HTTP Retrieval Erroring with HTTP400

Discussions related to HTTPAPI (An HTTP Client Package for RPG programming.) http://www.scottklement.com/httpapi/
Post Reply
BFG
Posts: 2
Joined: Wed Mar 12, 2025 1:08 pm

HTTP Retrieval Erroring with HTTP400

Post by BFG »

Hi,

Firstly whilst I'm a 40 year veteran of RPG in it many forms I'm very new to HTTP and have gain all my knowledge so far from Scott's examples, Google and simply trial and error. I have managed to write a program that retrieves an OAUTH2.0 authentication code from HMRC so I know I'm getting through my proxy server, connecting the other end and getting a response. The next job is connecting using that code to receive a json message back containing a URL. If I create a wrong code I get a error response which seems to be from HMRC with a HTTP401 error and message saying "Invalid Authentication information provided" but when I send what looks like a correct request I'm getting a HTTP400 response. Having debug the programs and looking at the log it seems like I'm connecting, sending the body but when the reply is being received I get the error. Any help will be gratefully received.

HTTPAPI Version 1.49

Program

Code: Select all

// Set the Proxy Address                                            
 Return_Code = http_proxy_setauth(AC_Pxyatyp:AC_Pxyausr:AC_Pxyapwd);
 Return_Code = http_setproxy(AC_Pxyurl:AC_Pxyport);                 
                                                                    
// Retrieve SDES API Paramaters                                     
 Chain ('SDES') Apiparmp;                                           
                                                                    
// Send Error if no API Paramaters                                  
 If not %found(Apiparmp);                                           
   Email_Out('API':'U');                                            
                                                                    
// Send SDES File to HMRC                                           
 Else;                                                              
                                                                    
  // Set HTTP Bearer Authorization                                  
   Return_Code = Http_SetAuth('4':*blanks:AP_Token);                
   If Return_Code = 1;                                              
     Email_Out('AUTH':'U');                                         
   Else;
                                                      
 // Set HTTP Bearer Authorization                  
  Return_Code = Http_SetAuth('4':*blanks:AP_Token);
  If Return_Code = 1;                              
    Email_Out('AUTH':'U');                         
  Else;                                            
                                                   
   // Set up URL and Request Data for HMRC API call
    URL = AP_BaseURL;                              
    If AP_Parm1n <> *blanks;                       
      URL = %trim(URL) + AP_Parm1v;                
    Endif;                                         
    If AP_Parm2n <> *blanks;                       
      URL = %trim(URL) + '/' + AP_Parm2v;          
    Endif;                                         
    If AP_Parm3n <> *blanks;                       
      URL = %trim(URL) + '/' + AP_Parm3v;          
    Endif;                                         
    Request_Data.filename = SDES_File;                                                 
    Data-Gen Request_Data %data(Request) %gen('YAJLDTAGEN');                           
                                                                                    
// Call REST Web Service                                                            
 Return_Code = Http_Req('POST':URL:*Omit:Response:*Omit:Request:'application/json');
Log File

Code: Select all

HTTPAPI Ver 1.49 released 2024-04-16               
NTLM Ver 1.4.0 released 2014-12-22                 
OS/400 Ver V7R4M0                                  
                                                   
http_proxy_setauth(): entered                      
http_setauth(): entered                            
http_persist_open(): entered                       
http_long_ParseURL(): entered                      
DNS resolver retrans: 2                            
DNS resolver retry  : 2                            
DNS resolver options: x'00000136'                  
DNS default domain: prg-dc.dhl.com                 
DNS server found: 165.72.12.88                     
DNS server found: 165.72.136.88                    
DNS server found: 165.72.12.2                      
Nagle's algorithm (TCP_NODELAY) disabled.          
CONNECT test-api.service.hmrc.gov.uk:443 HTTP/1.1  
Host: test-api.service.hmrc.gov.uk                 
User-Agent: http-api/1.48                                                            
Proxy-Connection: keep-alive                                                         
Proxy-Authorization: Basic [REDACTED]
                                                                                     
                                                                                     
recvresp(): entered                                                                  
HTTP/1.0 200 Connection Established                                                  
                                                                                     
