Include multiple headers in python requests

Question

I have this HTTPS call in curl below;

header1="projectName: zhikovapp"
header2="Authorization: Bearer HZCdsf="
bl_url="https://BlazerNpymh.com/api/documents?pdfDate=$today"

curl -s -k -H "$header1" -H "$header2" "$bl_url" 

I would like to write an equivalent python call using requests module.

header ={
            "projectName": "zhikovapp",
            "Authorization": "Bearer HZCdsf="
        }
response = requests.get(bl_url, headers = header)

However, the request was not valid. What is wrong?

The contents of the returned response is like this;

<Response [400]>
_content = '{"Message":"The request is invalid."}'
headers = {'Content-Length': '37', 'Access-Control-Allow-Headers': 'projectname, authorization, Content-Type', 'Expires': '-1', 'cacheControlHeader': 'max-age=604800', 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'no-cache', 'Date': 'Sat, 15 Oct 2016 02:41:13 GMT', 'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, OPTIONS', 'Content-Type': 'application/json; charset=utf-8'}
reason = 'Bad Request'

I am using python 2.7

EDIT: I corrected some syntex errors after Soviut pointed them out.

Answer 1

1. If you have $today defined in the shell you make curl call from, and you don't substitute it in the requests' call URL, then it's a likely reason for the 400 Bad Request.
2. Access-Control-* and other CORS headers have nothing to do with non-browser clients. Also HTTP headers are generally case insensitive.

3. Following @furas's advice here's the output:

   $ curl -H "projectName: zhikovapp" -H "Authorization: Bearer HZCdsf=" \
       http://httpbin.org/get
   
   {
      "args": {}, 
      "headers": {
         "Accept": "*/*", 
         "Authorization": "Bearer HZCdsf=", 
         "Host": "httpbin.org", 
         "Projectname": "zhikovapp", 
         "User-Agent": "curl/7.35.0"
      }, 
      "origin": "1.2.3.4", 
      "url": "http://httpbin.org/get"
   }
   

   And the same request with requests:

   import requests
   res = requests.get('http://httpbin.org/get', headers={
     "projectName"   : "zhikovapp",
     "Authorization" : "Bearer HZCdsf="
   })
   print(res.json())
   
   {
     'args': {},
     'headers': {
        'Accept': '*/*',
        'Accept-Encoding': 'gzip, deflate, compress',
        'Authorization': 'Bearer HZCdsf=',
        'Host': 'httpbin.org',
        'Projectname': 'zhikovapp',
        'User-Agent': 'python-requests/2.2.1 CPython/3.4.3 '
          'Linux/3.16.0-38-generic'
      },
      'origin': '1.2.3.4',
      'url': 'http://httpbin.org/get'
   }
   

   As you can see the only difference is User-Agent header. It's unlikely the cause but you can easily set it in headers to the value you like.

Answer 2

In request.get() the headers argument should be defined as a dictionary, a set of key/value pairs. You've defined a set (a unique list) of strings instead.

You should declare your headers like this:

headers = {
    "projectName": "zhikovapp",
    "Authorization": "Bearer HZCdsf="
}
response = requests.get(bl_url, headers=headers)

Note the "key": "value" format of each line inside the dictionary.

Edit: Your Access-Control-Allow-Headers say they'll accept projectname and authorization in lower case. You've named your header projectName and Authorization with upper case letters in them. If they don't match, they'll be rejected.