How to define the basic HTTP authentication using cURL correctly?
HttpCurlAuthorizationBasic AuthenticationLaminas Api-ToolsHttp Problem Overview
I'm learning Apigility (Apigility docu -> REST Service Tutorial) and trying to send a POST request with basic authentication via cURL:
$ curl -X POST -i -H "Content-Type: application/hal+json" -H "Authorization: Basic YXBpdXNlcjphcGlwd2Q=" http://apigilityhw.sandbox.loc/status
YXBpdXNlcjphcGlwd2Q=
is the base 64 encoded string with my credentials apiuser:apipwd
. The credentials are saved in the /data/htpasswd
(apiuser:$apr1$3J4cyqEw$WKga3rQMkxvnevMuBaekg/
).
The looks like this:
HTTP/1.1 401 Unauthorized
Server: nginx/1.4.7
Date: Mon, 22 Sep 2014 07:48:47 GMT
Content-Type: application/problem+json
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.5.12-1~dotdeb.1
WWW-Authenticate: Basic realm="api"
Where is the mistake here? How to get it work?
Http Solutions
Solution 1 - Http
curl -u username:password http://
curl -u username http://
From the documentation page:
> -u, --user <user:password> > > Specify the user name and password to use for server authentication. > Overrides -n, --netrc and --netrc-optional. > > If you simply specify the user name, curl will prompt for a password. > > The user name and passwords are split up on the first colon, which > makes it impossible to use a colon in the user name with this option. > The password can, still. > > When using Kerberos V5 with a Windows based server you should include > the Windows domain name in the user name, in order for the server to > succesfully obtain a Kerberos Ticket. If you don't then the initial > authentication handshake may fail. > > When using NTLM, the user name can be specified simply as the user > name, without the domain, if there is a single domain and forest in > your setup for example. > > To specify the domain name use either Down-Level Logon Name or UPN > (User Principal Name) formats. For example, EXAMPLE\user and > [email protected] respectively. > > If you use a Windows SSPI-enabled curl binary and perform Kerberos V5, > Negotiate, NTLM or Digest authentication then you can tell curl to > select the user name and password from your environment by specifying > a single colon with this option: "-u :". > > If this option is used several times, the last one will be used.
http://curl.haxx.se/docs/manpage.html#-u
Note that you do not need --basic
flag as it is the default.
Solution 2 - Http
as header
AUTH=$(echo -ne "$BASIC_AUTH_USER:$BASIC_AUTH_PASSWORD" | base64 --wrap 0)
curl \
--header "Content-Type: application/json" \
--header "Authorization: Basic $AUTH" \
--request POST \
--data '{"key1":"value1", "key2":"value2"}' \
https://example.com/
Solution 3 - Http
The easiest way to figure out what authorization header should look like might be first to run curl with -u (or putting the credentials within the URL) and -v and the output will show the request header:
$ curl -v -u 'apiuser:apipwd' ... http://apigilityhw.sandbox.loc/status
# OR putting the credentials in the URL:
$ curl -v ... http://apiuser:[email protected]/status
# copy and paste the "Authorization" header from the output:
$ curl -H 'Authorization: Basic YWRtaW46YXBpcHdk' ... http://apigilityhw.sandbox.loc/status