I’m trying to get some data from an API with php-cURL. I went to Chrome Developer Tools and copied as cURL (as I usually do):
curl 'https://api.domain.co/data/network.php?action=balance&id=#####' -H 'authority: api.domain.co' -H 'pragma: no-cache' -H 'cache-control: no-cache' -H 'accept: application/json, text/javascript, */*; q=0.01' -H 'sec-fetch-dest: empty' -H 'api_token: #######################' -H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36' -H 'origin: https://app.domain.com' -H 'sec-fetch-site: cross-site' -H 'sec-fetch-mode: cors' -H 'referer: https://app.domain.com/' -H 'accept-language: en-US;q=0.9,en;q=0.8,de;q=0.7,ru;q=0.6,en-GB;q=0.5' --compressed
I converted the code to php-cURL and placed it in my page:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.domain.co/data/network.php?action=balance&id=#####');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_ENCODING, 'gzip, deflate');
$headers = array();
$headers[] = 'authority: api.domain.co';
$headers[] = 'pragma: no-cache';
$headers[] = 'cache-control: no-cache';
$headers[] = 'accept: application/json, text/javascript, */*; q=0.01';
$headers[] = 'fec-fetch-dest: empty';
$headers[] = 'api_token: #######################';
$headers[] = 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36';
$headers[] = 'origin: https://app.domain.com';
$headers[] = 'sec-fetch-site: cross-site';
$headers[] = 'sec-fetch-mode: cors';
$headers[] = 'referer: https://app.domain.com/';
$headers[] = 'accept-language: en-US;q=0.9,en;q=0.8,de;q=0.7,ru;q=0.6,en-GB;q=0.5';
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$result = curl_exec($ch);
if (curl_errno($ch)) {
echo 'Error:' . curl_error($ch);
}
curl_close($ch);
print_r($result);
And I got the following response:
{"message":"Forbidden"}
I played around with the headers and other cURL parameters, but with no success.
Then I said I should try with Postman, and imported the code from Chrome to Postman, and voilà, it worked.
At this point, I thought that maybe I wasn’t converting the code properly. So I took the code from Postman Code Generator as PHP - cURL and placed it in my page, only to get the same result as before:
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "https://api.domain.co/data/network.php?action=balance&id=#####",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => array(
"authority: domain.co",
"pragma: no-cache",
"cache-control: no-cache",
"accept: application/json, text/javascript, */*; q=0.01",
"sec-fetch-dest: empty",
"api_token: #######################",
"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36",
"origin: https://app.domain.com",
"sec-fetch-site: cross-site",
"sec-fetch-mode: cors",
"referer: https://app.domain.com/",
"accept-language: en-US;q=0.9,en;q=0.8,de;q=0.7,ru;q=0.6,en-GB;q=0.5"
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
Again I tried to play with different headers (Also checked in Postman what headers are mandatory and tried only with those - but nothing).
PS: I have cleared my cache and cookies, also tried with different browsers and different user-agent.
I am using this method for many other API’s, but with this one, I can’t figure out what I’m doing wrong