I have some of my Drupal website contents exposed through a Json rest service. To access them I perform an http request with the Basic Auth protocol (i.e., adding the Authorization header).
My problem is that this website must be published in a folder protected by the AuthUserFile method (i.e., the .htaccess + .htpasswd). Both methods require the same request header "Authorization", so i have no idea how to put them both on the request.
A request example would be:
curl -X GET \
http://exmple.com/restendpoint \
-H 'Authorization: Basic YWRtaslkdskdfhlskdjfgksdfgjpbmlzaA==' \
-H 'Content-Type: application/json'
Now, this request (given the corresponding credentials) works if I have only .htaccess authentication, or if I have only website authentication, but not both. I also tried to set same user and password for both the mechanism, but this doesn't work, I always can't access the content.
Is there any way to make these two mechanisms coexist?
It is by definition not possible to include two different sets of credentials to a single request. Therefor you need to avoid multiple authentication requests by e.g. ip wildcards for your htaccess file.