-3

I'm trying to create an abuse API using godaddys API, but I can't seem to post it. Here is the code that I created

url = "https://api.ote-godaddy.com/v2/abuse/tickets"

auth = {
  "api_key" : "3mM44UdB6FaWLn_AarYNUqJ6Aavv6CwKFCncC",
  "secret_key" : "3VUUPgmx7wdz24nbHFCbZu",
}

headers = {
  "accept" : "application/json",
  "Content-Type": "application/json",
  "Authorization": "sso-key undefined:undefined",   
}

body = {
  "info": "Website Phishing",
  "infoUrl": "https://info-bni-live.go.studio/",
  "source": "bni.co.id",
  "target": "PT BNI",
  "type": "PHISHING",
  "proxy": "ARE",
  "useragent": "DESKTOP"
}

response = requests.post("https://api.godaddy.com/v2/abuse/tickets", auth, body, headers)
print(response.json())

After I ran the code, here's the result that I got from it

{'code': 'MISSING_CREDENTIALS', 'message': 'Unauthorized : Credentials must be specified'}

Are my codes wrong to post the abuse tickets to godaddy?

Regards, thanks

CyberHunter
  • 35
  • 4
  • For starters, you’re putting header configuration values in your request body. Why? It doesn’t just magically work where `requests` or the target server will automatically interpret specific content as request headers on your behalf. – esqew Aug 25 '23 at 10:18
  • @esqew the new one I have updated it, as you can see on the new edit of the code, but it's still unable to run the code – CyberHunter Aug 25 '23 at 10:58
  • First and foremost, you should revoke your API and Secret Keys immediately, as others will now be able to use them to lob requests at GoDaddy’s APIs impersonating you. Editing your question will not help since edit histories are public, and the text itself has likely already been picked up into search engine caches. – esqew Aug 25 '23 at 13:13
  • Secondly, you’re still constructing your header incorrectly. Why do you believe a value of `undefined:undefined` is valid for your Authorization header? Where exactly have you gotten the idea that the way you’ve passed your `auth` dictionary to `requests.post()` is valid and aligned with the method’s definition? Can you share that documentation upon which you’re basing that conclusion? – esqew Aug 25 '23 at 13:16

0 Answers0