AuthKey in header

Question

So my client needs a REST API using PHP that provides output as per the conditions on the URL parameters

So now there are three URL's basically which is currently needed and they are done.

so they are

localhost/newapi/client/<AuthKey> - for authorizing

localhost/newapi/client/<clientid>/categories/ - to get all the categories

localhost/newapi/client/<clientid>/categories/<categoryid> - to get all items in a category

used .htaccess for fancy URL

So now he requested that AuthKey need to be added to HTTP header not the URL. So the AuthKey must be passed as header and the rest as URL parameters

So my question is how this can be done. and how to retrieve the AuthKey from the request?

Any tutorials or comments regarding this question is welcome

Answer 1

you can tell the client when he request your api he add a header as below:

AuthKey: your-api-auth-key
or
Token: your-api-token

and then in your php code make

$headers = getallheaders();
$token = $headers['Token'] or ['AuthKey'];

then you check if the key in database and then process your code

Note:
your client can add Header with PHP cURL

curl_setopt($curl-handle, CURLOPT_HEADER, array(
'Token' => 'client-auth-token', //or
'AuthKey' => 'client-auth-token'
));