Http basic auth curl php

NOTE: username = joeuser, password = secretpass

Example #1 - using -H

You can put this together into curl like this:

$ curl -H "Authorization: Basic $(base64 <<<"joeuser:secretpass")" http://example.com 

Example #2 - using -u

Most will likely agree that if you're going to bother doing this, then you might as well just use curl 's -u option.

$ curl --help |grep -- "--user " -u, --user USER[:PASSWORD] Server user and password 

$ curl -u someuser:secretpass http://example.com 

But you can do this in a semi-safer manner if you keep your credentials in a encrypted vault service such as LastPass or Pass.

For example, here I'm using the LastPass' CLI tool, lpass , to retrieve my credentials:

$ curl -u $(lpass show --username example.com):$(lpass show --password example.com) \ http://example.com 

Example #3 - using curl config

There's an even safer way to hand your credentials off to curl though. This method makes use of the -K switch.

When used, your details remain hidden, since they're passed to curl via a temporary file descriptor, for example:

+ curl -skK /dev/fd/63 -XGET -H 'Content-Type: application/json' https://es-data-01a.example.com:9200/_cat/health ++ cat +++ lpass show --username example.com +++ lpass show --password example.com 1561075296 00:01:36 rdu-es-01 green 9 6 2171 1085 0 0 0 0 - 100.0% 

NOTE: Above I'm communicating with one of our Elasticsearch nodes, inquiring about the cluster's health.

This method is dynamically creating a file with the contents user = ":" and giving that to curl .

HTTP Basic Authorization

The methods shown above are facilitating a feature known as Basic Authorization that's part of the HTTP standard.

1. The username and password are combined with a single colon (:). This means that the username itself cannot contain a colon.
2. The resulting string is encoded into an octet sequence. The character set to use for this encoding is by default unspecified, as long as it is compatible with US-ASCII, but the server may suggest use of UTF-8 by sending the charset parameter.
3. The resulting string is encoded using a variant of Base64.
4. The authorization method and a space (e.g. "Basic ") is then prepended to the encoded string.

Источник

PHP: Using cURL with Basic HTTP Authentication.

This is a short PHP tutorial on how to use cURL to make a Basic Access Authentication request. In this post, I will show you how to configure PHP’s cURL functions to access a web resource that is protected by basic HTTP authentication.

401 Unauthorized.

If you send a cURL request to a URL that is protected by HTTP authentication, the response will probably look something like this:

401 Unauthorized: You need a valid user and password to access this content.

The issue here is that the resource is protected and you did not provide a valid username and password. As a result, the server responded with a 401 Unauthorized response.

Using the CURLOPT_USERPWD option.

To solve this, we can use the CURLOPT_USERPWD option. This option allows us to tell cURL what username and password to use while making the request.

An example of it being used:

//The URL of the resource that is protected by Basic HTTP Authentication. $url = 'http://site.com/protected.html'; //Your username. $username = 'myusername'; //Your password. $password = 'mypassword'; //Initiate cURL. $ch = curl_init($url); //Specify the username and password using the CURLOPT_USERPWD option. curl_setopt($ch, CURLOPT_USERPWD, $username . ":" . $password); //Tell cURL to return the output as a string instead //of dumping it to the browser. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //Execute the cURL request. $response = curl_exec($ch); //Check for errors. if(curl_errno($ch)) < //If an error occured, throw an Exception. throw new Exception(curl_error($ch)); >//Print out the response. echo $response;

In the example above, we set the username and password using the CURLOPT_USERPWD option. As a result, our cURL client will end up sending the following header:

Authorization: Basic bXl1c2VybmFtZTpteXBhc3N3b3Jk

• In some cases, the resource in question might be expecting a POST request. Therefore, you might need to change the request above from a GET request to a POST request.
• The CURLOPT_USERPWD option sends the username and password combination in a base64 format. This means that a combination of “MyUsername:MyPassword” will become “TXlVc2VybmFtZTpNeVBhc3N3b3Jk”. However, it is important to note that base64 does not make this request any more secure. Therefore, it is advisable that you configure both the cURL client and the server to use SSL. This is to prevent man-in-the-middle attacks.
• Other options may need to be configured depending on your situation. In other words, the code above might not work “straight out of the box”.

