1

I'm working with a third party API when I send the password from my side for via CURL for example the following password

O5t[&[ec

the third party API is converted the above password to

"O5t[5":true,"[ec\

But when I send it from postman dirctly to the third party API it's taking it correctly

my request JSON body

{
  "auth_token": "eyJhbGciOiJSUzI1NiIsInR5cC"
  "data": {
    "enabled": true
    "sip": array:1 [
      "password" => "O5t[5&[ec"
    ]
  }
}

when I'm replacing the & character with any other character is working fine. how i can prevent the password strings and charters to converted to boolean values

maali
  • 133
  • 3
  • 8
  • 1
    If that is your request JSON body then that is wrong. There should be no `array:1 [` or `=>` in the JSON. Share how you are generating that code and how you are sending it – apokryfos Nov 12 '21 at 08:56
  • it's from logs I know the structure is wrong here, but I'm sending the correct JSON format, my problem is not in the array structure but in the password values – maali Nov 12 '21 at 09:04
  • If that were true then it would also not work in postman but you say that it is working in postman so I'm inclined to think that the problem is not the password itself but how you are hadling the posting of the data in your PHP code (which you need to share) – apokryfos Nov 12 '21 at 09:06
  • Have a look at this https://stackoverflow.com/questions/13339469/how-to-include-an-character-in-a-bash-curl-statement – Lego Nov 12 '21 at 09:36
  • Apart from the invalid JSON, there is a big security problem: if the string is your password, you probably need to review your code. Do not transfer password via plain text (at least hash it with a custom salt value; better if you can apply PKI model). But why do you transfer the password using JSON in the first place? – Raptor Nov 12 '21 at 09:50
  • I sent the password to the third party system and no way to change the code from another side I must send the plain password to other systems, it's internal system and it's secured – maali Nov 12 '21 at 10:47

1 Answers1

0

If your using CURL. The & symbol is not interpreted as a character.

have a look at this

How to include an '&' character in a bash curl statement

Lego
  • 304
  • 2
  • 14