使用 Curl 向 Shopify 发送 POST 请求
[英]Using Curl to send a POST request to Shopify using PHP without cookies
问题描述
I am making an API call to Shopify using this code.
我正在使用此代码对 Shopify 进行 API 调用。 Previously this has worked fine.以前这工作得很好。
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://me.myshopify.com/admin/orders/123456789/fulfillments.json');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $my_json);
curl_setopt($ch, CURLOPT_USERPWD, 'my_key:my_password');
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-type: application/json',
'Accept: application/json'
));
$result = curl_exec($ch);
curl_close($ch);
I am now getting back an error:我现在收到一个错误:
For security reasons, requests using HTTP Basic Authentication cannot include cookies
If I look at the Shopify manual at https://shopify.dev/tutorials/authenticate-a-private-app-with-shopify-admin#make-authenticated-requests then I see this:如果我查看https://shopify.dev/tutorials/authenticate-a-private-app-with-shopify-admin#make-authenticated-requests的 Shopify 手册,那么我会看到:
Shopify doesn't support cookies in POST requests that use basic HTTP authentication.
Any POST requests that use basic authentication and include cookies will fail with a 200 error code.
Using cookies with basic authentication can expose your app to CSRF attacks, such as session hijacking.
How can I adjust my Curl request to ensure that no cookies are included?如何调整我的 Curl 请求以确保不包含 cookies?
1 个解决方案
解决方案1
0 2021-01-05 18:16:20
As per your question specification and link shared regarding it, I think you using the private APP to access the Shopify store data, right?根据您的问题规范和共享的链接,我认为您使用私有 APP 访问 Shopify 存储数据,对吧?
if yes then as per my understanding regarding the Shopify API and its auth process you need to try something like this to make the request.如果是,那么根据我对 Shopify API 及其身份验证过程的理解,您需要尝试这样的事情来提出请求。
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://my_key:my_password@me.myshopify.com/admin/api/2021-01/orders/123456789/fulfillments.json');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $my_json);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-type: application/json',
'Accept: application/json'
));
$result = curl_exec($ch);
curl_close($ch);
This is the format according to API data on documentation page:这是根据文档页面上 API 数据的格式:
https://{username}:{password}@{shop}.myshopify.com/admin/api/2021-01/shop.json
If your HTTP client doesn't support basic authentication using this method, then you can provide the credentials in the Authorization header field instead:如果您的 HTTP 客户端不支持使用此方法的基本身份验证,那么您可以在 Authorization header 字段中提供凭据:
Private apps can authenticate with Shopify by including the request header X-Shopify-Access-Token: {access_token} , where {access_token} is replaced by your private app's Admin API password.私有应用程序可以通过包含请求 header X-Shopify-Access-Token: {access_token}来使用 Shopify 进行身份验证,其中{access_token}替换为您的私有应用程序的管理员 ZDB974238714CA8ADE14FZ34ACE 密码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.