Search code examples
curlofx

Why does this ofx request fail?


I'm trying to download the profile for Janney Montgomery Scott LLC, but it's not giving me a correct response. I can see that ofxhome is able to get it, as can the Intuit OFX Test Tool.

I grabbed the request from the OFX Test Tool and saved it as ofx.txt:

OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:NONE

<OFX><SIGNONMSGSRQV1><SONRQ><DTCLIENT>20150220033100<USERID>anonymous00000000000000000000000<USERPASS>anonymous00000000000000000000000<LANGUAGE>ENG<FI>
<ORG>AFS
<FID>11326
</FI>
<APPID>QWIN<APPVER>2000</SONRQ></SIGNONMSGSRQV1><PROFMSGSRQV1><PROFTRNRQ><TRNUID>1424403060<PROFRQ><CLIENTROUTING>MSGSET<DTPROFUP>19970101</PROFRQ></PROFTRNRQ></PROFMSGSRQV1></OFX>

Then I use curl to make the request with the command

curl -v -X POST --data-binary @ofx.txt --header "Content-Type:application/x-ofx" --header "Accept:*/*, application/x-ofx" https://jmsofx.automatedfinancial.com

and I get this output:

* Rebuilt URL to: https://jmsofx.automatedfinancial.com/
*   Trying 147.249.46.82...
* Connected to jmsofx.automatedfinancial.com (147.249.46.82) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /opt/local/share/curl/curl-ca-bundle.crt
  CApath: none
* TLSv1.2, TLS Unknown, Unknown (22):
* TLSv1.2, TLS handshake, Client hello (1):
* SSLv2, Unknown (22):
* TLSv1.2, TLS handshake, Server hello (2):
* SSLv2, Unknown (22):
* TLSv1.2, TLS handshake, CERT (11):
* SSLv2, Unknown (22):
* TLSv1.2, TLS handshake, Server finished (14):
* SSLv2, Unknown (22):
* TLSv1.2, TLS handshake, Client key exchange (16):
* SSLv2, Unknown (20):
* TLSv1.2, TLS change cipher, Client hello (1):
* SSLv2, Unknown (22):
* TLSv1.2, TLS handshake, Finished (20):
* SSLv2, Unknown (20):
* TLSv1.2, TLS change cipher, Client hello (1):
* SSLv2, Unknown (22):
* TLSv1.2, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / AES128-SHA
* Server certificate:
*    subject: C=US; ST=Alabama; L=Birmingham; O=SunGard Business Systems LLC; CN=jmsofx.automatedfinancial.com
*    start date: 2014-04-28 00:00:00 GMT
*    expire date: 2015-07-24 23:59:59 GMT
*    subjectAltName: jmsofx.automatedfinancial.com matched
*    issuer: C=US; O=Thawte, Inc.; CN=Thawte SSL CA
*    SSL certificate verify ok.
* SSLv2, Unknown (23):
> POST / HTTP/1.1
> User-Agent: curl/7.40.0
> Host: jmsofx.automatedfinancial.com
> Content-Type:application/x-ofx
> Accept:*/*, application/x-ofx
> Content-Length: 505
> 
* upload completely sent off: 505 out of 505 bytes
* SSLv2, Unknown (23):
< HTTP/1.1 200 OK
< Server: AFS-Prospero/6.32.00
< Date: Fri, 20 Feb 2015 03:41:11 GMT
< Last-modified: Wed, 28 Aug 2013 10:14:42 GMT
< Content-type: text/html
< Content-length: 317
< 
<HTML>
<HEAD>
<SCRIPT LANGUAGE="JAVASCRIPT"><!--
var host=window.location.hostname;
if(window.location.protocol=="https:") host=window.location.host;
window.location.href='https://'+host+'/secure_login.html';
//-->
</SCRIPT>
<link rel="stylesheet" type="text/css" href="/css/retail_style.css"></head>
* Connection #0 to host jmsofx.automatedfinancial.com left intact
</HTML>

I've tried with both DOS and UNIX style line endings.

I have been able to connect to other institutions with this method. What am I doing wrong?


Solution

  • To answer my own question, the problem is in the curl command line- there should be a space between "content-type:" and "application/x-ofx":

    curl -v -X POST --data-binary @ofx.txt --header "Content-Type: application/x-ofx" --header "Accept:*/*, application/x-ofx" https://jmsofx.automatedfinancial.com