Book Image

Building RESTful Web Services with PHP 7

By : Waheed ud din
Book Image

Building RESTful Web Services with PHP 7

By: Waheed ud din

Overview of this book

REST is the most wide spread and effective standard to develop APIs for internet services. With the way PHP and its eco-system has modernized the way code is written by simplifying various operations, it is useful to develop RESTful APIs with PHP 7 and modern tools. This book explains in detail how to create your own RESTful API in PHP 7 that can be consumed by other users in your organization. Starting with a brief introduction to the fundamentals of REST architecture and the new features in PHP 7, you will learn to implement basic RESTful API endpoints using vanilla PHP. The book explains how to identify flaws in security and design and teach you how to tackle them. You will learn about composer, Lumen framework and how to make your RESTful API cleaner, secure and efficient. The book emphasizes on automated tests, teaches about different testing types and give a brief introduction to microservices which is the natural way forward. After reading this book, you will have a clear understanding of the REST architecture and you can build a web service from scratch.
Table of Contents (16 chapters)
Title Page
Credits
About the Author
About the Reviewer
www.PacktPub.com
Customer Feedback
Preface

Authentication and middleware


We have already discussed several that for a RESTful web service, a session is maintained through an authentication token stored on the client side. So, the server can look for the authentication token and can find that user's session stored on the server.

There are several ways to a token. In our case, we will use JWT (JSON Web Tokens). As told on jwt.io:

JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.

We will not go into complete detail about JWT as JWT is a way to transfer information between two parties (in our case, client and server) as JWT can be used for many purposes. Instead, we will use it for access/authentication tokens to maintain stateless sessions. So, we will stick with what we need from JWT. We need it for maintaining sessions for authentication purposes, and this is something the Dingo API package will also help us with.

In fact, Dingo API supports three authentication providers...