Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Software Development
Programming
Programming Q&A
PHP - Need API w/ Authentication
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="BIOS" data-source="post: 465923" data-attributes="member: 15674"><p>If you want to go more towards a RESTful design, URLs are generally used a bit differently.</p><p></p><p>You want to view them as single entities, rather than the methods you have in the routes (/api/get, /api/post). Don't include the actual HTTP method in the URL, as that's supposed to be implied by the method of the actual HTTP request.</p><p></p><p>So in your example:</p><p>[CODE]/api/get/phone_exists&phone=5555555555[/CODE]</p><p></p><p>This could be implemented as:</p><p>[CODE]GET /api/phone_numbers[/CODE]</p><p>This might return a list of phone numbers, given a specific auth header token.</p><p></p><p>[CODE]GET /api/phone_numbers/5555555555[/CODE]</p><p>Would show you details on a specific phone number</p><p></p><p>Whereas</p><p>[CODE]POST /api/phone_numbers</p><p></p><p>{"phone":"5555555555"}</p><p>[/CODE]</p><p>Would allow you to create a new phone number.</p><p></p><p>Similarly, you could also allow updating a result like so:</p><p>[CODE]PUT /api/phone_numbers/5555555555</p><p></p><p>{"new_phone":"1111111111"}</p><p>[/CODE]</p><p>would allow you to update the old phone number value.</p><p></p><p>DELETE might delete a phone number from the system, and so on.. Query strings can be used but it's generally cleaner to sparsely use them, e.g. GET /api/phone_numbers?limit=15 to limit the number of items in the response. They're often used for pagination too.</p><p></p><p>I wouldn't necessarily create a new PHP file for every command, instead follow a design pattern; a common one which many use is MVC but there's others too. In Rasta's example you might have a User controller which interacts with a User model/repository (essentially any query/database logic), and views which would be your response.</p><p></p><p>You also don't have to do any nasty rewrites yourself, you can use an application router to handle all that for you, e.g, see: <a href="https://symfony.com/doc/current/routing.html#creating-routes-in-yaml-xml-or-php-files" target="_blank">https://symfony.com/doc/current/routing.html#creating-routes-in-yaml-xml-or-php-files</a>.</p><p></p><p>For the actual auth you'll probably want to use the Authorization header as Rasta pointed out, but how you build that system is entirely up to you. Though I'd recommend standards like <a href="https://oauth.net/2/bearer-tokens/" target="_blank">OAuth</a>. Here's some libraries to look at for PHP: <a href="https://oauth.net/code/php/" target="_blank">https://oauth.net/code/php/</a></p><p></p><p>Further reading:</p><p>[URL unfurl="true"]https://www.vinaysahni.com/best-practices-for-a-pragmatic-restful-api#restful[/URL]</p><p>[URL unfurl="true"]https://blog.codinghorror.com/understanding-model-view-controller/[/URL]</p><p>[URL unfurl="true"]https://www.slimframework.com/[/URL]</p></blockquote><p></p>
[QUOTE="BIOS, post: 465923, member: 15674"] If you want to go more towards a RESTful design, URLs are generally used a bit differently. You want to view them as single entities, rather than the methods you have in the routes (/api/get, /api/post). Don't include the actual HTTP method in the URL, as that's supposed to be implied by the method of the actual HTTP request. So in your example: [CODE]/api/get/phone_exists&phone=5555555555[/CODE] This could be implemented as: [CODE]GET /api/phone_numbers[/CODE] This might return a list of phone numbers, given a specific auth header token. [CODE]GET /api/phone_numbers/5555555555[/CODE] Would show you details on a specific phone number Whereas [CODE]POST /api/phone_numbers {"phone":"5555555555"} [/CODE] Would allow you to create a new phone number. Similarly, you could also allow updating a result like so: [CODE]PUT /api/phone_numbers/5555555555 {"new_phone":"1111111111"} [/CODE] would allow you to update the old phone number value. DELETE might delete a phone number from the system, and so on.. Query strings can be used but it's generally cleaner to sparsely use them, e.g. GET /api/phone_numbers?limit=15 to limit the number of items in the response. They're often used for pagination too. I wouldn't necessarily create a new PHP file for every command, instead follow a design pattern; a common one which many use is MVC but there's others too. In Rasta's example you might have a User controller which interacts with a User model/repository (essentially any query/database logic), and views which would be your response. You also don't have to do any nasty rewrites yourself, you can use an application router to handle all that for you, e.g, see: [URL]https://symfony.com/doc/current/routing.html#creating-routes-in-yaml-xml-or-php-files[/URL]. For the actual auth you'll probably want to use the Authorization header as Rasta pointed out, but how you build that system is entirely up to you. Though I'd recommend standards like [URL='https://oauth.net/2/bearer-tokens/']OAuth[/URL]. Here's some libraries to look at for PHP: [URL]https://oauth.net/code/php/[/URL] Further reading: [URL unfurl="true"]https://www.vinaysahni.com/best-practices-for-a-pragmatic-restful-api#restful[/URL] [URL unfurl="true"]https://blog.codinghorror.com/understanding-model-view-controller/[/URL] [URL unfurl="true"]https://www.slimframework.com/[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Software Development
Programming
Programming Q&A
PHP - Need API w/ Authentication
Top