Well actually this is related to server end .
There is some kind of program running on server that is stripping any parameter in php $_SERVER global variable which have the word "authorization" in it .
We can only try adding some special config lines in .htaccess file in root which I already tried yesterday .
also in api code we have already added hacks to make the authorization headers work .
Right now anyone who need to dig into this and resolve this is your webhost .