how to solve invalid signature error while connecting to xero public api - php

I am making a connection to xero public API using curl, but it gives me an error of "invalid signature".
$ch = curl_init();
$url = "";
$consumer_key = "oauth_consumer_key=".$_REQUEST['consumer_key'];
$consumer_secret = "&oauth_consumer_secret=".$_REQUEST['consumer_secret'];
$signature_method = "&oauth_signature_method=HMAC-SHA1";
$oauth_nonce = "&oauth_nonce=1556121004";
$oauth_timestamp = "&oauth_timestamp=1556121004";
curl_setopt($ch , CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,$post_fields);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
if($result === false){
echo "success";
//echo "error";


cURL PHP to Plain cURL

I'm trying to connect my Rails app to a third-party API. In their example code, the code to connect to their service is all in PHP. I'm not familiar with PHP.
This is the code:
// Token generation
$timestamp = time();
$uri = "";
$password = "somePassword";
$security_token = sha1($timestamp.$uri.$password);
// Webservice call
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $uri);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$post = array();
$post["timestamp"] = $timestamp;
$post["security_token"] = $security_token;
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post));
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, "path/to/certifcate/file/certificate.crt");
$ret = curl_exec($ch);
// Check response
if(curl_errno($ch)) {
die("CURL error: ".curl_error($ch));
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if($http_code != 200) {
die("Server error, HTTP code: $http_code");
// Parse response
try {
$json = json_decode($ret);
catch(Exception $e) {
die("Failed to decode server response");
Any help to convert this to plain cURL would be appreciated and thanks in advance!
This is how I did it and it worked good.
uri = URI.parse("https://apilink/post.json")
pass = 'supper-password'
timestamp =
token = Digest::SHA1(timestamp + uri + pass)
request =
# request.body = "timestamp&security_token"
req_options = {
use_ssl: uri.scheme == "https",
response = Net::HTTP.start(uri.hostname, uri.port, req_options) do |http|
render json: response.code

Basic Authorization PHP with Server related

I have some problem that related to HTTP_HEADERS in curl php in opencart. The code below is caller.
$ch = curl_init();
$url = '';
$url2 = '';
$url3 = '';
$header = array('Authorization:Basic ' . base64_encode('user:password'));
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FAILONERROR, true);
curl_setopt($ch, CURLOPT_HEADER, false);
$results = curl_exec($ch);
echo '<pre>';
print_r(json_decode($results, true));
echo '</pre>';
The receiver code like below:
public function getTotalCustomer(){
$json = array();
if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])){
if(($_SERVER['PHP_AUTH_PW'] == 'password') && ($_SERVER['PHP_AUTH_USER'] == 'user')){
$json['total_customer'] = $this->model_account_customer->getTotalCustomer();
} else{
$json['message'] = 'failed';
$this->response->addHeader('Content-Type: application/json');
I had tried in multiple domain with different servers. Some server can return the data but some server cannot return the data. Why?
Your header that you're sending is incorrect.
You're passing
Authorization:Basic <username:password>
it should be
Authorization: Basic <username:password>
note the space.

Send header and post in curl to localbitcoins

I had tried to send info in a post and a header throw localbitcoins and get one error:
HMAC authentication key and signature was given, but they are invalid
From what i learn with localbitcoins api is this just a code u get when u mess with the header can someone help me to solve why I get this error because don't know whats wrong in my code:
function localbitcoins_query2($path, array $req = Array()) {
$mt = explode(' ', microtime());
$nonce = $mt[1].substr($mt[0], 2, 6);
if ($req) {
$sign = strtoupper(hash_hmac('sha256', $postdata, $secret));
$headers = array(
$ch = null;
$ch = curl_init();
$data = array("lat" => "Hagrid", "price_equation" => "36");
$data_string = json_encode($data);
curl_setopt($ch, CURLOPT_URL,"".$path);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 20);
$res = curl_exec($ch);
if ($res === false) throw new Exception('Curl error: '.curl_error($ch));
$dec = json_decode($res, true);
if (!$dec) throw new Exception('Invalid data: '.$res);
return $dec;

Jet API connection problems

So far, I am connecting to in postman, but when i attempt to connect via php, I do not get any errors or a response. The page is blank. So far this is the code that I have:
protected static $api_user_id = "****";
protected static $api_secret = "****";
protected static $merchant_id = "****";
protected static $api_prefix = "";
class Jet
public function getNewToken()
$ch = curl_init($this::$api_prefix.'/Token');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
//If necessary add your ssl pem: curl_setopt($ch, CURLOPT_CAINFO,'/ssl/cacert.pem');
$request = json_encode(array(
"user" => $this::$api_user_id,
"pass" => $this::$api_secret
curl_setopt($ch, CURLOPT_POSTFIELDS, $request);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Content-Length: ' . strlen($request))
$data = curl_exec($ch);
if($data = json_decode($data)){
if($token = $data->id_token){
//SAVE $token SOMEWHERE and save last time you got a token
echo $token;
return true;
return false;
$return = curl_exec($ch);
$err = curl_error($ch);
if ($err)
echo "cURL Error #:" . $err;
echo $return;
$jetAPI = new Jet;
Im not sure what I am doing wrong. Any help would be greatly appreciated. Thanks.
I am using:
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_POST, TRUE);
curl_setopt($curl, CURLOPT_POSTFIELDS, $obj);
curl_setopt($curl, CURLOPT_HTTPHEADER, array("Content-Type: $app"));
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
$response = curl_exec($curl);
The key here is the curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);

