403 - Forbidden: Access is denied Dataservice webservice with curl php


I'm trying to get informations form bpm through dataservice with a php curl call, i passed the BPMCSRF in the request header , and cookies from auth as well but i'm getting 403 errors 

here is my call



$url= "http://localhost/";

$cookie_file = 'cookies.txt';

$cookies = Array();

if (! file_exists($cookie_file) || ! is_writable($cookie_file)){

    echo 'Cookie file missing or not writable.';



  $auth_arguments = array(

    "UserName" => "Supervisor",

    "UserPassword" => "Supervisor"


$auth_request = curl_init($url);

curl_setopt($auth_request, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);

curl_setopt($auth_request, CURLOPT_HEADER, true);

curl_setopt($auth_request, CURLOPT_SSL_VERIFYPEER, 0);

curl_setopt($auth_request, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($auth_request, CURLOPT_FOLLOWLOCATION, 0);

curl_setopt($auth_request, CURLOPT_HEADERFUNCTION, "curlResponseHeaderCallback");

curl_setopt($auth_request, CURLOPT_HTTPHEADER, array(

    "Content-Type: application/json"


$json_arguments = json_encode($auth_arguments);

curl_setopt($auth_request, CURLOPT_POSTFIELDS, $json_arguments);

curl_setopt ($auth_request, CURLOPT_COOKIEJAR, realpath($cookie_file));

$result = curl_exec($auth_request);

$CSRF= explode("=",$cookies[2][1]);


function curlResponseHeaderCallback($ch, $headerLine) {

    global $cookies;

    if (preg_match('/^Set-Cookie:\s*([^;]*)/mi', $headerLine, $cookie) == 1)

        $cookies[] = $cookie;

    return strlen($headerLine);


$urlSelect= "http://localhost/";

$args = array(





















$arguments = json_encode($args);

$request = curl_init($urlSelect);

curl_setopt($request, CURLOPT_CUSTOMREQUEST, "POST");

curl_setopt($request, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);

curl_setopt($request, CURLOPT_HEADER, false);

curl_setopt($request, CURLOPT_SSL_VERIFYPEER, 0);

curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($request, CURLOPT_FOLLOWLOCATION,1);

curl_setopt($request, CURLOPT_HTTPHEADER, array(





curl_setopt($request, CURLOPT_POSTFIELDS, $arguments);

curl_setopt($request, CURLOPT_COOKIEFILE, realpath($cookie_file));

curl_setopt ($request, CURLOPT_COOKIEJAR, realpath($cookie_file));

$result = curl_exec($request);


//$products= json_decode($result,true);


thanks in advance,

Like 0



Try to catch the request with Fiddler and then compare it with the correct requests in the article by the link below.


Additionally, the application by the link below send requests to bpm'online. Please use it as an example. 


I tried with Postman and it's working! I'm using DataService web service instead of Odata by following this documentation




I'm working on classings to connect to bpm'online. One of those classes I developed in PHP.

I have published a repository on Github with the source code.


Thank you for your reply .

the problem was the way I passed cookies , it's working with   'curl_setopt($request, CURLOPT_COOKIE, $cookieString);'

Louis Tisseur,


I am getting the same error 403 - Forbidden: Access is denied. Have you fixed your issue? Could you please share how you are able to fix it.


Fulgen Ninofranco,




If you receive the “403 - Forbidden: Access is denied” error when calling AuthService.svc/Login, most likely, the problem is related to cookies.

Please pay attention to the previous comments, as they should be helpful.


You can read more about working with cookies in this article - https://academy.creatio.com/documents/technic-sdk/7-13/how-call-configuration-services-using-postman.


Best regards,


Show all comments