Jump to content

Trying to connect JSON username / pw using PHP CURL


Recommended Posts

Hi, I'm trying to connect to CreditSafe's API with supplied username and password using PHP's CURL, unfortunately am having to do everything from scratch as they won't provide any details as to how we are supposed to set the connection up. The idea is that a username and pw are supplied and you then get a "token" which can be used to make further requests for data.

The username and pw are given by them in JSON format so I am trying to use these and authenticate against their API. At the moment though I get the following for each of the test variables (see end of this script) I'm outputting to the screen:

Data is HTTP/1.1 100 Continue HTTP/1.1 404 Not Found Date: Mon, 18 Jan 2021 15:18:30 GMT Content-Type: application/json; charset=UTF-8; skipnullon="everywhere" Content-Length: 61 Connection: keep-alive Strict-Transport-Security: max-age=31536000; includeSubdomains; { "correlationId": "6c2dc370-59a0-11eb-893a-0223445bacd9" }

Response is NULL

Array is just blank (because Response is NULL)

This is what I have so far, am struggling with it, any idea what's going wrong?


 

<?php
$curl = curl_init();
$username = "email@domain.com";
$password = "passwordstring";

$data_array =  array(
      "username" => $username,
      "password" => $password
);
$make_call = json_encode($data_array);

$headers = array(
    'Content-Type:application/json',
    'Authorization: Basic'
);

curl_setopt_array($curl, [
    CURLOPT_POST => 1,
    CURLOPT_URL => "https://connect.sandbox.creditsafe.com/v1",
    CURLOPT_HTTPHEADER => $headers,
    CURLOPT_HEADER => 1,
    CURLOPT_TIMEOUT => 30,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_CUSTOMREQUEST => "POST",
    CURLOPT_USERPWD => $username . ":" . $password
]);
    
$return = curl_exec($curl);
    
$response = json_decode($return, true);

//Testing output below

echo 'Data is '.$return;

echo 'Response is '.$response;

echo 'Array is '.var_dump($response);

curl_close($curl);

?>

[/CODE]

Anyone have any ideas? Thanks!
  ?>   

 

Link to post
Share on other sites
{ "correlationId": "6c2dc370-59a0-11eb-893a-0223445bacd9" }

Is that the JSON you're expecting to receive? If so, everything is going right - except for the part where you told cURL to return the response headers in its output, which you probably don't need to care about.

Link to post
Share on other sites
27 minutes ago, requinix said:


{ "correlationId": "6c2dc370-59a0-11eb-893a-0223445bacd9" }

Is that the JSON you're expecting to receive? If so, everything is going right - except for the part where you told cURL to return the response headers in its output, which you probably don't need to care about.

Thanks. At first I thought it might be ok, although the token string is supposed to be longer than that. Then, I manually changed the password so it should no longer work at all... and it still outputted that string (or one of the same length)- so that appears to be coming from somewhere or something else... but I have absolutely no idea what it is. ???

I also wondered if I needed to use json_encode when giving the username and pw to the API (I put a line for that in the code although I didn't end up using it). That said, I wasn't sure how to use CURL to send that JSON data through...

Edited by speckytwat2
Link to post
Share on other sites
1 hour ago, speckytwat2 said:

Thanks. At first I thought it might be ok, although the token string is supposed to be longer than that. Then, I manually changed the password so it should no longer work at all... and it still outputted that string (or one of the same length)- so that appears to be coming from somewhere or something else... but I have absolutely no idea what it is. ???

I also wondered if I needed to use json_encode when giving the username and pw to the API (I put a line for that in the code although I didn't end up using it). That said, I wasn't sure how to use CURL to send that JSON data through...

You're going to have to read the documentation about this. If it talks about something you don't understand, stop and learn about it.

Link to post
Share on other sites
4 minutes ago, requinix said:

You're going to have to read the documentation about this. If it talks about something you don't understand, stop and learn about it.

I've read the documentation about using CURL to send JSON information to an API, but from what I've read there are various ways of doing this... I've tried various suggested methods- but I haven't been able to get it to work... hence my question.

