Postman API request in Python

Question

. 。 Answers to this question are eligible for a +50 reputation bounty. Bounty grace period ends in 23 hours . Kaevonz is looking for an : ：

I want to webscrape from McMaster.com using their API they gave me using python

I am trying to web-scrape data from https://www.mcmaster.com . They have provided me with a.pfx file and a passphrase. When making a GET request on Postman using their.json file, I input my website login/password and upload the.pfx certificate with its passphrase and everything works fine. Now I am trying to do this same thing but in Python, but am a bit unsure.

Here is my current Python code, I am unsure where I would put the website email/password login and how to successfully do a GET request.

import requests_pkcs12
from requests_pkcs12 import get

r = get('https://api.mcmaster.com/v1/login', pkcs12_filename='Schallert.pfx', pkcs12_password='mcmasterAPI@1901')

response = requests_pkcs12.get(r)

print(response.text)

Here is how I have it setup in Postman (Website email/pw login)

.PFX Certificate page

Answer 1

Postman has a built in feature where it will convert requests into code. You can do it like so:

1. On the far right click the Code Snippet Button (</>)
2. Once you are on that page, there is two available python options
3. Then all you need to do is copy the code into a Python file and add all your customizations (Should be already optimized)

One thing I'll warn you about though is the URL. Postman doesn't add http:// or https:// to the URL, which means Python will throw a No Scheme Supplied error.

Available Packages for Auto Conversion:

1. Requests
2. http.client

Meaning you will have to use a different package instead of requests_pkcs12

Answer 2

After a quick web search, it looks like you need to create a temporary certificate as a .pem file, which is then passed to the request.

from contextlib import contextmanager
from pathlib import Path
from tempfile import NamedTemporaryFile

import requests
from cryptography.hazmat.primitives.serialization import Encoding, PrivateFormat, NoEncryption
from cryptography.hazmat.primitives.serialization.pkcs12 import load_key_and_certificates


@contextmanager
def pfx_to_pem(pfx_path, pfx_password):
    pfx = Path(pfx_path).read_bytes()
    private_key, main_cert, add_certs = load_key_and_certificates(pfx, pfx_password.encode('utf-8'), None)

    with NamedTemporaryFile(suffix='.pem') as t_pem:
        with open(t_pem.name, 'wb') as pem_file:
            pem_file.write(private_key.private_bytes(Encoding.PEM, PrivateFormat.PKCS8, NoEncryption()))
            pem_file.write(main_cert.public_bytes(Encoding.PEM))
            for ca in add_certs:
                pem_file.write(ca.public_bytes(Encoding.PEM))
        yield t_pem.name

with pfx_to_pem('your pfx file path', 'your passphrase') as cert:
    requests.get(url, cert=cert, data=payload)

Answer 3

The package requests_pkcs12 is a wrapper written above the requests package. So, all the parameters that accept requests will accept by the requests_pkcs12 .

Here is the source code proof for that. https://github.com/m-click/requests_pkcs12/blob/master/requests_pkcs12.py#L156

Also, from your screenshots, I understood that you are using POST not GET .

import json
from requests_pkcs12 import post

url = "https://api.mcmaster.com/v1/login"
payload = {'Username': 'yourusername',
           'Password': 'yourpassword'}

resp = post(url, pkcs12_filename='Schallert.pfx', pkcs12_password='mcmasterAPI@1901', data=json.dumps(payload))
print(resp)

Footnote: I hope the password mcmasterAPI@1901 it's a fake one. if not please don't share any credentials in the platform.