PHP：在CURL GET Call中使用API​​密钥

Question

I have seen the post for using api key for authenticating post calls in curl. I have a GET call that requires apikey for authorization ie the request must have an authorization header cantaining the apiKey. I have obtained the api key and try to use it for a GET call :

<?php

$service_url = 'http://localhost/finals/task_manager/v1/tasks/Authorization:'.$apiKey;
$curl = curl_init($service_url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$curl_response = curl_exec($curl);
if ($curl_response === false) {
    $info = curl_getinfo($curl);
    curl_close($curl);
    die('error occured during curl exec. Additioanl info: ' . var_export($info));
}

curl_close($curl);
$decoded1 = json_decode($curl_response,true);
if (isset($decoded1->response->status) && $decoded1->response->status == 'ERROR') {
    die('error occured: ' . $decoded1->response->errormessage);
}
echo 'response ok!';
var_export($decoded1->response);
?>

I am getting error in json response:

{"error":true,"message":"Api key is misssing"}

I have tried a few other ways like passing a header array but i keep getting the error. How to correctly get the curl_response ? How should I pass the Authorization header which uses the api key ?

The api for the get call I am making is (created using Slim Library) :

index.php
/**
 * Listing all tasks of particual user
 * method GET
 * url /tasks          
 */
$app->get('/tasks', 'authenticate', function() {
            global $user_id;
            $response = array();
            $db = new DbHandler();

            // fetching all user tasks
            $result = $db->getAllUserTasks($user_id);

            $response["error"] = false;
            $response["tasks"] = array();

            // looping through result and preparing tasks array
            while ($task = $result->fetch_assoc()) {
                $tmp = array();
                $tmp["id"] = $task["id"];
                $tmp["task"] = $task["task"];
                $tmp["status"] = $task["status"];
                $tmp["createdAt"] = $task["created_at"];
                array_push($response["tasks"], $tmp);
            }

            echoRespnse(200, $response);
        });

The authenticate function is :

in the same index.php file
/**
 * Adding Middle Layer to authenticate every request
 * Checking if the request has valid api key in the 'Authorization' header
 */
function authenticate(\Slim\Route $route) {
    // Getting request headers
    $headers = apache_request_headers();
    $response = array();
    $app = \Slim\Slim::getInstance();

    // Verifying Authorization Header
    if (isset($headers['Authorization'])) {
        $db = new DbHandler();

        // get the api key
        $api_key = $headers['Authorization'];
        // validating api key
        if (!$db->isValidApiKey($api_key)) {
            // api key is not present in users table
            $response["error"] = true;
            $response["message"] = "Access Denied. Invalid Api key";
            echoRespnse(401, $response);
            $app->stop();
        } else {
            global $user_id;
            // get user primary key id
            $user = $db->getUserId($api_key);
            if ($user != NULL)
                $user_id = $user["id"];
        }
    } else {
        // api key is missing in header
        $response["error"] = true;
        $response["message"] = "Api key is misssing";
        echoRespnse(400, $response);
        $app->stop();
    }
}

Answer 1

ok so it should be pretty straightforward... Could you try and add:

curl_setopt($curl, CURLOPT_HTTPHEADER, array(
'Authorization: ' . $apiKey
));

to your curl? After that, do a print_r($headers) in your authenticate() function to see if you receive it ok.

Answer 2

Access web service using custom Authorization key.

PHP Client,client.php

$name = 'Book name';
//Server url
$url = "http://localhost/php-rest/book/$name";
$apiKey = '32Xhsdf7asd5'; // should match with Server key
$headers = array(
     'Authorization: '.$apiKey
);
// Send request to Server
$ch = curl_init($url);
// To save response in a variable from server, set headers;
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
// Get response
$response = curl_exec($ch);
// Decode
$result = json_decode($response);

PHP Server, index.php

header("Content-Type:application/json");
$seceretKey = '32Xhsdf7asd';
$headers = apache_request_headers();
    if(isset($headers['Authorization'])){
        $api_key = $headers['Authorization'];
        if($api_key != $seceretKey) 
        {
            //403,'Authorization faild'; your logic
            exit;
        }
    }

Answer 3

to overcome this problem when passing Api key from Advance rest client use Authorization rather than authorization in header parameter. then it will work.