1

I have this API, something like this:

https://baseurl.com/endpoint

It is a GET API and has PingIdentity's OIDC + Auth2.0 authentication & authorization(enabled at KONG API GATEWAY level) mechanism. The first time I hit this API via my browser, it redirects me to a sign-in page, which on successful sign-in, successfully triggers this API and shows me the output JSON on the browser. For the next 1 hour, whenever I hit this API again, it doesn't ask for a sign-in again. After that, I again have to sign in once.

Now, I need to hit this API via Python. The problem is, in response, it gives an HTML output, which is basically that sign-in page that the browser was redirecting me to. Here is what I have tried:

I wrote this API using FastAPI in python, and when I requested it on the browser, I recorded its headers in FastAPI via request.headers. Here is what the headers contained:

'host':
'keep-alive':
'connection':
'x-forwarded-for':
'x-forwarded-proto':
'x-forwarded-host':
'x-forwarded-port':
'x-forwarded-path':
'x-forwarded-prefix':
'x-real-ip':
'cache-control':
'sec-ch-ua':
'sec-ch-ua-mobile':
'sec-ch-ua-platform':
'upgrade-insecure-requests':
'user-agent':
'accept':
'sec-fetch-site':
'sec-fetch-mode':
'sec-fetch-user':
'sec-fetch-dest':
'referer':
'accept-encoding':
'accept-language':
'cookie': {contained my organization specific data, which I am sure are not essential}
'username':
'client_id':
'oidc-access-token': {it is a JWT token, which I have confirmed with my teammates, is the access token from PingIdentity}

However, when I set these same headers when using Python requests library to hit this same API, it is again returning me the HTML of the sign-in page and is not giving me the result! I also tried copying headers from the NETWORKS tab in the Debugger tool in browser and setting those same parameters in my requests in python, but nothing works still! Here is how I am hitting the API in python:

import requests
hit_my_api = requests.get("https://baseurl.com/endpoint", headers={<The ones I mentioned above>})

How to get around with this?

raghavsikaria
  • 515
  • 6
  • 19
  • What does the API guide say for the end point you trying to hit, its kinda hard for anyone to help when we dont know anything about the API your trying to consume – Chris Doyle Jan 13 '22 at 20:21

1 Answers1

1

You should add the JWT token in the headers as below (see here):

hit_my_api = requests.get("https://baseurl.com/endpoint", headers={'Authorization': 'access_token myToken'})

EDIT: If the above doesn't work, try this:

hit_my_api = requests.get("https://baseurl.com/endpoint", headers={ 'Authorization': 'Bearer <your_token>' })
Chris
  • 4,940
  • 2
  • 7
  • 28