I'm working in the Video Game Aggregator however the API has changed quite a bit since the series was published causing some confusion.
In the series they use they use a config('services.key') approach which storing the key in the .env file.
Now that the API is updated to V4 it requires a "Client-ID" and Authorization bearer token.
I can just bypass the config option and enter the API details directly as shown below and works but that doesn't seem like a good idea from a security perspective.
$gameRankings = Http::withHeaders([
'Client-ID' => 'CLIENT_API_KEY_HERE',
'Authorization' => 'Bearer ACCESS_TOKEN_HERE',
])
I tried the following approach to combine bearer + key with a space between but still get an API Error. Good news is at least the API sees I'm trying, guess that's a start.
$gameRankings = Http::withHeaders([
'Client-ID' => config('services.api.client-id'),
'Authorization' => config('bearer ' . 'services.api.key')
])
Error:
array:6 [▼
"message" => "Authorization Failure. Have you tried:"
"Tip 1" => "Ensure you are sending Authorization and Client-ID as headers."
"Tip 2" => "Ensure Authorization value starts with 'Bearer ', including the space"
"Tip 3" => "Ensure Authorization value ends with the App Access Token you generated, NOT your Client Secret."
"Docs" => "https://api-docs.igdb.com/#authentication"
"Discord" => "https://discord.gg/FrvfwQg"
]
My question is how can I use a config/env solution and still include the bearer + key?
