Web API's token system blocks me from making requests!

[M0RD3K4153R]

hi guys

i'm trying to test sending a magnet url to utorrent before i go ahead and finish writing my Android app.

first i fetch the token like the docs say

byte[] encodedLogin = (user.getUsername() + ":" + user.getPassword()).getBytes();
			String auth = "Basic " + Base64.encodeToString(encodedLogin, false);

			Document doc = Jsoup.connect("http://" + user.getIpAddress() + ":" + user.getPort() + "/gui/token.html")
					.header("Authorization", auth)
					.get();

			token = doc.getElementById("token").text();

which fetches the token properly (i think)

next i try to send a magnet url to utorrent with and without authorization and setting my token at the beginning like the docs suggest

Jsoup.connect("http://" + user.getIpAddress() + ":" + user.getPort() + "/gui/")
			.header("Authorization", auth)
			.data("token", token)
			.data("action", "add-url")
			.data("s", "magnet:?xt=urn:btih:8AC3731AD4B039C05393B5404AFA6E7397810B41").get();

but all i get is an error message like this (it becomes 401 error if i remove the Authorization header from the latter piece of code)

java.io.IOException: 400 error loading URL http://192.168.1.105:47240/gui/?token=OiBBhy1x7JuqvrB1xb88wJGLKH2hzC4KaOGBMtDjg1F3LFyx0LrkjaZGBk8AAAAA&action=add-url&s=magnet%3A%3Fxt%3Durn%3Abtih%3A10A28E56F3705DA09D06D76F0FD51B6116730C08

i tried turning off the token system from utorrent's advanced settings and the magnet link was sent successfully. however, i'd rather not do that.

the sad thing is i tried copying the url from the error message to my browser (changing the token obviously) and it worked fine!

please help!

[Sanity]

Your not processing the cookie. Depending if your using a newer version of uTorrent you need to process both the token and the cookie. On some older versions of uTorrent it would be just the token. If it's really old version of uTorrent tokens or cookies weren't implemented.

If i were to send a command to add the torrent you were trying to add it would look like this:

httpCommand = POST /gui/?token=OiBBhy1x7JuqvrB1xb88wJGLKH2hzC4KaOGBMtDjg1F3LFyx0LrkjaZGBk8AAAAA&action=add-url&s=magnet%3A%3Fxt%3Durn%3Abtih%3A10A28E56F3705DA09D06D76F0FD51B6116730C08 HTTP/1.1
Cookie: GUID=h67Qq574wk0Z287px6BD
Authorization: Basic YWRtaW46cmVkMTIzNDU=

The cookie and authorization would obviously be different.

When you intially request the token the cookie will be returned as well. Here is an example of a return I get when I request a token from uTorrent:

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 121
Content-Type: text/html
Set-Cookie: GUID=b8nUSjNaRmMu7OUPIyQj; path=/
Cache-Control: no-cache

<html><div id='token' style='display:none;'>5RsdSpL0je-SGs95zOZ2MW6kinLDLPa74LgQ9HnXfjWb3BvOXEuVZrlaJU8AAAAA</div></html>

[M0RD3K4153R]

Your not processing the cookie. Depending if your using a newer version of uTorrent you need to process both the token and the cookie. On some older versions of uTorrent it would be just the token. If it's really old version of uTorrent tokens or cookies weren't implemented.

If i were to send a command to add the torrent you were trying to add it would look like this:

httpCommand = POST /gui/?token=OiBBhy1x7JuqvrB1xb88wJGLKH2hzC4KaOGBMtDjg1F3LFyx0LrkjaZGBk8AAAAA&action=add-url&s=magnet%3A%3Fxt%3Durn%3Abtih%3A10A28E56F3705DA09D06D76F0FD51B6116730C08 HTTP/1.1
Cookie: GUID=h67Qq574wk0Z287px6BD
Authorization: Basic YWRtaW46cmVkMTIzNDU=

The cookie and authorization would obviously be different.

When you intially request the token the cookie will be returned as well. Here is an example of a return I get when I request a token from uTorrent:

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 121
Content-Type: text/html
Set-Cookie: GUID=b8nUSjNaRmMu7OUPIyQj; path=/
Cache-Control: no-cache

<html><div id='token' style='display:none;'>5RsdSpL0je-SGs95zOZ2MW6kinLDLPa74LgQ9HnXfjWb3BvOXEuVZrlaJU8AAAAA</div></html>

You are a LEGEND! thanks buddy.