Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Laravel News:
How to use WordPress as a backend for a Laravel Application
Aug 17, 2016 @ 12:51:08

The Laravel News site has posted an interesting tutorial where they describe the use of WordPress as a backend for a Laravel application. This setup is based on the Laravel News' own experience with it in the recent refactoring of the site.

Last week I relaunched Laravel News, and the new site is running on Laravel with WordPress as the backend. I’ve been using WordPress for the past two years, and I’ve grown to enjoy the features that it provides. The publishing experience, the media manager, the mobile app, and Jetpack for tracking stats.

I wasn’t ready to give these features up, and I didn’t have the time to build my own system, so I decided to keep WordPress and just use an API plugin to pull all the content I needed out, then store it in my Laravel application. In this tutorial, I wanted to outline how I set it all up.

While he did find other methods for linking the two, they didn't quite fit with what he wanted so he worked up his own. The content is then synced via a recurring task pulling over posts, categories and tags. He gets into the WordPress REST API first, showing the extraction of the posts from the API and pushing them into a Laravel collection. There's also an example of how to sync a post with the database (API) and how to create a new post in a similar way. Also included is the code to get the featured image, get the category for a post and sync the tag values. The tutorial finishes with the code for the sync command and pushing it into the scheduler.

tagged: wordpress backend laravel application tutorial rest api

Link: https://laravel-news.com/2016/08/wordpress-api-with-laravel/

Building a WordPress-Powered Front End With the WP REST API and AngularJS: Intro & Set
Aug 05, 2016 @ 11:17:36

The TutsPlus.com site has kicked off a new tutorial series today with part one of a look at using the WordPress REST API and AngularJS to create an API-powered frontend application.

In this series about building a WordPress-powered front end with the WP REST API and AngularJS, we will put the knowledge acquired in the introductory series to use. We will learn how we can leverage this knowledge to decouple the conventional theme-admin model supported by WordPress until now. We will plan and build a single-page application (that I've named Quiescent) with a WordPress back end which will feature posts, users, and categories listing pages. We will configure AngularJS routing and build a custom directive and controllers for the resources mentioned above.

In this first part of the series they walk you through some of the planning steps before the application even gets written (including wireframes). From there they get a bare-bones HTML structure setup for the Angular app to live in and make a matching WordPress plugin. This plugin will return a featured image, author name, associated categories and image resize data related to a post. The code for the plugin is included.

tagged: wordpress api frontend angularjs tutorial plugin wireframe planning series part1

Link: http://code.tutsplus.com/tutorials/building-a-wordpress-powered-front-end-with-the-wp-rest-api-and-angularjs-introduction-and-setup--cms-26115

Matt Stauffer:
Introducing Laravel Passport
Aug 01, 2016 @ 09:35:05

In his continuing series of posts looking at the upcoming features in the next version of the Laravel framework (v5.3) Matt Stauffer has posted about a new security-related offering that was recently announced at the Laracon US conference: Laravel Passport.

API authentication can be tricky. OAuth 2 is the reigning ruler of the various standards that you might consider, but it's complex and difficult to implement—even with the great packages available (League and Luca).

[...] Laravel Passport is native OAuth 2 server for Laravel apps. Like Cashier and Scout, you'll bring it into your app with Composer. It uses the League OAuth2 Server package as a dependency but provides a simple, easy-to-learn and easy-to-implement syntax.

He briefly mentions the "groundwork" that was laid for Passport in v5.2 and the application of different authentication mechanisms at different times. He then moves into the installation and configuration of the Passport system (it's not bundled so it's a separate install). He then talks about the management API that's automatically set up, the Vue.js frontend for managing clients and tokens and what it looks like when one is requested. He also provides a bit of sample code you can use to test it out for yourself once you've created a client and token on your system. He ends the post talking about the command line token generation of "personal" tokens and using middleware "scopes" to allow for easier cross-authorizations between routes.

tagged: laravel passport oauth api package release vuejs client token tutorial

Link: https://mattstauffer.co/blog/introducing-laravel-passport

SitePoint PHP Blog:
Can We Use Laravel to Build a Custom Google Drive UI?
Jul 25, 2016 @ 13:57:52

The SitePoint PHP blog has posted a new tutorial that asks the question "Can We Use Laravel to Build a Custom Google Drive UI??" In this case it's a simplified version of the current Google Drive functionality, but it's more of a proof-of-concept than anything.

