This is a HTTP request header that contains the credentials in order to authenticate a user with a server. It usually happens after the server has responded with “401 Unauthorized” status and the WWW-Authenticate header.
The use of this header is regarded as the most common way of giving authentication information. If a user wants to send the authentication credentials to server, he/she can use Authorization header. The verification of an attempt for allowance of the connection is termed as “Authorization”. It takes place only after successful completion of authentication.
The process of authorization checks whether or not we have the permission in order to access the required data we need from the server. If we (for example) send a request then we have to often include parameters so as to ensure that the request we made has got permission in order to access as well as return data which we want.
In REST API(s) we make use of this header so as to do Authentication (or both) as because we know that while calling for an API we request access to few specific resources which indicates that server should very well know whether or not it should be giving access to that particular resource. So, developing and designing of the RESTful API Authorization header seems fine enough.
Enablement in Apache:
The correct way would be to pass the header directly in to the PHP backend via the env:
SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1
The above mentioned syntax needs to be added to “.httaccess” or in to the <VirtualHost> of “httpd.conf” file and Apache server restarted again.
Enablement in Nginx:
Addition of the below mentioned syntax;
proxy_set_header Authorization “Basic dXNlcjpwYXNzCg==”;
Or, addition of the below lines in our location block.
proxy_set_header Authorization $http_authorization;