Develop Reference

Creating URL with headers

I can curl a website URL by passing on some header params. I am trying to get the same result on the browser but I cannot build the URL for the browser in the right way.
My curl looks something similar
curl -X GET -u 'xyz#gmail.com' -H "app-key: some-keys" -H "account-email: procurement#gmail.com" -H 'Content-Type: application/json' -d 'paused=false' https://api.pingdom.com/api/2.1/checks
When prompted for the password, i can give the password and Iget the JSON response.
Now I try to build the same URL on my browser. The browser prompts for user name and password which I have already given.
Now my URL looks like this.
https://api.pingdom.com/api/2.1/users?account-email=procurement#gmail.com&app-key=some-key
I get a forbidden (as JSON reponse) when I try from the browser and from Curl I get the proper JSON response.
How can I add header params to a URL when pinging from the browser?

How can I add header params to a URL when pinging from the browser?
That's not possible. Besides it, from the browser address bar you won't be able to use HTTP methods other than GET.
So I advise you to you proper tools to target/test your Web API such as Postman or Paw.

Bad Request when using Google OAuth2.0

I am receiving a 400 bad request when using Google OAuth from within Salesforce. The following error is in regards to invalid grant_type, but if you look at the documentation under 'Using Refresh Token' you will see that it is correct.
https://developers.google.com/identity/protocols/OAuth2WebServer
Error:
{
"error": "unsupported_grant_type",
"error_description": "Invalid grant_type: "
}
I am attempting to exchange a refresh_token for an access token and can successfully do it using CURL, with the following code.
curl \
-d refresh_token=REFRESH_TOKEN \
-d client_id=CLIENT_ID \
-d client_secret=CLIENT_SECRET \
-d grant_type=refresh_token https://www.googleapis.com/oauth2/v4/token
The code that I am using inside Salesforce:
Http http = new Http();
HttpRequest req = new HttpRequest();
req.setHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
req.setHeader('Content-Length', '0');
req.setHeader('client_id', 'CLIENT_ID');
req.setHeader('client_secret', 'CLIENT_SECRET');
req.setHeader('refresh_token', 'REFRESH_TOKEN');
req.setHeader('grant_type', 'refresh_token');
req.setEndpoint('https://www.googleapis.com/oauth2/v4/token');
req.setMethod('POST');
return http.send(req);

The -d curl option sends the data in the request body using the application/x-www-form-urlencoded content type which is one of the supported ways of sending those parameters in OAuth2.
-d Sends the specified data in a POST request to the HTTP server, in the same way that a browser does when a user has filled in an HTML form and presses the submit button. This will cause curl to pass the data to the server using the content-type application/x-www-form-urlencoded.
In the Salesforce code you're setting the correct content type, but then are sending the OAuth2 related parameters as additional headers instead of sending them in the request body.
You need to update the code to send the parameters in the request body using the application/x-www-form-urlencoded encoding.

I caught the same issue in fiddler. I added this comment because it may be helpful to somebody.
https://oauth2.googleapis.com/token
Content-Type: application/x-www-form-urlencoded
Request Body:
code=<some code here>&
client_id=your_client_id&
client_secret=your_client_secret&
redirect_uri=https%3A//oauth2.example.com/code&
grant_type=authorization_code
Goole api response:
{"error": "unsupported_grant_type", "error_description": "Invalid grant_type: "}
The issue occurred because the request body has line breaks between each parameter. if you delete all the line breaks, leaving all values in a single row request will be work fine. e.g. request body:
code=<some code here>&client_id=your_client_id&client_secret=your_client_secret&redirect_uri=https%3A//oauth2.example.com/code&grant_type=authorization_code

Send a curl request with no Accept header?

I have written an REST API and I'm try to test a request that has no Accept header. If I send a request via Curl it adds a default header Accept: */*, you can see this if you add Curl's -v parameter.
Is there are way to send a request via Curl with no Accept header?

Pass in a header with no value on the right side of the colon to have that removed from the request, even if curl otherwise would add it by itself.
curl -H 'Accept:' http://example.com/

How do I find the correct url to send curl POST request to?

I am trying to use curl to send a POST request with json.
I use Live HTTP Headers and get the url to send the request to. However it comes back "request denied. you do not have permission to access this page?"
How do I find the correct url?
from Live Http headers, i can see the json data {"var1":"val1","var2":"val2",...}
so i use the following curl command:
curl -H "Accept: application/json" -H "Content-type: application/json" -o output.html -L "http://domain.com/theurl" -d '{"var1":"val1","var2":"val2",...}'

There may be other parts of the request you observed using Live HTTP Headers that allowed your browser to access that URL, such as a cookie value that indicated your session information or user credentials. If Live HTTP Headers has the ability to view those headers and/or cookies, you could grab them and include them in your curl request using additional -H 'Header: value' arguments.
HTTP Authentication may also be used, in which case you should pass your username and password to curl with --user name:password.

How to test multipart/form-data POST request

I am trying to find a tool that will allow me to test a multipart/form-data POST request and tweak the request. Specifically, I want to test the absence/presence of the semi-colon in the content-type header:
multipart/form-data; boundary=140f0f40c9f411e19b230800200c9a66
We have a client that doesn't send a semi-colon and our new servlet (using Apache Commons FileUpload) can't parse the uploaded file. The old version of our servlet uses a different library method for accepting/parsing the request and it can parse the file. Until I can prove that the request will be successful by including the semi-colon, the owners of the client app don't want to make any changes to it.
I have been using cURL to run my tests against the servlet, but I can't tweak the request it generates to exclude the semi-colon. I have tried the Poster addon for Firefox and Fiddler to generate a test POST request, but they result in this error:
org.apache.commons.fileupload.FileUploadException: Stream ended unexpectedly
Has anybody found a way to successfully test a multipart/form-data POST request with an uploaded file?

You can use curl for testing these libraries, here's an example using a multipart/form-data POST: https://stackoverflow.com/a/10765244/72176
One thing I like about a command-line tool like curl is it's easy to repeat (in bash, up & enter), and you can save the test for later.
Edit: It is definitely possible to send the custom header that you want to test. The key is to use curl's raw commands over the convenience methods which format the request for you. Use -H to pass in the raw header, and use --data-binary to pass in the body from a file without changing the line endings (very important for multipart/form-data which must have CRLF line endings). Here's an example:
curl -X POST -H "Content-Type: multipart/form-data; boundary=----------------------------4ebf00fbcf09" --data-binary #test.txt http://localhost:3000/test
of if it's more convenient not to use the intermediary file, you can write it one line like so:
curl -X POST -H "Content-Type: multipart/form-data; boundary=----------------------------4ebf00fbcf09" -d $'------------------------------4ebf00fbcf09\r\nContent-Disposition: form-data; name="example"\r\n\r\ntest\r\n------------------------------4ebf00fbcf09--\r\n' http://localhost:3000/test
These 2 examples include the semicolon, but you can remove it as needed.