Edited by speckytwat2
Link to post
Share on other sites
3 minutes ago, speckytwat2 said:

I've read the documentation about using CURL to send JSON information to an API, but from what I've read there are various ways of doing this...

I don't mean reading documentation about sending JSON to "an API", I mean reading CreditSafe's documentation about sending JSON to their API. Specifically. It should talk about important subjects like authentication, and how to deal with usernames and passwords and tokens.

Link to post
Share on other sites
8 minutes ago, requinix said:

I don't mean reading documentation about sending JSON to "an API", I mean reading CreditSafe's documentation about sending JSON to their API. Specifically. It should talk about important subjects like authentication, and how to deal with usernames and passwords and tokens.

Unfortunately their documentation doesn't have much that's specific, it is simply "Do this" with some minimal examples, which is why I had to try and patch something together and do a lot of guesswork. Their support people have said they're not going to help so I'm kinda stuck.

Edited by speckytwat2
Link to post
Share on other sites

What's an example (with a link) of something in the documentation that you know you need to use but are having a hard time understanding?

Link to post
Share on other sites
2 minutes ago, requinix said:

What's an example (with a link) of something in the documentation that you know you need to use but are having a hard time understanding?

In the Authentication section near the beginning, here: https://www.creditsafe.com/gb/en/enterprise/integrations/api-documentation.html

It shows the sample JSON code for authentication on the right, but doesn't indicate exactly how I would use it or send the request from within a PHP system which is what I'm trying to do. So I put together a script using CURL (the one I posted above) to send what I hoped would be the relevant data, but obviously that isn't working- and they refuse to provide anything more than what's in the documentation.

Link to post
Share on other sites

Just to add, I also tried including this in the CURL array:

CURLOPT_POSTFIELDS => $make_call,

$make_call being the JSON encoded array of username and password declared earlier:

$data_array =  array(
      "username" => $username,
      "password" => $password
);
$make_call = json_encode($data_array);

Link to post
Share on other sites

So, understand that they're not going to write code for you. For assorted reasons. What they've done is provide a fairly standard amount of documentation that assumes you already have some knowledge about using APIs.

The /authenticate docs say:
- POST /authenticate (that tells you the method and URL path)
- Request body is JSON
- Body is an object that includes "username" and "password" keys, whose values are strings
- It can return 200 or 401
- The 200 returns a JSON object with a "token" key
- The 401 returns a JSON object with a "message" key

Again, they assume you have knowledge about working with APIs, but if you did then that information there is enough to use the authentication API.

To use it, don't start by throwing stuff into the code according to whatever you found when you looked up how to send things to APIs. There are many different methods so many of them are not going to work here.

For the headers you need to send to the API, include a Content-Type and stop there. Don't throw in more headers unless you know you need them.
For the data, make a PHP array that matches what the /authenticate docs say, then json_encode() it.
For the cURL options, (1) obviously use CURLOPT_URL, (2) use CURLOPT_POST and CURLOPT_POSTFIELDS as the standard requirements for POSTing data, (3) include CURLOPT_RETURNTRANSFER so you get the response back as a string, and stop there. Don't throw in more options unless you know you need them.

Try with that and see what happens.

Link to post
Share on other sites
17 minutes ago, requinix said:

So, understand that they're not going to write code for you. For assorted reasons. What they've done is provide a fairly standard amount of documentation that assumes you already have some knowledge about using APIs.

The /authenticate docs say:
- POST /authenticate (that tells you the method and URL path)
- Request body is JSON
- Body is an object that includes "username" and "password" keys, whose values are strings
- It can return 200 or 401
- The 200 returns a JSON object with a "token" key
- The 401 returns a JSON object with a "message" key

Again, they assume you have knowledge about working with APIs, but if you did then that information there is enough to use the authentication API.

To use it, don't start by throwing stuff into the code according to whatever you found when you looked up how to send things to APIs. There are many different methods so many of them are not going to work here.

