Question

403 - Forbidden: Access is denied Dataservice webservice with curl php

16:46 Feb 20, 2019

hi,

I'm trying to get informations form bpm through dataservice with a php curl call, i passed the BPMCSRF in the request header , and cookies from auth as well but i'm getting 403 errors

here is my call

<?php

$url= "http://localhost/7.13.0.284_BPM_ENU/ServiceModel/AuthService.svc/Login";

$cookie_file = 'cookies.txt';

$cookies = Array();

if (! file_exists($cookie_file) || ! is_writable($cookie_file)){

echo 'Cookie file missing or not writable.';

exit;

}

$auth_arguments = array(

"UserName" => "Supervisor",

"UserPassword" => "Supervisor"

);

$auth_request = curl_init($url);

curl_setopt($auth_request, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);

curl_setopt($auth_request, CURLOPT_HEADER, true);

curl_setopt($auth_request, CURLOPT_SSL_VERIFYPEER, 0);

curl_setopt($auth_request, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($auth_request, CURLOPT_FOLLOWLOCATION, 0);

curl_setopt($auth_request, CURLOPT_HEADERFUNCTION, "curlResponseHeaderCallback");

curl_setopt($auth_request, CURLOPT_HTTPHEADER, array(

"Content-Type: application/json"

));

$json_arguments = json_encode($auth_arguments);

curl_setopt($auth_request, CURLOPT_POSTFIELDS, $json_arguments);

curl_setopt ($auth_request, CURLOPT_COOKIEJAR, realpath($cookie_file));

$result = curl_exec($auth_request);

$CSRF= explode("=",$cookies[2][1]);

$bpmcsrf=$CSRF[1];

function curlResponseHeaderCallback($ch, $headerLine) {

global $cookies;

if (preg_match('/^Set-Cookie:\s*([^;]*)/mi', $headerLine, $cookie) == 1)

$cookies[] = $cookie;

return strlen($headerLine);

}

$urlSelect= "http://localhost/7.13.0.284_BPM_ENU/0/dataservice/json/reply/SelectQuery";

$args = array(

"RootSchemaName"=>"Product",

"OperationType"=>0,

"Columns"=>array(

"Item"=>array(

"Name"=>array(

"OrderDirection"=>Ascending,

"OrderPosition"=>0,

"Caption"=>"Name",

"Expression"=>array(

"ExpressionType"=>2,

)

)

)

),

"AllColumns"=>true,

"IsPageable"=>false,

"IsDistinct"=>false,

);

$arguments = json_encode($args);

$request = curl_init($urlSelect);

curl_setopt($request, CURLOPT_CUSTOMREQUEST, "POST");

curl_setopt($request, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);

curl_setopt($request, CURLOPT_HEADER, false);

curl_setopt($request, CURLOPT_SSL_VERIFYPEER, 0);

curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($request, CURLOPT_FOLLOWLOCATION,1);

curl_setopt($request, CURLOPT_HTTPHEADER, array(

'Content-Type:application/json',

'BPMCSRF:'.$bpmcsrf,

'Content-Length:'.strlen($arguments)

));

curl_setopt($request, CURLOPT_POSTFIELDS, $arguments);

curl_setopt($request, CURLOPT_COOKIEFILE, realpath($cookie_file));

curl_setopt ($request, CURLOPT_COOKIEJAR, realpath($cookie_file));

$result = curl_exec($request);

var_dump($result);

//$products= json_decode($result,true);

?>

thanks in advance,

6 comments

Eugene Podkovka

20:50 Feb 20, 2019

Try to catch the request with Fiddler and then compare it with the correct requests in the article by the link below.

https://academy.bpmonline.com/documents/technic-sdk/7-13/executing-odat…

Additionally, the application by the link below send requests to bpm'online. Please use it as an example.

https://github.com/EugenePodkovka/Forms-3rd-Party-Integration-Bpmonline

Louis Tisseur

21:35 Feb 21, 2019

I tried with Postman and it's working! I'm using DataService web service instead of Odata by following this documentation

https://academy.bpmonline.com/documents/technic-sdk/7-13/dataservice-re…

https://academy.bpmonline.com/documents/technic-sdk/7-12/how-call-confi…

Saul

10:19 Mar 10, 2019

I'm working on classings to connect to bpm'online. One of those classes I developed in PHP.

I have published a repository on Github with the source code.

https://github.com/idevol/bpmonline-dataservice-connectors