wisem2540

Winhttp API help

17 posts in this topic

#1 ·  Posted (edited)

This is my first try with this.  I feel like I am very close, but I just cant make it work.

#include<WinHttp.au3>

Opt("MustDeclareVars", 1)

; !!!Note that this example will fail because of invalid username and password!!!

Global $sAddress = "app.energycurb.com"
Global $sUserName = ""
Global $sPassword = ""
; Post data:
Global $sPostData =  'grant_type=password&username='&$sUserName&'&password='&$spassword
MsgBox(0,"",$spostdata)

; Initialize and get session handle
Global $hOpen = _WinHttpOpen("Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5")

; Get connection handle
Global $hConnect = _WinHttpConnect($hOpen, $sAddress, $INTERNET_DEFAULT_HTTPS_PORT)

; Make a request
Global $hRequest = _WinHttpOpenRequest($hConnect, _
        "POST", _
        "oauth2/token", _
        Default, _
        Default, _
        "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", _
        $WINHTTP_FLAG_SECURE)

; Add header fields to the request
_WinHttpAddRequestHeaders($hRequest, "Accept-Language: en-us,en;q=0.5")
_WinHttpAddRequestHeaders($hRequest, "Content-Type: application/x-www-form-urlencoded")
_WinHttpAddRequestHeaders($hRequest, "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7")
_WinHttpAddRequestHeaders($hRequest, "Keep-Alive: 300")
_WinHttpAddRequestHeaders($hRequest, "Connection: keep-alive")




; Send it
_WinHttpSendRequest($hRequest, -1 , $sPostData)
; Wait for the response
_WinHttpReceiveResponse($hRequest)
; Check if there is a response
Global $sHeader, $sReturned
If _WinHttpQueryDataAvailable($hRequest) Then
    $sHeader = _WinHttpQueryHeaders($hRequest)
    MsgBox(64, "Header", $sHeader)
    Do
        $sReturned &= _WinHttpReadData($hRequest)
    Until @error
    ; Print returned
    ConsoleWrite($sReturned)
Else
    ConsoleWriteError("!No data available." & @CRLF)
    MsgBox(48, "Failure", "No data available.")
EndIf

; Close handles
_WinHttpCloseHandle($hRequest)
_WinHttpCloseHandle($hConnect)
_WinHttpCloseHandle($hOpen)

I am trying to request an API token described here...

http://docs.energycurb.com/authentication.html#authenticating-a-request

It appears I would simple send a post that looks like this....  grant_type=password&username='&$sUserName&'&password='&$spassword but I get "bad password".  I must have a parameter wrong somewhere.

most of this code is taken from examples using my own values

 

Edited by wisem2540
Removed username & password

Share this post


Link to post
Share on other sites



bump

Share this post


Link to post
Share on other sites

Even if this had been bumped too early (it wasn't), surely not necessary to report the thread rather than just informing the poster of the forum etiquette...


When you're dead, you don't know you're dead - it's only difficult for those that know you. It's the same way when you're stupid...

My Scripts: SCCM UDFInclude Source with Compiled Script, Windows Firewall UDF

Share this post


Link to post
Share on other sites

b u pm one more time

Share this post


Link to post
Share on other sites

It would be nice to be able to test it with valid credentials. Otherwise it doesn't really pays off to even bother.

Your call.


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

Sorry it took so long to get back to you

@Jfish Yes, I have tried it both ways.  But, I was following an example I found where the rest in the the request.

Global $hRequest = _WinHttpOpenRequest($hConnect, _
        "POST", _
        "oauth2/token", _
        Default, _
        Default, _
        "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", _
        $WINHTTP_FLAG_SECURE)

 

 

Edited by wisem2540

Share this post


Link to post
Share on other sites

Without credentials to test the only other thing I would suggest is make sure you are passing what they expect for username and password "the client token and client secret being the username and password, respectively."  Otherwise, I can't test anything without an account.


Build your own poker game with AutoIt: pokerlogic.au3 | Learn To Program Using FREE Tools with AutoIt

Share this post


Link to post
Share on other sites

@trancexx

@Jfish

I have updated the original post with valid credentials.  Thank you for taking your time.

Share this post


Link to post
Share on other sites

#10 ·  Posted

Why would you share credentials publicly? OMG don't do that.

I can't login using those credentials. Not even from browser. Are you sure they are valid?


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

#11 ·  Posted (edited)

Creds don't work for me either - agree you should not post them.

Quote

{
    "status": "401 Unauthorized",
    "code": 401,
    "explanation": "This server could not verify that you are authorized to access the document you requested.  Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.",
    "detail": "Invalid client credentials"
}

 

Edited by Jfish

Build your own poker game with AutoIt: pokerlogic.au3 | Learn To Program Using FREE Tools with AutoIt

Share this post


Link to post
Share on other sites

#12 ·  Posted

1 hour ago, trancexx said:

Why would you share credentials publicly? OMG don't do that.

