Working with some Wordpress sites that possess API calls to complete various tasks, such as saving data or sending transactional messages.
I have been advised that one of our clients is updating their Endpoint, so we have to update all of our API calls with the updated URL.
After updating the URL endpoints, I started getting a 403 response.
I was only getting 200 responses prior to this update.
Postman is giving me 200 responses with the updated URL.
According the our client, it seems that our calls are missing the user-agent, that which was not needed before but apparently is needed now as it is triggering the Web Application Firewall of the client.
Postman seemingly automatically includes the user-agent which is why it works there.
The client provided an example of how the user-agent should look:
"User-Agent": "YourAppName/1.0"I was able to find the User-Agent by going to the Chrome inspector, clicking network, clicking a request, then scrolling down the header.
It reads something like this:
User-Agent: Mozilla/5.0 (Macintosh; Intel somestuff) AppleWebKit/somenumbers (KHTML, like Gecko) Chrome/morenumbers Safari/lastnumbersIt seems obvious but please let me know if this is the correct location.
Using the above User-Agent, this was my attempt to include it in my already functional API call:
<?php// transactional send$userAgent = 'Mozilla/5.0 (Macintosh; Intel somestuff) AppleWebKit/somenumbers (KHTML, like Gecko) Chrome/morenumbers Safari/lastnumbers';$url = "https://updated.api.net/" . $account . "/api/transactional/send";$xun = "USERNAME: " . USERNAME;$xpw = "PASSWORD: " . PASSWORD;$xac = "ACCOUNT_CODE: " . ACCOUNT_CODE;$xag = "USER-AGENT": " . $userAgent;$content = '{"message_id": 'someID',"campaign_id": 'anotherID',"recipients": ["'myemail@yahoo.com'"],"sending_connection_id": 'sendID'}';$curl = curl_init( $url );curl_setopt( $curl, CURLOPT_HEADER, false );curl_setopt( $curl, CURLOPT_RETURNTRANSFER, true );curl_setopt( $curl, CURLOPT_HTTPHEADER, array("Content-type: application/json", $xun, $xpw, $xac, $xag) );curl_setopt( $curl, CURLOPT_POST, true );curl_setopt( $curl, CURLOPT_POSTFIELDS, $content );$json_response = curl_exec( $curl );$status = curl_getinfo( $curl, CURLINFO_HTTP_CODE );if ( $status != 200 && $status != 201 ) { error_log( "Error: call to URL $url failed with status $status, response $json_response, curl_error " . curl_error( $curl ) . ", curl_errno " . curl_errno( $curl ) );}echo "<script>alert('$status');</script>";curl_close( $curl );$response = json_decode( $json_response, true );?>Using the above, I am able to print an alert window to the screen. And this is where I am getting the 403 response.
Keep in mind that when I switch the URL back to the original URL, I get my 200 response and I can see the message come to my email.
What did I do wrong and how can I fix it?