4.69 out of 5
27 reviews on Udemy

Create a REST API using basic PHP with Token Authentication

Develop a real world REST API with login - Basic PHP and MySQL (no frameworks needed) - following a real world scenario.
Michael Spinks
160 students enrolled
How to build a REST web services (API) with plain PHP (no frameworks required)
What Token Based Authentication is and why it is better than Basic Authentication
Fundamental Principles of REST
API Testing using Postman App

In this course I will be showing you how to create RESTful web services with PHP, no third party frameworks or paid software is needed.

We will be covering the basics of what REST is and how to implement the basics using pure vanilla PHP, at the end of this course you should be able to create a basic RESTful web service that you can allow other people to use.

The course will follow a scenario that we have been given and that is to implement a web service which can record a list of tasks, basically a to-do list. We will be implementing each requirement one at a time and then we will add on the ability for this API to become a multi user service. So each user can securely have their own task list.

To do this we will be implementing an authentication concept called Token based authentication and we will be exploring this further within the course, Token based authentication is a lot more secure than just basic password authentication and is now a best practice among the industry.

We will be starting at the beginning and building as we go, as long as you know the basics of PHP, such as variables, if statements, loops, arrays and some basic object orientated programming concepts you should be able to follow this course to the end. We will also be using MySQL for the database to store the tasks and we will be building and changing the database as we go, and again you don’t need to be an expert on MySQL but just need to know the fundamentals such as basic select, update, delete SQL statements and concepts such as primary keys and foreign keys.



We will run through an into to this course and who I am.

Course Contents

Describe the contents of this course and the path we will be taking during this course.

Project Scenario

We will describe what we will be building during this course.


What is REST?

We will go through the fundamentals of REST and how it is implemented.

Set up

Software Set Up

Now some of the basics are out of the way we will download and install the required software. This is all FREE! :)

API Requirements

Tasks API Requirements

We will run through the requirements for our Task API and any validation we need to carry out on the data.

Authentication API Requirements

We will run through the requirements for the Authentication API and any validation we need to carry out.


Demo of Completed API - What we are going to build

We will be going through a live demo of the completed API to give you an understanding of how it works before we start building it. This should help you understand some of the reasons why we have chosen to implement some of the functionality in the way we have.

Tasks API Set Up

Tasks Database and Tasks Table Creation

We will create the Tasks database and design and create the Tasks table using PHPMyAdmin.

Set Up API Folder Structure

We will create the folder structure for our API, this allows us to logically place files so we know what each file is.

Create the Response Model

Consistency is key for an API and in this video we will be creating a model that will allow us to send a consistent response back to a client.

Set Up the Database Connection

We will be setting up the connection file so we can use this connection in the rest of our files. We will discuss READ ONLY and READ/WRITE database connections for being able to scale in the future.

Create the Task Model

We will be creating the Task model, this is used to store the data for a task, e.g. its title, description, deadline and its completed status. By creating a model we can validate the data as we are creating a task and handle any validation errors where needed.

Tasks API Endpoint Implementation

GET - Get a Single Task

We will now start creating the API and in this video we will be creating the code so we can return a single task to a client - this will be using a GET request.

DELETE - Delete a Single Task

We will now create the code so we can delete a single task - this will be using a DELETE request.

GET - Get All Complete and Incomplete Tasks

We will be creating a route so we can return all tasks that are complete and incomplete depending on the route we request.

GET - Get All Tasks

We will be creating a route that will return all tasks in the system  to the client.

GET - Get All Tasks - With Pagination

We will be creating a route that can return all tasks from the system but on a page by page basis. If there were thousands of tasks to be returned we may not want all of them tasks returned all at once (for performance reasons), so we break them down on a 20 per page basis.

POST - Create a Task

We will be creating the route that will allow us to create a new task, this will be using POST.

PATCH - Update a Task

We will be creating the route that will allow us to update an existing task, this will be using PATCH.

Mid Course Review

Review What We Have Done So Far

We will take the opportunity to review what we have created so far. At this point the Tasks API will be created and we now need to look at adding authentication to our API.

Token Based Authentication

Introduction to Token Based Authentication

We will explain what Token Based Authentication is and how this is better than just plain basic authentication. When using in the real world on a live server you must secure the server with HTTPS SSL Certificate.

We will also be explaining why we should use sessions and how it helps with user's experience.

Users Table Creation

We will create a new database table to store our user details, this include the users username and password (hashed).

POST - Create a User (Sign up user API)

We will create the route that will allow a sign up of a new user (create a user), this will be using POST.

Sessions Table Creation

We will create a new database table to store our user sessions. This will include their access token and refresh token for their session.

POST - Create a Session (Log user in API)

We will creating the route that will allow a user to log in (creating a session). This will return an access token and refresh token to the client. This will be using POST.

DELETE - Delete a Session (Log user out API)

We will be creating the route that will allow a user to log out (delete a session). This will delete the row out of the sessions table. This will use DELETE.

PATCH - Refresh a Session (Get new access token API)

We will be creating the route that will allow a user to refresh their access token if it has expired (limited lifetime), so they can carry on using the system. This will be updating an existing session and not creating a new session. This will be using PATCH.

Refactor Tasks API to Include Authentication

Update Tasks Table - Add User Assignment

Before we can add authentication to the Tasks API we need to modify the Tasks table to add a user id column, this will allow us to assign ownership of a task to a user.

Add Authentication to Tasks API

Now that we have an API to sign up a user and log in we will now change our Tasks API that we have created in previous videos to now utilise authentication.


Course Conclusion and Demo Client Application

Just a quick thank you and a demo of what a client app may look like when connected to the API we have created. For this I quickly created a basic iPhone App that connects to our API (the same API we created in this course - no changes have been done to use this on an iPhone App) just to demonstrate what each of the HTTP request methods looks like from a client point of view.

iOS Demo App Download

Due to popular demand I have decided to allow the demo iOS client app I created for this video to be downloaded.

Please note that this app has no support as it was rushed together for demo purposes only and does not reflect how you would architect and build an iOS app.

Please read the ReadMeFirst.txt file within the .zip file for set up instructions.

You can view and review the lecture materials indefinitely, like an on-demand channel.
Definitely! If you have an internet connection, courses on Udemy are available on any device at any time. If you don't have an internet connection, some instructors also let their students download course lectures. That's up to the instructor though, so make sure you get on their good side!
4.7 out of 5
27 Ratings

Detailed Rating

Stars 5
Stars 4
Stars 3
Stars 2
Stars 1
30-Day Money-Back Guarantee


11 hours on-demand video
1 article
Full lifetime access
Access on mobile and TV
Certificate of Completion