Jump to content
Sign in to follow this  
Boxerman

API json redirecting to login

Recommended Posts

Evening all!

 

I'm running into an issue where a site i have signed up to provides an API, however when I try to decode it on my server it outputs:

 

 

 

NULL bool(true)

 

The PHP script being used:

$url = file_get_contents("http://apiwebsite.com/blah?latest");
$json = json_decode($url, true); // decode the JSON into an associative array
echo '<pre>' .var_dump($json, true). '</pre>';

When i try to browse to this site on my server it redirects to a website.

 

Is there a way to bypass the login? or actually login to get the API?

 

Thanks everyone

Share this post


Link to post
Share on other sites

This may disappoint you, but none of us is a mind reader. We cannot identify the API you're using just by looking at the words “NULL bool(true)”, and we aren't able to deduce the inner workings of that API from this piece of (non-)information. Sure, it would make life a lot easier, but unfortunately, we're mere mortals.

 

Any halfway professional API is extensively documented (if yours isn't, look for an alternative). So the first step is to RTFM. Have you done that? The authentication procedure will involve credentials like an API key which you've received during the registration procedure and which has to be submitted in an API-specific way.

Share this post


Link to post
Share on other sites

Hey dude

 

I completely understand, there is no key or anything, the API, I'd rather not sure due to forum rules but for example; the URL is blah.com/user-api/thing?latest

 

If I'm logged in that link works and it displays; however if I'm not logged in and I go to that URL it directs me to the login page.

 

There's no api key at all simply that URL works when logged in but not if you're a 'guest'

 

There is no manual to read but it's still the best API I have found.

 

I'm at a loss on what else to try.

 

Hope this makes sense, I know this reply is like throwing your head against the wall but I don't know what else to answer

Share this post


Link to post
Share on other sites

You need to programmatically log in. Something like this:

 

function getSessionCookie($username, $password) {
    $context = [
        'http' => [
            'method' => 'POST',
            'content' => http_build_query(['username_formfield' => $username, 'password_formfield' => $password]),
        ]
    ];
    $contents = file_get_contents('http://apiwebsite.com/login', false, $context);

    if (false === $contents) {
        return false;
    }

    foreach ($http_response_header as $header) {
        if (0 === strpos($header, 'Set-Cookie')) {
            return explode(':', $header)[1];
        }
    }
    
    return false;
}

function queryApi($sessionCookie, $apiCall) {
    $context = [
        'http' => [
            'header' => ["Cookie: $sessionCookie"],
        ]
    ];

    $contents = file_get_contents('http://apiwebsite.com/blah?latest', false, $context);

    // your code
}
You'll still need to handle if the cookie expires etc.. and probably also need to parse the set-cookie header instead of simply copy-pasting. But this should get you started. Edited by ignace

Share this post


Link to post
Share on other sites

Thanks mate! It was alot simpler than i thought and your code has actually taught me how to set cookies in php so thanks for that! :) +1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.