I'm using PHP cURL to test an API which sits on a dev site that is protected by Apache HTPASSWD.
$jwt = // a standard JWT token
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://dev.mysite.com/api');
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($curl, CURLOPT_USERPWD, 'myuser:mypass');
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json', 'Authorization: Bearer '.$jwt));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec($curl);
However, it seems that setting the HTTPHEADER overrides the Basic authentication needed for HTPASSWD, as the calls return a 401 UNAUTHORIZED.
I have also tried (without success):
curl_setopt($curl, CURLOPT_URL, 'https://myuser:mypass@dev.mysite.com/api');
Is there a way I can include both of these header values in the API call using cURL? Or is there something else I'm doing wrong here?
https://www.rfc-editor.org/rfc/rfc6750 says you can use Bearer as
Form-Encoded Body Parameter: Authorization: Bearer mytoken123
URI Query Parameter: access_token=mytoken123
So an option would be to set the token as query param.