Using CURLOPT_HTTPHEADER.

Alternatively, you can use the CURLOPT_HTTPHEADER, which allows you manually create headers. In the example below, we manually set the Content-Type and Authorization headers:

//HTTP username. $username = 'myusername'; //HTTP password. $password = 'mypassword'; //Create the headers array. $headers = array( 'Content-Type: application/json', 'Authorization: Basic '. base64_encode("$username:$password") ); //Set the headers that we want our cURL client to use. curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

The code above should be used in lieu of the CURLOPT_USERPWD option.

Hopefully, you found this guide to be useful!

Источник

How to make a PHP curl request with basic authentication

When accessing API request over PHP curl, some routes are authentication required. Also third party API mostly required to authenticate before accepting request. This can be done by Bearer or Basic authentication method.

In this article, we will see how to send PHP curl request on authentication protected url. You need to send user and password data with the request. Below example send the get request which requires basic authentication:

[email protected]'; $password = '123456'; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_USERPWD, $username.':'.$password); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); curl_close($ch);

You can also send curl request using Authorization header. Curl CURLOPT_USERPWD option basically send Authorization header with value of username:password in a base64 format. You can do it as below:

[email protected]'; $password = '123456'; $headers = array( 'Authorization: Basic '. base64_encode($username.':'.$password) ); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); curl_close($ch);

This way, you can also make curl request over the routes which requires authentication. If you like the article,like our Facebook page and follow us on Twitter.

Источник

PHP: how to make a GET request with HTTP-Basic authentication

and i have a website ayokngaji.com then i want to send basic auth to get status with my url. Example:

ayokngaji.com/v2/[orderid]/status = (BASIC AUTH INCLUDED) 

How do i make this? i also tried using postman, and using basic auth it work, and show the right result when i search it online it show me like CURL, BASIC AUTH, but i don't understand any of these tutorial because my limit on english and small knowledge on php SOLVED:

 "https://api.sandbox.midtrans.com/v2/order-101c-1581491105/status", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 0, CURLOPT_FOLLOWLOCATION => true, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "GET", CURLOPT_HTTPHEADER => array( "Accept: application/json", "Content-Type: application/json", "Authorization: Basic U0ItTWlkLXNl" ), )); $response = curl_exec($curl); curl_close($curl); echo $response; 

Postman can provide to you the request in any language you want: learning.postman.com/docs/postman/sending-api-requests/…

1 Answer 1

There several ways you may make a GET request to a API endpoint. But developers prefer making requests using CURL . I am providing a code snippet that shows how to set Authorization header with Basic Auth authorization, how to encode username and password using php's base64_encode() function (Basic Auth authorization supports base64 encoding), and how to prepare headers for making a request using php's CURL library.

Oh! do not forget to replace username, password and endpoint (api endpoint) with yours ones.

"; $headers[] = 'Content-Type: application/x-www-form-urlencoded'; $headers[] = 'Cache-Control: no-cache'; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $endpoint); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET'); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); $result = curl_exec($ch); if (curl_errno($ch)) < echo 'Error:' . curl_error($ch); >curl_close($ch); // Debug the result var_dump($result); 

Using stream contexts

 array( 'method' => "GET", 'header' => "Authorization: Basic " . base64_encode("$username:$password") ) ); $context = stream_context_create($opts); // Open the file using the HTTP headers set above $result = file_get_contents($endpoint, false, $context); echo '
'; print_r($result); 
 
You may refer to this php doc for how to use stream context using file_get_contents() .
 
Источник
 
Читайте также:  Python if else in list comprehensions