api v4 authentication

I am getting error. I use this curl:

$url = "";
$params = ['long_url' => ''];

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLINFO_HEADER_OUT, 1);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
$headers[] = 'Authorization: Bearer ffaaf96dd9e.........';
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);

and I am getting this response:

HTTP/2 406 
server: nginx
date: Sun, 27 Oct 2019 09:01:26 GMT
content-type: application/json
content-length: 41
strict-transport-security: max-age=31536000; includeSubDomains
x-xss-protection: 1; mode=blockFilter
x-content-type-options: nosniff
x-frame-options: DENY
content-security-policy: default-src 'none
via: 1.1 google
alt-svc: clear


I googled this error, and no help. Why I am getting this error? Did I do any mistake in coding or should I do something else in my bitly account beside generating token?

Hi there nimasdj,

bearing in mind that I am not in the slightest way a PHP
expert, I believe that cause of your problem could be this…

$url = "";

I changed it to this…

$url = "";

…and the result was this…


Yes, I had tested it with my own url and see the curl was correct, so I don’t know why it is not working with bitly. I think url and api key are correct. Here is their doc about this endpoint:

Hi there nimasdj,

I would humbly suggest, that whilst waiting for other
members here to assist you, that you take your
problem to it’s source for a possible solution…


Their group is no longer active since January 2018.

What does the code that assigns the content-type value look like?

Should I set a content type in headers of this request or should I set a content type for the script page I am using?

If you aren’t, yes, I think you should. At least that’s what the error message suggests to me as a solution.

For sure I sent the request to my phpinfo and I saw no authorization bearer in my phpinfo. I think the way to send authorization bearer is wrong. How should I send it?

If this is sent this should be available as $_SERVER[‘Authorization’] ?

On their side, yes. Not on your side. On your side $_SERVER only contains the headers you receive, not the headers you sent.

The first one, add it as a header as a request them. Do couldn’t care less what content type you serve your own page with.

Their API doesn’t specifically mention it, but all their examples use this:

Content-Type: application/x-www-form-urlencoded

As I said my code is sending data to a phpinfo page and is showing the output of that page so that $_SERVER array must be present in this phpinfo but I don’t see. Can you please test the exact my code and let me know if you are seeing that? In this case, I will know that this is server issue and I can ask my host to fix it. Please let me know.

The header should be in $_SERVER[‘HTTP_AUTHORIZATION’]

I don’t see niether. Can you see it with my code? Please test my code and let me know.

Does this code require OAuth extension?

Did you hard code that token into the php script?

Yes. For sure I tried to send the request to my phpinfo page, but I don’t see it set in any $_SERVER value. Something wrong?
Can you test my code if it is working for you?

Someone familiar with this?

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.