Usinge http-request for REST API - cURL works, http-request > error 400

General
1

Hello everyone,

i try to build an application that speaks to an REST-API of another server.
Most of the commands work but there is one command that seems to do something different.

So in curl i can do this:

curl --digest -u 'user:pass' -k -X GET https://10.80.6.40/api/v1/media/usage/source?refs=3

and that (mind the -g option and the array at the end)

curl --digest -u 'user:pass' -k -X GET -g https://10.80.6.40/api/v1/media/usage/source?refs=[3,7]

which reponses json-arrays based on the given ref-ids:

[
    {
        "bitrate": 42580237,
        "connections": 0,
        "id": 3,
        "reference": "87e2c69d-32b2-48d5-9ad",
        "status": "active",
        "uptime": 430177
    }
]

[
    {
        "bitrate": 42580090,
        "connections": 0,
        "id": 3,
        "reference": "87e2c69d-32b2-48d5-9ad",
        "status": "active",
        "uptime": 430184
    },
    {
        "bitrate": 4003686,
        "connections": 1,
        "id": 7,
        "reference": "9577acf3-222c-430b-bf0",
        "status": "active",
        "uptime": 430184
    }
]

In Node-RED i've testet it with that:

[
    {
        "id": "e2338b4dc51d008c",
        "type": "http request",
        "z": "77330981809b0bcf",
        "name": "GET",
        "method": "GET",
        "ret": "obj",
        "paytoqs": "ignore",
        "url": "https://10.80.4.40/api/v1/media/usage/source?refs=3",
        "tls": "f23433ca4be8ca58",
        "persist": false,
        "proxy": "",
        "insecureHTTPParser": false,
        "authType": "digest",
        "senderr": false,
        "headers": [],
        "credentials": {},
        "x": 510,
        "y": 300,
        "wires": [
            [
                "825f4de8189b13e5"
            ]
        ]
    },
    {
        "id": "9a7eb8c80174a1cb",
        "type": "inject",
        "z": "77330981809b0bcf",
        "name": "Dec B 01 usage",
        "props": [
            {
                "p": "topic",
                "vt": "str"
            }
        ],
        "repeat": "",
        "crontab": "",
        "once": false,
        "onceDelay": 0.1,
        "topic": "",
        "x": 240,
        "y": 300,
        "wires": [
            [
                "e2338b4dc51d008c"
            ]
        ]
    },
    {
        "id": "825f4de8189b13e5",
        "type": "debug",
        "z": "77330981809b0bcf",
        "name": "debug 9",
        "active": true,
        "tosidebar": true,
        "console": false,
        "tostatus": false,
        "complete": "true",
        "targetType": "full",
        "statusVal": "",
        "statusType": "auto",
        "x": 800,
        "y": 260,
        "wires": []
    },
    {
        "id": "f23433ca4be8ca58",
        "type": "tls-config",
        "name": "",
        "cert": "",
        "key": "",
        "ca": "",
        "certname": "",
        "keyname": "",
        "caname": "",
        "servername": "",
        "verifyservercert": false,
        "alpnprotocol": ""
    }
]

but i get error 400 - Bad Request:

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>400 Bad Request</title>
 </head>
 <body>
  <h1>400 Bad Request</h1>
 </body>
</html>

I asked the system-support of that software-product and they gave me the hint to use -g option which helped for cURL but how to do that with http-requests?

Thanks

2

-g just turns off globbing which you need for your 2nd curl example as it has square brackets. However I don't think you can use globs with http-request so that shouldn't be an issue.

-k turns off TLS certificate checks I think so allows self-signed certs.

-X just lets you specify the request method. GET is the default anyway for curl and so is superfluous here.

So without more detail from the server, not sure anything more can be said.

1 Like
3

it works in browser if i manually request that url.
And it works in curl like explained.

What else could the http-request node maybe do different then these two? Any ideas?

I try to communicate with the company but it's a little complicated to tell them what i do if they don't know node-red. Otherwise my only chance is that they can log the issue and give more detail about the problem behind error 400.

4

I really don't know. Is the HTTPS using a self-signed certificate? In other words if you don't add the -k to curl, does that fail in the same way?

5

ahh sorry,
yes it has a self signed certificate thats why i created an TLS/SSL-configuration in the request node and disabled to verify the server certificate. This works with the same configuration for all the oder API-Endpoints of that server so i think this should no be the problem in this specific issue.

6

OK, that is the most likely issue anyway. Can be tricky to get those things right.

I actually think that you don't want to use a TLS config. Instead include a msg.rejectUnauthorized set to false in the triggering input msg.

7

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.