Why am I getting Http/1.1 400 Bad request?

Question

Here is a snippet of my code. I am trying to login to the website using HTTPOST.

I keep getting "400 Bad Request" I have tried various combinations. I tried passing username/password as header instead of NameValuePair. But same result. Is there something I am missing?

HttpClient httpclient = new DefaultHttpClient();
        
HttpPost post = new HttpPost("https://identi.ca/main/login");
    

List <NameValuePair> nvps = new ArrayList <NameValuePair>();
nvps.add(new BasicNameValuePair("nickname", u));
nvps.add(new BasicNameValuePair("password", p));
nvps.add(new BasicNameValuePair("submit", "Login"));

post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));

HttpResponse response = httpclient.execute(post);
HttpEntity entity = response.getEntity();

Log.i("Login form POST result: ", response.getStatusLine().toString());
        

Thanks for help.

Answer 1

A HTTP service will send a 400 response if it thinks you have sent an invalid / incorrect / inappropriate. There is no way to tell from your code, what the actual arguments sent will be, or (more important) what the server expects you to send.

To diagnose this you will need to:

• find out what your code is actually sending, and
• find out what the server is expecting you to send.

The second may involve:

• looking at the web page(s) that a normal user with a web browser uses to make the request,
• looking at the body of the 400 response you are getting from the server,
• looking at the server logs, and / or
• looking at the server's web API documentation (or source code).

---

In this case, it looks like there is an extra token parameter that needs to be supplied.

However, I suspect that you might be taking the wrong approach entirely. The "identi.ca" site uses StatusNet which has a couple of published APIs for clients. There's no mention of talking to the "login" URL that I could see.

Answer 2

Looking at the source for that login page, there is a hidden field called token that you probably have to return to the server. You will need to GET the content of that page first, extract the token value, and include that in your POST response.