1

I've researched that there is an overall HTTP request size limit, and read this is normally a restriction set by Apache. But considering there's a bunch of other headers I could send through, that I'm not, I highly doubt I'm reaching the overall request size limit.

All I'm doing, is HTTP Basic authentication for a REST API, sending an API Key and API Secret, which are both 30 characters in length. And this seems to just fall over and fail. Nothing happens.

However, if I shorten the API Key and API Secret to 28 characters each, it works.

I find it hard to believe, that for something like authentication, there is a hard limit of 28 characters for the "username" and "password"?

Daniel Carvalho
  • 557
  • 2
  • 8
  • 20
  • Duplicate of [Is there a maximum length for a HTTP BASIC authentication username?](http://stackoverflow.com/questions/4027825/is-there-a-maximum-length-for-a-http-basic-authentication-username). – CodeCaster Nov 05 '13 at 13:19
  • Or, if you think the duplicate doesn't answer your question, answer the following: _"And this seems to just fall over and fail."_ - how? A 4xx response status? Does anything get logged? What PHP application are you talking to? What happens when you do a request to a PHP script that just `var_dump()`s the request header? – CodeCaster Nov 05 '13 at 13:21
  • Yeah, I saw that question and it doesn't answer my question. But you nailed exactly where the difference is. Nothing happens. I var_dump() the request header, and I get nothing. If I make the username and password shorter, it seems to execute. It's like it's not even trying with a username and password that's "too long". I'm using RESTClient for Firefox to test, I'm going to try curl or another plugin and see if the problem isn't with the plugin. – Daniel Carvalho Nov 05 '13 at 13:26
  • Oh, forgot to add, there seems to be no errors in the logs too. I must be missing something and being stupid. – Daniel Carvalho Nov 05 '13 at 13:28
  • Does this happen on multiple servers? Do you have some (exotic) Apache or PHP security modules / plugins running? – CodeCaster Nov 05 '13 at 13:30
  • 1
    I was running WAMP; but it seems the issue was something else. It turns out, it WAS the plugin / extension. Do not use RESTClient for Firefox apparently. I used POSTMAN for Google Chrome, and that worked splendidly. Even with the 30 character API Keys and API Secrets. – Daniel Carvalho Nov 05 '13 at 14:46

1 Answers1

1

It seems the issue I was experiencing was due to the plugin / extension I was using with Mozilla Firefox, named RESTClient; which I was using to test my REST API.

I switched to Google Chrome, and gave the POSTMAN plugin / extension a try, and my 30 character API Key and API Secret worked splendidly. With RESTClient, the requests didn't even try to execute. No responses, nothing.

DON'T USE RESTClient. I will try and find a suitable alternative for Firefox. However, this leads me to believe that doing a proper curl request would probably be the best ground truth for testing your PHP REST API.

Daniel Carvalho
  • 557
  • 2
  • 8
  • 20