These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE Technology Lab

 
  • Topic is locked indefinitely.
 

PHP CREST & ESI
Author
Previous Topic Next Topic
Jasmine Belle
Acclimatization
#1 - 2017-04-30 19:07:38 UTC  |  Edited by: Jasmine Belle
I have been working on learning CREST (previously using XML API) and I am having some problems figuring out how to send an authenticated request to CREST.

I have been able to obtain the code and use that to get an access & refresh token. I have even figured out that I can use the access token to make authenticated request to XML API.

My issue is that I keep getting an authentication error when sending a request to the CREST server.

Here is the code (PHP) I am using atm

Class eveOnline{
    function sso($code, $grantType = 'authorization_code'){
    $secretKey = "XXXXXXXXXXXXXXXXXXXXXXXXX"; //Edited out for post
    $clientID = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";        //Edited out for post
        if ($code){
            $base64 = base64_encode("$clientID:$secretKey");
            $url = 'https://login.eveonline.com/oauth/token';
            $data = array('grant_type' => $grantType, 'code' => $code);
            $options = array(
              'http' => array(
                'header'  => "Authorization: Basic ".$base64."\r\n".
                             "Content-type: application/x-www-form-urlencoded\r\n".
                             "Host: login.eveonline.com\r\n",
                'method'  => 'POST',
                'content' => http_build_query($data),
              ),
            );
            $context  = stream_context_create($options);            //Send Data
            $result = file_get_contents($url, false, $context);        //Receive Data
            if (isset($result)){
                $jsonData = json_decode($result, true);
            }        
        }
        return $jsonData;
    }
    
    function cData($endPointURL, $access_token){
            $options = array(
              'http' => array(
                'header'  => "Authorization: Bearer ".$access_token."\r\n".
                             "Accept: application/vnd.ccp.eve.RegionCollection-v1+json".
                             "Host: $endPointURL\r\n",
                'method'  => 'GET',
              ),
            );
            $context  = stream_context_create($options);            //Send Data
            $result = file_get_contents($endPointURL, false, $context);        //Receive Data
            if (isset($result)){
                $jsonData = json_decode($result, true);
            }        
        return $jsonData;
    }
}    

(I'm trying to access the character location endpoint, and it is included in the scope)
Can anyone help me figure out why my cData function is not working properly?
I keep getting "HTTP request failed! HTTP/1.1 403 FORBIDDEN"

On that note, While doing some research trying to figure this out. I learned there is yet ANOTHER api [ESI], and CCP plans to replace both the XML and CREST with ESI.

Should I even bother continuing trying to make my CREST code work, or do I need to start from scratch yet again and do some research on the ESI API?

Thanks in advanced to anyone who might be able to help me.
Blacksmoke16
Resilience.
#2 - 2017-04-30 19:46:39 UTC
CREST uses the same auth method as ESI. So this is still valid.

CREST/ESI/XML should all be used up until ESI reaches parity with the other endpoints.

This link provides a good explanation of what you have to do:
http://eveonline-third-party-documentation.readthedocs.io/en/latest/sso/intro.html

As to the specifics of your code, my PHP isn't the best so can have someone else check it out.
Blacksmoke16
Resilience.
#3 - 2017-04-30 19:59:14 UTC  |  Edited by: Blacksmoke16
I messed with it a bit and got this to work. Tested it with the character wallet endpoint.

     
       function cData($endPointURL, $access_token){
           $header = array('Authorization: Bearer '.$access_token, 'Content-Type: application/json');
           
            $ch = curl_init();
            curl_setopt_array($ch, array(   
                CURLOPT_URL => $endPointURL,
                CURLOPT_HTTPHEADER => $header
            ));

        $return_data = curl_exec($ch);
        curl_close($ch);
        return $return_data;
}
Jasmine Belle
Acclimatization
#4 - 2017-04-30 20:14:21 UTC
Thank you for the help! I really appreciate it.

I'm now trying to figure out how to use the Request URL option provide by ESI.

Using This: https://esi.tech.ccp.is/latest/#!/Location/get_characters_character_id_location

And an access token that I generated. I am able to use the Try Me option and see the results. Looks like it's working just great. However, when I cut and paste the Request URL into my browser I get the response "{"error": "token not valid for scope(s): esi-location.read_location.v1"}"

How do I authorize my character to work with ESI? I checked my Third Party Applications authotization and it says "ESI Swagger UIbase URL: /latest Required Scopes read_location
Allows reading of a character's active ship location"
Is set.

So my question now is why is the EvE swagger interface able to pull this information, and generate a URL to make the request, but using the that same URL in my browser, I get a scope error?

What am I doing wrong?
Blacksmoke16
Resilience.
#5 - 2017-04-30 20:22:34 UTC
Again read that link i linked earlier.

You need to add the 'esi-location.read_location.v1' scope to your developers app.

Logging into the esi.tech.ccp.is site and using 'try me' isnt the same as your developers app which you set up here:
https://developers.eveonline.com/applications

Then read this:
http://eveonline-third-party-documentation.readthedocs.io/en/latest/sso/authentication.html#redirect-to-the-sso

Basic you need to generate the url with the scopes you want, user clicks on that button, logs in with SSO, then that's how you get the code you use to get the access token in your sso function.

Also it isn't as easy as copy pasting it into your browser since it needs auth via a token.
Jasmine Belle
Acclimatization
#6 - 2017-04-30 20:27:19 UTC
OH! They are all at the bottom! Oops

I was not using the one prefixed with ESI. Thank YOU!
Blacksmoke16
Resilience.
#7 - 2017-04-30 20:36:36 UTC
NP :P
Jasmine Belle
Acclimatization
#8 - 2017-04-30 20:38:47 UTC
It's WORKING \o/ YES Thank you so much!!!


Quote:
Also it isn't as easy as copy pasting it into your browser since it needs auth via a token.

To clarify, I was using the Request URL option provided by ESI, not the CURL option. With the proper permissions set correctly the access token can be passed via the URL without putting it in the header information.

Dude, you're awesome! Thanks a bunch.