HTTP Authorization Headers PHP

Configure Apache

This configuration works, rewrites all requests to your front controller and adds the HTTP_AUTHORIZATION header.

There are mulitple ways to get Apache to pass this header.

If you have SetEnv module enabled you can use this one

# REquires Module
# SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1


Or you can configure via RewriteRules in the Directory or VirtualHost.
# RewriteCond %{HTTP:Authorization} ^(.*)
# RewriteRule .* - [E=HTTP_AUTHORIZATION:%1]


If you have another Front controller, you can configure rewrite like this
RewriteRule .* /index.php [L,QSA]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:AUTHORIZATION}]


Calling With Curl and Reading with PHP

This sends Authorization in HTTP Basic, the data is just base64 encoded.
curl -v  http://user:pass@api.edoceo.com/auth
> Authorization: Basic dXNlcjpwYXNz


if (preg_match('/^Basic ([\w\.\+\-\/=]+)/', $_SERVER['HTTP_AUTHORIZATION'], $m)) {
	$auth = base64_decode($m[1]);
	$auth = explode(':', $auth);
	// array('user', 'pass');
}


And here we can send data via explicit header

curl --header 'Authorization: Token BigNumHere' http://user:pass@api.edoceo.com/auth
> Authorization: Token BigNumHere

if (preg_match('/^Token ([\w\.\+\-\/=]+)/', $_SERVER['HTTP_AUTHORIZATION'], $m)) {
	$auth = $m[1];
}