PHP cURL Malformed Authorization header REST API Basic Authorization

Question

I try to make HTTP request to my vendor API using curl Basic Auth like this :

//Server url
$url = "https://api.example.com/store/products?status=all&offset=0&limit=50";
$apiKey = 'xxxxxxx'; // apikey
$headers = array(
     'Authorization: Basic '.$apiKey
);
// Send to Server
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_TIMEOUT, 30); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
// Get response
$response = curl_exec($ch);
// Encode : decode returns string error so use encode
echo $result = json_encode($response);

With this code I get error :

"{\"code\":400,\"result\":\"Malformed Authorization header.\",\"error\":{\"reason\":\"BadRequest\",\"message\":\"Malformed Authorization header.\"}}"

I looked everywhere for solution here and here. All the answers suggest adding username and password which is not necessary with my vendor API, only Api Key and header Basic Auth. What am I doing wrong?

Answer 1

in HTTP Basic Auth, the credentials are supposed to be base64-encoded, are you base64-encoding the key?

Also, in http basic auth, the username and password is separated by a :, is your API key supposed to go as the username or as the password? and what are you sending it as, are you sending it as the username or are you sending it as the password? (if your api key goes before the : then you're sending it as the username, if your key goes after the : then you're sending it as the password), try switching them up, does it work then?

and you're saying http basic auth, but if the API documentation does not explicitly state if the api key goes as the username or the password, i'm not convinced that they're really using http basic auth at all..

anyway, the HTTP Basic Auth specifications can be found here: https://www.rfc-editor.org/rfc/rfc7617