Passing variable to “authorization: bearer” header with Curl and Bash2019 Community Moderator ElectionDrag and drop files with cURLcURL for loop variablecurl outfile variable not working in bash scriptHow do I pipe the output of a curl command to an environment variable and use it in another curl command?Using a variable to execute a curl commandHow to put a variable inside cURL?how to put variable in CURL header using shell script?cURL requests in bashVariable inside a curl ArrayGET via wget or cURL gives a limited response

Why Shazam when there is already Superman?

Angel of Condemnation - Exile creature with second ability

Infinite dials to reset ever?

What is this called? Old film camera viewer?

Is aluminum electrical wire used on aircraft?

What is going on with 'gets(stdin)' on the site coderbyte?

Sklearn 'Seed' Not Working Properly In a Section of Code

How can "mimic phobia" be cured or prevented?

What if a revenant (monster) gains fire resistance?

What will be next at the bottom row and why?

What changes for testers when they are testing in agile environments?

Does an advisor owe his/her student anything? Will an advisor keep a PhD student only out of pity?

What should you do when eye contact makes your subordinate uncomfortable?

Electoral considerations aside, what are potential benefits, for the US, of policy changes proposed by the tweet recognizing Golan annexation?

How do you respond to a colleague from another team when they're wrongly expecting that you'll help them?

How to create ADT in Haskell?

Is this toilet slogan correct usage of the English language?

Temporarily disable WLAN internet access for children, but allow it for adults

Rising and falling intonation

Added a new user on Ubuntu, set password not working?

How to implement a feedback to keep the DC gain at zero for this conceptual passive filter?

What percentage of fillings performed today are done with mercury amalgam?

Is there any references on the tensor product of presentable (1-)categories?

New brakes for 90s road bike



Passing variable to “authorization: bearer” header with Curl and Bash



2019 Community Moderator ElectionDrag and drop files with cURLcURL for loop variablecurl outfile variable not working in bash scriptHow do I pipe the output of a curl command to an environment variable and use it in another curl command?Using a variable to execute a curl commandHow to put a variable inside cURL?how to put variable in CURL header using shell script?cURL requests in bashVariable inside a curl ArrayGET via wget or cURL gives a limited response










0















I've been trying to make this work for a while now, and I just can't see why it's not working. It's just a simple script that's supposed to return either 200 (if it works) or 400 (if it doesn't). The trouble seems to come when I use variables to substitute values in Curl, example of a working curl:



curl --max-time 10 --write-out '%http_code' --silent --output '/dev/null' 
--insecure -X GET https://url -H 
**'authorization: bearer iUhYMrTBdx1GG97Bd99YqrbPojInugjTTnqT8TiRjqgZrZYynljfKpgfao'** 
--header 'content-type: application/json' --header 
"requestid: '999993122349238343493843958345'"


This works as expected and returns 200. When I replace the authorization bearer section in the following way I get a 400:



curl --max-time 10 --write-out '%http_code' --silent --output '/dev/null' 
--insecure -X GET https://url -H "authorization: bearer $TOKEN" --header 
'content-type: application/json' --header 
"requestid: '999993122349238343493843958345'"


I tried literally everything. Using the variable as "$TOKEN", doing "'authorization: bearer $TOKEN'", even something similar to "'"'"'$TOKEN'"'"'". I don't know what else to try. When I remove the silent curl option I see the following error:



 400ODY></HTML>ror 400. The request is badly formed.</p>rset=us-ascii"></HEAD>trict.dtd">


I'm lost to why it works with plain text and not variables. Any ideas?



Edit:
Added verbose for both:



> GET /REDACTED-URL HTTP/1.1
> Host: hostname:44301
> User-Agent: curl/7.50.3
> Accept: */*
> authorization: bearer eyJ0eXA700JKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImF1bkM2QV9MbHFVZGNYV3Z6UzVGOURQUEFTSSIsImtpZCI6ImF1bkM2QV9MbHFVZGNYV3Z6UzVGOURQUEFTSSJ9.eyJpc3MiOiJodHRwczovL0dQLUlEUzo0NDMwMS9HUC5JRFMiLCJhdWQiOiJodHRwczovL0dQLUlEUzo0NDMwMS9HUC5JRFMvcmVzb3VyY2VzIiwiZXhwIjoxNTUyNDI5MTA1LCJuYmYiOjE1NTI0MjU1MDUsImNsaWVudF9pZCI6Ik1FUkNBRE9MSUJSRUlWUiIsImNsaWVudF9NYXJjYSI6IjEiLCJjbGllbnRfVXN1YUNvZGkiOiJEQk8iLCJjbGllbnRfVmFsaWRhRXN0YWRvQ3VlbnRhIjoiMCIsImNsaWVudF9FbnRpZGFkIjoiMzAiLCJzY29wZSI6IlByZXBhZ2FBcGkifQ.kkCGp3EJ7VkvR75Zt0MV5VRmNVf-jP5dcb7GaZF6nI5KGNUxfx_linht3nUUX4Hw55ZKhfkiUhYMrTBdx1GG97Bd99YqrbPojInugjTTnqT8TiRjqgZrZYynljfKpgfaofoBnK0EWgqsQxcxPNre2PkvxWV-x6AzPl_uVWml1Wo2bjAi37kVklYmjkbBIWe8EcyF90MMR28xcipIo2ULj5HgOizhvokPg1qDEiYetTU2MYJ1fFRVgJ5v7KF0mpUk7zBl9dvFeGT3MPfTN9EED4biqE-zRaC0r8DK7lr1PScfVHqs09sI89PXTN9Nm2lOT6c43CsUy-YhylhjJr6AfIARcFv1o0-gy0nKnWxSBYnt8NgK7rZCfpjFDUfmaYL5IXqirob98L0cWfvnV3iL6R73dNciayRDy6PqZG0sHWhKkggBIOhRqh-7VsY99qCqG76Beih-UqWPcWO_H8-4zvYDslsXMj8ff1Nk76h9pxuy-qAkRapNVAbBojf41JFVVaONqgPCH9Jszq7cpFbX6vbVq18p6hOhDb4BhuTDkT6tB30RXQWaSPqRbRs2h7VYIcuxok6wbrBzGA32hBHiSVSQs0PdheJlVy1EcHy27MJuIj_Vs6bsiq0a4GY-scs4A-68fvzsERfsLLINDrS4C9zY1f6RwfEkDsWlQ1ouBIk
> content-type: application/json
> requestid: '999993245235232323523523523535'
>
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=utf-8
< Server: Microsoft-IIS/10.0
< requestid: '999993245235232323523523523535'
< CorrelationId: 3859af6f-4c8f-438c-bcfe-37ab6ecc0d6b
< RequestId: 9999af6f-4c8f-438c-bcfe-37ab6ecc0d6b
< X-Powered-By: ASP.NET
< Date: Tue, 12 Mar 2019 22:10:39 GMT
< Content-Length: 992
<
{ [992 bytes data]


