Jump to content

WinHTTP Get (to a REST API): Authentication problem

jandings

By jandings
in AutoIt General Help and Support

 Share

Recommended Posts

jandings Seeker

jandings

Posted
Posted (edited)

Hello there,

I'm trying to query a REST API of a webservice, SHOPWARE to be precise. The API is very well documented (https://developers.shopware.com/developers-guide/rest-api/#using-the-rest-api-in-your-own-a) but only using PHP. I tried some stuff but could not make it work.

It should be very simple, because the following simply works in a Chrome-Browser:

https://USERNAME:PASSPHRASE@www.SHOPWAREDOMAIN.com/api/orders/300

queries me for username and passphrase and then dumps order number 300.

Now I try to do the same in AutoIt (based on the wonderful work of many contributors here): 

#include-once
#include "..\INCLUDE\winhttp.au3"
#include "..\INCLUDE\OO_JSON.au3"


;Proxy Config
Global $oJSON = _OO_JSON_Init()
Global $obj = ""

Global $sUserName = "USERNAME"
Global $sPassword = "PASSPHRASE"
Global $sDomain = "www.SHOPWAREDOMAIN.com/api/orders/300"
Global $hOpen = _WinHttpOpen("Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) JOC/0.1") ; without ie proxy settings
$hConnect = _WinHttpConnect($hOpen, "https://" & $sDomain)
ConsoleWrite ($hConnect & "#")
$sReturned = _WinHttpSimpleSSLRequest($hConnect, "GET", $sUserName & ":" & $sPassword & "@" & $sDomain, Default  )
;$sReturned = _WinHttpSimpleSSLRequest($hConnect, "GET", $sDomain, Default,  $sUserName & ":" & $sPassword)
;$sReturned = _WinHttpSimpleSSLRequest($hConnect, "GET", $sDomain, Default, , $sUserName & ":" & $sPassword )
_WinHttpCloseHandle($hConnect)
_WinHttpCloseHandle($hOpen)
; See what's returned
ConsoleWrite ($sReturned & "#" & @error)

Whatever version I use (I tried the commented ones and many others), I always get a reply from Shopware:

{"success":false,"message":"Invalid or missing auth"}

At least this comes from Shopware. But there must be some format of the credentials that I don't know or understand.

Any help?

Edited by jandings
  • 1 year later...
Jefrey Prodigy

Jefrey

Posted
Posted
  Quote 
$sReturned = _WinHttpSimpleSSLRequest($hConnect, "GET", $sUserName & ":" & $sPassword & "@" & $sDomain, Default  )
Expand  

The username/password combination dont go with the GET header.

This is how the browser tells the server about the credentials (source: Wikipedia):

 

When the user agent wants to send authentication credentials to the server, it may use the Authorization field.

The Authorization field is constructed as follows:[6]

  1. The username and password are combined with a single colon. (:)
  2. The resulting string is encoded into an octet sequence.[7]
  3. The resulting string is encoded using a variant of Base64.[8]
  4. The authorization method and a space (e.g. "Basic ") is then prepended to the encoded string, separated with a space.

For example, if the browser uses Aladdin as the username and OpenSesame as the password, then the field's value is the base64-encoding of Aladdin:OpenSesame, or QWxhZGRpbjpPcGVuU2VzYW1l. Then the Authorization header will appear as:

Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l

My stuff

  Reveal hidden contents

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...