I am sending the username and password to the PHP api with the API_KEY in the .env file. How do I get the user name before the semicolon as the password after the comma in Api? I could not run it with the current code I wrote. I’m using basic auth
.env
API_KEY=...:...
REACT CODE
import {decode as atob, encode as btoa} from 'base-64'
import { API_KEY } from 'dotenv'
import axios from 'axios';
axios.get('...php', { crossdomain: true } , {
headers: {
"Access-Control-Allow-Origin": "*",
'Authorization': 'Basic ' + `${btoa(`${API_KEY}`)}`
}
})
.then(res => { ... })
PHP
$AUTH_USER = '...';
$AUTH_PASS = '...';
if (! empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))
{
preg_match('/^Basics+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $AUTH_PASS);
$str = base64_decode($AUTH_PASS[1]);
list( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) = explode(':', $str);
}
$has_supplied_credentials = !(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['PHP_AUTH_PW']));
$is_not_authenticated = (
!$has_supplied_credentials ||
$_SERVER['PHP_AUTH_USER'] != $AUTH_USER || $_SERVER['PHP_AUTH_PW'] != $AUTH_PASS
);
if ($is_not_authenticated) {
header('HTTP/1.1 401 Authorization Required');
header('WWW-Authenticate: Basic realm="Access denied"');
exit;
}
Advertisement
Answer
You can either write:
const usernameAndPassword = 'a:b'
axios.get('https://some_url', {
headers: {
Authorization: 'Basic ' + btoa(usernameAndPassword),
},
})
Or,
axios.get('https://some_url', {
auth: {
username: 'a',
password: 'b',
},
})
Both are same; will send exact same request headers:
To read the API_KEY i.e. username password from env file, you should name it as REACT_APP_API_KEY and then you can use it in your code as process.env.REACT_APP_API_KEY.