                                                                                     
SetError() #13: HTTP/1.0 200 Connection Established                                  
recvresp(): end with 200                                                             
recvdoc parms: identity 0                                                            
header_load_cookies() entered                                                        
SNI hostname set to: test-api.service.hmrc.gov.uk                                    
-------------------------------------------------------------------------------------
Dump of server-side certificate information:                                         
-------------------------------------------------------------------------------------
Cert Validation Code = 6000                                                          
-----BEGIN CERTIFICATE-----                                     
MIIGXDCCBUSgAwIBAgIQBvaMwx6EAH3xJivmRmmGvDANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTA0MB4XDTI1MDQwOTAwMDAwMFoXDTI2MDUwOTIzNTk1OVowJzEl
MCMGA1UEAxMcdGVzdC1hcGkuc2VydmljZS5obXJjLmdvdi51azCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAIgkVxyqZjfhGX8YdjpJ1m/PysdGY7wGwoMy
OKNbFLwK9KfcP5rF6O2Wm5qT2/cdJmrh2uF1cJZTqXYgVQZaqB1XzSzrwY91ewcQ
ByZJMzEab9g/7/ZDvA+xV6V69ET1zRRwds4HV7pCbP8pONrmsAv1+Oojfe5T48q5
XogICIrR5N4BohL/tpfb65UvDhVF0XGFPt9U8nRpw6hHdS5feyxedbRN0uZ6L1dD
+wji+kWZOPuTzd0EHh+aOuettEPaDXmQYruuC4GjAZyR9j0Zak4VV0hat7RkaCB2
shkCJNPsQ5a8SyUvRhDLHUAalmUmQEJGL1bdDoR5968o6pI/GO8CAwEAAaOCA20w
ggNpMB8GA1UdIwQYMBaAFB9SkmFWglR/gWbYHT0KqjJch90IMB0GA1UdDgQWBBRX
TnrIQorlAA9dSJH4oEb0LWgqjTCBoAYDVR0RBIGYMIGVghx0ZXN0LWFwaS5zZXJ2
aWNlLmhtcmMuZ292LnVrgiNhcGkuZXh0ZXJuYWx0ZXN0LnRheC5zZXJ2aWNlLmdv
di51a4InYXBpLmlzYy5leHRlcm5hbHRlc3QudGF4LnNlcnZpY2UuZ292LnVrgidh
cGkudnBuLmV4dGVybmFsdGVzdC50YXguc2VydmljZS5nb3YudWswEwYDVR0gBAww
CjAIBgZngQwBAgEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnIybTA0LmFt
YXpvbnRydXN0LmNvbS9yMm0wNC5jcmwwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUF
BzABhiFodHRwOi8vb2NzcC5yMm0wNC5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUH
MAKGKmh0dHA6Ly9jcnQucjJtMDQuYW1hem9udHJ1c3QuY29tL3IybTA0LmNlcjAM
BgNVHRMBAf8EAjAAMIIBfAYKKwYBBAHWeQIEAgSCAWwEggFoAWYAdgCWl2S/VViX
rfdDh2g3CEJ36fA61fak8zZuRqQ/D8qpxgAAAZYZGgrLAAAEAwBHMEUCIQC8ruNG
Kk6tSgPXgi6YOjuI3bfbuJtV7BNuP5oJZ/eNRQIgfvMdlFPHTlxUwArnqZzGRqZZ
SD2xYPwYLpF2R1mozigAdQBkEcRspBLsp4kcogIuALyrTygH1B41J6vq/tUDyX3N
8AAAAZYZGgrNAAAEAwBGMEQCIBcp/jQt6A7ngMeODJJXPHdKSdutpRrXna/ayIgs
mbDrAiBe4cnib5dbeodlv0Yfja6diphczSwudFWjE69pXszCaAB1AEmcm2neHXzs
/DbezYdkprhbrwqHgBnRVVL76esp3fjDAAABlhkaCuMAAAQDAEYwRAIgUw6slpT0
GV2+3Ii+VBlaJupTEhsRGUJ+0oDKQGBielgCICl8hda4/yvGIpKgiMAldU6T3mwE
W9frG/sdRE73nUXaMA0GCSqGSIb3DQEBCwUAA4IBAQBLN+/CMdX7vaPenKGabSD3
5hGP4cGPuIwKboTAUPV3DVbhCS8xIj4soy8D4K7g8M0y9ihTjytwwynaWZcbhQBL
kmKe17rwPX+whkSR0d2fmxEmmEO1JLc1AxcbPaOI+rPknMtptQsgKrajTxbHpFcp
zUB94c/8OTVD7T3But7yGoWtu8SvUuhBDvAdcNXjtB9skqG1buUip12OYlRt9oo+
9vDPFcDYjlwPdG5fBdGERtS8/Uh4pApn4eXoognBSRwHRPxjt1wmrfpITG5UN2A6
HGCwbmuzYMU1NMYgVZWOk9E11qf84I2dOMPCekK3KCXDXtY9wBI7Lr5nSKL+8gvB
-----END CERTIFICATE-----                                       
Serial Number: 06:F6:8C:C3:1E:84:00:7D:F1:26:2B:E6:46:69:86:BC                                                                      
Common Name: test-api.service.hmrc.gov.uk                                                                                           
Issuer CN: Amazon RSA 2048 M04                                                                                                      
Issuer Country: US                                                                                                                  
Issuer Org: Amazon                                                                                                                  
Version: 3                                                                                                                          
not before: 20250409020000                                                                                                          
Unknown Field: 02:00:00 09-04-2025                                                                                                  
not after: 20260510015959                                                                                                           
Unknown Field: 01:59:59 10-05-2026                                                                                                  
pub key alg: 1.2.840.113549.1.1.1                                                                                                   
signature algorithm: 1.2.840.113549.1.1.11                                                                                          
Unknown Field: 0382010F003082010A02820101008824571CAA6637E1197F18763A49D66FCFCAC74663BC06C2833238A35B14BC0AF4A7DC3F9AC5E8ED969B9A93D
Unknown Field: 2048                                                                                                                 
Unknown Field: DFFBEA275E7CE729EA79B875E5F3D276                                                                                     
Unknown Field: 1.2.840.113549.2.5                                                                                                   
Unknown Field: A46F3375C27F85314E17BC9182C3490E9BC00D46                                                                             
Unknown Field: 9E1FBDA06225350972EF1D256110E3BC0FB4A5BD21499729C084DC5E29095266                                                     
Unknown Field: 5                                         
Unknown Field: api.vpn.externaltest.tax.service.gov.uk   
Unknown Field: api.isc.externaltest.tax.service.gov.uk   
Unknown Field: api.externaltest.tax.service.gov.uk       
Unknown Field: test-api.service.hmrc.gov.uk              
Unknown Field: 0                                         
Unknown Field: 1.3.6.1.5.5.7.3.2                         
Unknown Field: 1.3.6.1.5.5.7.3.1                         
Unknown Field: 2.23.140.1.2.1                            
Unknown Field: http://crl.r2m04.amazontrust.com/r2m04.crl
Unknown Field: http://crt.r2m04.amazontrust.com/r2m04.cer
Unknown Field: http://ocsp.r2m04.amazontrust.com         
                                                         
