The Authorization header not being visible might be a known issue on some servers, if the server only supports Basic/Digest authorization, or is strict about the Authorization: <type> <credentials> header format:
In order to get HTTP Authentication to work using IIS server with the CGI version of PHP you must edit your IIS configuration “Directory Security”. Click on “Edit” and only check “Anonymous Access”, all other fields should be left unchecked.
…and:
Workaround for missing
Authorizationheader under CGI/FastCGI Apache:
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
Now PHP should automatically declare
$_SERVER[PHP_AUTH_*]variables if the client sends theAuthorizationheader.
(It’s an old reference and I’ve not read any of the other comments.)
Also, on Stack Overflow Mun Mun Das writes:
Authorization header […] is discarded by apache if not in valid format. Try using another name.
…to which Mika Tuupola responded:
AFAIK Apache will accept any format Authorization header. It is PHP which discards anything else than valid Basic or Digest header.
Either way, surely “dummy_auth” is not a valid value as it does not follow the syntax Authorization: <type> <credentials>, such as Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l .
All this would not explain why add-Key would be missing, if you’ve indeed configured that too.
(@rmeldo, meanwhile I understand that nowadays the HTTP Integration supports setting an Authorization header or custom header, which it did not support in its initial release. I’ve edited my earlier answers for future readers.)
