Rest API GET Query working fine in Browser but why is it not working in Client software?

Question

I made my own REST API with php coding and mySQL database. There is no Authentication. Just a GET call should retrieve mySQL table rows.

 <?php
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
$servername = "xxxx.epizy.com";
$username = "xxxx";
$password = "yyyy";
$database = "xxxx_30758786_qwerty";

// Create connection
$conn = new mysqli($servername, $username, $password,$database);

// Check connection
if ($conn->connect_error) {
  die("Connection failed: " . $conn->connect_error);
}else{

$id = (isset($_GET['id']) && $_GET['id']) ? $_GET['id'] : '0';

    if($id !='0'){
        $stmt = $conn->prepare("SELECT * FROM users WHERE id = ?;");
        $stmt->bind_param("i", $id);
    }else{
       $stmt = $conn->prepare("SELECT * FROM users");
    }               
    $stmt->execute();           
    $result = $stmt->get_result();

    if($result->num_rows > 0){    
    $userRecords=array();
    $userRecords["users"]=array(); 
    while ($user = $result->fetch_assoc()) {    
        extract($user); 
        $userDetails=array(
            "id" => $id,
            "full_name" => $full_name,
            "email"=> $email,
            "password" => $password,
            "phone"=> $phone            
        ); 
       array_push($userRecords["users"], $userDetails);
    }    
    http_response_code(200);
    //echo json_encode($userRecords);
    echo json_encode($userRecords);
    }else{     
         
        echo "failed";
        //echo json_encode(array("message" => "No item found."));
    } 
   
}

$conn->close();
?> 

http://qwerty.42web.io/um/users/read

While executing the API call from browsers (firefox / chrome) it works well. Below are the headers of Firefox browser call.

Response Headers:

Access-Control-Allow-Origin *
Cache-Control   max-age=0
Connection  keep-alive
Content-Encoding    gzip
Content-Type    application/json; charset=UTF-8
Date    Mon, 18 Apr 2022 18:12:31 GMT
Expires Mon, 18 Apr 2022 18:12:31 GMT
Server  nginx
Transfer-Encoding   chunked
Vary    Accept-Encoding

Request Headers

Accept  text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language en-US,en;q=0.5
Connection  keep-alive
Host    qwerty.42web.io
Upgrade-Insecure-Requests   1
User-Agent  Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0

But when I am executing through client software, it is not working. Instead of showing the JSON object, It is displaying a HTML content.

Headers while using a client software like POSTMAN / SoapUI:

Response Headers

HTTP/1.1 200 OK
Server=nginx
Date=Mon, 18 Apr 2022 18:14:45 GMT
*Content-Type=text/html*
Transfer-Encoding=chunked
Connection=keep-alive
Vary=Accept-Encoding
Expires=Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control=no-cache

I noticed the response content type is text/html instead of application/json. It is also dumping a HTML content with some javascript code. Output of that code is only a blank page.

I tried several type of headers, copied exactly same headers as of Browsers, nothing seems to work. Instead of a JSON object it always receives an HTML page. I spent at least 48 hours in troubleshooting my PHP code, GET request headers, different API clients.

Why the browser is able to parse my API response but not the API clients?

Answer 1

If you check the code that returns the request when you use Postman is that the Client needs to have Javascript enabled. "This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support"

Postman is not a Browser.

It seems that the "problem" is originated in the Nginx server.

Some servers are configured to accept requests only from certain clients (Browsers, curl) and in your case they do not allow Postman/SoapUI.

Maybe the solution is to use COOKIES in Postman somehow.