0

I have an API deployed on a server that's now protected using basic authentication.

I also have a script running on the SAME server that the APi running on, that needs to call the API.

script: test.php

<?php
$url = 'https://my_site.myapi/account/add/{"account_id":"1234555"}
$username = 'myname';
$password = 'mypassword';
$ch=curl_init();
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_USERPWD, $username.":".$password);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,5);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
$data = curl_exec($ch);
curl_close($ch);

When I try calling test.php from a browser:

https://my_site.myapi/test.php

I am promoted for user name and password. I am not getting an error message. Any ideas?

VirtualHost Section

DocumentRoot /var/www/mysite/web/
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

<Directory "/var/www/api_section_1">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
    AuthType Basic
    AuthName "Restricted Access"
    AuthUserFile /usr/local/apache/passwd/passwords
</Directory>

Alias /winapi /var/www/another_section/
<Directory "/var/www/another_section">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
    AuthType Basic
    AuthName "Restricted Access"
    AuthUserFile /usr/local/apache/passwd/passwords
</Directory>
Improve this question

2 Answers 2

Reset to default
1

If you're getting prompted for a password, that's not coming from your curl call, but rather apache. My guess is that your https://my_site.myapi/test.php page is also mistakenly protected by the basic auth.

curl_exec() would return an error indicating that authentication was required, not prompt you for it.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

@EastsideDeveloper I assume you've restarted Apache after making these changes? Does it prompt for credentials for other scripts in that same directory?
Yes, I restarted Apache. I deleted the passwords files and re-created it. That solved the problem.
But, I also initially had the main document directory protected (that's in addition to the corrupt passwords file)
0

Is your basic authentication expecting any encoding - for example the username and password token may need to be base64 encoded.

Another thing to check is that the details make it into the Authorization header - check the request headers to see if this is the case.

Improve this answer

2 Comments

I tried it with and without base64 encoding. I thought that the point of using cUrl is that I did not need to send an Authorization header
I would imagine that curl abstracts you from setting it, but sets it based on the curl options you pass. You need to check the actual request headers to see what is really sending.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.