I am exploring the world of the REST API for the first time, I have already had to deal with it through the use of Slim, but now I want to be a homemade solution, considering that I don't need any framework for make a simple Rest Api. What I have done is create a page like this:
<?php
$method = $_SERVER['REQUEST_METHOD'];
$request = explode("/", substr(@$_SERVER['PATH_INFO'], 1));
switch ($method)
{
case 'PUT':
echo "PUT";
break;
case 'POST':
echo "POST";
break;
case 'GET':
echo "GET";
break;
case 'DELETE':
echo "DELETE";
break;
default:
handle_error($request);
break;
}
My goal is to implement an access token, I think passing it in the header but I'm not sure (I'm looking for a secure mode). However if I run this from the command line:
curl -X GET http://localhost/v1
I get GET
, just to give an example of how it should work. And so for all other inquiries. Now the real question is: how can I call the methods in the switch only if I passed a token? For example, at the top of the page will be performed control will be carried out such a check:
if(!isset($_SERVER['AUTH_USER']))
{
exit('TOKEN not provide');
}
Another question is how to pass the token via curl? Because if I do it through ... I can read the header via curl but how would it work?
UPDATE:
As mentioned by @Paradoxis I've tried with:
url http://localhost/v1 -H "Authorization: <token>"
but seems that I fail to take the header. I spend my time to understand why the header isn't passed, so in my code I've add this line:
print_r(apache_request_headers());
and this is the result:
Array
(
[Host] => localhost
[User-Agent] => curl/7.46.0
[Accept] => */*
[Authorization] => <token>
)
How you can see in the request_headers
I can see correctly in the header, but I can't catch it through the use of $_SERVER['Authorization']
or $_SERVER['HTTP_Authorization']
The token is a text string, included in the request header. In the request Authorization tab, select Bearer Token from the Type dropdown list. In the Token field, enter your API key value. For added security, store it in a variable and reference the variable by name.
To add the authentication credentials, click Next. Login—Enter basic authorization user name of the REST API web service. Password—Enter the password of the basic authorization protocol. (Optional) If the REST API web service requires custom headers to establish a connection, in Headers, add the headers and the values.
How you can see in the request_headers I can see correctly in the header, but I can't catch it through the use of $_SERVER['Authorization'] or $_SERVER['HTTP_Authorization']
Every time you need to see the the headers, or even any other information that you think should be available, I suggest you debug it like this:
var_dump($_SERVER);
Most probably you'll find it as: $_SERVER['HTTP_AUTHORIZATION']
Note: this is case-sensitive! Php takes the headers, capitalizes the key, changes "-
" to "_
" and prepends "HTTP_
".
Note2: don't use a standard http header, like Authorization
for your custom made tokens. That is for HTTP Basic Authentication. If you do implement your custom token, then use your custom http header for it.
You can pass headers with curl via the -H
argument like so:
curl http://localhost/v1 -H "AUTH_USER: <token>"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With