Grab the requested slug from wp_remote_retrieve_body

I’m building an auto-theme updater for self hosted (non repository) based WordPress themes. I’ve built most of my code off Clark’s PHP script.

I’ve made major modification and would love to share them once I’m 100% done, but first…

I’m stuck on this final part with will allow for multiple themes and/or plugins to access one API file. In my update script (inside my theme) I’m sending this:

$prefix = 'theme-name';

$request = array(
	'slug' => $prefix
);

$url = 'http://url-of-my-api.key/index.php';

$options = array(
	'body' => array( 
		'request' => $prefix, // OR
		//'request' => serialize( $request ),
		'version' => $theme['Version'],
		'wp_version' => $wp_version,
		'php_version' => phpversion(),
		'user-agent' => "WordPress/$wp_version;" . get_bloginfo( 'url' )
	)
);

$response = wp_remote_post( $url, $options );
$update = wp_remote_retrieve_body( $response );

And in my index.php file located at my API site, I am trying to get the body’s request (which is my theme name). I’ve used $_POST['request'] and $_REQUEST['request'] with no results, any ideas?

Also, sidebar… Trying to deny public access to this file, but I added a preg_match() for PHP_SELF on the index.php file but it was triggered by the wp_remote_retrieve_body. Booo. Know of a better way than show below?

if ( preg_match( "/index.php$/i", $_SERVER['PHP_SELF'] ) ) {
	header( 'Status: 403 Forbidden' );
	header( 'HTTP/1.1 403 Forbidden' );
	die( "You don't have permission to access this file directly." );
}