I'm trying to work with the vTiger REST API but i've been hitting this wall - I can't get pass the login authentication(!).
I've done everything according to the guidelines and instruction, yet what should be a fairly simple process isn't working, always providing me with the same error.
I've engaged with it both through python and php and on two different servers but the results are the same.
What am i doing wrong?
PHP Code:
<?php
$usercode = 'x5pox9oihbjp1pna';
$service_url = '<VTIGER ROOT>/webservice.php';
$curl = curl_init($service_url);
$curl_post_data = array(
'operation'=> 'getchallenge',
'username' => 'admin',
);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $curl_post_data);
curl_setopt($curl ,CURLOPT_SSL_VERIFYPEER, false); //one server is ssl so i use this, the other isn't so i discard this when i try that one.
$curl_response = curl_exec($curl);
curl_close($curl);
echo "<p> First response: $curl_response<p>";
$x = json_decode($curl_response);
$token = var_export($x->result->token, true);
$token = substr($token, 1, -1); //getting rid of excess quote marks
echo "<p> token: $token </p>";
echo "<p> finished part 1 of php script</p>";
$combined = $token.$usercode;
echo "<p> token: $token </p>";
echo "<p> userAccessKey: $usercode </p>";
echo "<p> token + userAccessKey: $combined </p>";
$accessKeyHash= md5($combined);
echo "<p>Full Acces Key Hash: $accessKeyHash</p>";
$curl = curl_init($service_url);
$curl_post_data = array(
'operation'=> 'login',
'username' => 'admin',
'accessKey' => $accessKeyHash
);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $curl_post_data);
curl_setopt($curl ,CURLOPT_SSL_VERIFYPEER, false);
$curl_response = curl_exec($curl);
curl_close($curl);
echo "<p> Second response: $curl_response<p>";
echo "<p> finished part 2 of php script</p>";
The output to this is:
First response: {"success":true,"result":{"token":"591432eb404da","serverTime":1494495979,"expireTime":1494496279}}
token: 591432eb404da
finished part 1 of php script
token: 591432eb404da
userAccessKey: x5pox9oihbjp1pna
token + userAccessKey: 591432eb404dax5pox9oihbjp1pna
Full Acces Key Hash: 07700eafa6aea78c2602d84fc83b3f73
Second response: {"success":false,"error":{"code":"INVALID_AUTH_TOKEN","message":"Specified token is invalid or expired"}}
finished part 2 of php script
Your are doing a POST request for the getchallenge operation. It should be a GET request.
Change your first POST request:
$curl = curl_init($service_url);
$curl_post_data = array(
'operation'=> 'getchallenge',
'username' => 'admin',
);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $curl_post_data);
curl_setopt($curl ,CURLOPT_SSL_VERIFYPEER, false);
for this GET request:
$vtiger_user = 'admin';
$curl = curl_init($service_url . '?operation=getchallenge&username=' . $vtiger_user);
//$curl_post_data = array(
//'operation'=> 'getchallenge',
//'username' => 'admin',
//);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
//curl_setopt($curl, CURLOPT_POST, true);
//curl_setopt($curl, CURLOPT_POSTFIELDS, $curl_post_data);
curl_setopt($curl ,CURLOPT_SSL_VERIFYPEER, false);
Your second request is OK, it should be a POST request. Just change the part above and you should be good to go.
source: I debugged until it worked