PHP:在CURL GET Call中使用API密钥

我看过使用api密钥验证curl中的post调用的帖子 . 我有一个GET调用,需要apikey进行授权,即请求必须有一个授权标头来保存apiKey . 我已经获得了api密钥并尝试将其用于GET调用:

<?php

$service_url = 'http://localhost/finals/task_manager/v1/tasks/Authorization:'.$apiKey;
$curl = curl_init($service_url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$curl_response = curl_exec($curl);
if ($curl_response === false) {
    $info = curl_getinfo($curl);
    curl_close($curl);
    die('error occured during curl exec. Additioanl info: ' . var_export($info));
}

curl_close($curl);
$decoded1 = json_decode($curl_response,true);
if (isset($decoded1->response->status) && $decoded1->response->status == 'ERROR') {
    die('error occured: ' . $decoded1->response->errormessage);
}
echo 'response ok!';
var_export($decoded1->response);
?>

我在json响应中收到错误:

{"error":true,"message":"Api key is misssing"}

我已经尝试了一些其他方式,如传递标头数组,但我不断收到错误 . 如何正确获取curl_response?我应该如何传递使用api密钥的Authorization标头?

我正在进行的get调用的api是(使用Slim Library创建的):

index.php
/**
 * Listing all tasks of particual user
 * method GET
 * url /tasks          
 */
$app->get('/tasks', 'authenticate', function() {
            global $user_id;
            $response = array();
            $db = new DbHandler();

            // fetching all user tasks
            $result = $db->getAllUserTasks($user_id);

            $response["error"] = false;
            $response["tasks"] = array();

            // looping through result and preparing tasks array
            while ($task = $result->fetch_assoc()) {
                $tmp = array();
                $tmp["id"] = $task["id"];
                $tmp["task"] = $task["task"];
                $tmp["status"] = $task["status"];
                $tmp["createdAt"] = $task["created_at"];
                array_push($response["tasks"], $tmp);
            }

            echoRespnse(200, $response);
        });

验证功能是:

in the same index.php file
/**
 * Adding Middle Layer to authenticate every request
 * Checking if the request has valid api key in the 'Authorization' header
 */
function authenticate(\Slim\Route $route) {
    // Getting request headers
    $headers = apache_request_headers();
    $response = array();
    $app = \Slim\Slim::getInstance();

    // Verifying Authorization Header
    if (isset($headers['Authorization'])) {
        $db = new DbHandler();

        // get the api key
        $api_key = $headers['Authorization'];
        // validating api key
        if (!$db->isValidApiKey($api_key)) {
            // api key is not present in users table
            $response["error"] = true;
            $response["message"] = "Access Denied. Invalid Api key";
            echoRespnse(401, $response);
            $app->stop();
        } else {
            global $user_id;
            // get user primary key id
            $user = $db->getUserId($api_key);
            if ($user != NULL)
                $user_id = $user["id"];
        }
    } else {
        // api key is missing in header
        $response["error"] = true;
        $response["message"] = "Api key is misssing";
        echoRespnse(400, $response);
        $app->stop();
    }
}

回答(3)

2 years ago

好吧所以它应该非常简单...你能尝试添加:

curl_setopt($curl, CURLOPT_HTTPHEADER, array(
'Authorization: ' . $apiKey
));

你的卷曲?之后,在authenticate()函数中执行print_r($ headers)以查看是否收到它 .

2 years ago

使用自定义授权密钥访问Web服务 .

PHP客户端,client.php

$name = 'Book name';
//Server url
$url = "http://localhost/php-rest/book/$name";
$apiKey = '32Xhsdf7asd5'; // should match with Server key
$headers = array(
     'Authorization: '.$apiKey
);
// Send request to Server
$ch = curl_init($url);
// To save response in a variable from server, set headers;
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
// Get response
$response = curl_exec($ch);
// Decode
$result = json_decode($response);

PHP服务器,index.php

header("Content-Type:application/json");
$seceretKey = '32Xhsdf7asd';
$headers = apache_request_headers();
    if(isset($headers['Authorization'])){
        $api_key = $headers['Authorization'];
        if($api_key != $seceretKey) 
        {
            //403,'Authorization faild'; your logic
            exit;
        }
    }

2 years ago

从Advance rest客户端传递Api密钥时使用Authorization而不是header参数中的授权来解决此问题 . 然后它会工作 .