How to call API using HTTP basic authentication with PHP cURL?

Abhigyan Singh 08th Dec 2020

These days, basic authentication is very common while making any API call to authenticate the request. The basic authentication works with HTTP protocol to authenticate the client's HTTP request.

How basic authentication works?

In a simple HTTP request, the client sends the request to the server, and the server is responsible to serve the request. The server can handle the request only if there is no any protection of password or the server allows unauthorize access. But these days, every request requires some kind of authorization to get a response. So the basic authentication comes into the picture.

Basic authentication requires a basic authorization header with the HTTP request which send in encoded format.

For example, the authorization header contains username and password in base64-encoded format followed by Basic word.

'Authorization: Basic '. base64_encode("$username:$password")

Now if we send the PHP cURL request which is protected by HTTP authentication, then we will get an error of unauthorize access i.e. 401 unauthorized.

401 Unauthorized: You need a valid user and password.

Some API providers use the word access token and access secret that is similar to username and password.

So don't get confused with the below term because both are the same.

username is similar to access token
Password is similar to access secret

Send API request with HTTP basic authentication using PHP cURL

Now let's see the simple code to make an API request using PHP curl with HTTP basic authentication. As we know that cURL is primarily use to call API and here we will use PHP cURL to make the request.

<?php

//This is the root url endpoint where you will make the API call.
$host = 'Your endpoint url';

//Provide your username or access token.
$user_name = 'set_user_name';

//Provide your password or access token.
$password = 'set_password';

//Initiate cURL request
$ch = curl_init($host);

// Set the header by creating the basic authentication
$headers = array(
'Content-Type: application/json',
'Authorization: Basic '. base64_encode("$user_name:$password")
);
//Set the headers that we want our cURL client to use.
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

// Set the RETURNTRANSFER as true so that output will come as a string
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

//Execute the cURL request.
$response = curl_exec($ch);

//Check if any errors occured.
if(curl_errno($ch)){
// throw the an Exception.
throw new Exception(curl_error($ch));
}

curl_close($ch);

//get the response.
echo $response;

?>

There is another native way to directly call the cURL by passing simple authentication. Here we will not use 'Basic' word and encoded authentication. The code is given below:

<?php

$host = 'Your API root url';
$user_name = 'set_user_name';
$password = 'set_password';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$host);
curl_setopt($ch, CURLOPT_POSTFIELDS, "");
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type:application/json'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$user_name:$password");
$result = curl_exec($ch);
curl_close($ch);
$decodedResponse=json_decode($result);

?>

How to pass data or payload in basic HTTP authentication using PHP cURL

In some case, we need to post some data along with the cURL request. This data is also known as payload, in terms of API. So let's see how to post payload data in cURL request. Here we will create a simple array with some payload data and encode it in json format and pass in CURLOPT_POSTFIELDS.

<?php
$payload_data = array (
  'filter' => array ('filter1' => array (0 => 'filter_val',)
  )
);
$payload = json_encode(array("filter" => $payload_data));
?>

Some point regarding the implementation of basic HTTP authentication using PHP cURL

  • As per our requirement, we need to set the request as GET or POST.
  • As it just uses the combination of $user_name : $password So I recommend configuring SSL in both client-side, where the request initiates, and on the server, where the API is located to avoid any kind of attack.

Authored By Abhigyan Singh

He is a continuous blogger and has blogged on different topic. He loves to surf Internet and always trying to get new Idea about new Technology and Innovations and sharing these great information to all the technology lovers.

Also on DiscussDesk