PHP using curl POST data in json - REST api not working

function processCurlJsonrequest($URL, $fieldString)
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json', 'Accept: application/json'));
curl_setopt($ch, CURLOPT_URL, $URL);
// curl_setopt($ch, CURLOPT_USERAGENT, $this->_agent);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
// curl_setopt($ch, CURLOPT_COOKIEFILE, $this->_cookie_file_path);
//curl_setopt($ch, CURLOPT_COOKIEJAR, $this->_cookie_file_path);
curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($fieldString));
curl_setopt($ch, CURLOPT_POST, 1);
$resulta = curl_exec($ch);
if (curl_errno($ch)) {
print curl_error($ch);
} else {
return $resulta;
$data_string = array("title" => "jdsdfds","url"=>"sdfdfd","date"=>"2014-01-30");
I am using REST api post method, type JSON to post data by using curl function. But its not working at all and no output is showing.
I did test this by using Fiefox plugin RESTClient.
its works fine, able to post data into my database.
I am stuck when using PHP curl method to post data. Above is one of the example i took from internet but still not working. Need advice from senior.
// Handle POST requests to /articles
$app->post('/articles', function () use ($app) {
try {
// get and decode JSON request body
$request = $app->request();
$body = $request->getBody();
$input = json_decode($body);
$count = count($input);
for ($x = 0; $x < $count; $x++) {
// store article record
$article = R::dispense('articles');
$article->title = (string)$input[$x]->title;
$article->url = (string)$input[$x]->url;
$article->date = (string)$input[$x]->date;
$id = R::store($article);
// return JSON-encoded response body
$app->response()->header('Content-Type', 'application/json');
echo json_encode(R::exportAll($article));
} catch (Exception $e) {
$app->response()->header('X-Status-Reason', $e->getMessage());
this is something ive used if you already know every parameter that is going to be added.
$Username = "TestUsername";
$Password = "Password123";
$Email = "mail#email.tld";
$Url = "http://localhost/your/path/server.php?Username=$Username&Password=$Password&Email=$Email";
//send request:
$Client = curl_init($Url);
curl_setopt($Client, CURLOPT_RETURNTRANSFER, 1);
$Response = curl_exec($Client);
$Result = json_decode($Response);
$Output .= "Success, $Result->StatusMessage ($Result->Status)<br/> Data:<br/>";
$Output .= "Username: " . $Result->Information->Username . "<br/>";
$Output .= "Password: " . $Result->Information->Password . "<br/>";
$Output .= "Email: " . $Result->Information->Email . "<br/>";
echo $Output;
echo "an error occured.";
$Username = $_GET['Username'];
$Password = $_GET['Password'];
$Email = $_GET['Email'];
$Info = array(
'Username' => $Username,
'Password' => $Password,
'Email' => $Email
$Response['Status'] = $HTTPSTATUS;
$Response['StatusMessage'] = $HTTP_MESSAGE;
$Response['Information'] = $Info;
$Return = json_encode($Response);
echo $Return;
This would be the result:
Success, RECORD ADDED. (200)data:
Username: TestUsername
Password: Password123
Email: mail#email.tld
Now, im no expert at this, but this works like a charm for me.
I know that, from the example above, the url is a standard http request yet the code references ssl. Also, you set the RETURNTRANSFER yet do not echo / print the result - only printing the error if there is one. I have found that it is essential to have a copy of cacert.pem - download from here
~ edit the path according to your server config. If the site is not https then it gets ignored anyway.
function processCurlJsonrequest($URL, $fieldString) {
$cacert=realpath( 'c:/wwwroot/cacert.pem' );
$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json'));
curl_setopt($ch, CURLOPT_URL, $URL);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
if( parse_url( $URL,PHP_URL_SCHEME )=='https' ){
curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, FALSE );
curl_setopt( $ch, CURLOPT_SSL_VERIFYHOST, 2 );
curl_setopt( $ch, CURLOPT_CAINFO, $cacert );
curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode( $fieldString ) );
curl_setopt($ch, CURLOPT_POST, true);
return array(
Notices that the function returns an array, you would need to account for that when dealing with the response....
$data_string = array("title" => "jdsdfds","url"=>"sdfdfd","date"=>"2014-01-30");
$response = processCurlJsonrequest('http://localhost/articles',$data_string);
echo '<pre>',print_r($response,true),'</pre>';
I did change code a bit from :
// store article record
$article = R::dispense('articles');
$article->title = (string)$input[$x]->title;
$article->url = (string)$input[$x]->url;
$article->date = (string)$input[$x]->date;
$id = R::store($article);
to this :
// store article record
$article = R::dispense('articles');
$article->title = $input[$x]['title'];
$article->url = $input[$x]['url'];
$article->date = $input[$x]['date'];
$id = R::store($article);
Now I'm able to post from Firefox rest-client plugin. able to post and create data in db. But still its not working when I tried from the PHP curl code.
You should try this
$url = 'Your url';
$args = 'Your argumnts';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($args));
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
$result = curl_exec($ch);
return $result ? json_decode($result, true) : false;