Protocol Used: TLS Version 1.2                           
http_persist_req(POST) entered.                          
http_long_ParseURL(): entered                            
http_long_ParseURL(): entered                            
do_oper(POST): entered                                   
There are 0 cookies in the cache                                                     
POST /misc/sdes-file-upload/files/upload/url/012345678901/informationType901 HTTP/1.1
Host: test-api.service.hmrc.gov.uk                                                   
User-Agent: http-api/1.48                                                            
Content-Type: application/json                                                       
Content-Length: 81                                                                   
Authorization: Bearer [REDACTED]
                                                                                     
                                                                                     
senddoc(): entered                                                                   
{"filename":"DHLAir-B2C_20250512175855_00000035-5c9d-4970-874b-6a1befab64e9.csv"}    
recvresp(): entered                                                                  
HTTP/1.1 400 Bad Request                                                             
Content-Type: application/json                                                       
Content-Length: 54                                                                   
Connection: keep-alive                                                               
Date: Wed, 21 May 2025 13:56:23 GMT                                                  
Content-Security-Policy: default-src 'self'                                          
Cache-Control: no-cache,no-store,max-age=0                           
Strict-Transport-Security: max-age=31536000;                         
Vary: Origin                                                         
X-Envoy-Upstream-Service-Time: 4                                     
X-Cache: Error from cloudfront                                       
Via: 1.1 d6dd98756a4f02347841ea55c4fd0b38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P11                                              
X-Amz-Cf-Id: DAtuHdiCH55_jixauboGR37YOwjCzNzwkXOH5D_aD5tneBEcyCBisw==
                                                                     
                                                                     
SetError() #13: HTTP/1.1 400 Bad Request                             
recvresp(): end with 400                                             
recvdoc parms: identity 54                                           
header_load_cookies() entered                                        
recvdoc(): entered                                                   
SetError() #0:                                                       
recvdoc(): Receiving 54 bytes.                                       
{"obj":¬{"msg":¬"error.expected.jsarray"|,"args":¬|}|}               
{"obj":¬{"msg":¬"error.expected.jsarray"|,"args":¬|}|}
SetError() #13: HTTP/1.1 400 Bad Request              
http_close(): entered
Top
Scott Klement
Site Admin
Posts: 878
Joined: Sun Jul 04, 2021 5:12 am

Re: HTTP Retrieval Erroring with HTTP400

Post by Scott Klement »

Hello,

Your post contained the userid/password for both your proxy and the site you're connecting to. I have removed them from your post, but they were visible here for a time. Please change them so that you are not vulnerable.

The error is 400 Bad Request. This means that what you are sending to the site is not what it expects.

It is telling you this:

Code: Select all

{"obj":¬{"msg":¬"error.expected.jsarray"|,"args":¬|}|}
so somewhere in your JSON, it is expecting an array... please look at the documentation of the site you're trying to access and determine what the correct format of the JSON is.
Top
BFG
Posts: 2
Joined: Wed Mar 12, 2025 1:08 pm

Re: HTTP Retrieval Erroring with HTTP400

Post by BFG »

Hi Scott,

The passwords change every 4 hours so I decided it would be OK.

Thanks for the response it's obvious when explained, as I will only ever be sending one request at a time I'd totally missed the fact that the request should be an array as you can send many at a time.

Cheers
Chris
Top
Post Reply

Return to “HTTPAPI”