POST with token in body?

So I have the following APi URL:
https://.../username/verifytoken
and I have the following function to fetch the APi

def player_verification_token(username, token) do
    url = "https://.../#{username}/verifytoken"

    with {:ok, %{body: body}} <- Api.post(url, body_should_come_here) do
      body
    end
  end

So the api is a bit tricky, I cannot send the verifytoken into the URL like
/username/verifytoken?...
Instead, I have to put it into the BODY of the request. I only know how to do basic headers in HTTPoison, but how can I do that with body?

Here is the example CURL query

curl -H 'Content-Type: application/json' -X POST --data-binary '{
  "token": "2h2hrh8d"
}' -H 'Authorization: Bearer API_KEY' https://..../username/verifytoken

I’m confused. In the curl example you have a Bearer Token in the header.
(Just replace API_KEY with real thing).

But then

I have to put it into the BODY of the request.

If thats the case and with -H 'Content-Type: application/json' just put a json with the key the body.
Which would be very odd.

Did a quick example of using HTTPoison example of the curl request you shared . Its a mix project. Just run iex -S mix in the shell tab and do Httpost.run()
can chk the code here

but most likely what’s really needed (key in header):

def run do
    HTTPoison.start()
    headers = [{"accept", "application/json"}, {"Authorization", "Bearer #{api_key"}]
    body = Jason.encode!(data_to_post)

    HTTPoison.post(
      "https://httpbin.org/post",
      body,
      headers
    )
  end

whats data_to_post

Seems like in this case data_to_post is probably %{"token" => "2h2hrh8d"}.

probably not. Did you ever have to send a token in the body?

Nope, not ever, but I did have my fair share of “please POST to this endpoint with actual body and not form data”. HTTP can be weird like that and many companies just rolled with it. :confused:

this should just be some random data, point being: I think you have to put the token in the header.
You can show the docs of the API if available.


looks like this

sorry, I’d miss that you want to send the token to verify it.
So it makes sense that it goes in the body.

def run do
    HTTPoison.start()
    headers = [{"accept", "application/json"}, {"Authorization", "Bearer #{api_key"}]
    body = Jason.encode!(%{"token" => the_token_to_verify)

    HTTPoison.post(
      "https://.../#{the_player_tag}/verifytoken",
      body,
      headers
    )
  end