<?php
$apiKey = 'abcdefghijklmnopqrstuvwxyz';

$headers = getallheaders();
$authHeader = isset($headers['X-OX-Auth']) ? $headers['X-OX-Auth'] : null;

if ($authHeader !== $apiKey) {
	http_response_code(403);
	echo "forbidden";
	exit;
}

header('Content-Type: application/json');
echo json_encode([
	'id' => 'my-id',
	'value' => 'my-value',
	'timestamp' => 123456789
]);

?>