Viewed   315 times

I am working on ZOHO API and trying to update the record using cURL. I tried different cURL variations, but it always returns "false". But when I call the same URL using a browser, it works.

Is there any way they can block cURL requests? Is there any other way I can call that URL using a POST or maybe a GET request?

The cURL code I have tried is as below:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, 0);
$data = curl_exec($ch);



Servers cannot block cURL requests per se, but they can block any request that they do not like. If the server checks for some parameters that your cURL request does not satisfy, it could decide to respond differently.

In the vast majority of cases, this difference in behavior is triggered by the presence (or absence) and values of the HTTP request headers. For example, the server might check that the User-Agent header is present and has a valid value (it could also check lots of other things).

To find out what the HTTP request coming from the browser looks like, use an HTTP debugging proxy like Fiddler or your browser's developer tools.

To add your own headers to your cURL request, use

curl_setopt($ch, CURLOPT_HTTPHEADER, array('HeaderName: HeaderValue'));
Tuesday, September 6, 2022

Well, the only thing that's different that you can't fake is the IP address of the request. Depending on how tough the protection is that salesforce is using, you may not be able to spoof from a separate IP address (it would detect and deny the request).

Everything else should be 100% fakeable (headers, etc). What I would suggest is that you get firebug or TamperData and look at the raw headers being sent to salesforce from your browser normally. Then replicate that exact request from PHP. If you need other information, you could detect it in JS and pass it to PHP (Cookie information, browser info, etc)...

Monday, October 31, 2022

cURL is not able to verify the authenticity of the certificate being used, because the certificate for the signing authority cannot be found in the local database.

This might be symptomatic of a self signed certificate being used.

What you should do is add the certificate for the signing authority to /etc/ssl/certs/ca-certificates.crt.

What you can do is use curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);, which will disable the check that is failing.

You really should use the first option.

Wednesday, August 31, 2022
  • Reuse the same cURL handler ($ch) without running curl_close. This will speed it up just a little bit.
  • Use curl_multi_init to run the processes in parallel. This can have a tremendous effect.
Wednesday, September 14, 2022

When trying to upload a file, check you have permission to do so :-(

Turns out the file I was trying to upload could not be read by the process.

Thursday, September 8, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :