The headers of an HTTP request sent to Apache are set as environment variables, and can be accessed by an RPGLE CGI-program through the QtmhGetEnv API

The names of custom HTTP-headers are prefixed with “HTTP_”, which means that if you want to to retrieve a header called XTOKEN you have to request the environment variable HTTP_XTOKEN.

However, when you want to retrieve the header Authorization, which is commonly used as an authentication header, you will find that is is not passed to the CGI program. Neither HTTP_AUTHORIZATION nor AUTHORIZATION will give you the value of the header. Apache simply doesn’t pass the Authorization header to the CGI program.

This can fortunately be solved by adding this line to your Apache config file:

Apache config

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

This line will set the value of the environment variable HTTP_AUTHORIZATION to the value the authorization header received by Apache. This can now be retrieved by QtmhGetEnv.

I hope this helps you!