This works ^



> GET /REDACTED-URL HTTP/1.1
> Host: hostname:44301
> User-Agent: curl/7.50.3
> Accept: */*
> authorization: bearer eyJ0eXA700JKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImF1bkM2QV9MbHFVZGNYV3Z6UzVGOURQUEFTSSIsImtpZCI6ImF1bkM2QV9MbHFVZGNYV3Z6UzVGOURQUEFTSSJ9.eyJpc3MiOiJodHRwczovL0dQLUlEUzo0NDMwMS9HUC5JRFMiLCJhdWQiOiJodHRwczovL0dQLUlEUzo0NDMwMS9HUC5JRFMvcmVzb3VyY2VzIiwiZXhwIjoxNTUyNDI5MTA1LCJuYmYiOjE1NTI0MjU1MDUsImNsaWVudF9pZCI6Ik1FUkNBRE9MSUJSRUlWUiIsImNsaWVudF9NYXJjYSI6IjEiLCJjbGllbnRfVXN1YUNvZGkiOiJEQk8iLCJjbGllbnRfVmFsaWRhRXN0YWRvQ3VlbnRhIjoiMCIsImNsaWVudF9FbnRpZGFkIjoiMzAiLCJzY29wZSI6IlByZXBhZ2FBcGkifQ.kkCGp3EJ7VkvR75Zt0MV5VRmNVf-jP5dcb7GaZF6nI5KGNUxfx_linht3nUUX4Hw55ZKhfkiUhYMrTBdx1GG97Bd99YqrbPojInugjTTnqT8TiRjqgZrZYynljfKpgfaofoBnK0EWgqsQxcxPNre2PkvxWV-x6AzPl_uVWml1Wo2bjAi37kVklYmjkbBIWe8EcyF90MMR28xcipIo2ULj5HgOizhvokPg1qDEiYetTU2MYJ1fFRVgJ5v7KF0mpUk7zBl9dvFeGT3MPfTN9EED4biqE-zRaC0r8DK7lr1PScfVHqs09sI89PXTN9Nm2lOT6c43CsUy-YhylhjJr6AfIARcFv1o0-gy0nKnWxSBYnt8NgK7rZCfpjFDUfmaYL5IXqirob98L0cWfvnV3iL6R73dNciayRDy6PqZG0sHWhKkggBIOhRqh-7VsY99qCqG76Beih-UqWPcWO_H8-4zvYDslsXMj8ff1Nk76h9pxuy-qAkRapNVAbBojf41JFVVaONqgPCH9Jszq7cpFbX6vbVq18p6hOhDb4BhuTDkT6tB30RXQWaSPqRbRs2h7VYIcuxok6wbrBzGA32hBHiSVSQs0PdheJlVy1EcHy27MJuIj_Vs6bsiq0a4GY-scs4A-68fvzsERfsLLINDrS4C9zY1f6RwfEkDsWlQ1ouBIk
> content-type: application/json
> requestid: '99999324523523534395600'
>
< HTTP/1.1 400 Bad Request
< Content-Type: text/html; charset=us-ascii
< Server: Microsoft-HTTPAPI/2.0
< Date: Tue, 12 Mar 2019 22:11:42 GMT
< Connection: close
< Content-Length: 311
<
{ [311 bytes data]


This doesn't. Same exact headers.



UPDATE: Having the same issue with wget:



With plain text:



 HTTP/1.1 200 OK
 Content-Type: application/json; charset=utf-8
 Server: Microsoft-IIS/10.0
 requestid: 9987993245235235345225233335324324
 CorrelationId: ee516440-af87-4aab-a5fa-5e563338a0be
 RequestId: ee516440-af87-4aab-a5fa-5e563338a0be
 X-Powered-By: ASP.NET
 Date: Thu, 14 Mar 2019 21:53:16 GMT
 Content-Length: 992


With variable:



 HTTP/1.1 400 Bad Request
 Content-Type: text/html; charset=us-ascii
 Server: Microsoft-HTTPAPI/2.0
 Date: Thu, 14 Mar 2019 21:54:16 GMT
 Connection: close
 Content-Length: 311





bash curl







share|improve this question
























  • How did you set TOKEN? If you use set -x and then run the curl command, what does the shell show as the argument to -H?

    – ilkkachu
    Mar 12 at 21:35












  • $TOKEN was set just plainly on top of the script as: TOKEN="iUhYMrTBdx1GG97Bd99YqrbPojInugjTTnqT8TiRjqgZrZYynljfKpgfao"

    – Rodrigo
    Mar 12 at 22:03











  • well yeah, it looks like it should work, so that's why I asked about what set -x shows. You are sure that you used double quotes around the "authorization: bearer $TOKEN" as you have posted here, and not single quotes, right?

    – ilkkachu
    Mar 12 at 22:12











  • Absolutely sure. I tried all combinations anyway, I updated the post showing that the headers are being passed identically as text, yet when I use the variable it fails.

    – Rodrigo
    Mar 12 at 22:27











  • Ok. What about invisible characters like non-breaking spaces or CRLF line endings? If curl doesn't show them specially in the output, you wouldn't see them, but the variable assignment might have one in the end. Though with CRLF, you'd probably have the whole file with those line endings anyway, and then the version that doesn't use a variable wouldn't work either.

    – ilkkachu
    Mar 13 at 11:36















0















I've been trying to make this work for a while now, and I just can't see why it's not working. It's just a simple script that's supposed to return either 200 (if it works) or 400 (if it doesn't). The trouble seems to come when I use variables to substitute values in Curl, example of a working curl:



curl --max-time 10 --write-out '%http_code' --silent --output '/dev/null' 
--insecure -X GET https://url -H 
**'authorization: bearer iUhYMrTBdx1GG97Bd99YqrbPojInugjTTnqT8TiRjqgZrZYynljfKpgfao'** 
--header 'content-type: application/json' --header 
"requestid: '999993122349238343493843958345'"


This works as expected and returns 200. When I replace the authorization bearer section in the following way I get a 400:



curl --max-time 10 --write-out '%http_code' --silent --output '/dev/null' 
--insecure -X GET https://url -H "authorization: bearer $TOKEN" --header 
'content-type: application/json' --header 
"requestid: '999993122349238343493843958345'"


I tried literally everything. Using the variable as "$TOKEN", doing "'authorization: bearer $TOKEN'", even something similar to "'"'"'$TOKEN'"'"'". I don't know what else to try. When I remove the silent curl option I see the following error:



 400ODY></HTML>ror 400. The request is badly formed.</p>rset=us-ascii"></HEAD>trict.dtd">


I'm lost to why it works with plain text and not variables. Any ideas?



Edit:
Added verbose for both:



