So we have created an api, we want to make sure it is called via https secure connection, how do we know from api it is serveing securely. For example if from another domain comes request to our api like this:
https://ourdomain.com/api.php?appId=dev4&apiKey=XXXX
From api.php, how do we know we are accessed securly via https ?
you can add this condition in api.php :
if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == 'off') {
// no ssl
} else {
// ssl
}
edit : as @Salman A said, the $_SERVER['HTTPS'] could be 'on' or 'off'. So I've changed the code.
When an HTTPS request is handled by a PHP script, $_SERVER autoglobal is filled with many extra headers related to SSL. You can check some of these.
I would check $_SERVER['HTTPS']=='on'
[HTTPS] => on
[SSL_SERVER_S_DN_C] => IT
[SSL_SERVER_S_DN_ST] => Some-State
[SSL_SERVER_S_DN_L] => Italy
[SSL_SERVER_S_DN_O] => test
[SSL_SERVER_S_DN_OU] => test
[SSL_SERVER_S_DN_CN] => test
[SSL_SERVER_S_DN_Email] => test@example.com
[SSL_SERVER_I_DN_C] => IT
[SSL_SERVER_I_DN_ST] => Some-State
[SSL_SERVER_I_DN_L] => Country
[SSL_SERVER_I_DN_O] => test
[SSL_SERVER_I_DN_OU] => test
[SSL_SERVER_I_DN_CN] => test
[SSL_SERVER_I_DN_Email] => test@example.com
[SSL_VERSION_INTERFACE] => mod_ssl/2.2.24
[SSL_VERSION_LIBRARY] => OpenSSL/1.0.1e
[SSL_PROTOCOL] => TLSv1
[SSL_SECURE_RENEG] => true
[SSL_COMPRESS_METHOD] => NULL
[SSL_CIPHER] => DHE-RSA-AES256-SHA
[SSL_CIPHER_EXPORT] => false
[SSL_CIPHER_USEKEYSIZE] => 256
[SSL_CIPHER_ALGKEYSIZE] => 256
[SSL_CLIENT_VERIFY] => NONE
[SSL_SERVER_M_VERSION] => 1
[SSL_SERVER_M_SERIAL] => C6D11EC56F9B9F1A
[SSL_SERVER_V_START] => Oct 31 09:51:34 2013 GMT
[SSL_SERVER_V_END] => Jul 27 09:51:34 2018 GMT
[SSL_SERVER_S_DN] => /C=IT/ST=Some-State/L=Italy/O=test/OU=test/CN=test/emailAddress=test@example.com
[SSL_SERVER_I_DN] => /C=IT/ST=Some-State/L=Italy/O=test/OU=test/CN=test/emailAddress=test@example.com
[SSL_SERVER_A_KEY] => rsaEncryption
[SSL_SERVER_A_SIG] => sha1WithRSAEncryption
[SSL_SESSION_ID] => 832D61116CB619ACF9B9FD3080B2BC8DB48343B3033023D683AC8A9D22C6A064
