Building a REST API: API Keys with PUT, PATCH and DELETE

Question

I am learning how to build a REST API to implement on a system that has an old API. The old (and new) APIs require authentication, which comes in the form of an API key.

With the old API, you would POST to the URL and one of the POST parameters would be your API key.

With the REST API, I get that the API key could be passed as a GET or POST parameter for the GET and POST methods, but how do I pass it through for PUT, PATCH and DELETE and how do I extract the API key in PHP?

The API key should be set in the 'Authorization' header when making requests (GET,POST,PUT,PATCH and DELETE). Read this for instance: https://www.sitepoint.com/php-authorization-jwt-json-web-tokens/ — ka_lin, Oct 06 '17 at 08:14

score 1 · Accepted Answer · answered Oct 06 '17 at 08:23

I would recommend you to check this question but summarizing you should put it in the HTTP Authorization header!

There are hundreds of tutorials that can help you with PHP code, I use this couple months ago: https://secure.php.net/manual/en/function.getallheaders.php

score 0 · Answer 2 · answered Oct 06 '17 at 08:16

0

You could send data for PUT, PATCH and DELETE the same as for POST. Example for curl:

$data = array("key" => 'someKey');
$ch = curl_init('url');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
$response = curl_exec($ch);

answered Oct 06 '17 at 08:16

vstelmakh

742
1
11
19

That's not the way how REST API should be designed. Suggest reading https://martinfowler.com/articles/richardsonMaturityModel.html – Alex Blex Oct 06 '17 at 08:23
Completely agree with you. This answer is how to send data. – vstelmakh Oct 06 '17 at 08:59

Building a REST API: API Keys with PUT, PATCH and DELETE

2 Answers2