Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 3 down vote favorite
1

I'm trying to call Paypal api from my code. I set up the sandbox account and it works when I use curl but my code isn't working the same way, returning 401 Unauthorized instead.

Here's the curl command as documented by Paypal

curl https://api.sandbox.paypal.com/v1/oauth2/token -H "Accept: application/json" -H "Accept-Language: en_US" -u "A****:E****" -d "grant_type=client_credentials"

UPDATE: Apparently the .Credentials doesn't do the trick, instead setting Authorization header manually works (see code)

Here's the code (trimmed to its essence):

  HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create("https://api.sandbox.paypal.com/v1/oauth2/token");
  request.Method = "POST";
  request.Accept = "application/json";
  request.Headers.Add("Accept-Language:en_US")

  // this doesn't work:
  **request.Credentials = new NetworkCredential("A****", "E****");**

  // DO THIS INSTEAD
  **string authInfo = Convert.ToBase64String(System.Text.Encoding.Default.GetBytes("A****:E****"));**
  **request.Headers["Authorization"] = "Basic " + authInfo;**

  using (StreamWriter swt = new StreamWriter(request.GetRequestStream()))
  {
    swt.Write("grant_type=client_credentials");
  }

  request.BeginGetResponse((r) =>
  {
    try
    {
       HttpWebResponse response = request.EndGetResponse(r) as HttpWebResponse; // Exception here
       ....
    } catch (Exception x)  { .... } // log the exception - 401 Unauthorized
  }, null);

This is the request from code captured by Fiddler (raw), there are no authorization parameters for some reason:

POST https://api.sandbox.paypal.com/v1/oauth2/token HTTP/1.1
Accept: application/json
Accept-Language: en_US
Host: api.sandbox.paypal.com
Content-Length: 29
Expect: 100-continue
Connection: Keep-Alive

grant_type=client_credentials
share|improve this question
There's a missing space in the accept header but I can't see anything else obvious. Have you tried capturing the two requests to see what's different, e.g. using wireshark or a proxy such as Fiddler? – Rup Jun 2 at 22:03
@Rup I tried with Fiddler, still having trouble capturing the curl request but the code request doesn't contain Auth headers (see update) – Sten Petrov Jun 2 at 22:09
1  
Yes some HTTP libraries e.g. Apache's won't send the credentials unless asked for them by the remote server, but I didn't know .NET's did too. Or at least it ought to then reply to the 401 with them. There may be a way to force it too on the request object? – Rup Jun 2 at 22:10
1  
There's an unpleasant work-around in this old answer: construct your own basic authentication header. Or I was thinking of HttpWebRequest.PreAuthenticate. – Rup Jun 2 at 22:15
@Rup yeah I found that and worked around the problem. Thank you for looking into it – Sten Petrov Jun 2 at 22:53
show 1 more comment

Know someone who can answer? Share a link to this question via email, Google+, Twitter, or Facebook.

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.