Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

signalwarrant's avatar

External API authentication with username and password, no API key

I'm learning Laravel so excuse my ignorance. With the aid of this video (https://laracasts.com/series/laravel-cookbook/episodes/12) I think I have managed to get a good authentication.

This is my web.php

Route::get('/data', function() {
    $responseiRacing = Http::Get('https://members-ng.iracing.com/auth'.config('services.iRacing.email', 'services.iRacing.password'));

    dump($responseiRacing->status());
    dump($responseiRacing->headers());
    return view('data');
});

I get a status code 200 which I think is a good thing. I have not figured out how to use $responseiRacing object to make a call to the API endpoints. For instance, now that (I think) I have authenticated how do I use the $responseiRacing object to make a get call to this endpoint? https://members-ng.iracing.com/data/constants/divisions

Any gentle nudging in the right direction would be much appreciated.

0 likes
2 replies
oakydev's avatar

You did not provide any useful informations. We do not know how their api is set up.

If I'm right you need to authenticate each time you make a request to their api.

What does their docs say about authenticate exactly?

signalwarrant's avatar

@oakydev , the docs are pretty much non-existent. They list all the available endpoints but not much else. I have this working with powershell, trying to port the functionality over to PHP PowerShell code for reference

 $clearPassword = 'xxxxxxxxxxxx'
$clearEmail = 'xxxxxxxxxxxxxxxx'
$hasher = [System.Security.Cryptography.HashAlgorithm]::Create('sha256')
$hash = $hasher.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($clearPassword + $clearEmail))
$pass = [Convert]::ToBase64String($hash)
$params = @{
    email    = $clearEmail
    password = $pass
}
$auth = Invoke-WebRequest 'https://datasite.com/auth' -Method POST -Body $params -SessionVariable session

$authCookie = $auth.content | ConvertFrom-Json 

$uri = "https://datasite.com/data/stats/member_yearly"
$cookie = New-Object System.Net.Cookie 
$cookie.name = $authCookie.ssoCookieName
$cookie. Path = "/"
$cookie. Value = $authCookie.ssoCookieValue
$cookie. Domain = $authCookie.ssoCookieName
$session.Cookies.Add($cookie)

Once I can get the cookie squared away for auth, make the first request to get the AWS cache link for the endpoint, finally query the AWS link for the API results. Looks like this in PowerShell

$AWSCache = Invoke-RestMethod -Uri $uri -WebSession $session -Body $params
    $EndpointLink = $AWSCache.link

 $Data = Invoke-RestMethod -Uri $EndpointLink  -WebSession $Session

Any thoughts?

Please or to participate in this conversation.