We have our development website password protected with htaccess and htpasswd. We have REST API on our dev website and we are able to bypass the password protection when we are not using any authorization header by passing the username and password as Basic Auth Type. Please check the below screenshot
Postman Authorization Type
However, we are having few other APIs as well where we need to pass the bearer(token) as authorization header. In this case we are not able to pass multiple authorization header for both htaccess password and token.
Is there a way we can pass both the htaccess authorization header as well as the API authorization header? Or can we bypass password protection only for API calls and not for the website?
For additional information, we are using Apache/2.4.28.
Thanks
Super old question, but I just ran into this issue and figured out you can combine the Basic Auth and the Bearer Token into 1 Authorization call.
This is how I did it with Postman:
Basic dGVhbToxxxXXXxxxXx== Bearer 2|XDIrp...wqhKCzvOpK
Now go back to the Authorization Tab (Step 1) and Change the Basic Auth back to Inherit Auth from parent
The final Header should look like this:
Now you can get through the htaccess and authenticate your Api route with the bearer token.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With