Environment
- Matomo hosted at analytics.bunnyapartment.com
- Apache: Apache/2.4.67 (Debian)
- PHP: 8.4.21
- PHP SAPI: Apache 2 Handler
- Document root: /var/www/matomo
Issue
Matomo MCP requests were failing with 401 Unauthorized, even when the client was sending the expected Authorization header.
Cause
Apache was not exposing the incoming Authorization header to PHP as HTTP_AUTHORIZATION. As a result, Matomo/MCP could not read the bearer token or auth credentials and treated the request as unauthenticated.
Solution
Add the following line to Matomo’s .htaccess file:
SetEnvIf Authorization "^(.*)$" HTTP_AUTHORIZATION=$1
Result
After adding this rule, Apache forwards the Authorization header into the PHP environment as HTTP_AUTHORIZATION, allowing Matomo MCP authentication to succeed instead of returning 401.
Environment
Issue
Matomo MCP requests were failing with 401 Unauthorized, even when the client was sending the expected Authorization header.
Cause
Apache was not exposing the incoming Authorization header to PHP as HTTP_AUTHORIZATION. As a result, Matomo/MCP could not read the bearer token or auth credentials and treated the request as unauthenticated.
Solution
Add the following line to Matomo’s
.htaccessfile:SetEnvIf Authorization "^(.*)$" HTTP_AUTHORIZATION=$1Result
After adding this rule, Apache forwards the Authorization header into the PHP environment as HTTP_AUTHORIZATION, allowing Matomo MCP authentication to succeed instead of returning 401.