我尝试访问的端点需要 HTTPS 和基本身份验证.我的团队获得了一个 API 密钥，文档说明使用该密钥作为用户名，并将密码留空.

The endpoint I'm trying to reach requires HTTPS and Basic Authentication. My team was given an API key, and the documentation states to use the key as the username, and to leave the password blank.

这是文档中的示例 CURL 请求:

Here is the example CURL request from the documentation:

curl -i -k -u '<api_key>': -XPOST --data-urlencode data@/path/to/test/file.json "https://<your_subdomain>.vendor.org/api/v1/assessments/import"; echo ""

当我使用 Chrome 的 Postman 扩展程序执行以下操作时，我得到了来自服务器的成功响应:

When I execute the following using the Postman extension for Chrome, I get a successful response from the server:

我正在尝试使用 PHP(XAMPP 安装)在本地执行此操作.以下是来自服务器的响应，说用户名/密码不正确:

I'm trying to execute this locally using PHP (XAMPP install). The following is getting a response from the server saying the username/password is incorrect:

function curlPost($url, $headers, $username, $password, $data) {
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, $url);
	curl_setopt($ch, CURLOPT_CAINFO, 'certificate.pem');
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
	curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
	curl_setopt($ch, CURLOPT_HEADER, true);
	curl_setopt($ch, CURLOPT_USERPWD, $username . ":" . $password);
	curl_setopt($ch, CURLOPT_TIMEOUT, 30);
	curl_setopt($ch, CURLOPT_POST, true);
	curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
	print_r(curl_exec($ch));
	// print_r(curl_getinfo($ch));
	// print_r(curl_error($ch));
	curl_close($ch);
}

$data = '{"key":"value", "key":"value"}';
curlPost('https://domain.com/api/data', ['Content-Type: application/xml'], 'api_key', '', $data);

{"success":false,"errors":["Email/Username or password incorrect. Please try again."],"warnings":[],"info":[],"meta":[],"results":[]}

$data 中使用的 JSON 字符串是从成功的 Postman 请求中复制和粘贴的.

The JSON string used in $data was copied and pasted from a successful Postman request.

certificate.pem 与脚本位于同一文件夹中，并且已授予所有人读/写权限.我已经尝试从我的机​​器上导出我们供应商网站的特定证书，以及在 这篇文章.我能够使用它通过 PHP/CURL 成功访问供应商的 api-key-test 端点.

The certificate.pem is in the same folder as the script, and read/write permissions have been given to everyone. I have tried exporting the specific certificate for our vendor's site from my machine as well as the CA bundle linked in the top response to this post. I was able to use it to successfully hit the vendor's api-key-test endpoint via PHP/CURL.

我对此很陌生.你介意帮我弄清楚我所缺少的吗?虽然我已经复制和粘贴了很多，但该功能主要是我自己的.headers 的参数将用于其他事情.

I'm pretty new to this. Would you mind helping me wrap my head around what I'm missing? While I've copied and pasted a ton, the function is largely my own. The parameter for headers will be used for other things.

推荐答案

带有 HTTP Authorization 标头的基本身份验证使用 Base64 编码的username:password"值(不带双引号)

Basic Authentication with the HTTP Authorization header uses the Base64 encoded value of "username:password" (without the double quotes)

所以我假设在您的情况下，您需要对yourApiKeyValue:"进行 Base64 编码，并将其放在 cURL 命令的授权标头中

So I'm assuming in your case you would need to Base64 encode "yourApiKeyValue:" and put that in a Authorization header in your cURL command

MDN 参考 - HTTP 身份验证

这也可能有帮助

我该怎么做使用 http basic authentication-with-php-curl 发出请求