I am using the Flight PHP Framework to develop a RESTful API in PHP. Everything is working perfect except for all my routes the response from the API always contains the HTTP Status '200' even if I set it as '403' or '500' using the PHP code:
header('HTTP/1.1 403 Forbidden');
I am using POSTMAN chrome add on to send calls to the API and it always returns status '200 OK'.
This is the FLIGHT PHP code:
Flight::route('GET /organisation/id', function(){
if (isset($_SERVER['HTTP_APIKEY']) && isset($_SERVER['HTTP_CLIENTID'])) {
$organisationID = checkAPIKey($_SERVER['HTTP_APIKEY']);
if ($organisationID !== false) {
$response = array('status' => '200', 'data' => array('organisationID' => $organisationID));
header('HTTP/1.1 200 OK');
header('Content-type: application/json');
logAPICall($_SERVER['HTTP_CLIENTID'], $organisationID, $_SERVER['REMOTE_ADDR'], json_encode($response), '', $_SERVER['HTTP_APIKEY']);
echo json_encode($response);
} else {
header('HTTP/1.1 403 Forbidden');
header('Content-type: application/json');
$responseArray = array( 'status' => '403', 'errorCode' => '1', 'error' => 'Unauthorised API access');
logAPICall($_SERVER['HTTP_CLIENTID'], $organisationID, $_SERVER['REMOTE_ADDR'], json_encode($responseArray), '', 'No API Key');
$stmt = null;
$db = null;
echo json_encode($responseArray);
}
} else {
header('HTTP/1.1 403 Forbidden');
header('Content-type: application/json');
$responseArray = array( 'status' => '403', 'errorCode' => '1', 'error' => 'Unauthorised API access or Missing Client Header');
logAPICall('No Client Header', '', $_SERVER['REMOTE_ADDR'], json_encode($responseArray), '', 'No API Key');
$stmt = null;
$db = null;
echo json_encode($responseArray);
}
});
Any ideas as to why this is happening would be much appreciated! Cheers