> GET /REDACTED-URL HTTP/1.1
> Host: hostname:44301
> User-Agent: curl/7.50.3
> Accept: */*
> authorization: bearer eyJ0eXA700JKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImF1bkM2QV9MbHFVZGNYV3Z6UzVGOURQUEFTSSIsImtpZCI6ImF1bkM2QV9MbHFVZGNYV3Z6UzVGOURQUEFTSSJ9.eyJpc3MiOiJodHRwczovL0dQLUlEUzo0NDMwMS9HUC5JRFMiLCJhdWQiOiJodHRwczovL0dQLUlEUzo0NDMwMS9HUC5JRFMvcmVzb3VyY2VzIiwiZXhwIjoxNTUyNDI5MTA1LCJuYmYiOjE1NTI0MjU1MDUsImNsaWVudF9pZCI6Ik1FUkNBRE9MSUJSRUlWUiIsImNsaWVudF9NYXJjYSI6IjEiLCJjbGllbnRfVXN1YUNvZGkiOiJEQk8iLCJjbGllbnRfVmFsaWRhRXN0YWRvQ3VlbnRhIjoiMCIsImNsaWVudF9FbnRpZGFkIjoiMzAiLCJzY29wZSI6IlByZXBhZ2FBcGkifQ.kkCGp3EJ7VkvR75Zt0MV5VRmNVf-jP5dcb7GaZF6nI5KGNUxfx_linht3nUUX4Hw55ZKhfkiUhYMrTBdx1GG97Bd99YqrbPojInugjTTnqT8TiRjqgZrZYynljfKpgfaofoBnK0EWgqsQxcxPNre2PkvxWV-x6AzPl_uVWml1Wo2bjAi37kVklYmjkbBIWe8EcyF90MMR28xcipIo2ULj5HgOizhvokPg1qDEiYetTU2MYJ1fFRVgJ5v7KF0mpUk7zBl9dvFeGT3MPfTN9EED4biqE-zRaC0r8DK7lr1PScfVHqs09sI89PXTN9Nm2lOT6c43CsUy-YhylhjJr6AfIARcFv1o0-gy0nKnWxSBYnt8NgK7rZCfpjFDUfmaYL5IXqirob98L0cWfvnV3iL6R73dNciayRDy6PqZG0sHWhKkggBIOhRqh-7VsY99qCqG76Beih-UqWPcWO_H8-4zvYDslsXMj8ff1Nk76h9pxuy-qAkRapNVAbBojf41JFVVaONqgPCH9Jszq7cpFbX6vbVq18p6hOhDb4BhuTDkT6tB30RXQWaSPqRbRs2h7VYIcuxok6wbrBzGA32hBHiSVSQs0PdheJlVy1EcHy27MJuIj_Vs6bsiq0a4GY-scs4A-68fvzsERfsLLINDrS4C9zY1f6RwfEkDsWlQ1ouBIk
> content-type: application/json
> requestid: '999993245235232323523523523535'
>
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=utf-8
< Server: Microsoft-IIS/10.0
< requestid: '999993245235232323523523523535'
< CorrelationId: 3859af6f-4c8f-438c-bcfe-37ab6ecc0d6b
< RequestId: 9999af6f-4c8f-438c-bcfe-37ab6ecc0d6b
< X-Powered-By: ASP.NET
< Date: Tue, 12 Mar 2019 22:10:39 GMT
< Content-Length: 992
<
{ [992 bytes data]


This works ^



> GET /REDACTED-URL HTTP/1.1
> Host: hostname:44301
> User-Agent: curl/7.50.3
> Accept: */*
> authorization: bearer eyJ0eXA700JKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImF1bkM2QV9MbHFVZGNYV3Z6UzVGOURQUEFTSSIsImtpZCI6ImF1bkM2QV9MbHFVZGNYV3Z6UzVGOURQUEFTSSJ9.eyJpc3MiOiJodHRwczovL0dQLUlEUzo0NDMwMS9HUC5JRFMiLCJhdWQiOiJodHRwczovL0dQLUlEUzo0NDMwMS9HUC5JRFMvcmVzb3VyY2VzIiwiZXhwIjoxNTUyNDI5MTA1LCJuYmYiOjE1NTI0MjU1MDUsImNsaWVudF9pZCI6Ik1FUkNBRE9MSUJSRUlWUiIsImNsaWVudF9NYXJjYSI6IjEiLCJjbGllbnRfVXN1YUNvZGkiOiJEQk8iLCJjbGllbnRfVmFsaWRhRXN0YWRvQ3VlbnRhIjoiMCIsImNsaWVudF9FbnRpZGFkIjoiMzAiLCJzY29wZSI6IlByZXBhZ2FBcGkifQ.kkCGp3EJ7VkvR75Zt0MV5VRmNVf-jP5dcb7GaZF6nI5KGNUxfx_linht3nUUX4Hw55ZKhfkiUhYMrTBdx1GG97Bd99YqrbPojInugjTTnqT8TiRjqgZrZYynljfKpgfaofoBnK0EWgqsQxcxPNre2PkvxWV-x6AzPl_uVWml1Wo2bjAi37kVklYmjkbBIWe8EcyF90MMR28xcipIo2ULj5HgOizhvokPg1qDEiYetTU2MYJ1fFRVgJ5v7KF0mpUk7zBl9dvFeGT3MPfTN9EED4biqE-zRaC0r8DK7lr1PScfVHqs09sI89PXTN9Nm2lOT6c43CsUy-YhylhjJr6AfIARcFv1o0-gy0nKnWxSBYnt8NgK7rZCfpjFDUfmaYL5IXqirob98L0cWfvnV3iL6R73dNciayRDy6PqZG0sHWhKkggBIOhRqh-7VsY99qCqG76Beih-UqWPcWO_H8-4zvYDslsXMj8ff1Nk76h9pxuy-qAkRapNVAbBojf41JFVVaONqgPCH9Jszq7cpFbX6vbVq18p6hOhDb4BhuTDkT6tB30RXQWaSPqRbRs2h7VYIcuxok6wbrBzGA32hBHiSVSQs0PdheJlVy1EcHy27MJuIj_Vs6bsiq0a4GY-scs4A-68fvzsERfsLLINDrS4C9zY1f6RwfEkDsWlQ1ouBIk
> content-type: application/json
> requestid: '99999324523523534395600'
>
< HTTP/1.1 400 Bad Request
< Content-Type: text/html; charset=us-ascii
< Server: Microsoft-HTTPAPI/2.0
< Date: Tue, 12 Mar 2019 22:11:42 GMT
< Connection: close
< Content-Length: 311
<
{ [311 bytes data]


This doesn't. Same exact headers.



UPDATE: Having the same issue with wget:



With plain text:



 HTTP/1.1 200 OK
 Content-Type: application/json; charset=utf-8
 Server: Microsoft-IIS/10.0
 requestid: 9987993245235235345225233335324324
 CorrelationId: ee516440-af87-4aab-a5fa-5e563338a0be
 RequestId: ee516440-af87-4aab-a5fa-5e563338a0be
 X-Powered-By: ASP.NET
 Date: Thu, 14 Mar 2019 21:53:16 GMT
 Content-Length: 992


With variable:



 HTTP/1.1 400 Bad Request
 Content-Type: text/html; charset=us-ascii
 Server: Microsoft-HTTPAPI/2.0
 Date: Thu, 14 Mar 2019 21:54:16 GMT
 Connection: close
 Content-Length: 311





bash curl







share|improve this question
























  • How did you set TOKEN? If you use set -x and then run the curl command, what does the shell show as the argument to -H?

    – ilkkachu
    Mar 12 at 21:35












  • $TOKEN was set just plainly on top of the script as: TOKEN="iUhYMrTBdx1GG97Bd99YqrbPojInugjTTnqT8TiRjqgZrZYynljfKpgfao"

    – Rodrigo
    Mar 12 at 22:03











  • well yeah, it looks like it should work, so that's why I asked about what set -x shows. You are sure that you used double quotes around the "authorization: bearer $TOKEN" as you have posted here, and not single quotes, right?

    – ilkkachu
    Mar 12 at 22:12











  • Absolutely sure. I tried all combinations anyway, I updated the post showing that the headers are being passed identically as text, yet when I use the variable it fails.

    – Rodrigo
    Mar 12 at 22:27











  • Ok. What about invisible characters like non-breaking spaces or CRLF line endings? If curl doesn't show them specially in the output, you wouldn't see them, but the variable assignment might have one in the end. Though with CRLF, you'd probably have the whole file with those line endings anyway, and then the version that doesn't use a variable wouldn't work either.

