, $tmpfname);
  $resp = curl_exec($ch);
  return $headers;

}

Re: 403 error when sending json from php

Former Member — Thu, 21 Jul 2022 16:55:20 GMT

Welcome to the SAP Community. Thank you for visiting us to get answers to your questions.

Since you're asking a question here for the first time, I'd like to offer some friendly advice on how to get the most out of your community membership and experience.

First, please see https://community.sap.com/resources/questions-and-answers, as this resource page provides tips for preparing questions that draw responses from our members. Second, feel free to take our Q&A tutorial at https://developers.sap.com/tutorials/community-qa.html, as that will help you when submitting questions to the community.

I also recommend that you include a profile picture. By personalizing your profile, you encourage readers to respond: https://developers.sap.com/tutorials/community-profile.html.

Now for some specific suggestions on how you might improve your question:

* Outline what steps you took to find answers (and why they weren't helpful) -- so members don't make suggestions that you've already tried.

* Share screenshots of what you've seen/done (if possible), as images always helps our members better understand your problem.

* Make sure you've applied the appropriate tags -- because if you don't apply the correct tags, the right experts won't see your question to answer it.

Should you wish, you can revise your question by selecting Actions, then Edit.

The more details you provide (in questions tagged correctly), the more likely it is that members will be able to respond. As it stands, I don't know if there is enough information here for members to understand your issue. So please consider revising your question because I'd really like to see you get a solution to your problem!

I hope you find this advice useful, and we're happy to have you as part of SAP Community!

Re: 403 error when sending json from php

evanireland — Thu, 21 Jul 2022 21:33:10 GMT

I haven't used PHP previously but I would suggest:

(1) Printing the value of $token upon entry to uploadData.

(2) Printing the response headers and payload for the 403 response. If the 403 response has "X-CSRF-Token: Required' that would imply that the token didn't get through properly.

Also I am curious that the call to uploadData has:

$token['x-csrf-token'][0]

but also:

$token['set-cookie'][1]

which has me wondering, if the response to the token fetch request returns multiple cookies, but then the uploadData call is sending only the cookie at index [1], perhaps the 403 response is due to missing cookie(s) rather than a bad or missing token.

Re: 403 error when sending json from php

former_member813802 — Fri, 22 Jul 2022 13:08:20 GMT

Aquí muestro en pantalla el token y la galleta que me trae el get, en la foto muestro los encabezados que me trae y en las siguientes muestro solo el token y la galleta

Re: 403 error when sending json from php

CarlosRoggan — Fri, 22 Jul 2022 14:27:26 GMT

Hi,

your screenshot shows in the response:

x-csrf-token: required

as Evan pointed out

Re: 403 error when sending json from php

former_member813802 — Fri, 22 Jul 2022 17:31:19 GMT

Apparently it wasn't the token, it was the cookie apparently it's a longer string than what I'm adding