For the headers you need to send to the API, include a Content-Type and stop there. Don't throw in more headers unless you know you need them.
For the data, make a PHP array that matches what the /authenticate docs say, then json_encode() it.
For the cURL options, (1) obviously use CURLOPT_URL, (2) use CURLOPT_POST and CURLOPT_POSTFIELDS as the standard requirements for POSTing data, (3) include CURLOPT_RETURNTRANSFER so you get the response back as a string, and stop there. Don't throw in more options unless you know you need them.

Try with that and see what happens.

Thanks, well I tried the following based on your suggestions:


 

$ch = curl_init();

$data_array =  array(
      'username' => "email@example.com",
      'password' => "passwordstring"
);
$make_call = json_encode($data_array);


curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $make_call);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_URL, "https://connect.sandbox.creditsafe.com/v1");
 
//Execute the request
$result = curl_exec($ch);

echo 'Result: '.$result;
    $response = json_decode($result, true);
echo 'Response: '.$response;
    
if(curl_errno($ch)){
    echo 'Request Error:' . curl_error($ch);
}
    
    echo 'Array is '.var_dump($response);

curl_close($ch);

[/CODE]

So the results are:

First the raw result:

Result: { "correlationId": "8222f970-59cd-11eb-893a-0223445bacd9", "message": "Resource not found" }

The json-decoded Response:

Response: Array

And if I do a var_dump:

array(2) { ["correlationId"]=> string(36) "8222f970-59cd-11eb-893a-0223445bacd9" ["message"]=> string(18) "Resource not found" }

 

So it seems to be getting something from somewhere but isn't able to find the token or authenticate. The URL is definitely correct, tech department confirmed. User / pw are ones that they set up.

I did also add the following to capture any errors but apparently there weren't any:

if(curl_errno($ch)){
    echo 'Request Error:' . curl_error($ch);
}

Edited by speckytwat2
Link to post
Share on other sites
curl_setopt($ch, CURLOPT_URL, "https://connect.sandbox.creditsafe.com/v1");

Where's the /authenticate?

And please, pay more attention when you try to post code. Hit the <> button, paste your code into the popup, and insert. The result looks like what I did above.

Link to post
Share on other sites
12 hours ago, requinix said:



curl_setopt($ch, CURLOPT_URL, "https://connect.sandbox.creditsafe.com/v1");

Where's the /authenticate?

And please, pay more attention when you try to post code. Hit the <> button, paste your code into the popup, and insert. The result looks like what I did above.

I'm authenticating by sending the username and password as follows which I believe is what Creditsafe are asking people to do?

$data_array =  array(
      'username' => "email@example.com",
      'password' => "passwordstring"
);
$make_call = json_encode($data_array);

And then I send it using:

curl_setopt($ch, CURLOPT_POSTFIELDS, $make_call);

If that isn't correct, how would I send the username and password? Thanks.

(I did also try adding the following to authenticate, but that didn't send back anything meaningful either)

curl_setopt($ch, CURLOPT_USERPWD, "email@example.com:passwordstring");

 

Edited by speckytwat2
Link to post
Share on other sites
53 minutes ago, speckytwat2 said:

I'm authenticating by sending the username and password as follows which I believe is what Creditsafe are asking people to do?


$data_array =  array(
      'username' => "email@example.com",
      'password' => "passwordstring"
);
$make_call = json_encode($data_array);

And then I send it using:


curl_setopt($ch, CURLOPT_POSTFIELDS, $make_call);

If that isn't correct, how would I send the username and password? Thanks.

(I did also try adding the following to authenticate, but that didn't send back anything meaningful either)


curl_setopt($ch, CURLOPT_USERPWD, "email@example.com:passwordstring");

 

UPDATE - I did some digging around and saw a tiny dropdown arrow under Authenticate in their documentation which reveals a different connection URL- so it looks as if the URL they gave me wasn't correct and it needed to have "authenticate" after it. Anyway it now comes back with an Access Denied message which is obviously a separate issue so I will see if I can get that reset and try again. Thanks for your assistance so far.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.