Help debugging error in POST request to an API

andresrcs · April 20, 2021, 5:45am

This code stopped working a few months ago (likely due to an update) and I have no idea where to start debugging it, it fails both in a Linux server (Ubuntu 20) and in a Windows Desktop (Windows 10 Pro), curious thing is that it runs just fine in POSTMAN (Windows 10). Also, once I can get the token using POSTMAN, subsequent requests to the same API, from R (httr package) using that token work just fine.
Can somebody with experience working with APIs and the httr package lead me in the right direction to debug this? Or tips to more effectively get help

On Ubuntu 20 I get this error message:

library(httr)

token_url <- paste0("https://api-seguridad.sunat.gob.pe/v1/clientesextranet/", Sys.getenv("client_id"), "/oauth2/token/")

token_body <- list("grant_type"="client_credentials",
                   "scope"="https://api.sunat.gob.pe/v1/contribuyente/contribuyentes",
                   "client_id"=Sys.getenv("client_id"),
                   "client_secret"=Sys.getenv("client_secret"))

POST(url = token_url,
     body = token_body,
     encode = 'form',
     config = config(verbose = TRUE))

* Hostname in DNS cache was stale, zapped
*   Trying 191.98.162.149:443...
* TCP_NODELAY set
* Connected to api-seguridad.sunat.gob.pe (191.98.162.149) port 443 (#4)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* SSL re-using session ID
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=PE; L=LIMA; O=Superintendencia Nacional de Aduanas y de Administracion Tributa; OU=PremiumSSL Wildcard; CN=*.sunat.gob.pe
*  start date: May 20 00:00:00 2019 GMT
*  expire date: May 19 23:59:59 2021 GMT
*  subjectAltName: host "api-seguridad.sunat.gob.pe" matched cert's "*.sunat.gob.pe"
*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Organization Validation Secure Server CA
*  SSL certificate verify ok.
> POST /v1/clientesextranet/044009e9-a44b-4cd9-97af-c944f071eb13/oauth2/token/ HTTP/1.1
Host: api-seguridad.sunat.gob.pe
User-Agent: libcurl/7.68.0 r-curl/4.3 httr/1.4.2.9000
Accept-Encoding: deflate, gzip, br
Accept: application/json, text/xml, application/xml, */*
Content-Type: application/x-www-form-urlencoded
Content-Length: 196

* upload completely sent off: 196 out of 196 bytes
* OpenSSL SSL_read: Connection reset by peer, errno 104
* Closing connection 4
Error in curl::curl_fetch_memory(url, handle = handle) : 
  OpenSSL SSL_read: Connection reset by peer, errno 104

On Debian Buster (Different libcurl version) I get this other one

*   Trying 161.132.21.21...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x4e3f728)
* Connected to api-seguridad.sunat.gob.pe (161.132.21.21) port 443 (#1)
* found 414 certificates in /etc/ssl/certs
* ALPN, offering h2
* ALPN, offering http/1.1
* SSL re-using session ID
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* 	 server certificate verification OK
* 	 server certificate status verification SKIPPED
* 	 common name: *.sunat.gob.pe (matched)
* 	 server certificate expiration date OK
* 	 server certificate activation date OK
* 	 certificate public key: RSA
* 	 certificate version: #3
* 	 subject: C=PE,L=LIMA,O=Superintendencia Nacional de Aduanas y de Administracion Tributa,OU=PremiumSSL Wildcard,CN=*.sunat.gob.pe
* 	 start date: Mon, 20 May 2019 00:00:00 GMT
* 	 expire date: Wed, 19 May 2021 23:59:59 GMT
* 	 issuer: C=GB,ST=Greater Manchester,L=Salford,O=Sectigo Limited,CN=Sectigo RSA Organization Validation Secure Server CA
* 	 compression: NULL
* ALPN, server did not agree to a protocol
> POST /v1/clientesextranet/044009e9-a44b-4cd9-97af-c944f071eb13/oauth2/token/ HTTP/1.1
Host: api-seguridad.sunat.gob.pe
User-Agent: libcurl/7.64.0 r-curl/4.3 httr/1.4.2
Accept-Encoding: deflate, gzip
Accept: application/json, text/xml, application/xml, */*
Content-Type: application/x-www-form-urlencoded
Content-Length: 196

* upload completely sent off: 196 out of 196 bytes
* GnuTLS recv error (-54): Error in the pull function.
* Closing connection 1
Error in curl::curl_fetch_memory(url, handle = handle) : 
  GnuTLS recv error (-54): Error in the pull function.

technocrat · April 20, 2021, 8:13am

I get almost identical results with token_url of

 "https://api-seguridad.sunat.gob.pe/v1/clientesextranet//oauth2/token/"

which gives

* upload completely sent off: 130 out of 130 bytes

instead of 196 bytes because my credentials are empty. What happens next, however, is interesting

POST /v1/clientesextranet/044009e9-a44b-4cd9-97af-c944f071eb13/oauth2/token/ HTTP/1.1

because it's basic authentication. Why not use oauth2.0_token?

andresrcs · April 20, 2021, 12:17pm

This API is from the tax authority of my country so I don't expect you to be able to reproduce (you would have to be a taxpayer in Perú to have credentials). I'm just looking for some pointers on how to debug this issue or at least some light on what the error means.

I don't understand what you mean, I don't have experience working with APIs beyond the user level, it seems to me you are suggesting using a different authentication method but I think that is not up to me but to the tax authority of my country.

technocrat · April 20, 2021, 8:33pm

Yes, I did realize that a reprex is out of the question for this. The reason that I believe oauth is the authentication scheme (besides how the sample code names the credentials) is that the initial request to api-seguridad.sunat.gob.pe and subsequent involvement of https://api.sunat.gob.pe/v1/contribuyente/contribuyentes is consistent with with the oauth scheme.

andresrcs · April 21, 2021, 2:15pm

I see, I don't understand the terminology in the documentation of the oauth2.0_token() function and I can't find a clear example. Do you have practical experience with this? Can you try to help me to translate my POST requests into oauth2.0_token() syntax?

technocrat · April 22, 2021, 4:43pm

I do, but it's pretty dated and I don't have a host to bump this up against. Don't want to waste your time by guessing further.

system · May 13, 2021, 4:43pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

If you have a query related to it or one of the replies, start a new topic and refer back with a link.