Jump to content

WinHTTP Get (to a REST API): Authentication problem


 Share

Recommended Posts

Hello there,

I'm trying to query a REST API of a webservice, SHOPWARE to be precise. The API is very well documented (https://developers.shopware.com/developers-guide/rest-api/#using-the-rest-api-in-your-own-a) but only using PHP. I tried some stuff but could not make it work.

It should be very simple, because the following simply works in a Chrome-Browser:

https://USERNAME:PASSPHRASE@www.SHOPWAREDOMAIN.com/api/orders/300

queries me for username and passphrase and then dumps order number 300.

Now I try to do the same in AutoIt (based on the wonderful work of many contributors here):

#include-once
#include "..\INCLUDE\winhttp.au3"
#include "..\INCLUDE\OO_JSON.au3"


;Proxy Config
Global $oJSON = _OO_JSON_Init()
Global $obj = ""

Global $sUserName = "USERNAME"
Global $sPassword = "PASSPHRASE"
Global $sDomain = "www.SHOPWAREDOMAIN.com/api/orders/300"
Global $hOpen = _WinHttpOpen("Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) JOC/0.1") ; without ie proxy settings
$hConnect = _WinHttpConnect($hOpen, "https://" & $sDomain)
ConsoleWrite ($hConnect & "#")
$sReturned = _WinHttpSimpleSSLRequest($hConnect, "GET", $sUserName & ":" & $sPassword & "@" & $sDomain, Default  )
;$sReturned = _WinHttpSimpleSSLRequest($hConnect, "GET", $sDomain, Default,  $sUserName & ":" & $sPassword)
;$sReturned = _WinHttpSimpleSSLRequest($hConnect, "GET", $sDomain, Default, , $sUserName & ":" & $sPassword )
_WinHttpCloseHandle($hConnect)
_WinHttpCloseHandle($hOpen)
; See what's returned
ConsoleWrite ($sReturned & "#" & @error)

Whatever version I use (I tried the commented ones and many others), I always get a reply from Shopware:

{"success":false,"message":"Invalid or missing auth"}

At least this comes from Shopware. But there must be some format of the credentials that I don't know or understand.

Any help?

Edited by jandings
Link to comment
Share on other sites

  • 1 year later...
Quote
$sReturned = _WinHttpSimpleSSLRequest($hConnect, "GET", $sUserName & ":" & $sPassword & "@" & $sDomain, Default  )

The username/password combination dont go with the GET header.

This is how the browser tells the server about the credentials (source: Wikipedia):

 

When the user agent wants to send authentication credentials to the server, it may use the Authorization field.

The Authorization field is constructed as follows:[6]

  1. The username and password are combined with a single colon. (:)
  2. The resulting string is encoded into an octet sequence.[7]
  3. The resulting string is encoded using a variant of Base64.[8]
  4. The authorization method and a space (e.g. "Basic ") is then prepended to the encoded string, separated with a space.

For example, if the browser uses Aladdin as the username and OpenSesame as the password, then the field's value is the base64-encoding of Aladdin:OpenSesame, or QWxhZGRpbjpPcGVuU2VzYW1l. Then the Authorization header will appear as:

Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l

My stuff

Spoiler

My UDFs  _AuThread multithreading emulation for AutoIt · _ExtInputBox an inputbox with multiple inputs and more features · forceUTF8 fix strings encoding without knowing its original charset · JSONgen JSON generator · _TCPServer UDF multi-client and multi-task (run on background) event-based TCP server easy to do · _TCPClient_UDF multi-server and multi-task (runs on background) event-based TCP client easy to do · ParseURL and ParseStr functions ported from PHP · _CmdLine UDF easily parse command line parameters, keys or flags · AutoPHP Create documents (bills, incomes) from HTML by sending variables/arrays from AutoIt to PHP · (Un)Serialize Convert arrays and data into a storable string (PHP compatible) · RTTL Plays and exports to MP3 Nokia-format monophonic ringtones (for very old cellphones) · I18n library Simple and easy to use localization library · Scripting.Dictionary OOP and OOP-like approach · Buffer/stack limit arrays to N items by removing the last one once the limit is reached · NGBioAPI UDF to work with Nitgen fingerprint readers · Serial/Licensing system require license key based on unique machine ID from your users · HTTP a simple WinHTTP library that allows GET, POST and file uploads · Thread true AutoIt threads (under-dev) · RC4 RC4 encryption compatible with PHP and JS ·  storage.au3 localStorage and sessionStorage for AutoIt Classes _WKHtmlToX uses wkhtmlto* to convert HTML files and webpages into PDF or images (jpg, bmp, gif, png...) Snippets _Word_DocFindReplaceByLongText replace strings using Word UDF with strings longer than 255 characters (MSWord limit) rangeparser parser for printing-like pages interval (e.g.: "1,2,3-5") EnvParser parse strings/paths with environment variables and get full path GUICtrlStaticMarquee static text scrolling Random stuff Super Mario beep sound your ears will hurt

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...