Search code examples
httpcurlrequestveracodehttpie

How to properly include parameters to a curl request

So, I was working with some integrations with Veracode, I need to use this XML API(createsandbox.do)

The documentation recommends do use HTTPIe, and it works fine in my machine. However, we need to implement this in our pipelines enviroment, that I've been having trouble due to dependencies issues with httpie(httpie gives no output and loop).

I'm currently trying to use curl instead to make the calls, since httpie didnt work in our pipeline enviroment, for reference. I'm using this gist as a guide. The HMAC authentication works fine, And I can even comunicate to APIs endpoint that do not require parameters(like getapplist.do) Here's how I communicate with getapplist.do:

VERACODE_ID=myveraid
VERACODE_KEY=myverakey
#apt-get install -y xxd
NONCE="$(cat /dev/random | xxd -p | head -c 32)"
TS="$(($(date +%s%N)/1000))"
URLPATH=/api/5.0/createsandbox.do?app_id=XXXXX&sandbox_name=sandbox
METHOD=GET
encryptedNonce=$(echo "$NONCE" | xxd -r -p | openssl dgst -sha256 -mac HMAC -macopt hexkey:$VERACODE_KEY | cut -d ' ' -f 2)
encryptedTimestamp=$(echo -n "$TS" | openssl dgst -sha256 -mac HMAC -macopt hexkey:$encryptedNonce | cut -d ' ' -f 2)
signingKey=$(echo -n "vcode_request_version_1" | openssl dgst -sha256 -mac HMAC -macopt hexkey:$encryptedTimestamp | cut -d ' ' -f 2)
DATA="id=$VERACODE_ID&host=analysiscenter.veracode.com&url=$URLPATH&method=$METHOD"
signature=$(echo -n "$DATA" | openssl dgst -sha256 -mac HMAC -macopt hexkey:$signingKey | cut -d ' ' -f 2)
VERACODE_AUTH_HEADER="VERACODE-HMAC-SHA-256 id=$VERACODE_ID,ts=$TS,nonce=$NONCE,sig=$signature"

After setting up these variables and the authentication, I execute this way the request:

curl -X $METHOD -H "Authorization: $VERACODE_AUTH_HEADER" "https://analysiscenter.veracode.com$URLPATH"

However, curl gives no output. With the --verbose flag, I get some responses, including http codes: 301, 401 and 404. I also tried to encode the ?, = and & symbols.

What could I be missing here? I'm a beginner, my first time dealing with curl, already gone through a lot of documentation. Thank very very much in advance

Solution

  • Resolved! Removing the parameters from the URLPATH, and adding them in the request with -F.

    Example:

    curl -X $METHOD -H "Authorization: $VERACODE_AUTH_HEADER" "https://analysiscenter.veracode.com/api/5.0/createsandbox.do" -F "app_id=XXXXXX" -F "sandbox_name=XXXXXXXX"