REST Authentication in PHP (CodeIgniter)

Question

I writing REST API form my web application. Application is written using CodeIgniter framework. Application itself is working fine, but I'm stuck on making REST Authentication. I think that basic Http Authentication will be good enough for some time. Public API is not yet planned.

Is there any code example how to achieve REST Authentication so after user is authenticated he can freely call all protected methods.

Answer 1

I have written up a REST Controller to make your REST applications easier to build. You can read all about it on NetTuts: Working with RESTful services in CodeIgniter.

Answer 2

If you use HTTPS, you can use Basic authentication and it's very easy to do. Just add following code to your controller,

   if (empty($this->input->server('PHP_AUTH_USER')))
   {
       header('HTTP/1.0 401 Unauthorized');
       header('HTTP/1.1 401 Unauthorized');
       header('WWW-Authenticate: Basic realm="My Realm"');
       echo 'You must login to use this service'; // User sees this if hit cancel
       die();
    }

    $username = $this->input->server('PHP_AUTH_USER');
    $password = $this->input->server('PHP_AUTH_PW');

    // Check username and password

I use mod_php, your auth variable names maybe different if using other SAPI modules.