0

I am trying to connect with the Gimbal manager Restful API. I have an account and an API KEY for my organization. My cURL request keeps failing with a 401 unauthorized response from the API endpoint. Here is my cURL request in PHP:

    // from Gimbal Manager:
    define('ORG_API_KEY', 'XXXXXXXXXXXXXXXXX') ;

    // new beacon registration object:
    $post = array (
        "factory_id" => "XXXX-XXXXX",
        "name" => "NewBeacon",
        "latitude" => 12345
        "longitude" => 67890,
        "visibility" => "public"
    );

    $url = "https://manager.gimbal.com/api/beacons";
    $headers = array(
          'AUTHORIZATION: Token token=' . ORG_API_KEY, 
          'Content-type: application/json'
    ) ;
    $debug = 1 ;
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_TIMEOUT, 30);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers, TRUE);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
    if ($debug) {
        curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
        curl_setopt($ch, CURLOPT_HEADER, TRUE);
        curl_setopt($curl, CURLINFO_HEADER_OUT, true);
    }

    curl_setopt($crl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($crl, CURLOPT_SSL_VERIFYPEER, false);

    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $post);

    $result = curl_exec($ch);

(edit) and here the request header (from the $headerSent var above)

POST /api/beacons HTTP/1.1
Host: manager.gimbal.com
Accept: */*
Content-Length: 577
Expect: 100-continue
Content-Type: multipart/form-data; boundary=----------------------------ce1a4e9dd55e

and here is the response from Gimbal:

HTTP/1.1 401 Unauthorized
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Date: Sat, 29 Aug 2015 20:05:10 GMT
Server: Apache
Status: 401 Unauthorized
Vary: Accept-Encoding
WWW-Authenticate: Token realm="Application"
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Request-Id: 7abe53cd-d161-4886-bb61-8cfedf71743a
X-XSS-Protection: 1; mode=block
Content-Length: 27
Connection: keep-alive
HTTP Token: Access denied.

I have tried a few different ways of expressing the AUTH Token:

AUTHORIZATION: <$token>
AUTHORIZATION: Token <$token>
AUTHORIZATION: Token token=<$token>

They all give the same 401 response. I have noticed other tickets here and elsewhere describing a similar issue, but none were marked as solved.

Has anyone out there had luck connecting with the Gimbal Manager API? If so, did your code look different?

Kinglish
  • 23,358
  • 3
  • 22
  • 43
  • Just discovered that the TRUE flag in CURLOPT_HTTPHEADER was preventing the header variables from being passed, causing the authentication problem. Now I am getting Status: 400 Bad Request in my response. When I get that worked out I will post the results – Kinglish Aug 29 '15 at 20:36

1 Answers1

0

In the end I had 2 problems with my initial code above.

The TRUE flag on the CURLOPT_HTTPHEADER was preventing the AUTH/Content-type headers from being sent (not sure why I had it in there and not sure if that flag has any value or meaning).

The POST data I was sending along was not in the correct format. Since I was requesting a content-type of JSON it was expecting that POST data to be in that format. Once I added json_encode($post), everything worked fine.

curl_setopt($ch, CURLOPT_HTTPHEADER, $headers, TRUE);
.. .became ....
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

and

curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
... became ....
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($post));

Sometimes it takes carefully typing out and formatting a big StackOverflow issue to see the flaw in the code and solve it yourself. :)

Kinglish
  • 23,358
  • 3
  • 22
  • 43