PHP CURL REST API Login successful. Please use XSRF-TOKEN and SESSIONI - Enhance your coding expertise with Shaw Mead on @onlycoders.net

2 years ago

#47466

Shaw Mead

PHP CURL REST API Login successful. Please use XSRF-TOKEN and SESSIONID cookies along with x-xsrf-token header in future requests

I'm stuck on a basic API setup. I'm trying to test this API, using PHP CURL

https://inland.zethconapp.com/test/api/docs/

The Authentication Endpoints work just fine, with a 200 response.

$url = "https://inland.zethconapp.com/test/api/login";
$data = array (
  "username" => "USER",
  "password" => "PASS"
);
$ch = curl_init( $url );
$payload = json_encode( $data );
curl_setopt( $ch, CURLOPT_POSTFIELDS, $payload );
curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-Type:application/json'));
$result = curl_exec($ch); 
curl_close($ch);

The very limited docs show: 200 - Login successful. Please use XSRF-TOKEN and SESSIONID cookies along with x-xsrf-token header in future requests.

The next call is where I'm stuck, I'm trying the endpoint /inventory/by-customer

$url = "https://inland.zethconapp.com/test/api/inventory/by-customer";
$headers = array (
"Content-Type" => "application/json"
);
$data = array (
  "custid" => "DURONT",
  "facility" => "B01"
);
$ch = curl_init( $url );
$payload = json_encode( $data );
$headers = json_encode( $headers );
curl_setopt( $ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt( $ch, CURLOPT_POSTFIELDS, $payload );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
$result = curl_exec($ch);
curl_close($ch);

This results in 401:

{"error":{"message":"invalid csrf token","type":"general","errorCode":"1d21867f3fc04bd7","statusCode":401,"requestId":"d7cf0a72-80dc-4ea2-ae5b-11fe27c082c6"}}

401 - Unauthorized. The client has not authenticated or is missing the authentication token.

I've been messing around with these calls, and I do see the Login header response does give the token info, such as this:

XSRF-TOKEN=76368dc5c8e74d4da8a37cf00c66069829762c52f27f3a12342809ea1b3399ba; SESSIONID=ey
x-xsrf-token: 76368dc5c8e74d4da8a37cf00c66069829762c52f27f3a12342809ea1b3399ba

I do not know how to get this information into the next call.

Thank you all for your help.

UPDATE after the first comments.

Okay, I get this in the login header response:

[set-cookie] => XSRF-TOKEN=245fd2c5e5e5338f94b436cf6720e771174b1e7bb37065c9eeb010397c60499a; 
Path=/

I isolated the actual token (245fd2c5e5e5338f94b436cf6720e771174b1e7bb37065c9eeb010397c60499a)

Then, following the instructions (Please use XSRF-TOKEN and SESSIONID cookies along with x-xsrf-token header in future requests.), I have this on the next call:

$url = "https://inland.zethconapp.com/test/api/inventory/by-customer";

$headers = array (
"Content-Type" => "application/json",
"x-xsrf-token"=>"".$csrf.""
);

 
$data = array (
  "custid" => "GOLDDIST",
  "facility" => "FRS"
);
$ch = curl_init( $url );
# Setup request to send json via POST.
$payload = json_encode( $data );
$headers = json_encode( $headers );

curl_setopt( $ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt( $ch, CURLOPT_POSTFIELDS, $payload );

curl_setopt($ch, CURLOPT_COOKIE, 'XSRF-TOKEN=$csrf; SESSIONID=$csrf'); 

# Return response instead of printing.
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
# Send request.
$result = curl_exec($ch);
curl_close($ch);

Still getting the error:

RESPONSE: {"error":{"message":"invalid csrf token","type":"general","errorCode":"1d21867f3fc04bd7","statusCode":401,"requestId":"b8b6b1d6-e8ac-4e46-b692-1e70cf4bf14d"}}

Does anything jump out?

php

api

rest

curl

php-curl

0 Answers

Your Answer

Posts

Questions

Blogs

Jobs