I'm building a REST web service client in PHP and at the moment I'm using curl to make requests to the service.
How do I use curl to make authenticated (http basic) requests? Do I have to add the headers myself?
This question is related to
php
rest
curl
basic-authentication
If the authorization type is Basic auth and data posted is json then do like this
<?php
$data = array("username" => "test"); // data u want to post
$data_string = json_encode($data);
$api_key = "your_api_key";
$password = "xxxxxx";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://xxxxxxxxxxxxxxxxxxxxxxx");
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 20);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, $api_key.':'.$password);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Accept: application/json',
'Content-Type: application/json')
);
if(curl_exec($ch) === false)
{
echo 'Curl error: ' . curl_error($ch);
}
$errors = curl_error($ch);
$result = curl_exec($ch);
$returnCode = (int)curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
echo $returnCode;
var_dump($errors);
print_r(json_decode($result, true));
You just need to specify CURLOPT_HTTPAUTH and CURLOPT_USERPWD options:
$curlHandler = curl_init();
$userName = 'postman';
$password = 'password';
curl_setopt_array($curlHandler, [
CURLOPT_URL => 'https://postman-echo.com/basic-auth',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPAUTH => CURLAUTH_BASIC,
CURLOPT_USERPWD => $userName . ':' . $password,
]);
$response = curl_exec($curlHandler);
curl_close($curlHandler);
Or specify header:
$curlSecondHandler = curl_init();
curl_setopt_array($curlSecondHandler, [
CURLOPT_URL => 'https://postman-echo.com/basic-auth',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => [
'Authorization: Basic ' . base64_encode($userName . ':' . $password)
],
]);
$response = curl_exec($curlSecondHandler);
curl_close($curlSecondHandler);
Guzzle example:
use GuzzleHttp\Client;
use GuzzleHttp\RequestOptions;
$userName = 'postman';
$password = 'password';
$httpClient = new Client();
$response = $httpClient->get(
'https://postman-echo.com/basic-auth',
[
RequestOptions::AUTH => [$userName, $password]
]
);
print_r($response->getBody()->getContents());
See https://github.com/andriichuk/php-curl-cookbook#basic-auth
Yahoo has a tutorial on making calls to their REST services using PHP:
Make Yahoo! Web Service REST Calls with PHP
I have not used it myself, but Yahoo is Yahoo and should guarantee for at least some level of quality. They don't seem to cover PUT and DELETE requests, though.
Also, the User Contributed Notes to curl_exec() and others contain lots of good information.
Other way with Basic method is:
$curl = curl_init();
$public_key = "public_key";
$private_key = "private_key";
curl_setopt_array($curl, array(
CURLOPT_URL => "https://url.endpoint.co/login",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_HTTPHEADER => array(
"Content-Type: application/json",
"Authorization: Basic ".base64_encode($public_key.":".$private_key)
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
The most simple and native way it's to use CURL directly.
This works for me :
<?php
$login = 'login';
$password = 'password';
$url = 'http://your.url';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$login:$password");
$result = curl_exec($ch);
curl_close($ch);
echo($result);
Unlike SOAP, REST isn't a standardized protocol so it's a bit difficult to have a "REST Client". However, since most RESTful services use HTTP as their underlying protocol, you should be able to use any HTTP library. In addition to cURL, PHP has these via PEAR:
which replaced
A sample of how they do HTTP Basic Auth
// This will set credentials for basic auth
$request = new HTTP_Request2('http://user:[email protected]/secret/');
The also support Digest Auth
// This will set credentials for Digest auth
$request->setAuth('user', 'password', HTTP_Request2::AUTH_DIGEST);
There are multiple REST frameworks out there. I would strongly recommend looking into Slim mini Framework for PHP
Here is a list of others.
For those who don't want to use curl:
//url
$url = 'some_url';
//Credentials
$client_id = "";
$client_pass= "";
//HTTP options
$opts = array('http' =>
array(
'method' => 'POST',
'header' => array ('Content-type: application/json', 'Authorization: Basic '.base64_encode("$client_id:$client_pass")),
'content' => "some_content"
)
);
//Do request
$context = stream_context_create($opts);
$json = file_get_contents($url, false, $context);
$result = json_decode($json, true);
if(json_last_error() != JSON_ERROR_NONE){
return null;
}
print_r($result);
CURLOPT_USERPWD basically sends the base64 of the user:password string with http header like below:
Authorization: Basic dXNlcjpwYXNzd29yZA==
So apart from the CURLOPT_USERPWD you can also use the HTTP-Request header option as well like below with other headers:
$headers = array(
'Content-Type:application/json',
'Authorization: Basic '. base64_encode("user:password") // <---
);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
Michael Dowling's very actively maintained Guzzle is a good way to go. Apart from the elegant interface, asynchronous calling and PSR compliance, it makes the authentication headers for REST calls dead simple:
// Create a client with a base URL
$client = new GuzzleHttp\Client(['base_url' => 'http://myservices.io']);
// Send a request to http://myservices.io/status with basic authentication
$response = $client->get('/status', ['auth' => ['username', 'password']]);
See the docs.
Source: Stackoverflow.com