Home > OS >  POST request with httr fails while shell request works
POST request with httr fails while shell request works

Time:03-03

I am trying to get data from an API with a POST request. The request works well with a direct shell command :

system(sprintf('curl POST -k --tlsv1.2 -v "https://api-gateway.inpi.fr/services/apidiffusion/api/marques/search" -H "X-XSRF-TOKEN: %s" -H \'accept: application/xml\' -H "Content-Type: application/json" -H "Cookie: XSRF-TOKEN=%s; access_token=%s; session_token=%s"  -d \'%s\' > test.xml',token,token,access_token,refresh_token,json_request))

However, I would like to use httr for many reasons. I use the following code :

test <- httr::POST(
  "https://api-gateway.inpi.fr/services/apidiffusion/api/marques/search",
  httr::set_config(config(ssl_verifypeer = 0L)),
  config = (add_headers(
    "X-XSRF-TOKEN" = token,
    "accept" = "application/xml",
    "Content-Type" = "application/json",
    "Cookie" = sprintf("XSRF-TOKEN=%s; access_token=%s; session_token=%s",token,access_token,refresh_token)
  ))
  ,set_cookies(`X-XSRF-TOKEN` = token,
               `XSRF-TOKEN` = token,
              access_token = access_token,
              session_token = refresh_token)
  ,body = json_request
)

But this returns a 403 Forbidden error (my_token being the token I use) :

$error
[1] "access_denied"

$error_description
[1] "Invalid CSRF Token '*my_token*' was found on the request parameter '_csrf' or header 'X-XSRF-TOKEN'.

It seems like httr did not take into account my cookies because the token is different inside the test object I create :

> test2$cookies
               domain  flag path secure expiration       name                                value
1 api-gateway.inpi.fr FALSE    /  FALSE       <NA> XSRF-TOKEN *another_token*

Any idea ? I am sorry that I can't create a reproducible example for obvious security reasons.

Thank you !

CodePudding user response:

The solution was wierd.

I had to rid off from httr, I used UNIX system commands instead, and it worked with the same request.

  system(sprintf('curl POST -k --tlsv1.2 "https://api-gateway.inpi.fr/services/apidiffusion/api/marques/search" -H "X-XSRF-TOKEN: %s" -H \'accept: application/json\' -H "Content-Type: application/json" -H "Cookie: XSRF-TOKEN=%s; access_token=%s; session_token=%s"   -d \'%s\' > %s/res.json',tokens$xsrf_token,tokens$xsrf_token,tokens$access_token,tokens$refresh_token,json_request,tempdir()))

It seems like httr tries to handle cookies by its own, so maybe that's what caused my problem.

Page link:https//www.codepudding.com/os/321691.html

Prev:Safely get the UUID of a windows machine?
Next:How to scrape and construct price that is in the same div but different sub classes?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding