du_1993 2017-04-10 20:42
浏览 344
已采纳

使用Httpful和Basic Auth Header进行PHP API调用

I am using Httpful to call an API that uses basic authentication headers.

Here is how my GET request is set up:

<?php
include('httpful.phar');

$uri = "https://example.com";
$response = \Httpful\Request::get($uri)
    ->addHeader('Authorization', 'Basic KEY')
    ->send();
echo $response;
?>

This works correctly and I am able to display the response data on my PHP page.

However, is this the most secure way to add headers using basic auth? Should I be placing the auth key into a separate file or something more secure?

  • 写回答

1条回答 默认 最新

  • duanlu1876 2017-04-10 20:51
    关注

    Should I be placing the auth key into a separate file

    Probably. As a general rule, you should never commit authentication credentials to your source repository. So, if this file is source controlled, I'd pull out the hard-coded value and replace it with a variable.

    How you set that variable depends on your environment. Often it's sufficient to read from a JSON, INI, or YML config file. Just make sure you set your .gitignore (or equivalent) to exclude that config file from the repository, and make sure that the file is outside the web server's document root, so that it can not be read directly.

    Note, if you've already committed the key, then you'll want to change it, as its current value will live forever in your repository history.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 metadata提取的PDF元数据,如何转换为一个Excel
  • ¥15 关于arduino编程toCharArray()函数的使用
  • ¥100 vc++混合CEF采用CLR方式编译报错
  • ¥15 coze 的插件输入飞书多维表格 app_token 后一直显示错误,如何解决?
  • ¥15 vite+vue3+plyr播放本地public文件夹下视频无法加载
  • ¥15 c#逐行读取txt文本,但是每一行里面数据之间空格数量不同
  • ¥50 如何openEuler 22.03上安装配置drbd
  • ¥20 ING91680C BLE5.3 芯片怎么实现串口收发数据
  • ¥15 无线连接树莓派,无法执行update,如何解决?(相关搜索:软件下载)
  • ¥15 Windows11, backspace, enter, space键失灵