I'am trying to send via curl a rest request with a header consisting of authorization key and api key.

Therefore I build following curl call:

$api_key = 'abc';
$token = 'xyz';


$authorization = 'Authorization: Bearer ' . $token;
$api = 'Api_key: ' . $api_key;

curl_setopt($curl, CURLOPT_HTTPHEADER, array($authorization, $api));

curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $curl_post_data);
curl_setopt($curl, CURLINFO_HEADER_OUT, true); // Detail information for debugging
curl_setopt($curl,CURLOPT_VERBOSE,true);
$curl_response = curl_exec($curl);

Debugging the header on the server side shows a header collection with:

expect (array)
accept (array)
host (array)
authorization (array)

A closer look to the authorization array shows that there is only one item. This is the value of the authorization key from the client. The second value, the api_key is missing in the header/authorization array.

Request_header of the client shows, Api_key is available:

Host: localhost
Authorization: Basic RG9yaXMgS3JhenM6S3JhdXMxMDAw
Accept: */*
Api_key: abc
Content-Length: 458
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------224938f738738f42

Why is the server not able to recieve the full http header authentication information, which is build on an array. Development environment is apache, php 7, yii, phpstorm.

I've solved the problem with putting the API key as 'x-api-key' in the HTTP Header.

This looks like the following code:

$api_key = 'abc';
$token = 'xyz';

$authorization = 'Authorization: Bearer ' . $token;
$api = 'x-api-key: ' . $api_key;
curl_setopt($curl, CURLOPT_HTTPHEADER, array($authorization, $api));