    – ilkkachu
    Mar 13 at 11:36













0












0








0








I've been trying to make this work for a while now, and I just can't see why it's not working. It's just a simple script that's supposed to return either 200 (if it works) or 400 (if it doesn't). The trouble seems to come when I use variables to substitute values in Curl, example of a working curl:



curl --max-time 10 --write-out '%http_code' --silent --output '/dev/null' 
--insecure -X GET https://url -H 
**'authorization: bearer iUhYMrTBdx1GG97Bd99YqrbPojInugjTTnqT8TiRjqgZrZYynljfKpgfao'** 
--header 'content-type: application/json' --header 
"requestid: '999993122349238343493843958345'"


This works as expected and returns 200. When I replace the authorization bearer section in the following way I get a 400:



curl --max-time 10 --write-out '%http_code' --silent --output '/dev/null' 
--insecure -X GET https://url -H "authorization: bearer $TOKEN" --header 
'content-type: application/json' --header 
"requestid: '999993122349238343493843958345'"


I tried literally everything. Using the variable as "$TOKEN", doing "'authorization: bearer $TOKEN'", even something similar to "'"'"'$TOKEN'"'"'". I don't know what else to try. When I remove the silent curl option I see the following error:



 400ODY></HTML>ror 400. The request is badly formed.</p>rset=us-ascii"></HEAD>trict.dtd">


I'm lost to why it works with plain text and not variables. Any ideas?



Edit:
Added verbose for both:



> GET /REDACTED-URL HTTP/1.1
> Host: hostname:44301
> User-Agent: curl/7.50.3
> Accept: */*
> authorization: bearer eyJ0eXA700JKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImF1bkM2QV9MbHFVZGNYV3Z6UzVGOURQUEFTSSIsImtpZCI6ImF1bkM2QV9MbHFVZGNYV3Z6UzVGOURQUEFTSSJ9.eyJpc3MiOiJodHRwczovL0dQLUlEUzo0NDMwMS9HUC5JRFMiLCJhdWQiOiJodHRwczovL0dQLUlEUzo0NDMwMS9HUC5JRFMvcmVzb3VyY2VzIiwiZXhwIjoxNTUyNDI5MTA1LCJuYmYiOjE1NTI0MjU1MDUsImNsaWVudF9pZCI6Ik1FUkNBRE9MSUJSRUlWUiIsImNsaWVudF9NYXJjYSI6IjEiLCJjbGllbnRfVXN1YUNvZGkiOiJEQk8iLCJjbGllbnRfVmFsaWRhRXN0YWRvQ3VlbnRhIjoiMCIsImNsaWVudF9FbnRpZGFkIjoiMzAiLCJzY29wZSI6IlByZXBhZ2FBcGkifQ.kkCGp3EJ7VkvR75Zt0MV5VRmNVf-jP5dcb7GaZF6nI5KGNUxfx_linht3nUUX4Hw55ZKhfkiUhYMrTBdx1GG97Bd99YqrbPojInugjTTnqT8TiRjqgZrZYynljfKpgfaofoBnK0EWgqsQxcxPNre2PkvxWV-x6AzPl_uVWml1Wo2bjAi37kVklYmjkbBIWe8EcyF90MMR28xcipIo2ULj5HgOizhvokPg1qDEiYetTU2MYJ1fFRVgJ5v7KF0mpUk7zBl9dvFeGT3MPfTN9EED4biqE-zRaC0r8DK7lr1PScfVHqs09sI89PXTN9Nm2lOT6c43CsUy-YhylhjJr6AfIARcFv1o0-gy0nKnWxSBYnt8NgK7rZCfpjFDUfmaYL5IXqirob98L0cWfvnV3iL6R73dNciayRDy6PqZG0sHWhKkggBIOhRqh-7VsY99qCqG76Beih-UqWPcWO_H8-4zvYDslsXMj8ff1Nk76h9pxuy-qAkRapNVAbBojf41JFVVaONqgPCH9Jszq7cpFbX6vbVq18p6hOhDb4BhuTDkT6tB30RXQWaSPqRbRs2h7VYIcuxok6wbrBzGA32hBHiSVSQs0PdheJlVy1EcHy27MJuIj_Vs6bsiq0a4GY-scs4A-68fvzsERfsLLINDrS4C9zY1f6RwfEkDsWlQ1ouBIk
> content-type: application/json
> requestid: '999993245235232323523523523535'
>
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=utf-8
< Server: Microsoft-IIS/10.0
< requestid: '999993245235232323523523523535'
< CorrelationId: 3859af6f-4c8f-438c-bcfe-37ab6ecc0d6b
< RequestId: 9999af6f-4c8f-438c-bcfe-37ab6ecc0d6b
< X-Powered-By: ASP.NET
< Date: Tue, 12 Mar 2019 22:10:39 GMT
< Content-Length: 992
<
{ [992 bytes data]


This works ^



> GET /REDACTED-URL HTTP/1.1
> Host: hostname:44301
> User-Agent: curl/7.50.3
> Accept: */*
> authorization: bearer eyJ0eXA700JKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImF1bkM2QV9MbHFVZGNYV3Z6UzVGOURQUEFTSSIsImtpZCI6ImF1bkM2QV9MbHFVZGNYV3Z6UzVGOURQUEFTSSJ9.eyJpc3MiOiJodHRwczovL0dQLUlEUzo0NDMwMS9HUC5JRFMiLCJhdWQiOiJodHRwczovL0dQLUlEUzo0NDMwMS9HUC5JRFMvcmVzb3VyY2VzIiwiZXhwIjoxNTUyNDI5MTA1LCJuYmYiOjE1NTI0MjU1MDUsImNsaWVudF9pZCI6Ik1FUkNBRE9MSUJSRUlWUiIsImNsaWVudF9NYXJjYSI6IjEiLCJjbGllbnRfVXN1YUNvZGkiOiJEQk8iLCJjbGllbnRfVmFsaWRhRXN0YWRvQ3VlbnRhIjoiMCIsImNsaWVudF9FbnRpZGFkIjoiMzAiLCJzY29wZSI6IlByZXBhZ2FBcGkifQ.kkCGp3EJ7VkvR75Zt0MV5VRmNVf-jP5dcb7GaZF6nI5KGNUxfx_linht3nUUX4Hw55ZKhfkiUhYMrTBdx1GG97Bd99YqrbPojInugjTTnqT8TiRjqgZrZYynljfKpgfaofoBnK0EWgqsQxcxPNre2PkvxWV-x6AzPl_uVWml1Wo2bjAi37kVklYmjkbBIWe8EcyF90MMR28xcipIo2ULj5HgOizhvokPg1qDEiYetTU2MYJ1fFRVgJ5v7KF0mpUk7zBl9dvFeGT3MPfTN9EED4biqE-zRaC0r8DK7lr1PScfVHqs09sI89PXTN9Nm2lOT6c43CsUy-YhylhjJr6AfIARcFv1o0-gy0nKnWxSBYnt8NgK7rZCfpjFDUfmaYL5IXqirob98L0cWfvnV3iL6R73dNciayRDy6PqZG0sHWhKkggBIOhRqh-7VsY99qCqG76Beih-UqWPcWO_H8-4zvYDslsXMj8ff1Nk76h9pxuy-qAkRapNVAbBojf41JFVVaONqgPCH9Jszq7cpFbX6vbVq18p6hOhDb4BhuTDkT6tB30RXQWaSPqRbRs2h7VYIcuxok6wbrBzGA32hBHiSVSQs0PdheJlVy1EcHy27MJuIj_Vs6bsiq0a4GY-scs4A-68fvzsERfsLLINDrS4C9zY1f6RwfEkDsWlQ1ouBIk
> content-type: application/json
> requestid: '99999324523523534395600'
>
< HTTP/1.1 400 Bad Request
< Content-Type: text/html; charset=us-ascii
< Server: Microsoft-HTTPAPI/2.0
< Date: Tue, 12 Mar 2019 22:11:42 GMT
< Connection: close
< Content-Length: 311
<
{ [311 bytes data]


This doesn't. Same exact headers.



