PHP using Basic Authentication for API

[gsgriffin]

I can use the bearer auth id for making a PUT to table, and that works, but I would like to use the client ID and client secret using basic Auth for the CURL in PHP.

I've used base64_encode("clientid:clientsecret") to get the $auth.  $url is going to same URL that works with the bearer id. $data is the same that also works with the bearer auth approach.  Since the Caspio documentation on using the Basic Auth is only 2 sentences long and gives no examples or help, this is what I have, but it does not authenticate.

$auth=base64_encode("my client id:my client secret");
$update=array('TestField'=> "quick Value");
$postdata=json_encode($update);

$url = 'my url.../tables/Test/records?response=rows&q.where=PID%3D1

$curl = curl_init();
curl_setopt_array($curl, array(
    CURLOPT_URL => $url,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => "",
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 30,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_HTTPAUTH => CURLAUTH_BASIC,
    CURLOPT_USERPWD => $auth,
    CURLOPT_CUSTOMREQUEST => "PUT",
    CURLOPT_POSTFIELDS => $data,
    CURLOPT_HTTPHEADER => array(
        "accept: application/json",
        "cache-control: no-cache",
        "content-type: application/json",
        'Content-Length: ' . strlen($data)
    )
));

$result = curl_exec($curl);

curl_close($curl);

echo $result;

Am I misunderstanding this option?  I would like to authenticate without having to use the bearer since that expires.  I want a permanent solution that never expires and thought that is what this approach is for.

 

[ianGPT]

Hi,

One thing I could think of as an alternative is to use refresh tokens instead of access tokens. Since the refresh token expires has a validity of 1 year.

For reference:

https://howto.caspio.com/web-services-api/rest-api/authenticating-rest/#:~:text=as shown below.-,Alternative Authentication,-As an alternative