-
Products and Technology
By Category
-
Groups
Activity Groups
Industry Groups
Influence and Feedback Groups
Interest Groups
Location Groups
Customer Only Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
Products
Learning and Support
-
- Products and Technology
- Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
- Explore SAP
-
Products
- Products
- SAP Business Suite
- Artificial Intelligence
- Business applications
- Data and analytics
- Technology Platform
- Financial Management
- Spend Management
- Supply Chain Management
- Human Capital Management
- Customer Experience
- SAP Business Network
- View products A-Z
- View industries
- Try SAP
- Partners
- Services
- Learning and Support
- About
- SAP Community
- Groups
- Interest Groups
- Application Development and Automation
- Discussions
- 403 error when sending json from php
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
403 error when sending json from php
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2022 Jul 21 5:54 PM
- SAP Managed Tags
- OData
How to make a request using HTTP basic authentication with PHP curl?
I am sending a json from php to a Sap web service but it tells me a 403 forbidden error when I see the response, I tried sending the json with postman and it works
find that you have to make a get request first to get a token, and with that a post request is made to send that data
here my functions
with the first one I get a token that is the one that allows to send the data to sap and the second function sent the data is called $payload. but when printing the response, the code 403 forbidden appears
<code> $token = getCSRFToken($username,$password,$url);
$upload = uploadData($payload,$token['x-csrf-token'][0],$token['set-cookie'][1],$username,$password,$url);
function uploadData($json,$token,$cookie,$username,$password,$url) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HTTPHEADER, array (
'x-csrf-token: ' . $token,
'Cookie: ' . $cookie,
'Content-Type: application/json',
'Content-Length: ' . strlen($json),
'Accept: application/json'
));
curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $json);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
$result = curl_exec($ch);
echo $result;
return curl_getinfo($ch);
}
function getCSRFToken($username,$password,$url) {
$ch = curl_init($url);
$request_headers = array();
$request_headers[] = 'X-CSRF-Token: Fetch';
$request_headers[] = 'Content-Type: application/json';
$request_headers[] = 'Accept: application/json';
curl_setopt($ch, CURLOPT_HTTPHEADER, $request_headers);
curl_setopt($ch, CURLOPT_POST, 0);
curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_NOBODY, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, function($curl, $header) use (&$headers)
{
$len = strlen($header);
$header = explode(':', $header, 2);
if (count($header) < 2) { // ignore invalid headers
return $len;
}
$name = strtolower(trim($header[0]));
if (is_array($headers) && !array_key_exists($name, $headers)) {
$headers[$name] = [trim($header[1])];
} else {
$headers[$name][] = trim($header[1]);
}
return $len;
});
$tmpfname = '/tmp/cookie.dat';
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, $tmpfname);
$resp = curl_exec($ch);
return $headers;
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2022 Jul 21 5:55 PM
- SAP Managed Tags
- OData
Welcome to the SAP Community. Thank you for visiting us to get answers to your questions.
Since you're asking a question here for the first time, I'd like to offer some friendly advice on how to get the most out of your community membership and experience.
First, please see https://community.sap.com/resources/questions-and-answers, as this resource page provides tips for preparing questions that draw responses from our members. Second, feel free to take our Q&A tutorial at https://developers.sap.com/tutorials/community-qa.html, as that will help you when submitting questions to the community.
I also recommend that you include a profile picture. By personalizing your profile, you encourage readers to respond: https://developers.sap.com/tutorials/community-profile.html.
Now for some specific suggestions on how you might improve your question:
* Outline what steps you took to find answers (and why they weren't helpful) -- so members don't make suggestions that you've already tried.
* Share screenshots of what you've seen/done (if possible), as images always helps our members better understand your problem.
* Make sure you've applied the appropriate tags -- because if you don't apply the correct tags, the right experts won't see your question to answer it.
Should you wish, you can revise your question by selecting Actions, then Edit.
The more details you provide (in questions tagged correctly), the more likely it is that members will be able to respond. As it stands, I don't know if there is enough information here for members to understand your issue. So please consider revising your question because I'd really like to see you get a solution to your problem!
I hope you find this advice useful, and we're happy to have you as part of SAP Community!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2022 Jul 21 10:33 PM
- SAP Managed Tags
- OData
I haven't used PHP previously but I would suggest:
(1) Printing the value of $token upon entry to uploadData.
(2) Printing the response headers and payload for the 403 response. If the 403 response has "X-CSRF-Token: Required' that would imply that the token didn't get through properly.
Also I am curious that the call to uploadData has:
$token['x-csrf-token'][0]
but also:
$token['set-cookie'][1]
which has me wondering, if the response to the token fetch request returns multiple cookies, but then the uploadData call is sending only the cookie at index [1], perhaps the 403 response is due to missing cookie(s) rather than a bad or missing token.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2022 Jul 22 6:31 PM
- SAP Managed Tags
- OData
Apparently it wasn't the token, it was the cookie apparently it's a longer string than what I'm adding
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2022 Jul 22 2:08 PM
- SAP Managed Tags
- OData
Aquà muestro en pantalla el token y la galleta que me trae el get, en la foto muestro los encabezados que me trae y en las siguientes muestro solo el token y la galleta
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2022 Jul 22 3:27 PM
- SAP Managed Tags
- OData
Hi,
your screenshot shows in the response:
x-csrf-token: required
as Evan pointed out
Bluesky