Reputation: 584
PHP API Call with Httpful and Basic Auth Header
I am using Httpful to call an API that uses basic authentication headers.
Here is how my GET request is set up:
<?php
include('httpful.phar');
$uri = "https://example.com";
$response = \Httpful\Request::get($uri)
->addHeader('Authorization', 'Basic KEY')
->send();
echo $response;
?>
This works correctly and I am able to display the response data on my PHP page.
However, is this the most secure way to add headers using basic auth? Should I be placing the auth key into a separate file or something more secure?
Upvotes: 1
Views: 1685
Answers (1)
Reputation: 53573
Should I be placing the auth key into a separate file
Probably. As a general rule, you should never commit authentication credentials to your source repository. So, if this file is source controlled, I'd pull out the hard-coded value and replace it with a variable.
How you set that variable depends on your environment. Often it's sufficient to read from a JSON, INI, or YML config file. Just make sure you set your .gitignore (or equivalent) to exclude that config file from the repository, and make sure that the file is outside the web server's document root, so that it can not be read directly.
Note, if you've already committed the key, then you'll want to change it, as its current value will live forever in your repository history.
Upvotes: 2
Related Questions
- PHP: how to make a GET request with HTTP-Basic authentication
- Send HTTP post request with http basic auth in PHP
- User HTTP login without basic authentication
- PHP HTTP/1.0 400 Bad Request from API Request with authorization headers
- Basic HTTP Authentication: API request: get data
- HTTP Basic Auth in RESTful API with PHP
- PHP: calling an API protected using basic authentication
- PHP RESTful API to accept authentification
- Correct headers for PHP RESTful Application?
- PHP: call to a REST api