0

I am trying to access the API of OpenProvider using PowerShell and I can't seem to get past Authentication.

The documentation for the API is here : https://support.openprovider.eu/hc/en-us/articles/360025683173-Getting-started-with-Openprovider-API

And my code looks like this:

$EndPoint = "https://api.openprovider.eu/v1beta/auth/login"

function Get-ConfHeaders 
{
##Configure headers
$Headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$Headers.Add("ip","0.0.0.0") 
$Headers.Add("username","myusername") 
$Headers.Add("hash","APIpasswordhashgoeshere") 

return $Headers

}

$header = Get-ConfHeaders

Invoke-RestMethod -Method Post -Uri $EndPoint -Headers $header

The response get is :

Invoke-RestMethod : The remote server returned an error: (500) Internal Server Error.
At line:36 char:1
+ Invoke-RestMethod -Method Post -Uri $EndPoint -Headers $header
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

I am by no means an expert when it comes to API and any help would be appreciated.

Improve this question
6
  • added the content type and tried the password instead of the hash but I get the same 500 error. Commented Jan 8, 2021 at 14:01
  • Try with powershell 5 if you're on 7 currently, Invoke-RestMethod had some breaking changes for Core. Commented Jan 8, 2021 at 14:13
  • I've tried the same thing in PostMan and I still get the 500 error but I also get "desc": "Empty username field!", "code": 901 } Commented Jan 8, 2021 at 14:19
  • If you pass anything in the body you get Invoke-RestMethod : {"desc":"Invalid request","code":80} Commented Jan 8, 2021 at 14:27
  • 1
    Once the API is enabled, retry your command but try to pass the information through the body. Curl -d is a body operation (Reference: virtuallysober.com/2019/03/12/…) I understand that it did not work when you tried it but I believe it might be because you did not specifically toggled on the API. Commented Jan 11, 2021 at 19:16

2 Answers 2

Reset to default
1

Ok, I think the API documentation here leaves a lot to be desired.

You need to include the authentication in the body and it needs to be converted to JSON format. So the working code looks like this:-

$EndPoint = "https://api.openprovider.eu/v1beta/auth/login"

function Get-ConfHeaders
{
##Configure headers
$Headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$Headers.Add("ip","0.0.0.0") 
$Headers.Add("username","username") 
$Headers.Add("password","passwordhere") 
return $Headers
}

$header = Get-ConfHeaders | ConvertTo-Json

Invoke-RestMethod -Method Post -Uri $EndPoint -body $header -ContentType 'application/json'

Thanks for the help everyone.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Here is how I could get a valid failure from your uri:


function GetApiSession () {

    $username = "username"
    $userpass = "password"

    $auth = $username + ":" + $userpass
    $Encoded = [System.Text.Encoding]::UTF8.GetBytes($auth)
    $EncodedPassword = [System.Convert]::ToBase64String($Encoded)
    $Global:headers= @{"Authorization"="Basic $($EncodedPassword)"}

    try {
    add-type @"
        using System.Net;
        using System.Security.Cryptography.X509Certificates;
        public class TrustAllCertsPolicy : ICertificatePolicy {
            public bool CheckValidationResult(
                ServicePoint srvPoint, X509Certificate certificate,
                WebRequest request, int certificateProblem) {
                return true;
            }
        }
"@
    } catch {

    }

    [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
    $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
    [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
    
    $Invoke_RestMethod_param = @{
        Uri                  = "https://api.openprovider.eu/v1beta/auth/login"
        Method               = 'POST'
        ContentType          = 'application/json'
        Headers              = $headers
    }

    $Uri_Response = Invoke-RestMethod @Invoke_RestMethod_param


    return $Uri_Response
}

GetApiSession

APIs are not one-size-fits-all, but this the best way I have found to deal with them, or at least the best starting point. I've accumulated this from many solutions over time, and still I sometimes run into trouble.

When I run this, I can't get output because I obviously don't have real creds, but I do get a real response:

Invoke-RestMethod : The remote server returned an error: (500) Internal Server Error.

And I know it is because if I change the verb from POST to GET, I still get a legit response from the uri:

Invoke-RestMethod : {"desc":"Method is not implemented","code":81}

So this is the pattern I use when I start working with any new api.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.