phppostmanwebhookshttp-status-code-401

Receiving invalid credentials at endpoint


I am working on a webhook API in Postman.

In Postman, I have entered the username, password, and account code in the headers. I am then sending the below payload directly to the website's endpoint:

{
  "email": "myemail@yahoo.com",
  "overwrite": true,
  "fields": {
    "first_name": "John",
    "last_name": "Doe",
    "country": "Chile",
    "mrc_c3": "300.00",
    "mrc_date_c3": "10/16/24"
  }
}    

Using the above, I am getting a 200 OK response.

I can log into the website and see the updates.

My problem occurs when I try sending the same payload to a PHP script endpoint.

Within the PHP endpoint, I am able to extract the same payload as above and set each parameter to it's own PHP variable.

Within the PHP script endpoint, I am manually setting the username, password, and account code.

Back in Postman, I then send just the payload over to the PHP script endpoint.

I am getting a 200 OK response in Postman, but in the body of the response, I am echoing out the status, and I am getting a 401 status, which tells me the login credentials are incorrect.

Here is the PHP script:

<?php
  $payload = json_decode(file_get_contents("php://input"), true);

  $email = $payload["email"];
  $firstName = $payload['fields']['first_name'];
  $lastName = $payload['fields']['last_name'];
  $country = $payload['fields']['country'];
  $mrc_c3 = $payload['fields']['mrc_c3'];
  $mrc_date_c3 = $payload['fields']['mrc_date_c3'];

  $url = "https://original.endpoint.com/";
  $xun = "USERNAME";
  $xpw = "PASSWORD";
  $xac = "ACCOUNT CODE";

  $content = '{
    "email": "' . $email . '",
    "overwrite": true,
    "fields": { 
            "first_name": "' . $firstName . '",
            "last_name": "'.$lastName.'",
            "country": "' . $country . '",
            "mrc_c3": "' . $mrc_c3 . '",
            "mrc_date_c3": "' . $mrc_date_c3 . '"
        }
   }';
  }';

$curl = curl_init( $url );
curl_setopt( $curl, CURLOPT_HEADER, false );
curl_setopt( $curl, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $curl, CURLOPT_HTTPHEADER, array(
     "Content-type: application/json",
    "USERNAME: $xun",
    "PASSWORD: $xpw",
    "ACCOUNT_CODE: $xac" 
) );
curl_setopt( $curl, CURLOPT_POST, true );
curl_setopt( $curl, CURLOPT_POSTFIELDS, $content );
$json_response = curl_exec( $curl );
$status = curl_getinfo( $curl, CURLINFO_HTTP_CODE );

if ( $status != 200 && $status != 201 ) {
    error_log( "Error: call to URL $url failed with status $status, response $json_response, curl_error " . curl_error( $curl ) . ", curl_errno " . curl_errno( $curl ) );
}

echo "status: " . $status;  // <-- print the status in Postman

curl_close( $curl );

$response = json_decode( $json_response, true );
?>

Let me reiterate that I am getting a 200 OK response from Postman itself, but when I print out the status from within the PHP script, I am getting the 401 response.

Screen shot for reference:

enter image description here

The credentials within the PHP script are indeed correct. So why I am getting the 401 response?

When I change json_decode to json_encode, I can print_r the payload like this:

print_r($payload);

And it displays in Postman like this:

"{\n \"email\": \"myemail@yahoo.com\",\n \"overwrite\": true,\n \"fields\": {\n \"first_name\": \"John\",\n
\"last_name\": \"Doe\",\n \"country\": \"Chile\",\n \"mrc_c3\": \"300.00\",\n \"mrc_date_c3\": \"10\/16\/24\"\n }\n}"

Solution

  • Okay, The issue you're facing could be related to how the credentials are being passed in the curl_setopt() function. Here's the main problem:

    In the curl_setopt( $curl, CURLOPT_HTTPHEADER, array(...) ) section, you're passing $xun, $xpw, and $xac directly, but this won't work. You need to include them as part of the actual headers.

    Typically, credentials such as username, password, and account code are either sent in the headers in a specific format (like Authorization header for basic auth) or as part of the request body. Assuming you want to pass them as headers, you should set the headers explicitly. Here's how to modify your script to add the credentials correctly:

    $curl = curl_init( $url );
    curl_setopt( $curl, CURLOPT_HEADER, false );
    curl_setopt( $curl, CURLOPT_RETURNTRANSFER, true );
    curl_setopt( $curl, CURLOPT_HTTPHEADER, array(
         "Content-Type: application/json",
         "Username: $xun",
         "Password: $xpw",
         "Account-Code: $xac" 
    ));
    curl_setopt( $curl, CURLOPT_POST, true );
    curl_setopt( $curl, CURLOPT_POSTFIELDS, $content );
    $json_response = curl_exec( $curl );
    $status = curl_getinfo( $curl, CURLINFO_HTTP_CODE );
    
    if ( $status != 200 && $status != 201 ) {
        error_log( "Error: call to URL $url failed with status $status, response $json_response, curl_error " . curl_error( $curl ) . ", curl_errno " . curl_errno( $curl ) );
    }
    
    echo "status: " . $status;  // <-- print the status in Postman
    
    curl_close( $curl );
    
    $response = json_decode( $json_response, true );