HTTP Authorization Headers PHP

Configure Apache

This configuration works, rewrites all requests to your front controller and adds the HTTP_AUTHORIZATION header.

There are mulitple ways to get Apache to pass this header.

If you have SetEnv module enabled you can use this one

# REquires Module
# SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

Or you can configure via RewriteRules in the Directory or VirtualHost.

# RewriteCond %{HTTP:Authorization} ^(.*)
# RewriteRule .* - [E=HTTP_AUTHORIZATION:%1]

If you have another Front controller, you can configure rewrite like this

RewriteRule .* /index.php [L,QSA]

Calling With Curl and Reading with PHP

This sends Authorization in HTTP Basic, the data is just base64 encoded.

curl -v
> Authorization: Basic dXNlcjpwYXNz

if (preg_match('/^Basic ([\w\.\+\-\/=]+)/', $_SERVER['HTTP_AUTHORIZATION'], $m)) {
	$auth = base64_decode($m[1]);
	$auth = explode(':', $auth);
	// array('user', 'pass');

And here we can send data via explicit header

curl --header 'Authorization: Token BigNumHere'
> Authorization: Token BigNumHere
if (preg_match('/^Token ([\w\.\+\-\/=]+)/', $_SERVER['HTTP_AUTHORIZATION'], $m)) {
	$auth = $m[1];