This content has moved - please find it at

Although these pages remain accessible, some content may not display correctly in future as the new blog evolves.


Restoring missing Authorization header when using PHP with Apache

I was recently looking into using our Mantis Bug Tracker instance to automatically generate product road-maps - now that we are actually starting to properly plan product updates and as keeping them up to date manually isn't really working.

I spent a fair amount of fruitless time sending requests to Mantis via Postman only for every single request to fail with 401 API Token required - despite the fact I'd created a limited access user and generated an API token associated with that.

An error I swiftly got tired of seeing...

In the end after looking at the Mantis source files, I resorted to editing AuthMiddleware.php directly on the server to start spitting out output as a crude way of attempting to identify the issue. This showed that the Authorization header just wasn't present - any other header I sent was there, just that one in particular was missing.

The documentation for apache_request_headers doesn't mention anything about authorisation, nor does getallheaders. $_SERVER on the other hand mentions that new values may be created based on the contents of the Authorization header but it too doesn't state anything about the header being removed.

Fortunately, I found an answer in a user comment for the HTTP authentication with PHP documentation topic which is to alter your .htaccess file to include the following line

SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

I made this change to the .htaccess file located in the Mantis REST API client folders (I didn't do it at the root level), and now the API is working. Baby steps...

Please note however that I'm not a PHP developer, and when it comes to hosting, I'm an IIS guy and have very little familiarity with Apache. So while this tweak works for me, I can't state for certain it is the correct approach or if it should have been handled another way. Nor do I know what the cause is - seems odd that if this was official PHP behaviour that it isn't documented anywhere that I could find. If you know of a better way please let me know!

Content! Glorious glorious content!

Update History

  • 2017-07-06 - First published
  • 2020-11-22 - Updated formatting

About The Author


The founder of Cyotek, Richard enjoys creating new blog content for the site. Much more though, he likes to develop programs, and can often found writing reams of code. A long term gamer, he has aspirations in one day creating an epic video game. Until that time, he is mostly content with adding new bugs to WebCopy and the other Cyotek products.

Leave a Comment

While we appreciate comments from our users, please follow our posting guidelines. Have you tried the Cyotek Forums for support from Cyotek and the community?

Styling with Markdown is supported




# Reply

You Saved me! Thanks a lot.


David Rose

# Reply

4 hours I'll not get back trying to get the API to work. 30 secs after reading the above it's all working :) Many thanks



# Reply

Works like a charm :D


# Reply

Works great, thank you !