I am creating a basic API using Basic Auth over SSL. The API will be used in a mobile application and allow the creation of an account, with other fairly basic features.
I have decided to hard-code a API key into the mobile application to pass to the API to make it a bit harder for a hacker to access parts of the API that don't require a login (basic auth). Based on what I've read, the API key should be stored in the Authorization header in the HTTP request.
Key ~@3o42jf!34vm3.! Basic c3RhY2tAZ21haWwuY29tOnRlc3RpbmcxMjM=
Since this is a custom header, you should use a separate identifier for it. For example:
And then you can leave the basic auth header as it is (since it indeed won't work if you insert custom data in it).
On the PHP side, your custom header can be accessed with
Also make sure that your request headers are in the correct format. It should be like this:
GET /api/v1/tickets HTTP/1.1 Host: 18.104.22.168 Authorization: Basic c3RhY2tAZ21haWwuY29tOnzzz3RpbmcxMjM= X-Api-Key: z7='sL(=}24qv'3F Cache-Control: no-cache Postman-Token: e657c66f-2db1-bf76-78c5-777305b5bfe6