How to use Basic Authentication with PHP Curl

In this tutorial we will have a ‘basic’ look at Basic Authentication, and how to use Basic Authentication with PHP Curl.

When sending a request to an API, often it will require some form of Authentication. One of the most common forms of HTTP authentication is Basic Authentication, owing to how easy it is to use and implement.

Note: For this tutorial I am going to assume that you have the PHP Curl extension installed and enabled on your server.

What is Basic Authentication?

Basic authentication is a way for a HTTP user agent to pass a username and password during a request.

To use Basic authentication a client must attach an ‘Authorization’ field to their request. The ‘Authorization’ field contains the word ‘Basic’ followed by a colon seperated, Base64 encoded string containing the username and password.

The basic (decoded) header format is:

Authorization: Basic example_username:example_password

Which becomes (when Base64 encoded):

Authorization: Basic ZXhhbXBsZV91c2VybmFtZTpleGFtcGxlX3Bhc3N3b3Jk

It is worth considering that Basic Authentication has security limitations when compared to something like OAuth because your login credentials are included with each request. Despite this, you will still find fairly wide spread Basic Authentication usage because of how easy it is to implement and manage. For several simple security use-cases, Basic Authentication is a perfectly acceptable solution to use, as long as you are aware that it isn’t completely secure.

Using Basic Authentication with PHP Curl

If you want to make a login call using Basic Authentication via PHP Curl then the snippet below should help you.

$username = 'gav';
$password = 'blog';

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, 'https://www.gavsblog.com');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");

$response = curl_exec($ch);

curl_close($ch);

So what are we doing?

After intialising curl, we are using curl_setopt to configure the options. Specifically, we are setting the following:

• ‘CURLOPT_URL’ is used to specify the URL to call. In this example I’ve added a placeholder URL.
• ‘CURLOPT_RETURNTRANSFER’ is being used to set the response to a string value.
• ‘CURLOPT_HTTPAUTH’ specifies the authentication method to use. We are setting this to ‘CURLAUTH_BASIC’, which is default. If this doesn’t work for you, try setting it to ‘CURLAUTH_ANY’ and have the library find the right usage.
• ‘CURLOPT_USERPWD’ sets the username and password for Basic Authentication. This will Base64 encode your string and set the right ‘Authorization’ headers, basically saving you from having to do it yourself.

Note: For a full explanation of the parameters we are using, please refer to the PHP manual for curl_setopt.

Next, we use curl_exec to run curl and save the response to the ‘$response’ variable (remember we are returning the response as a string) and, finally, we close curl.

At this point you can do whatever it is that you wanted to do with the response!