PHP CURL How to GET cookie like POSTMAN?

Question

Hi I'm trying to setup a PHP CURL call using OAuth1 authorization method.

I've tried with POSTMAN 1st, to generate the PHP code. I've completed it with the necessary datas

<?php
$conskey = 'XXXXXXX';
$conssec = 'XXXXXXX';
$nonce     = mt_rand();
$timestamp = time();
$url = 'https://some-website/api/project/subproject';
$method = 'POST';

$oauth = new OAuth($conskey, $conssec, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_AUTHORIZATION);
$oauth->setNonce($nonce);
$oauth->setTimestamp($timestamp);
$signatureOAuth = $oauth->generateSignature($method,  $url);

$curl = curl_init($url);

curl_setopt_array($curl, array(
    CURLOPT_URL => $url.'?oauth_consumer_key='.$conskey.
        '&oauth_signature_method=HMAC-SHA1&oauth_timestamp='.$timestamp.
        '&oauth_nonce='.$nonce.
        '&oauth_version=1.0&oauth_signature='.$signatureOAuth,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => '',
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => 'POST',
    CURLOPT_POSTFIELDS => $jsonDatas,
    CURLOPT_HTTPHEADER => array(
        'Content-Type: application/json',
// THE COOKIE I WANNA GET
        'Cookie: SSESSd4f3e89d4699e1d1a071aa37eab4fcEd=DWS4UqpaykI2y7q-HJXEzGN82AKHQYnWo5hbsqkAqiQ' 
    ),
));

$result = curl_exec($curl);
curl_close($curl);

But I've noticed that there's the cookie in the CURLOPT_HTTPHEADER entry but I don't have any idea how POSTMAN generate this cookie.

Without this cookie or with a dumb string, the CURL response is always Invalid Signature

Answer 1

Postman is not generating cookies for you, and neither is curl/php. you either did some prior requests (usually GET to get cookies) requests to the website where you received some cookies, or gave the cookies to postman some other way.

since you're not showing us the real url, we can only speculate, but to take an example, here is how to get a session cookie for stackoverflow.com:

<?php
$ch=curl_init();
curl_setopt_array($ch,array(
  CURLOPT_COOKIEFILE => "", // setting it to empty activates the curl cookie engine (its disabled by default.),
  CURLOPT_URL => "https://stackoverflow.com/",
  CURLOPT_RETURNTRANSFER => true,
));
$html=curl_exec($ch);
$cookies = (function($cookielist):array{
  $cookies = array();
  foreach($cookielist as $cookie_raw) {
      $chunks = explode("\t", $cookie_raw);
      //var_dump($chunks);
      $cookie['domain'] = $chunks[0];
      $cookie['secure'] = $chunks[1];
      $cookie['path'] = $chunks[2];
      $cookie['???todo_wtf_is_this'] = $chunks[3];
      $cookie['expiration'] = $chunks[4];
      $cookie['name'] = $chunks[5];
      $cookie['value'] = $chunks[6];
      $cookies[] = $cookie;
  }
  return $cookies;
})(curl_getinfo($ch, CURLINFO_COOKIELIST));
var_export($cookies);

prints something like

array (
  0 =>
  array (
    'domain' => '#HttpOnly_.stackoverflow.com',
    'secure' => 'TRUE',
    'path' => '/',
    '???todo_wtf_is_this' => 'FALSE',
    'expiration' => '2682374400',
    'name' => 'prov',
    'value' => '9c06f038-9f70-bee8-2a64-b095656175d1',
  ),
)

which could be used like

// THE COOKIE I WANNA GENERATE
        'Cookie: '. $cookies[0]["name"].'='.$cookies[0]["value"]

but this is very rarely done, usually you'd just use curl's built-in cookie engine to handle cookies automatically..