UPDATE: Having the same issue with wget:



With plain text:



 HTTP/1.1 200 OK
 Content-Type: application/json; charset=utf-8
 Server: Microsoft-IIS/10.0
 requestid: 9987993245235235345225233335324324
 CorrelationId: ee516440-af87-4aab-a5fa-5e563338a0be
 RequestId: ee516440-af87-4aab-a5fa-5e563338a0be
 X-Powered-By: ASP.NET
 Date: Thu, 14 Mar 2019 21:53:16 GMT
 Content-Length: 992


With variable:



 HTTP/1.1 400 Bad Request
 Content-Type: text/html; charset=us-ascii
 Server: Microsoft-HTTPAPI/2.0
 Date: Thu, 14 Mar 2019 21:54:16 GMT
 Connection: close
 Content-Length: 311





bash curl







share|improve this question
















I've been trying to make this work for a while now, and I just can't see why it's not working. It's just a simple script that's supposed to return either 200 (if it works) or 400 (if it doesn't). The trouble seems to come when I use variables to substitute values in Curl, example of a working curl:



curl --max-time 10 --write-out '%http_code' --silent --output '/dev/null' 
--insecure -X GET https://url -H 
**'authorization: bearer iUhYMrTBdx1GG97Bd99YqrbPojInugjTTnqT8TiRjqgZrZYynljfKpgfao'** 
--header 'content-type: application/json' --header 
"requestid: '999993122349238343493843958345'"


This works as expected and returns 200. When I replace the authorization bearer section in the following way I get a 400:



curl --max-time 10 --write-out '%http_code' --silent --output '/dev/null' 
--insecure -X GET https://url -H "authorization: bearer $TOKEN" --header 
'content-type: application/json' --header 
"requestid: '999993122349238343493843958345'"


I tried literally everything. Using the variable as "$TOKEN", doing "'authorization: bearer $TOKEN'", even something similar to "'"'"'$TOKEN'"'"'". I don't know what else to try. When I remove the silent curl option I see the following error:



 400ODY></HTML>ror 400. The request is badly formed.</p>rset=us-ascii"></HEAD>trict.dtd">


I'm lost to why it works with plain text and not variables. Any ideas?



Edit:
Added verbose for both:



> GET /REDACTED-URL HTTP/1.1
> Host: hostname:44301
> User-Agent: curl/7.50.3
> Accept: */*
> authorization: bearer eyJ0eXA700JKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImF1bkM2QV9MbHFVZGNYV3Z6UzVGOURQUEFTSSIsImtpZCI6ImF1bkM2QV9MbHFVZGNYV3Z6UzVGOURQUEFTSSJ9.eyJpc3MiOiJodHRwczovL0dQLUlEUzo0NDMwMS9HUC5JRFMiLCJhdWQiOiJodHRwczovL0dQLUlEUzo0NDMwMS9HUC5JRFMvcmVzb3VyY2VzIiwiZXhwIjoxNTUyNDI5MTA1LCJuYmYiOjE1NTI0MjU1MDUsImNsaWVudF9pZCI6Ik1FUkNBRE9MSUJSRUlWUiIsImNsaWVudF9NYXJjYSI6IjEiLCJjbGllbnRfVXN1YUNvZGkiOiJEQk8iLCJjbGllbnRfVmFsaWRhRXN0YWRvQ3VlbnRhIjoiMCIsImNsaWVudF9FbnRpZGFkIjoiMzAiLCJzY29wZSI6IlByZXBhZ2FBcGkifQ.kkCGp3EJ7VkvR75Zt0MV5VRmNVf-jP5dcb7GaZF6nI5KGNUxfx_linht3nUUX4Hw55ZKhfkiUhYMrTBdx1GG97Bd99YqrbPojInugjTTnqT8TiRjqgZrZYynljfKpgfaofoBnK0EWgqsQxcxPNre2PkvxWV-x6AzPl_uVWml1Wo2bjAi37kVklYmjkbBIWe8EcyF90MMR28xcipIo2ULj5HgOizhvokPg1qDEiYetTU2MYJ1fFRVgJ5v7KF0mpUk7zBl9dvFeGT3MPfTN9EED4biqE-zRaC0r8DK7lr1PScfVHqs09sI89PXTN9Nm2lOT6c43CsUy-YhylhjJr6AfIARcFv1o0-gy0nKnWxSBYnt8NgK7rZCfpjFDUfmaYL5IXqirob98L0cWfvnV3iL6R73dNciayRDy6PqZG0sHWhKkggBIOhRqh-7VsY99qCqG76Beih-UqWPcWO_H8-4zvYDslsXMj8ff1Nk76h9pxuy-qAkRapNVAbBojf41JFVVaONqgPCH9Jszq7cpFbX6vbVq18p6hOhDb4BhuTDkT6tB30RXQWaSPqRbRs2h7VYIcuxok6wbrBzGA32hBHiSVSQs0PdheJlVy1EcHy27MJuIj_Vs6bsiq0a4GY-scs4A-68fvzsERfsLLINDrS4C9zY1f6RwfEkDsWlQ1ouBIk
> content-type: application/json
> requestid: '999993245235232323523523523535'
>
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=utf-8
< Server: Microsoft-IIS/10.0
< requestid: '999993245235232323523523523535'
< CorrelationId: 3859af6f-4c8f-438c-bcfe-37ab6ecc0d6b
< RequestId: 9999af6f-4c8f-438c-bcfe-37ab6ecc0d6b
< X-Powered-By: ASP.NET
< Date: Tue, 12 Mar 2019 22:10:39 GMT
< Content-Length: 992
<
{ [992 bytes data]


