我看过使用api密钥验证curl中的帖子调用的帖子。我有一个GET调用,需要apikey进行授权,即请求必须有一个授权标头来保存apiKey。我已经获得了api密钥并尝试将其用于GET调用:
<?php
$service_url = 'http://localhost/finals/task_manager/v1/tasks/Authorization:'.$apiKey;
$curl = curl_init($service_url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$curl_response = curl_exec($curl);
if ($curl_response === false) {
$info = curl_getinfo($curl);
curl_close($curl);
die('error occured during curl exec. Additioanl info: ' . var_export($info));
}
curl_close($curl);
$decoded1 = json_decode($curl_response,true);
if (isset($decoded1->response->status) && $decoded1->response->status == 'ERROR') {
die('error occured: ' . $decoded1->response->errormessage);
}
echo 'response ok!';
var_export($decoded1->response);
?>
我在json响应中遇到错误:
{"error":true,"message":"Api key is misssing"}
我尝试了一些其他方法,比如传递一个标题数组,但我不断收到错误。 如何正确获取curl_response?我应该如何传递使用api密钥的Authorization标头?
我正在进行的get调用的api是(使用Slim Library创建的):
index.php
/**
* Listing all tasks of particual user
* method GET
* url /tasks
*/
$app->get('/tasks', 'authenticate', function() {
global $user_id;
$response = array();
$db = new DbHandler();
// fetching all user tasks
$result = $db->getAllUserTasks($user_id);
$response["error"] = false;
$response["tasks"] = array();
// looping through result and preparing tasks array
while ($task = $result->fetch_assoc()) {
$tmp = array();
$tmp["id"] = $task["id"];
$tmp["task"] = $task["task"];
$tmp["status"] = $task["status"];
$tmp["createdAt"] = $task["created_at"];
array_push($response["tasks"], $tmp);
}
echoRespnse(200, $response);
});
身份验证功能是:
in the same index.php file
/**
* Adding Middle Layer to authenticate every request
* Checking if the request has valid api key in the 'Authorization' header
*/
function authenticate(\Slim\Route $route) {
// Getting request headers
$headers = apache_request_headers();
$response = array();
$app = \Slim\Slim::getInstance();
// Verifying Authorization Header
if (isset($headers['Authorization'])) {
$db = new DbHandler();
// get the api key
$api_key = $headers['Authorization'];
// validating api key
if (!$db->isValidApiKey($api_key)) {
// api key is not present in users table
$response["error"] = true;
$response["message"] = "Access Denied. Invalid Api key";
echoRespnse(401, $response);
$app->stop();
} else {
global $user_id;
// get user primary key id
$user = $db->getUserId($api_key);
if ($user != NULL)
$user_id = $user["id"];
}
} else {
// api key is missing in header
$response["error"] = true;
$response["message"] = "Api key is misssing";
echoRespnse(400, $response);
$app->stop();
}
}
答案 0 :(得分:13)
好吧所以它应该非常简单......你可以尝试添加:
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
'Authorization: ' . $apiKey
));
答案 1 :(得分:1)
使用自定义授权密钥访问网络服务。
PHP客户端,client.php
$name = 'Book name';
//Server url
$url = "http://localhost/php-rest/book/$name";
$apiKey = '32Xhsdf7asd5'; // should match with Server key
$headers = array(
'Authorization: '.$apiKey
);
// Send request to Server
$ch = curl_init($url);
// To save response in a variable from server, set headers;
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
// Get response
$response = curl_exec($ch);
// Decode
$result = json_decode($response);
PHP Server,index.php
header("Content-Type:application/json");
$seceretKey = '32Xhsdf7asd';
$headers = apache_request_headers();
if(isset($headers['Authorization'])){
$api_key = $headers['Authorization'];
if($api_key != $seceretKey)
{
//403,'Authorization faild'; your logic
exit;
}
}
答案 2 :(得分:0)
从Advance rest客户端传递Api密钥时使用授权而不是header参数中的授权来克服此问题。那就行了。