From a704c18df5006582f36385564d04c466c708feb4 Mon Sep 17 00:00:00 2001
From: Brook Gagnon <brook@pikalabs.com>
Date: Sun, 25 Aug 2024 18:48:41 +0000
Subject: [PATCH] allow use of X-Auth-ID and X-Auth-Key headers for
 authentication (vs post data)

---
 api.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/api.php b/api.php
index aef4d9a8..ecb27181 100644
--- a/api.php
+++ b/api.php
@@ -158,8 +158,12 @@ public function __construct()
             }
         }
 
-        // try to get an ID/key pair for user authorization.
-        if (!empty($_POST['i']) && !empty($_POST['k'])) {
+        if (!empty($_SERVER['HTTP_X_AUTH_ID']) && !empty($_SERVER['HTTP_X_AUTH_KEY'])) {
+            // first check X-Auth-ID and X-Auth-Key headers for user authorization.
+            $auth_id = $_SERVER['HTTP_X_AUTH_ID'];
+            $auth_key = $_SERVER['HTTP_X_AUTH_KEY'];
+        } elseif (!empty($_POST['i']) && !empty($_POST['k'])) {
+            // next try i and k post data for user authorization.
             $auth_id = $_POST['i'];
             $auth_key = $_POST['k'];
         }