This works ^



> GET /REDACTED-URL HTTP/1.1
> Host: hostname:44301
> User-Agent: curl/7.50.3
> Accept: */*
> authorization: bearer eyJ0eXA700JKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImF1bkM2QV9MbHFVZGNYV3Z6UzVGOURQUEFTSSIsImtpZCI6ImF1bkM2QV9MbHFVZGNYV3Z6UzVGOURQUEFTSSJ9.eyJpc3MiOiJodHRwczovL0dQLUlEUzo0NDMwMS9HUC5JRFMiLCJhdWQiOiJodHRwczovL0dQLUlEUzo0NDMwMS9HUC5JRFMvcmVzb3VyY2VzIiwiZXhwIjoxNTUyNDI5MTA1LCJuYmYiOjE1NTI0MjU1MDUsImNsaWVudF9pZCI6Ik1FUkNBRE9MSUJSRUlWUiIsImNsaWVudF9NYXJjYSI6IjEiLCJjbGllbnRfVXN1YUNvZGkiOiJEQk8iLCJjbGllbnRfVmFsaWRhRXN0YWRvQ3VlbnRhIjoiMCIsImNsaWVudF9FbnRpZGFkIjoiMzAiLCJzY29wZSI6IlByZXBhZ2FBcGkifQ.kkCGp3EJ7VkvR75Zt0MV5VRmNVf-jP5dcb7GaZF6nI5KGNUxfx_linht3nUUX4Hw55ZKhfkiUhYMrTBdx1GG97Bd99YqrbPojInugjTTnqT8TiRjqgZrZYynljfKpgfaofoBnK0EWgqsQxcxPNre2PkvxWV-x6AzPl_uVWml1Wo2bjAi37kVklYmjkbBIWe8EcyF90MMR28xcipIo2ULj5HgOizhvokPg1qDEiYetTU2MYJ1fFRVgJ5v7KF0mpUk7zBl9dvFeGT3MPfTN9EED4biqE-zRaC0r8DK7lr1PScfVHqs09sI89PXTN9Nm2lOT6c43CsUy-YhylhjJr6AfIARcFv1o0-gy0nKnWxSBYnt8NgK7rZCfpjFDUfmaYL5IXqirob98L0cWfvnV3iL6R73dNciayRDy6PqZG0sHWhKkggBIOhRqh-7VsY99qCqG76Beih-UqWPcWO_H8-4zvYDslsXMj8ff1Nk76h9pxuy-qAkRapNVAbBojf41JFVVaONqgPCH9Jszq7cpFbX6vbVq18p6hOhDb4BhuTDkT6tB30RXQWaSPqRbRs2h7VYIcuxok6wbrBzGA32hBHiSVSQs0PdheJlVy1EcHy27MJuIj_Vs6bsiq0a4GY-scs4A-68fvzsERfsLLINDrS4C9zY1f6RwfEkDsWlQ1ouBIk
> content-type: application/json
> requestid: '99999324523523534395600'
>
< HTTP/1.1 400 Bad Request
< Content-Type: text/html; charset=us-ascii
< Server: Microsoft-HTTPAPI/2.0
< Date: Tue, 12 Mar 2019 22:11:42 GMT
< Connection: close
< Content-Length: 311
<
{ [311 bytes data]


This doesn't. Same exact headers.



UPDATE: Having the same issue with wget:



With plain text:



 HTTP/1.1 200 OK
 Content-Type: application/json; charset=utf-8
 Server: Microsoft-IIS/10.0
 requestid: 9987993245235235345225233335324324
 CorrelationId: ee516440-af87-4aab-a5fa-5e563338a0be
 RequestId: ee516440-af87-4aab-a5fa-5e563338a0be
 X-Powered-By: ASP.NET
 Date: Thu, 14 Mar 2019 21:53:16 GMT
 Content-Length: 992


With variable:



 HTTP/1.1 400 Bad Request
 Content-Type: text/html; charset=us-ascii
 Server: Microsoft-HTTPAPI/2.0
 Date: Thu, 14 Mar 2019 21:54:16 GMT
 Connection: close
 Content-Length: 311





bash curl




bash curl






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 14 at 21:59







Rodrigo

















asked Mar 12 at 21:26









RodrigoRodrigo

42




42












  • How did you set TOKEN? If you use set -x and then run the curl command, what does the shell show as the argument to -H?

    – ilkkachu
    Mar 12 at 21:35












  • $TOKEN was set just plainly on top of the script as: TOKEN="iUhYMrTBdx1GG97Bd99YqrbPojInugjTTnqT8TiRjqgZrZYynljfKpgfao"

    – Rodrigo
    Mar 12 at 22:03











  • well yeah, it looks like it should work, so that's why I asked about what set -x shows. You are sure that you used double quotes around the "authorization: bearer $TOKEN" as you have posted here, and not single quotes, right?

    – ilkkachu
    Mar 12 at 22:12











  • Absolutely sure. I tried all combinations anyway, I updated the post showing that the headers are being passed identically as text, yet when I use the variable it fails.

    – Rodrigo
    Mar 12 at 22:27











  • Ok. What about invisible characters like non-breaking spaces or CRLF line endings? If curl doesn't show them specially in the output, you wouldn't see them, but the variable assignment might have one in the end. Though with CRLF, you'd probably have the whole file with those line endings anyway, and then the version that doesn't use a variable wouldn't work either.

    – ilkkachu
    Mar 13 at 11:36

















  • How did you set TOKEN? If you use set -x and then run the curl command, what does the shell show as the argument to -H?

    – ilkkachu
    Mar 12 at 21:35












  • $TOKEN was set just plainly on top of the script as: TOKEN="iUhYMrTBdx1GG97Bd99YqrbPojInugjTTnqT8TiRjqgZrZYynljfKpgfao"

    – Rodrigo
    Mar 12 at 22:03











  • well yeah, it looks like it should work, so that's why I asked about what set -x shows. You are sure that you used double quotes around the "authorization: bearer $TOKEN" as you have posted here, and not single quotes, right?

    – ilkkachu
    Mar 12 at 22:12











  • Absolutely sure. I tried all combinations anyway, I updated the post showing that the headers are being passed identically as text, yet when I use the variable it fails.

    – Rodrigo
    Mar 12 at 22:27











  • Ok. What about invisible characters like non-breaking spaces or CRLF line endings? If curl doesn't show them specially in the output, you wouldn't see them, but the variable assignment might have one in the end. Though with CRLF, you'd probably have the whole file with those line endings anyway, and then the version that doesn't use a variable wouldn't work either.

    – ilkkachu
    Mar 13 at 11:36
















How did you set TOKEN? If you use set -x and then run the curl command, what does the shell show as the argument to -H?

– ilkkachu
Mar 12 at 21:35






How did you set TOKEN? If you use set -x and then run the curl command, what does the shell show as the argument to -H?

– ilkkachu
Mar 12 at 21:35














$TOKEN was set just plainly on top of the script as: TOKEN="iUhYMrTBdx1GG97Bd99YqrbPojInugjTTnqT8TiRjqgZrZYynljfKpgfao"

– Rodrigo
Mar 12 at 22:03





$TOKEN was set just plainly on top of the script as: TOKEN="iUhYMrTBdx1GG97Bd99YqrbPojInugjTTnqT8TiRjqgZrZYynljfKpgfao"

– Rodrigo
Mar 12 at 22:03













well yeah, it looks like it should work, so that's why I asked about what set -x shows. You are sure that you used double quotes around the "authorization: bearer $TOKEN" as you have posted here, and not single quotes, right?

– ilkkachu
Mar 12 at 22:12





well yeah, it looks like it should work, so that's why I asked about what set -x shows. You are sure that you used double quotes around the "authorization: bearer $TOKEN" as you have posted here, and not single quotes, right?

– ilkkachu
Mar 12 at 22:12













Absolutely sure. I tried all combinations anyway, I updated the post showing that the headers are being passed identically as text, yet when I use the variable it fails.

– Rodrigo
Mar 12 at 22:27





Absolutely sure. I tried all combinations anyway, I updated the post showing that the headers are being passed identically as text, yet when I use the variable it fails.

– Rodrigo
Mar 12 at 22:27













Ok. What about invisible characters like non-breaking spaces or CRLF line endings? If curl doesn't show them specially in the output, you wouldn't see them, but the variable assignment might have one in the end. Though with CRLF, you'd probably have the whole file with those line endings anyway, and then the version that doesn't use a variable wouldn't work either.

– ilkkachu
Mar 13 at 11:36





Ok. What about invisible characters like non-breaking spaces or CRLF line endings? If curl doesn't show them specially in the output, you wouldn't see them, but the variable assignment might have one in the end. Though with CRLF, you'd probably have the whole file with those line endings anyway, and then the version that doesn't use a variable wouldn't work either.

