1

I am working with an API that provides a token for me to use to connect. It gives these instructions.

This token is then sent in all subsequent calls to the server in header variable Auth Digest.

I am not sure what this means. I've tried several approaches and read several stack overflow questions. Here's what I've tried. See code comments included for details.

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FAILONERROR, true);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
curl_setopt($ch, CURLOPT_BINARYTRANSFER,true);
curl_setopt($ch, CURLOPT_TIMEOUT, 20);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_VERBOSE, true);

// I have tried setting both of these
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);

curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);

// In combination of the above separately, I have tried each of these individually
curl_setopt($ch, CURLOPT_USERPWD, $username . ":" . $token);

curl_setopt($ch, CURLOPT_HTTPHEADER, array('Auth Digest: ' . $token));

curl_setopt($ch, CURLOPT_POST, true);
$post_data = array('Auth Digest' => $token);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post_data));

curl_setopt($ch, CURLOPT_USERPWD, $token); 

// Then I execute and close, either giving me a failed response and a response that says token is not valid
$response = curl_exec($ch);
$header_sent = curl_getinfo($ch, CURLINFO_HEADER_OUT);
if (!$response) {
    echo $action . ' curl request failed';
    return false;
}
curl_close($ch);
$response_json = json_decode($response);
var_dump($response_json);

Here are some related stackoverflow questions that I've tried to apply to my problem without success.

Curl request with digest auth in PHP for download Bitbucket private repository

Client part of the Digest Authentication using PHP POST to Web Service

How do I make a request using HTTP basic authentication with PHP curl?

I need to know what the raw http header that they're likely expecting or how I can use php curl to generate the header they're likely expecting.

Community
  • 1
  • 1
Goose
  • 4,764
  • 5
  • 45
  • 84
  • 1
    Usually it looks like `$headers = array("Authorization: Digest $token");` but there may be more to it. Without knowing the API or exact details we can only guess. – drew010 Jul 20 '16 at 18:43
  • @drew010 that works. If you can post that as an answer I'll accept. It'll be much appreciated if you can show how it can be done using `curl_setopt` without using `CURLOPT_HTTPHEADER` which requires me to set every line of the header manually. – Goose Jul 20 '16 at 19:06
  • I added an answer. Not sure I understand your comment completely but using CURLOPT_HTTPHEADER doesn't mean you need to set every line of the header manually. That just allows you to pass additional headers curl doesn't have options for or that you want greater control over. It'll still do everything else. – drew010 Jul 20 '16 at 19:56

1 Answers1

1

An digest authorization header typically looks like:

Authorization: Digest _data_here_

So in your case, try:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
//... existing options here
$headers = array(
    'Authorization: Digest ' . $token,
);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$response = curl_exec($ch);

If you use CURLOPT_HTTPHEADER, that just specifies additional headers to send and doesn't require you to add all the headers there.

If the other headers you're sending all have explicit options, use those and just pass the one authorization header to CURLOPT_HTTPHEADER.

drew010
  • 68,777
  • 11
  • 134
  • 162