Hello Monks, Thought this would be easy after got it going with wget + jq, but in perl it always returns a 403 error The wget example below works fine, although I have removed the actual API key ;) -- but it works no problems at all, returns a correctly parsed json object. As you can see the API key must be passed in the header as 'hibp-api-key: <API KEY>' 

# This works fine
wget --quiet -O- 'https://haveibeenpwned.com/api/v3/breachedaccount/so
+meemail@somewhere.com?truncateResponse=false' --header='hibp-api-key:
+ SAMPLEKEY' | jq -r '.[] | [.Name, .DataClasses[]] | @csv'

[download]

This perl code does NOT work, returns a 403 error. 

#!/usr/bin/perl

require LWP::UserAgent;
require HTTP::Request;

my $address = shift or die "Enter an email address to check\n";
my $APIKEY = 'SAMPLEKEY';
my $ua = LWP::UserAgent->new;
my $url = 'https://haveibeenpwned.com/api/v3/breachedaccount/';
my $header = [ 'hibp-api-key' => $APIKEY ];
$request = HTTP::Request->new(
                'GET',
                $url . $address . '?truncateResponse=false',
                $header
        );


print $request->as_string;
my $resp = $ua->request($request);

print $resp->as_string;

[download]

Output of that perl: 

# ./checkpwn.pl someemail@somewhere.com
GET https://haveibeenpwned.com/api/v3/breachedaccount/someemail@somewh
+ere.com?truncateResponse=false
Hibp-Api-Key: <SAMPLEKEY>

HTTP/1.1 403 Forbidden
Cache-Control: max-age=10
Connection: close
Date: Tue, 14 Jan 2020 00:33:08 GMT
Server: cloudflare
Content-Type: text/plain; charset=UTF-8
Expires: Tue, 14 Jan 2020 00:33:18 GMT
CF-RAY: 554b844d8c61f4b2-YVR
Client-Date: Tue, 14 Jan 2020 00:33:08 GMT
Client-Peer: 104.18.172.13:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO
+ CA Limited/CN=COMODO ECC Domain Validation Secure Server CA 2
Client-SSL-Cert-Subject: /OU=Domain Control Validated/OU=PositiveSSL M
+ulti-Domain/CN=ssl767795.cloudflaressl.com
Client-SSL-Cipher: ECDHE-ECDSA-AES128-GCM-SHA256
Client-SSL-Socket-Class: IO::Socket::SSL
Client-Transfer-Encoding: chunked
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.c
+om/cdn-cgi/beacon/expect-ct"
Set-Cookie: __cfduid=da914544ec647170750f29b53abed85cf1578961988; expi
+res=Thu, 13-Feb-20 00:33:08 GMT; path=/; domain=.haveibeenpwned.com; 
+HttpOnly; SameSite=Lax
Strict-Transport-Security: max-age=31536000; includeSubDomains; preloa
+d
X-Content-Type-Options: nosniff

error code: 1010

[download]

Seems like the header is there as it should be in the output, so I have no idea why this wouldn't work... Please enlighten me monks! Thank-you JS

In reply to Wget works but not HTTP::Request by perltastica

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.