– ilkkachu
Mar 13 at 11:36










1 Answer
1






active

oldest

votes


















-1














Assuming you set TOKEN as environment variable with export TOKEN=foo you should use $TOKEN in your header string.



curl --max-time 10 --write-out '%http_code' --silent --output '/dev/null' 
--insecure -X GET https://url -H "authorization: bearer $TOKEN" --header 
'content-type: application/json' --header 
"requestid: '999993122349238343493843958345'"


If you are setting the TOKEN in a script with TOKEN=foo you should use $TOKEN in your header string:



curl --max-time 10 --write-out '%http_code' --verbose --output '/dev/null' 
--insecure -X GET https://sp-codes.de -H "authorization: bearer $TOKEN" --header 
'content-type: application/json' --header 
"requestid: '999993122349238343493843958345'"


As alternative -H "authorization: bearer "$TOKEN should work in both cases.



Using the --verbose option instead of --silent will print the following header information in all cases explained above (excerpt):



> GET / HTTP/2
> Host: url
> User-Agent: curl/7.58.0
> Accept: */*
> authorization: bearer foo
> content-type: application/json
> requestid: '999993122349238343493843958345'


It is also very important to use double quotes, because single quotes will not be parsed.






share|improve this answer

























  • With --verbose on I can see both with $TOKEN and the plain text (working one) are giving the exact same authorization: bearer text. Yet one works and the other doesn't.

    – Rodrigo
    Mar 12 at 22:16











  • Have you tried -H "authorization: bearer $TOKEN"?

    – Samuel Philipp
    Mar 12 at 22:19











  • Yes. Same issue. Tried all possible combinations of variable display. Not sure if this is some kind of bug with Curl itself.

    – Rodrigo
    Mar 12 at 22:21











  • Which version of curl are you using (curl --version)?

    – Samuel Philipp
    Mar 12 at 22:22











  • curl 7.50.3 (i686-pc-cygwin)

    – Rodrigo
    Mar 12 at 22:23










Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f505966%2fpassing-variable-to-authorization-bearer-header-with-curl-and-bash%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









-1














Assuming you set TOKEN as environment variable with export TOKEN=foo you should use $TOKEN in your header string.



curl --max-time 10 --write-out '%http_code' --silent --output '/dev/null' 
--insecure -X GET https://url -H "authorization: bearer $TOKEN" --header 
'content-type: application/json' --header 
"requestid: '999993122349238343493843958345'"


If you are setting the TOKEN in a script with TOKEN=foo you should use $TOKEN in your header string:



curl --max-time 10 --write-out '%http_code' --verbose --output '/dev/null' 
--insecure -X GET https://sp-codes.de -H "authorization: bearer $TOKEN" --header 
'content-type: application/json' --header 
"requestid: '999993122349238343493843958345'"


As alternative -H "authorization: bearer "$TOKEN should work in both cases.



Using the --verbose option instead of --silent will print the following header information in all cases explained above (excerpt):



> GET / HTTP/2
> Host: url
> User-Agent: curl/7.58.0
> Accept: */*
> authorization: bearer foo
> content-type: application/json
> requestid: '999993122349238343493843958345'


It is also very important to use double quotes, because single quotes will not be parsed.






share|improve this answer

























  • With --verbose on I can see both with $TOKEN and the plain text (working one) are giving the exact same authorization: bearer text. Yet one works and the other doesn't.

    – Rodrigo
    Mar 12 at 22:16











  • Have you tried -H "authorization: bearer $TOKEN"?

    – Samuel Philipp
    Mar 12 at 22:19











  • Yes. Same issue. Tried all possible combinations of variable display. Not sure if this is some kind of bug with Curl itself.

    – Rodrigo
    Mar 12 at 22:21











  • Which version of curl are you using (curl --version)?

    – Samuel Philipp
    Mar 12 at 22:22











  • curl 7.50.3 (i686-pc-cygwin)

    – Rodrigo
    Mar 12 at 22:23















-1














Assuming you set TOKEN as environment variable with export TOKEN=foo you should use $TOKEN in your header string.



curl --max-time 10 --write-out '%http_code' --silent --output '/dev/null' 
--insecure -X GET https://url -H "authorization: bearer $TOKEN" --header 
'content-type: application/json' --header 
"requestid: '999993122349238343493843958345'"


If you are setting the TOKEN in a script with TOKEN=foo you should use $TOKEN in your header string:



curl --max-time 10 --write-out '%http_code' --verbose --output '/dev/null' 
--insecure -X GET https://sp-codes.de -H "authorization: bearer $TOKEN" --header 
'content-type: application/json' --header 
"requestid: '999993122349238343493843958345'"


As alternative -H "authorization: bearer "$TOKEN should work in both cases.



Using the --verbose option instead of --silent will print the following header information in all cases explained above (excerpt):



> GET / HTTP/2
> Host: url
> User-Agent: curl/7.58.0
> Accept: */*
> authorization: bearer foo
> content-type: application/json
> requestid: '999993122349238343493843958345'


It is also very important to use double quotes, because single quotes will not be parsed.






share|improve this answer

























  • With --verbose on I can see both with $TOKEN and the plain text (working one) are giving the exact same authorization: bearer text. Yet one works and the other doesn't.

    – Rodrigo
    Mar 12 at 22:16











  • Have you tried -H "authorization: bearer $TOKEN"?

    – Samuel Philipp
    Mar 12 at 22:19











  • Yes. Same issue. Tried all possible combinations of variable display. Not sure if this is some kind of bug with Curl itself.

    – Rodrigo
    Mar 12 at 22:21











  • Which version of curl are you using (curl --version)?

    – Samuel Philipp
    Mar 12 at 22:22











  • curl 7.50.3 (i686-pc-cygwin)

    – Rodrigo
    Mar 12 at 22:23













-1












-1








-1







Assuming you set TOKEN as environment variable with export TOKEN=foo you should use $TOKEN in your header string.



curl --max-time 10 --write-out '%http_code' --silent --output '/dev/null' 
--insecure -X GET https://url -H "authorization: bearer $TOKEN" --header 
'content-type: application/json' --header 
"requestid: '999993122349238343493843958345'"


If you are setting the TOKEN in a script with TOKEN=foo you should use $TOKEN in your header string:



curl --max-time 10 --write-out '%http_code' --verbose --output '/dev/null' 
--insecure -X GET https://sp-codes.de -H "authorization: bearer $TOKEN" --header 
'content-type: application/json' --header 
"requestid: '999993122349238343493843958345'"


As alternative -H "authorization: bearer "$TOKEN should work in both cases.



Using the --verbose option instead of --silent will print the following header information in all cases explained above (excerpt):



> GET / HTTP/2
> Host: url
> User-Agent: curl/7.58.0
> Accept: */*
> authorization: bearer foo
> content-type: application/json
> requestid: '999993122349238343493843958345'


It is also very important to use double quotes, because single quotes will not be parsed.






share|improve this answer















Assuming you set TOKEN as environment variable with export TOKEN=foo you should use $TOKEN in your header string.



curl --max-time 10 --write-out '%http_code' --silent --output '/dev/null' 
--insecure -X GET https://url -H "authorization: bearer $TOKEN" --header 
'content-type: application/json' --header 
"requestid: '999993122349238343493843958345'"


If you are setting the TOKEN in a script with TOKEN=foo you should use $TOKEN in your header string:



curl --max-time 10 --write-out '%http_code' --verbose --output '/dev/null' 
--insecure -X GET https://sp-codes.de -H "authorization: bearer $TOKEN" --header 
'content-type: application/json' --header 
"requestid: '999993122349238343493843958345'"


As alternative -H "authorization: bearer "$TOKEN should work in both cases.



