application/json rejected from SIM900 HTTP Post request

Using Arduino Networking, Protocols, and Devices
#1

So I have code that pushes data (GPS coordinates) to thinger.io IoT database, and until recently this code worked perfectly. They apparently made some changes at the start of May, and the code has since not worked (https://thinger.io/new-thinger-io-free-iot-platform-release/).

Now, this is usually a good indication where to start, changes are made and stuff stops working :) I first thought they have changed the API or something, but when trying the request through the postman service using the exact same URL, authorisation token and input data, the data is updated successfully on the site. So apparently the API still works, and I'm left thinking it might be something with my syntax or the way I build the HTTP post request since the error I receive is this: "{"error":{"message":"Content-Type must be application/json"}}"?

I'm using an Arduino Leonardo with a SIM900 development board.

The code to post data is as follows (i've added some extra prints so you can see the more clearly from the output what is compiled into the post request):

void postDataThinger(char *httpDataLen, char* content)
{
  SIM900.println( F("AT+HTTPINIT") );
  delay(1000);
  updateSIM900();

  SIM900.println( F("AT+HTTPPARA=\"CID\",1") );
  delay(1000);
  updateSIM900();

  SIM900.println("AT+HTTPPARA=\"URL\",\"http://backend.thinger.io/v3/users/tom/devices/CT/callback/data?authorization=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdfjklLKJdsxsYmFja19DVCIsInVzciI6InRvcm1vZCJ9.AR1gWvIZB9KmtI-5Zsasdaeqwe8AkwBJSZQIoxQ\"");
  delay(2000);
  updateSIM900();

  SIM900.println( F("AT+HTTPPARA=\"CONTENT\",\"application/json\"") );
  delay(1000);
  updateSIM900();

  SIM900.println(httpDataLen);
  delay(1000);
  updateSIM900();
  Serial.println(httpDataLen);

  SIM900.println(content);
  delay(1000);
  updateSIM900();
  Serial.println(content);

  SIM900.println( F("AT+HTTPACTION=1") );
  delay(10000);
  updateSIM900();

  SIM900.println("AT+HTTPREAD");
  delay(2000);
  updateSIM900();

  SIM900.println( F("AT+HTTPTERM") );
  delay(1000);
  updateSIM900();

}


void updateSIM900()
{
  // empty incoming buffer from SIM900 with read()
  delay(500);
  while (SIM900.available())
  {
    // outputs buffer to serial monitor if connected
    Serial.write(SIM900.read());
  }
}

This gives me the following output:

AT

OK
AT+CMGF=1

OK
AT+CNMI=1,2,0,0,0

OK
AT+SAPBR=3,1,"CONTYPE","GPRS"

OK
AT+SAPBR=3,1,"APN","TeleXXX"

OK
AT+SAPBR=1,1

OK
AT+SAPBR=2,1

+SAPBR: 1,1,"46.156.55.XXX"

OK
AT+HTTPINIT

OK
AT+HTTPPARA="CID",1

OK
AT+HTTPPARA="URL","http://backend.thinger.io/v3/users/tormod/devices/CT/callback/data?authorization=eyJhbGKLJSDFKLJSDsdf6IkpXVCJ9.eyJqdGkiOiJEZXZpY2VDYWxsYmFja19DVCIsInVzciI6InRvcm1vZCJ9.AR1gWvIZB9KmtI-5Z12YXKuchPTGn58AkwBJSZQIoxQ"

OK
AT+HTTPPARA="CONTENT","application/json"

OK
AT+HTTPDATA=51,10000

DOWNLOAD
AT+HTTPDATA=51,10000

OK

{ "longitude" : 5.336664 , "latitude" : 50.365433 }

AT+HTTPACTION=1

OK

+HTTPACTION:1,400,61
AT+HTTPREAD

+HTTPREAD:61
{"error":{"message":"Content-Type must be application/json"}}

OK
AT+HTTPTERM

OK
#2

tormods:   SIM900.println("AT+HTTPPARA=\"URL\",\"http://backend.thinger.io/v3/users/tom/devices/CT/callback/data?authorization=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJEZXZpY2VDYWxsYmFja19DVCIsInVzciI6InRvcm1vZCJ9.AR1gWvIZB9KmtI-5Zsasdaeqwe8AkwBJSZQIoxQ\"");

Hi @tormods. It looks like you might have accidentally exposed a private authorization key by posting your sketch. If so, please go to your thinger.io settings and immediately remove this key.

When it's necessary to hardcode private information in a sketch, it's a good idea to do so as a variable or macro defined in a dedicated .h file, which you add as a separate file/tab to your sketch. That way, you easily can share your main sketch file without risking accidentally exposing any secrets.

#3

pert: Hi @tormods. It looks like you might have accidentally exposed a private authorization key by posting your sketch. If so, please go to your thinger.io settings and immediately remove this key.

When it's necessary to hardcode private information in a sketch, it's a good idea to do so as a variable or macro defined in a dedicated .h file, which you add as a separate file/tab to your sketch. That way, you easily can share your main sketch file without risking accidentally exposing any secrets.

Hi Pert!

And thanks for your concern! I did originally replace parts of it with some random characters, so the one posted will not work.

#4

I'm glad to hear it. I just wanted to be sure.

I'll confess I've done this with real secrets twice on GitHub, the first being my fault and the second caused by a failure of GitHub's encypted secret masking system. GitHub has a cool "secret scanning" feature where they sutomatically detect exposed secrets in the repositories on their site and notify you of the exposure.

#5