Well, a fake account with dedicated valid credentials could be created for example only... else how do you get it to try ?
Hmm did I hear valid:)

Share this post


Link to post
Share on other sites

#13 ·  Posted

2 minutes ago, mikell said:

Well, a fake account with dedicated valid credentials could be created for example only... else how do you get it to try ?
Hmm did I hear valid:)

I'd send PM if I'd decide that I can trust someone. But that's just me :P.


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

#14 ·  Posted

27 minutes ago, trancexx said:

I'd send PM if I'd decide that I can trust someone. But that's just me :P.

Although you've got no sign of understanding , this was implied in post #5 - obviously   :rolleyes:

Share this post


Link to post
Share on other sites

#15 ·  Posted

Either the account was locked, or someone was "nice" enough to change the password.  If someone legitimately doesn't mind helping out with this, please PM me.  This is highly disappointing

Share this post


Link to post
Share on other sites

#16 ·  Posted

Uhm... you should be the one sending PM. This isn't bizzaro world.

Btw, what did you expect when you posted credentials? That there aren't fuckers around?

1 person likes this

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

#17 ·  Posted

Hopefully this should work:

#include <WinHttp.au3>

Opt("MustDeclareVars", 1)
Opt("TrayIconDebug", 1)

Global $hOpen = _WinHttpOpen('Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5') ; Initialize and get session handle
Global $sAddress = 'app.energycurb.com'
Global $hConnect = _WinHttpConnect($hOpen, $sAddress, $INTERNET_DEFAULT_HTTPS_PORT) ; Get connection handle
Global $hRequest = _WinHttpOpenRequest($hConnect, 'POST', '/oauth2/token', Default, 'https://app.energycurb.com/', Default, $WINHTTP_FLAG_SECURE) ; Make a request

; Add header fields to the request
_WinHttpAddRequestHeaders($hRequest, 'Accept: */*')
_WinHttpAddRequestHeaders($hRequest, 'Accept-Language: en-US,en;q=0.5')
_WinHttpAddRequestHeaders($hRequest, 'Accept-Encoding: gzip, deflate, br')
_WinHttpAddRequestHeaders($hRequest, 'Authorization: Basic czFkZmw3amJ4b3Y1cHRoMXJ4enNjMGZsNDgweno2cndnNHVvNmJ1MGd6dTF0ODkzOTNjc2p3cHM2ZzVsc2djeDo4ZHBkem0yYTZtY3lnM3hvY2ZxdmZyYWpmaW42eWFqamRvcW1oajc3eW52a3NteWFxdzZycHZwcG41c3JkZTZk')
_WinHttpAddRequestHeaders($hRequest, 'Content-Type: multipart/form-data; boundary=---------------------------78432868715746')
_WinHttpAddRequestHeaders($hRequest, 'origin: https://app.energycurb.com')
_WinHttpAddRequestHeaders($hRequest, 'Content-Length: 384')
_WinHttpAddRequestHeaders($hRequest, 'Connection: keep-alive')

Global $sUserName = 'me@email.com' ;Replace user name, obviously
Global $sPassword = 'password' ;Replace password, obviously
Global $sPostData = '-----------------------------78432868715746' & @CRLF & _
        'Content-Disposition: form-data; name="grant_type"' & @CRLF & @CRLF & _
        'password' & @CRLF & _
        '-----------------------------78432868715746' & @CRLF & _
        'Content-Disposition: form-data; name="username"' & @CRLF & @CRLF & _
        $sUserName & @CRLF & _
        '-----------------------------78432868715746' & @CRLF & _
        'Content-Disposition: form-data; name="password"' & @CRLF & @CRLF & _
        $sPassword & @CRLF & _
        '-----------------------------78432868715746--' & @CRLF
_WinHttpSendRequest($hRequest, Default, $sPostData) ; Send it
_WinHttpReceiveResponse($hRequest) ; Wait for the response

; Check if there is a response
Global $sHeader, $sReturned
If _WinHttpQueryDataAvailable($hRequest) Then
    $sHeader = _WinHttpQueryHeaders($hRequest)
    MsgBox(64, 'Header', $sHeader)
    Do
        $sReturned &= _WinHttpReadData($hRequest)
    Until @error
    ConsoleWrite($sReturned) ; Print returned
Else
    ConsoleWriteError('!No data available.' & @CRLF)
    MsgBox(48, 'Failure', 'No data available.')
EndIf

; Close handles
_WinHttpCloseHandle($hRequest)
_WinHttpCloseHandle($hConnect)
_WinHttpCloseHandle($hOpen)

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now