How can I access request headers that don't appear in $_SERVER?

Question

I am attempting to create a REST API in PHP and I\'d like to implement an authentication scheme similar to Amazon\'s S3 approach. This involves setting a custom \'Authorizat

Answer 1

Try

$_ENV['HTTP_AUTHORIZATION']

When using CGI interface instead of Apache Module interface, HTTP headers should be available as environment variables.

Answer 2

There is a fantastic PECL extension that allows for all sorts of HTTP related access. PECL_HTTP and more specifically http://php.net/http and http://php.net/manual/en/function.http-get-request-headers.php.

Answer 3

You'll need to do some mod_rewrite wizardry to get your headers past the CGI barrier, like so:

RewriteEngine on
RewriteRule .? - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

<?php
    $auth = $_SERVER['HTTP_AUTHORIZATION'];
?>

Note that if you're using mod_rewrite for other purposes, it could end up being $_SERVER['REDIRECT_HTTP_AUTHORIZATION'].