I'm working with an RESTful API and I want to get all of its data. So far so good, but I want it to be more secure. I don't want to give the API token straight into the url. I want to use guzzel's auth function, but it won't work.
Example: The base url is https://example-api-site.comand I want to get further information, so I go to the site /location.name?lang=en&input=someLocation&authKey= instead of using here the authKey ( which works ) I want to use the auth function
Code:
$authKey = 'authKey123';
$client = new \GuzzleHttp\Client(['base_uri' => 'https://example-api-site.com']);
$response = $client->request('GET',"/location.name?lang=en&input=someLocation&authKey=",[
'auth' => [$authKey, null]
]);
echo $body = $response->getBody();
The output of the echo is "invalid auth key:"
I appreciate every comment!
You may are looking for raw Authorization header:
$response = $client->get('YOUR_ENDPOINT', [
'Authorization' => [
'Basic ' . base64_encode('someone@gmail.com:password')
]
]);
'auth' option is for Basic Authentication, it's not the same as GET-parameter. So if the API accepts only GET-parameter, you are stuck with it.
BTW, security by obscurity is not a real security. You are using HTTPS already, so I don't see any reasons to worry.