Create a REST API using basic PHP with Token Authentication
In this course I will be showing you how to create RESTful web services with PHP, no third party frameworks or paid software is needed.
We will be covering the basics of what REST is and how to implement the basics using pure vanilla PHP, at the end of this course you should be able to create a basic RESTful web service that you can allow other people to use.
The course will follow a scenario that we have been given and that is to implement a web service which can record a list of tasks, basically a to-do list. We will be implementing each requirement one at a time and then we will add on the ability for this API to become a multi user service. So each user can securely have their own task list.
To do this we will be implementing an authentication concept called Token based authentication and we will be exploring this further within the course, Token based authentication is a lot more secure than just basic password authentication and is now a best practice among the industry.
We will be starting at the beginning and building as we go, as long as you know the basics of PHP, such as variables, if statements, loops, arrays and some basic object orientated programming concepts you should be able to follow this course to the end. We will also be using MySQL for the database to store the tasks and we will be building and changing the database as we go, and again you don’t need to be an expert on MySQL but just need to know the fundamentals such as basic select, update, delete SQL statements and concepts such as primary keys and foreign keys.
We will run through an into to this course and who I am.
Describe the contents of this course and the path we will be taking during this course.
We will describe what we will be building during this course.
We will go through the fundamentals of REST and how it is implemented.
Now some of the basics are out of the way we will download and install the required software. This is all FREE! :)
We will run through the requirements for our Task API and any validation we need to carry out on the data.
We will run through the requirements for the Authentication API and any validation we need to carry out.
We will be going through a live demo of the completed API to give you an understanding of how it works before we start building it. This should help you understand some of the reasons why we have chosen to implement some of the functionality in the way we have.
Tasks API Set Up
We will create the Tasks database and design and create the Tasks table using PHPMyAdmin.
We will create the folder structure for our API, this allows us to logically place files so we know what each file is.
Consistency is key for an API and in this video we will be creating a model that will allow us to send a consistent response back to a client.
We will be setting up the connection file so we can use this connection in the rest of our files. We will discuss READ ONLY and READ/WRITE database connections for being able to scale in the future.
We will be creating the Task model, this is used to store the data for a task, e.g. its title, description, deadline and its completed status. By creating a model we can validate the data as we are creating a task and handle any validation errors where needed.
Tasks API Endpoint Implementation
We will now start creating the API and in this video we will be creating the code so we can return a single task to a client - this will be using a GET request.
We will now create the code so we can delete a single task - this will be using a DELETE request.
We will be creating a route so we can return all tasks that are complete and incomplete depending on the route we request.
We will be creating a route that will return all tasks in the system to the client.
We will be creating a route that can return all tasks from the system but on a page by page basis. If there were thousands of tasks to be returned we may not want all of them tasks returned all at once (for performance reasons), so we break them down on a 20 per page basis.
We will be creating the route that will allow us to create a new task, this will be using POST.
We will be creating the route that will allow us to update an existing task, this will be using PATCH.
Mid Course Review
We will take the opportunity to review what we have created so far. At this point the Tasks API will be created and we now need to look at adding authentication to our API.
Token Based Authentication
We will explain what Token Based Authentication is and how this is better than just plain basic authentication. When using in the real world on a live server you must secure the server with HTTPS SSL Certificate.
We will also be explaining why we should use sessions and how it helps with user's experience.
We will create a new database table to store our user details, this include the users username and password (hashed).
We will create the route that will allow a sign up of a new user (create a user), this will be using POST.
We will create a new database table to store our user sessions. This will include their access token and refresh token for their session.
We will creating the route that will allow a user to log in (creating a session). This will return an access token and refresh token to the client. This will be using POST.
We will be creating the route that will allow a user to log out (delete a session). This will delete the row out of the sessions table. This will use DELETE.
We will be creating the route that will allow a user to refresh their access token if it has expired (limited lifetime), so they can carry on using the system. This will be updating an existing session and not creating a new session. This will be using PATCH.
Refactor Tasks API to Include Authentication
Before we can add authentication to the Tasks API we need to modify the Tasks table to add a user id column, this will allow us to assign ownership of a task to a user.
Now that we have an API to sign up a user and log in we will now change our Tasks API that we have created in previous videos to now utilise authentication.
Just a quick thank you and a demo of what a client app may look like when connected to the API we have created. For this I quickly created a basic iPhone App that connects to our API (the same API we created in this course - no changes have been done to use this on an iPhone App) just to demonstrate what each of the HTTP request methods looks like from a client point of view.
Due to popular demand I have decided to allow the demo iOS client app I created for this video to be downloaded.
Please note that this app has no support as it was rushed together for demo purposes only and does not reflect how you would architect and build an iOS app.
Please read the ReadMeFirst.txt file within the .zip file for set up instructions.