I'm using Safe browsing API to check some URLs from my database, but the request gives me this result:
data {
"error": {
"code": 400,
"message": "Invalid JSON payload received. Unknown name \"threatInfo[threatTypes][0]\": Cannot bind query parameter. Field 'threatInfo[threatTypes][0]' could not be found in request message.\nInvalid JSON payload received. Unknown name \"threatInfo[threatTypes][1]\": Cannot bind query parameter. Field 'threatInfo[threatTypes][1]' could not be found in request message.\nInvalid JSON payload received. Unknown name \"threatInfo[platformTypes][0]\": Cannot bind query parameter. Field 'threatInfo[platformTypes][0]' could not be found in request message.\nInvalid JSON payload received. Unknown name \"threatInfo[threatEntryTypes][0]\": Cannot bind query parameter. Field 'threatInfo[threatEntryTypes][0]' could not be found in request message.\nInvalid JSON payload received. Unknown name \"threatInfo[threatEntries][0][url]\": Cannot bind query parameter. Field 'threatInfo[threatEntries][0][url]' could not be found in request message."
}
}
I'm trying the following code:
const request = require('request');
const body = {
threatInfo: {
threatTypes: ["SOCIAL_ENGINEERING", "MALWARE"],
platformTypes: ["ANY_PLATFORM"],
threatEntryTypes: ["URL"],
threatEntries: [{url: "http://www.urltocheck2.org/"}]
}
}
const options = {
headers: {
"Content-Type": "application/json"
},
method: "POST",
url: "https://safebrowsing.googleapis.com/v4/threatMatches:find?key=${API_KEY}",
form: body
}
console.log(options);
request(options,
function(err, res, data) {
console.log('data', data)
if (!err && res.statusCode == 200) {
console.log(data);
}
}
)
I expected the output of the request be {} with a 200 status code on this sample.
If you look in the request()
doc for the form
property, you will see this:
form - when passed an object or a querystring, this sets body to a querystring representation of value, and adds Content-type: application/x-www-form-urlencoded header. When passed no options, a FormData instance is returned (and is piped to request). See "Forms" section above.
When you look at the Google safe browsing API, you will see this:
POST https://safebrowsing.googleapis.com/v4/threatMatches:find?key=API_KEY HTTP/1.1 Content-Type: application/json
You are sending Content-type: application/x-www-form-urlencoded
, but the API wants Content-Type: application/json
. You need to send JSON, not form encoded data.
You can probably just change the form
property to the json
property by changing from this:
const options = {
headers: {
"Content-Type": "application/json"
},
method: "POST",
url: "https://safebrowsing.googleapis.com/v4/threatMatches:find?key=${API_KEY}",
form: body
}
to this:
const options = {
method: "POST",
url: "https://safebrowsing.googleapis.com/v4/threatMatches:find?key=${API_KEY}",
json: body // <=== change here
}
The content-type is automatically set either way to match the format of the generated body so you don't need to set it.