XIBO 1.8 API Access

I am working a client project and find that I need to talk to the XIBO server to add an item to the schedule. I followed the examples, and can access the API through POSTMAN, and have created some shell scripts that will access the API using cURL.

However, I have to be able to talk to the server using straight http. Normally not a problem, been communicating with both SOAP and REST to many other systems. I created a request for the accessToken, but the error response is not all the helpful.

I sent
“client_id” : “vZB65MuS89RwpT4Qy8C9RptZitcZrTuvnFFK15cp”,
“client_secret” : “9kEJx862b9OIBidAcPPalGaOyrGT //edited out// Vheeo1”,
“grant_type” : client_credentials

JSON received:
{ “error”: { “message”: “The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the “grant_type” parameter.”,
“code”: 400,

The same clientID and clientSecret work with my shell scripts and Postman so know they are correct.
The error message seems to include any possible problem.
Can anyone point me in a direction to look or try…yes I did put quotations around client_credentials, no difference.

Maybe something like:

		'client_id' => CLIENT_ID ,
		'client_secret' => CLIENT_SECRET ,
		'grant_type' => 'client_credentials',
		'Content-Length' => 0

Not to sure what format that would be… Postman is sending it a a “multipart/form-data” but I should be able to send my request using the format I have…

That is straight PHP creating an array for the Form Parameters.

In short I think you are missing: ‘Content-Length’

So maybe try:
“client_id” : “vZB65MuS89RwpT4Qy8C9RptZitcZrTuvnFFK15cp”,
“client_secret” : “9kEJx862b9OIBidAcPPalGaOyrGT //edited out// Vheeo1”,
“grant_type” : “client_credentials”,
“Content-Length” : “0”

Edit: Or maybe a needed header of Content-Type: application/x-www-form-urlencoded

I tried several variations of this, i.e. form and got no closer.

I really wish the error message would be just a bit more practical.

I am wondering… If you can make the connection with Postman, then why not have Postman show you in curl what the call would be? With the Postman connection and the access token call up. Click on “Code” near top right. On the dropdown menu select curl.

Mine show this:

curl -X POST \
  https://{{DOMAIN}}/api/authorize/access_token \
  -H 'cache-control: no-cache' \
  -H 'content-type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW' \
  -H 'postman-token: {{TokenHere}}' \
  -F client_id={{ClientIdHere}} \
  -F client_secret={{ClientSecret}} \
  -F grant_type=client_credentials

Not sure what the postman-token is about.

I am aware that Postman is capable of generating code, but I want to talk to the API within the application that the client is currently using. All that Postman is doing in all the generated code is packaging it as FORM-DATA. In fact, it will work without the WebKitFormBoundary or the Postman token. This is building a MIME document.

The example I post before is correct JSON/REST and the CMS should be able to use it.