How can I check curl api key is authorized or not in reciever side

Updated

For Page A, lets add your api key to your json array before you send it. Like this:

$myData = array("users" => $json['users']);$key = 'OTM2NTQ0MwMTA3MDYxMQNDAxOTU2MwMTA4MDQ1MgMzIzMDAyMA';$api_key = array('apikey' => $key);$myData = $myData + $api_key;$payload = json_encode($myData);$endpoint = 'http://localhost/apib/data.php';$ch1 = @curl_init();        @curl_setopt($ch1, CURLOPT_POST, true);        @curl_setopt($ch1, CURLOPT_POSTFIELDS, $payload);        @curl_setopt($ch1, CURLOPT_URL, $endpoint);        @curl_setopt($ch1, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));        @curl_setopt($ch1, CURLOPT_RETURNTRANSFER, true);        $response = @curl_exec($ch1);        $status_code = @curl_getinfo($ch1, CURLINFO_HTTP_CODE);        $curl_errors = curl_error($ch1);        @curl_close($ch1);        /*echo "curl Errors: " . $curl_errors;        echo "\nStatus code: " . $status_code;        echo "\nResponse: " . $response;*/        echo "\nResponse: " . $response;

If all you want to do is compare the value of the key from page A to page B then you can do something like this for page B.

Page B:

    $api_key = 'OTM2NTQ0MwMTA3MDYxMQNDAxOTU2MwMTA4MDQ1MgMzIzMDAyMA';    $jfile = file_get_contents('php://input');    $final_res = json_decode($jfile, true);    print_r($final_res);            $dataaa =  $final_res['users'];         if($api_key == $final_res['apikey']){              echo 'The api key matches.';      global $db;      $db = mysqli_connect("localhost", "root", "", "apis");      if($db === false){        die("ERROR: Could not connect. " . mysqli_connect_error());      }    } else {       echo 'The api key does not match.';      exit();    }

This is bad practice because it appears as though your api key will be constant. Anyone who sees the api key will be able to use it at will to do whatever page B does. There is not a true safeguard here. And if your api key is used for anything else that may be important your sharing it to the world.

If you do what I suggested in my comment the api key can be shared between page A and B but the actual value attached to the api key in the post request will change every time it is sent. But you will be able to decrypt it and it will always be the api key. If not then there was a problem. Plus you will be able guarantee that that any other data you sent has also not been tampered with provided your secret keys have not been compromised.

I strongly urge you to read this link:

https://paragonie.com/blog/2015/05/using-encryption-and-authentication-correctly

To do what you are doing it's actually not all that difficult, you just have to familiarize yourself with the library you choose and the methods that are needed.