I have setup Basic Auth for an Opencart project for browser authentication to allow access to relevant users only. Now, I need to use REST API for a mobile app. When I call an endpoint from the API to get some details from Opnecart Project it requires an access_token to be generated from API and by using that access_token with every request, I can get details from the API. The problem is Basic Auth that I have setup for project and because of that I cannot access API as I can only use 1 method to access the API that is GET method to get the details from opencart, I cannot use 2 methods i.e. Auth Header and GET methods. So, what I am trying to do is to disable Basic Auth if the Request_URI includes api calls.
What I have tried so far with the vhost of the project is following, but all this did not work.
Got the idea from the following question's accepted answer but it didn't workout for me.
https://stackoverflow.com/questions/8978080/htaccess-exclude-one-url-from-basic-auth?answertab=votes#tab-top
<Directory /var/www/html/projectexample>
AllowOverride All
# Auth stuff
AuthName "Authentication Required"
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
Order allow,deny
Deny from all
Satisfy any
<RequireAny>
<RequireAll>
Require expr %{REQUEST_URI} =~ m#^/api/rest/.*#
</RequireAll>
Require valid-user
</RequireAny>
</Directory>
I have also tried to use SetEnvIf environment variable like following but it didn't workout either.
<Directory /var/www/html/projectexample>
AllowOverride All
# Auth stuff
AuthName "Authentication Required"
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
SetEnvIf Request_URI "^/api/*" allow=1
#SetEnvIf Request_URI "^/(api/*)" allow=1
Order allow,deny
Require valid-user
Allow from env=allow
Deny from env!=allow
Satisfy any
</Directory>
Any Solutions Please?
