0

I have following code which contains some keys and when someone want to get some info from my server they send that API param with the URL and then it validates with my API keys stored and returns output.

$get_api = $_GET['api'];
$api = array('api_key1','api_key2','api_key3','api_key4');

if(in_array($get_api,$api, true)){
   echo "Found";
} else{
   echo "Not found";
}

When someone pass following API param, they will see output as found when URL is following:

https://www.example.com/index.php?api=api_key1

However I have several servers where I have to host these API Keys. So I cannot manually go and add API keys every time when I have to add one. So I did the following thing. I tried to host API Keys on one server and every other server would look in that file and if found it would return found.

The code for that was:

API Hosted Code: (HTML)

'api_key1','api_key2','api_key3','api_key4'

Code which request API Keys: (PHP)

$get_api = $_GET['api'];
$fetch_keys = file_get_contents("https://www.example.com/path-to-keys.html");
$api = array($fetch_keys);  // fetching and putting that in array

if(in_array($get_api,$api, true)){
   echo "Found";
} else{
   echo "Not found";
}

However, it is not working. It is returning internal error. Please can anyone guide how can I solve it or is their any better way to do it. Thanks

Improve this question
10
  • instead of adding it manually to a file, why not just create a small SQLite3 DB and do some authentication with normal SQL? Commented Jan 27, 2021 at 4:15
  • dump the $api and see if its a correct array variable, if not, just process $fetch_keys content and manually creating the array $api again Commented Jan 27, 2021 at 4:15
  • 1
    how u structure the keys in https://www.example.com/path-to-keys.html? mostly likely, it is treated as 1 whole array like array('api_key1,api_key2,api_key3,api_key4'); instead of array('api_key1','api_key2','api_key3','api_key4');. notice the ' ' . I suggest you process the keys.html to create the array Commented Jan 27, 2021 at 4:24
  • 1
    @Andy Fair enough. My advice is to not make a URL return you all keys. If any intruder gets this URL, he/she could just replay those different kinds of keys to gather information. You can make an authentication layer to make it secure. Commented Jan 27, 2021 at 4:30
  • 1
    @Andy stackoverflow.com/questions/46719676/… Commented Jan 27, 2021 at 4:40

1 Answer 1

Reset to default
2

Try $api= explode (',', $fetch_keys);

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you @mohammed-azar, it is working. Just had to change html code a bit. instead of 'api_key1','api_key2','api_key3','api_key4' it should have been api_key1,api_key2,api_key3,api_key4. Doing that, it works. Thanks!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.