8

I am trying to create a new paste using the PasteBin API with request module like so: 

var request = require("request");
request({
    url : "http://pastebin.com/api/api_post.php",
    method : "POST",
    qs : {
        "api_dev_key" : MY_DEV_KEY,
        "api_option" : "paste",
        "api_paste_code" : "random text"
    }
},function(err,res,body){
    ...
});

My understanding is that since the method is POST and querystring parameters are provided, the values in qs object will be stored as key=value pairs in the body. (Ref: How are parameters sent in an HTTP POST request?)

However, I get back a Bad API request, invalid api_option from PasteBin. So I curled the request from my terminal like so: 

curl -X POST "http://pastebin.com/api/api_post.php" -d "api_dev_key=[MY_DEV_KEY]&api_option=paste&api_paste_code=some+random+text"

and this worked.

So this leads to two questions:

  1. How exactly are the parameters sent when a POST request is made and qs is provided?
  2. How do I send URL-encoded body using just the request module?
Community
  • 1
  • 1
An SO User
  • 23,378
  • 30
  • 119
  • 197

2 Answers2

12

Rename the qs key to form in the object. The qs key is for specifying the query string on the end of the URL (e.g. For GET requests). The form key is for specifying the form URL encoded request body (e.g. For a POST request).

idbehold
  • 15,541
  • 3
  • 40
  • 65
  • I came to my conclusion (that `POST` + `qs` = url-encoded body) because some APIs (that state they want a url-encoded body) work fine if I use `qs` instead of `form` while making a `POST` request. Any insight into this? (: – An SO User Jul 27 '15 at 17:15
  • 2
    @LittleChild my best guess is that those APIs are doing something like `body = req.body || req.query` or something like that. Meaning that it will look for the POST data in either the body of the request or in the query string. – idbehold Jul 27 '15 at 17:33
  • Correct me if I am wrong, `POST` is used for sending sensitive data that shouldn't be sent as a part of the URL. So the APIs that allow data to be sent as querystring (whilst mentioning url-encoded body in the documentation) are exposing the data for everyone to see? – An SO User Jul 27 '15 at 17:39
  • 2
    @LittleChild so long as you're sending the request to an HTTPS endpoint you should be fine. The connection to the SSL endpoint is established before the `path` header is sent (which would contain the query string). See here: http://stackoverflow.com/a/323286/1397319 – idbehold Jul 27 '15 at 17:44
  • Thanks a ton, mate! The link to the SO question answered another question I had in mind. – An SO User Jul 27 '15 at 17:52
3

the same issue for me and my resolution which is perfectly working for me is.

request.post({
headers: {
    'Content-Type': 'application/x-www-form-urlencoded'
},
url : "http://pastebin.com/api/api_post.php",
body : "api_dev_key=MY_DEV_KEY&api_option=paste&api_paste_code=andom text"},function(err,res,body){  ...});
noodlesegg
  • 149
  • 6