PHP: Using API key in CURL GET Call
Solution 1
ok so it should be pretty straightforward... Could you try and add:
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
'Authorization: ' . $apiKey
));
to your curl? After that, do a print_r($headers) in your authenticate() function to see if you receive it ok.
Solution 2
Access web service using custom Authorization key.
PHP Client,client.php
$name = 'Book name';
//Server url
$url = "http://localhost/php-rest/book/$name";
$apiKey = '32Xhsdf7asd5'; // should match with Server key
$headers = array(
'Authorization: '.$apiKey
);
// Send request to Server
$ch = curl_init($url);
// To save response in a variable from server, set headers;
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
// Get response
$response = curl_exec($ch);
// Decode
$result = json_decode($response);
PHP Server, index.php
header("Content-Type:application/json");
$seceretKey = '32Xhsdf7asd';
$headers = apache_request_headers();
if(isset($headers['Authorization'])){
$api_key = $headers['Authorization'];
if($api_key != $seceretKey)
{
//403,'Authorization faild'; your logic
exit;
}
}
Florentino
Updated on July 23, 2022Comments
-
Florentino almost 2 years
I have seen the post for using api key for authenticating post calls in curl. I have a GET call that requires apikey for authorization i.e the request must have an authorization header cantaining the apiKey. I have obtained the api key and try to use it for a GET call :
<?php $service_url = 'http://localhost/finals/task_manager/v1/tasks/Authorization:'.$apiKey; $curl = curl_init($service_url); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); $curl_response = curl_exec($curl); if ($curl_response === false) { $info = curl_getinfo($curl); curl_close($curl); die('error occured during curl exec. Additioanl info: ' . var_export($info)); } curl_close($curl); $decoded1 = json_decode($curl_response,true); if (isset($decoded1->response->status) && $decoded1->response->status == 'ERROR') { die('error occured: ' . $decoded1->response->errormessage); } echo 'response ok!'; var_export($decoded1->response); ?>
I am getting error in json response:
{"error":true,"message":"Api key is misssing"}
I have tried a few other ways like passing a header array but i keep getting the error. How to correctly get the curl_response ? How should I pass the Authorization header which uses the api key ?
The api for the get call I am making is (created using Slim Library) :
index.php /** * Listing all tasks of particual user * method GET * url /tasks */ $app->get('/tasks', 'authenticate', function() { global $user_id; $response = array(); $db = new DbHandler(); // fetching all user tasks $result = $db->getAllUserTasks($user_id); $response["error"] = false; $response["tasks"] = array(); // looping through result and preparing tasks array while ($task = $result->fetch_assoc()) { $tmp = array(); $tmp["id"] = $task["id"]; $tmp["task"] = $task["task"]; $tmp["status"] = $task["status"]; $tmp["createdAt"] = $task["created_at"]; array_push($response["tasks"], $tmp); } echoRespnse(200, $response); });
The authenticate function is :
in the same index.php file /** * Adding Middle Layer to authenticate every request * Checking if the request has valid api key in the 'Authorization' header */ function authenticate(\Slim\Route $route) { // Getting request headers $headers = apache_request_headers(); $response = array(); $app = \Slim\Slim::getInstance(); // Verifying Authorization Header if (isset($headers['Authorization'])) { $db = new DbHandler(); // get the api key $api_key = $headers['Authorization']; // validating api key if (!$db->isValidApiKey($api_key)) { // api key is not present in users table $response["error"] = true; $response["message"] = "Access Denied. Invalid Api key"; echoRespnse(401, $response); $app->stop(); } else { global $user_id; // get user primary key id $user = $db->getUserId($api_key); if ($user != NULL) $user_id = $user["id"]; } } else { // api key is missing in header $response["error"] = true; $response["message"] = "Api key is misssing"; echoRespnse(400, $response); $app->stop(); } }