Using Authorization header for EmonCMS API access

Is anyone successfully using the HTTP header method for authenticating to emonCMS? This appears to be non-functional with the current (9.8.6 | 2017.05.10 emonCMS and emonSD November 2016 image).


I’m running emonCMS (9.8.6 | 2017.05.10) on an emonBASE in low-write mode with the November 2016 emonSD image. Attempts to call the API using the “Authorization: Bearer” syntax via curl and other methods return a “Username or password empty” response. I’ve confirmed via network trace that my header is attached and that the API key works when POSTing or adding as a query parameter to a GET request.

Throwing a one-liner print_r($_SERVER) php script together reveals that the Authorization header is not getting set in the $_SERVER array when passed to PHP. This bug report (PHP :: Bug #72915 :: HTTP_AUTORIZATION header missing for Bearer Auth when using apache module) suggests that Authorization: Bearer methods are not supported in PHP.

If I change the emoncms code to look for an X-Authorization header (and adjust my client code to match), things work as expected.

It seems pretty convincing that this auth method doesn’t work with PHP, but I’m surprised this hasn’t bitten other emonCMS users. Experiences that can confirm/deny that they’ve gotten the Authentication header method to work off the emonSD provided config would be super appreciated.

See here if it helps PHP does not see Authorization header

Great find! That does the trick. Thanks!

Seems like this should be rolled up into either emonCMS itself or the emonSD build image. Since emonCMS has a dedicated GH repo, I’ll submit an issue there.

Thanks again!

1 Like

Fix has been merged, thanks a lot guys:

It will be merged into the ‘Stable’ Emoncms branch (what the emonPi / emonBase run as default) in the next release.