In this tutorial, we’re going to build an app that talks to the Google Drive API. It will have file search, upload, download and delete features. If you want to follow along, you can clone the repo from Github.

They walk you through the full process of getting the application set up, including creating the project on the Google side and grabbing the API credentials for use in your code. They then switch back over to the code side and create a basic Laravel project and configure it with the Google API credentials you just created. Next up is the creation of all of the routes for the list, upload and delete handling in the Laravel app as well as the controllers/views to make them all work. They also include search functionality, letting you easily query the API for files with names matching a certain string.

tagged: laravel google drive ui tutorial api example

Link: https://www.sitepoint.com/is-laravel-good-enough-to-power-a-custom-google-drive-ui/

Securing client-side public API access with OAuth 2 and Symfony
Jul 18, 2016 @ 12:30:26

On the Codevate.com blog there's a tutorial posted by Chris Lush showing you how to secure your client-side public API with OAuth 2 (based on the Symfony platform).

Say you’ll be developing a web application for a customer to create and manage restaurant bookings, exposing restaurant information (name, opening times, menu contents etc.) and booking creation as RESTful API endpoints, which are consumed by secure admin backend. You’ll need to authorise access to the API, but there is no end-user involved since the web app is its own resource owner, so the previous flow doesn’t apply.

[...] However, you also need to develop a booking widget that will be embedded in a company or restaurant’s website for visitors to use. In this case, the client-side is no longer trusted enough to share the OAuth client secret that’s required to authenticate with your API. [...] We encountered a similar use-case for a client project recently, and this blog post details the steps taken to address it.

He then shows how to integrate the FOSOAuthServerBundle bundle into your current Symfony-based application and the updates you'll need to make to your security.yml file. He includes the code needed to create a "client" and associating it with a company already in the customer list. Next is the creation of access tokens and linking them to the restaurants in their system (a unique identifier to use externally for the restaurant rather than an ID). He shows an example of handling the token requests and the code/config changes needed to set it up. Finally he talks about scoping API requests down to certain functionality and an example cURL call to the API to show the results of it all combined.

tagged: clientside api access security oauth2 symfony tutorial bundle

Link: https://www.codevate.com/blog/12-securing-client-side-public-api-access-with-oauth-2-and-symfony

Test Driven API Development using Laravel, Dingo and JWT with Documentation
Jun 20, 2016 @ 10:15:04

On the DotDev.co site a tutorial has been posted showing the full set up of an API using Laravel, Dingo and JWT tokens while following test-driven development principles along the way.

As the complexity of API’s increase, improving the ways we create them becomes a necessity. Let’s take a journey exploring an efficient way of building well-tested API’s that are easy to develop and maintain by wiring up several different open-source packages.

In this tutorial, we will build a very simple API for fruits that lists all the fruits, shows one fruit, creates a fruit, and finally deletes a fruit. The API will allow anyone to list and show fruits but we will use JWT Authentication to protect creating and deleting operations so only the registered users can use them.

The tutorial starts by helping you get the TDD environment set up for the application and the required libraries installed. From there they install and configure Dingo and look at the role that transformers play in the API output. With a basic API in place the JWT tokens are integrated and another package is used to generate simple, clean API documentation. Full links to other packages, screenshots of the expected output and all the code you'll need is included.

tagged: testdriven development tdd laravel api dingo jwt token tutorial

Link: https://dotdev.co/test-driven-api-development-using-laravel-dingo-and-jwt-with-documentation-ae4014260148#.tccatytip

SitePoint PHP Blog:
Hacking the Fitbit – Emulating a Pager for Twitter DMs!
Jun 17, 2016 @ 10:27:57

The SitePoint PHP blog has a tutorial they've posted from Christopher Pitt showing you how to hack your Fitbit into a pager for Twitter DMs. This essentially turns your Fitbit into a notification system for when someone on Twitter sends you a direct message. It's not overly useful (as you can't send a message) but it is an interesting integration.

I’ve been trying to wake up earlier in the morning. The trouble is that alarms wake everybody up, not just me. To get around this problem, I recently bought the cheapest Fitbit I could find, having learned that they have a neat silent alarm.