Using the --verbose option instead of --silent will print the following header information in all cases explained above (excerpt):



> GET / HTTP/2
> Host: url
> User-Agent: curl/7.58.0
> Accept: */*
> authorization: bearer foo
> content-type: application/json
> requestid: '999993122349238343493843958345'


It is also very important to use double quotes, because single quotes will not be parsed.







share|improve this answer














share|improve this answer



share|improve this answer








edited Mar 13 at 6:45

























answered Mar 12 at 21:41









Samuel PhilippSamuel Philipp

269211




269211












  • With --verbose on I can see both with $TOKEN and the plain text (working one) are giving the exact same authorization: bearer text. Yet one works and the other doesn't.

    – Rodrigo
    Mar 12 at 22:16











  • Have you tried -H "authorization: bearer $TOKEN"?

    – Samuel Philipp
    Mar 12 at 22:19











  • Yes. Same issue. Tried all possible combinations of variable display. Not sure if this is some kind of bug with Curl itself.

    – Rodrigo
    Mar 12 at 22:21











  • Which version of curl are you using (curl --version)?

    – Samuel Philipp
    Mar 12 at 22:22











  • curl 7.50.3 (i686-pc-cygwin)

    – Rodrigo
    Mar 12 at 22:23

















  • With --verbose on I can see both with $TOKEN and the plain text (working one) are giving the exact same authorization: bearer text. Yet one works and the other doesn't.

    – Rodrigo
    Mar 12 at 22:16











  • Have you tried -H "authorization: bearer $TOKEN"?

    – Samuel Philipp
    Mar 12 at 22:19











  • Yes. Same issue. Tried all possible combinations of variable display. Not sure if this is some kind of bug with Curl itself.

    – Rodrigo
    Mar 12 at 22:21











  • Which version of curl are you using (curl --version)?

    – Samuel Philipp
    Mar 12 at 22:22











  • curl 7.50.3 (i686-pc-cygwin)

    – Rodrigo
    Mar 12 at 22:23
















With --verbose on I can see both with $TOKEN and the plain text (working one) are giving the exact same authorization: bearer text. Yet one works and the other doesn't.

– Rodrigo
Mar 12 at 22:16





With --verbose on I can see both with $TOKEN and the plain text (working one) are giving the exact same authorization: bearer text. Yet one works and the other doesn't.

– Rodrigo
Mar 12 at 22:16













Have you tried -H "authorization: bearer $TOKEN"?

– Samuel Philipp
Mar 12 at 22:19





Have you tried -H "authorization: bearer $TOKEN"?

– Samuel Philipp
Mar 12 at 22:19













Yes. Same issue. Tried all possible combinations of variable display. Not sure if this is some kind of bug with Curl itself.

– Rodrigo
Mar 12 at 22:21





Yes. Same issue. Tried all possible combinations of variable display. Not sure if this is some kind of bug with Curl itself.

– Rodrigo
Mar 12 at 22:21













Which version of curl are you using (curl --version)?

– Samuel Philipp
Mar 12 at 22:22





Which version of curl are you using (curl --version)?

– Samuel Philipp
Mar 12 at 22:22













curl 7.50.3 (i686-pc-cygwin)

– Rodrigo
Mar 12 at 22:23





curl 7.50.3 (i686-pc-cygwin)

– Rodrigo
Mar 12 at 22:23

















draft saved

draft discarded
















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f505966%2fpassing-variable-to-authorization-bearer-header-with-curl-and-bash%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-bash, curl
-

Popular posts from this blog

Creating 100m^2 grid automatically using QGIS?Creating grid constrained within polygon in QGIS?Createing polygon layer from point data using QGIS?Creating vector grid using QGIS?Creating grid polygons from coordinates using R or PythonCreating grid from spatio temporal point data?Creating fields in attributes table using other layers using QGISCreate .shp vector grid in QGISQGIS Creating 4km point grid within polygonsCreate a vector grid over a raster layerVector Grid Creates just one grid

Image
Pattern match does not work in bash script Mage Armor with Defense fighting style (for Adventurers League bladeslinger) LaTeX closing $ signs makes cursor jump String Manipulation Interpreter Can divisibility rules for digits be generalized to sum of digits I'm planning on buying a laser printer but concerned about the life cycle of toner in the machine What is the offset in a seaplane's hull? How can I make my BBEG immortal short of making them a Lich or Vampire? What are the differences between the usage of 'it' and 'they'? The use of multiple foreign keys on same column in SQL Server How did the USSR manage to innovate in an environment characterized by government censorship and high bureaucracy? Is it tax fraud for an individual to declare non-taxable revenue as taxable income? (US tax laws) Why Is Death Allowed In the Matrix? Minkowski space Why are 150k or 200k jobs considered good when there are 300k+ births a month? Why do f...
Read more

What is this called? Old film camera viewer?What makes a good film camera?What to do with an old film camera?What should one look for when buying a used film camera?What is the value and age of this pre-1967 Ricoh 35 mm camera?DSLR recommendation, question about old Canon 35mm film Camera & lensesCan anyone identify the silver rangefinder-style camera in this advertisement?What kind of a Polaroid 600-camera is this?Will an old film camera still work even when not used in a very long time?What is this camera / Can I develop the film?How to fit an action camera into antique (bellows) housing?What to check when buying used and old film bodies?

Image
Why is delta-v is the most useful quantity for planning space travel? How to color a zone in Tikz Is there enough fresh water in the world to eradicate the drinking water crisis? Adding empty element to declared container without declaring type of element Can I use my Chinese passport to enter China after I acquired another citizenship? Superhero words! What to do when my ideas aren't chosen, when I strongly disagree with the chosen solution? My boss asked me to take a one-day class, then signs it up as a day off Can a Bard use an arcane focus? Can a malicious addon access internet history and such in chrome/firefox? Pronouncing Homer as in modern Greek Java - What do constructor type arguments mean when placed *before* the type? Is there a good way to store credentials outside of a password manager? Why are all the doors on Ferenginar (the Ferengi home world) far shorter than the average Ferengi? Have I saved too much for retirement so far? Why Were M...
Read more

Why is this plane circling around the Lucknow airport every day?Why do aircraft on Flight Radar 24 jump around randomly sometimes?What airport has this walkway over a taxiway?How does Chicago O'Hare's tower sequence aircraft at peak capacity?Which airport is featured in this Delta commercial?After a crash, for how long is the airport closed?Can a passenger plane stand still in the air, or hover at a fixed location above a ground?What are those trucks towing around, and why?What is this airport outside of Cairo, Egypt?Which US airport has the lowest circling MDH?What is this airport video?

Image
Freedom of speech and where it applies THT: What is a squared annular “ring”? Hot bath for aluminium engine block and heads Delete database accidentally by a bash, rescue please Why do IPv6 unique local addresses have to have a /48 prefix? How can Trident be so inexpensive? Will it orbit Triton or just do a (slow) flyby? Customize circled numbers Drawing ramified coverings with tikz How does the reference system of the Majjhima Nikaya work? Why did the EU agree to delay the Brexit deadline? Melting point of aspirin, contradicting sources Is Asuka Langley-Soryu disgusted by Shinji? Did US corporations pay demonstrators in the German demonstrations against article 13? Is camera lens focus an exact point or a range? Does a 'pending' US visa application constitute a denial? GraphicsGrid with a Label for each Column and Row How do you respond to a colleague from another team when they're wrongly expecting that you'll help them? How is flybla...
Read more