Normal
If you want to go more towards a RESTful design, URLs are generally used a bit differently.You want to view them as single entities, rather than the methods you have in the routes (/api/get, /api/post). Don't include the actual HTTP method in the URL, as that's supposed to be implied by the method of the actual HTTP request.So in your example:[CODE]/api/get/phone_exists&phone=5555555555[/CODE]This could be implemented as:[CODE]GET /api/phone_numbers[/CODE]This might return a list of phone numbers, given a specific auth header token.[CODE]GET /api/phone_numbers/5555555555[/CODE]Would show you details on a specific phone numberWhereas[CODE]POST /api/phone_numbers{"phone":"5555555555"}[/CODE]Would allow you to create a new phone number.Similarly, you could also allow updating a result like so:[CODE]PUT /api/phone_numbers/5555555555{"new_phone":"1111111111"}[/CODE]would allow you to update the old phone number value.DELETE might delete a phone number from the system, and so on.. Query strings can be used but it's generally cleaner to sparsely use them, e.g. GET /api/phone_numbers?limit=15 to limit the number of items in the response. They're often used for pagination too.I wouldn't necessarily create a new PHP file for every command, instead follow a design pattern; a common one which many use is MVC but there's others too. In Rasta's example you might have a User controller which interacts with a User model/repository (essentially any query/database logic), and views which would be your response.You also don't have to do any nasty rewrites yourself, you can use an application router to handle all that for you, e.g, see: https://symfony.com/doc/current/routing.html#creating-routes-in-yaml-xml-or-php-files.For the actual auth you'll probably want to use the Authorization header as Rasta pointed out, but how you build that system is entirely up to you. Though I'd recommend standards like OAuth. Here's some libraries to look at for PHP: https://oauth.net/code/php/Further reading:[URL unfurl="true"]https://www.vinaysahni.com/best-practices-for-a-pragmatic-restful-api#restful[/URL][URL unfurl="true"]https://blog.codinghorror.com/understanding-model-view-controller/[/URL][URL unfurl="true"]https://www.slimframework.com/[/URL]
If you want to go more towards a RESTful design, URLs are generally used a bit differently.
You want to view them as single entities, rather than the methods you have in the routes (/api/get, /api/post). Don't include the actual HTTP method in the URL, as that's supposed to be implied by the method of the actual HTTP request.
So in your example:
[CODE]/api/get/phone_exists&phone=5555555555[/CODE]
This could be implemented as:
[CODE]GET /api/phone_numbers[/CODE]
This might return a list of phone numbers, given a specific auth header token.
[CODE]GET /api/phone_numbers/5555555555[/CODE]
Would show you details on a specific phone number
Whereas
[CODE]POST /api/phone_numbers
{"phone":"5555555555"}
[/CODE]
Would allow you to create a new phone number.
Similarly, you could also allow updating a result like so:
[CODE]PUT /api/phone_numbers/5555555555
{"new_phone":"1111111111"}
would allow you to update the old phone number value.
DELETE might delete a phone number from the system, and so on.. Query strings can be used but it's generally cleaner to sparsely use them, e.g. GET /api/phone_numbers?limit=15 to limit the number of items in the response. They're often used for pagination too.
I wouldn't necessarily create a new PHP file for every command, instead follow a design pattern; a common one which many use is MVC but there's others too. In Rasta's example you might have a User controller which interacts with a User model/repository (essentially any query/database logic), and views which would be your response.
You also don't have to do any nasty rewrites yourself, you can use an application router to handle all that for you, e.g, see: https://symfony.com/doc/current/routing.html#creating-routes-in-yaml-xml-or-php-files.
For the actual auth you'll probably want to use the Authorization header as Rasta pointed out, but how you build that system is entirely up to you. Though I'd recommend standards like OAuth. Here's some libraries to look at for PHP: https://oauth.net/code/php/
Further reading:
[URL unfurl="true"]https://www.vinaysahni.com/best-practices-for-a-pragmatic-restful-api#restful[/URL]
[URL unfurl="true"]https://blog.codinghorror.com/understanding-model-view-controller/[/URL]
[URL unfurl="true"]https://www.slimframework.com/[/URL]