Using Auth Digest header variable in PHP curl request

Question

I am working with an API that provides a token for me to use to connect. It gives these instructions.

This token is then sent in all subsequent calls to the server in header variable Auth Digest.

I am not sure what this means. I've tried several approaches and read several stack overflow questions. Here's what I've tried. See code comments included for details.

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FAILONERROR, true);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
curl_setopt($ch, CURLOPT_BINARYTRANSFER,true);
curl_setopt($ch, CURLOPT_TIMEOUT, 20);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_VERBOSE, true);

// I have tried setting both of these
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);

curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);

// In combination of the above separately, I have tried each of these individually
curl_setopt($ch, CURLOPT_USERPWD, $username . ":" . $token);

curl_setopt($ch, CURLOPT_HTTPHEADER, array('Auth Digest: ' . $token));

curl_setopt($ch, CURLOPT_POST, true);
$post_data = array('Auth Digest' => $token);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post_data));

curl_setopt($ch, CURLOPT_USERPWD, $token); 

// Then I execute and close, either giving me a failed response and a response that says token is not valid
$response = curl_exec($ch);
$header_sent = curl_getinfo($ch, CURLINFO_HEADER_OUT);
if (!$response) {
    echo $action . ' curl request failed';
    return false;
}
curl_close($ch);
$response_json = json_decode($response);
var_dump($response_json);

Here are some related stackoverflow questions that I've tried to apply to my problem without success.

Curl request with digest auth in PHP for download Bitbucket private repository

Client part of the Digest Authentication using PHP POST to Web Service

How do I make a request using HTTP basic authentication with PHP curl?

I need to know what the raw http header that they're likely expecting or how I can use php curl to generate the header they're likely expecting.

Answer 1

An digest authorization header typically looks like:

Authorization: Digest _data_here_

So in your case, try:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
//... existing options here
$headers = array(
    'Authorization: Digest ' . $token,
);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$response = curl_exec($ch);

If you use CURLOPT_HTTPHEADER , that just specifies additional headers to send and doesn't require you to add all the headers there.

If the other headers you're sending all have explicit options, use those and just pass the one authorization header to CURLOPT_HTTPHEADER .