The truth is, if I had the cash I would rather have bought an Apple watch. When I got the Fitbit, my programmer brain immediately jumped to the question; “How can I hack this thing?” I ended up learning a bit about Fitbit, OAuth and the Twitter API. I also learned that sometimes it’s better just to get an Apple watch…

His application uses Lumen as the framework and makes connections to both the Twitter and Fitbit JSON APIs. He defines a few routes for the OAuth handling (with callbacks) and a simple view with the "Connect To" links. He shows the creation of applications on both the Twitter and Fitbit side and how to define their keys in your configuration. He sets up the Socialite providers for both connections and a bit of caching to prevent the need for a full pull. He then uses the Fitbit API to set "silent alarms" on your device that are timed to go off immediately when the app detects a new DM on the Twitter stream.

tagged: tutorial fitbit twitter api connect application alarm directmessage

Link: https://www.sitepoint.com/hacking-the-fitbit-emulating-a-pager-for-twitter-dms/

Ignace Butera:
DatePeriod demystified
May 17, 2016 @ 12:16:37

Ignace Butera has shared a post to his site giving some advice about using the DatePeriod functionality from PHP's DateTime handling. The DatePeriod makes it easier to work with dates at certain intervals without having to calculate them manually.

With the introduction of the DateTimeImmutable object in PHP5.5, and a subsequent bug fix to DatePeriod in PHP5.5.8, the object results became rather interesting. To sum it up, when iterating over a DatePeriod, the datepoint returned is of the same instance as the starting datepoint. Let’s illustrate this by taking the first example and using a DateTimeImmutable object instead as the starting datepoint.

The post starts with a brief overview of the DatePeriod functionality and a code example of it in use (along with two DateTime objects for start/end dates). He shows how it returns DateTimeImmutable objects and the properties they expose to get more information about the objects. He points out a few buggy points in the API, though, and makes a recommendation of a library that's a bit more consistent.

tagged: datetime dateperiod example introduction api

Link: http://nyamsprod.com/blog/2016/dateperiod-demystified/

SitePoint PHP Blog:
We’re Building a Marvel Catalog Reader! Avengers, Assemble!
May 16, 2016 @ 13:23:08

On the SitePoint PHP blog they've shared a tutorial covering the construction of a Marvel Catalog Reader that hooks in to the Marvel API for its data.

In this tutorial, we’re going to take a look at the Marvel API, a tool provided by Marvel for developers to get access to the 70-plus years of Marvel comics data. First, we’ll walk through the steps in which one can acquire the keys needed to make requests to the API. Then, we’ll look at the tools we can use to test out the API. Finally, we’re going to build a website that uses the API.

They start out on the API side of things, showing you how to sign up for an account, get your token information and include a note about using the API (rate limiting and referencing the source of the images). There's a mention and example of working with the interactive API documentation and the first part of the code you'll need to make the connection. They then get into the construction of the site itself using the Laravel framework and a simple caching command. This is used to store the results from a query made via a Guzzle client. The focus then shifts to the frontend where they create the HomeController and define both the main endpoint and two others: one for viewing a specific comic and the other for the character listing. The tutorial continues on showing you how to handle the (paginated) responses from each of the calls and push the results into a cache record. Finally, they create the matching views of the API query results and some example screenshots of the results.

tagged: marvel api tutorial laravel frontend cache reader guzzle

Link: http://www.sitepoint.com/were-building-a-marvel-catalog-reader-avengers-assemble/

Don’t try to be too smart. Be boring, predictable and consistent.
May 11, 2016 @ 12:06:45

In this post on Medium.com Gediminas Rapolavicius provides a word of warning to those creating APIs (interfaces for tools, not like REST APIs) - "don't try to be too smart", favor consistency over cleverness.

When designing an API, it’s tempting to do a bit of extra work and surprise the developers using it. It might be returning some additional information that would require an additional call otherwise, or try to predict the intentions and handle some specific cases differently. The intentions are perfectly fine?—?provide a pleasant, simple interface.

The problem is that it requires making assumptions which, sometimes, are inevitably wrong. The worst case is when the API makes an assumption of what the developer expect to get back, gets it wrong, and returns something unexpected. More work with docs, more bug fixing.

He gives two examples of things he's encountered where the idea of the API was simple but assumptions made turned out to make things a bit more difficult: PHP's own array_rand function and WordPress' update_post_meta. He briefly covers each and explains that, while the intentions seemed good, the implementation was a bit confusing (and at times inconsistent), causing troubles when not functioning as expected.

tagged: api design boring smart consistency predictable arrayrand updatepostmeta

Link: https://medium.com/@GedRap/dont-try-to-be-too-smart-be-boring-predictable-and-consistent-d63ff2a8e5d1#.ihdjg6j99