Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Building Your Startup:
Securing an API
May 22, 2017 @ 13:16:19

The TutsPlus.com site has continued their "Building Your Startup" tutorial series with a new post about APIs and security. In this series, they've been using the Yii2 framework to create a calendaring "startup" site. Now they're to the point of adding a "RESTful" API to the system and want to be sure it's secure.

Recently, I introduced you to Yii's simple REST API generation and Meeting Planner's new "RESTful" service API. At that time, I mentioned that these APIs were only loosely secured. Sure, there was a shared secret between the client and the server, but there were a couple of problems.

First, the secret key and user tokens were repeatedly transmitted in query parameters of SSL calls. And there was no other authenticity check for the data, allowing a middle-person attack. In today's episode, I'll guide you through how I secured the API against these weaknesses for a more robust API.

They start off looking at the API security that was previously put in place using an "app ID" and "app secret" values to identify the user. To improve on this, the system is updated to use the "app secret" value to sign the outgoing data via a HMAC hash that is sent along with the request.

tagged: api security tutorial yii2 build startup series hmac rest

Link: https://code.tutsplus.com/tutorials/building-your-startup-securing-an-api--cms-27867

SitePoint PHP Blog:
Booking Cookery Classes with Acuity Scheduling and Lumen
May 16, 2017 @ 10:44:09

The SitePoint PHP blog has recently posted a tutorial from author Lukas White showing how to create an online reservation system for cooking classes using Lumen and the Acuity Scheduling service.

I recently wrote an article about building an online system to book lessons with a driving instructor. [...] Cookery classes usually have a very well-defined limit on the number of students — you can only really teach as many people as you have cooking stations or cookers. That’s going to be the theme of this article — managing those “slots” in a cookery class. The principles remain the same for all sorts of other forms of tuition.

As before, we’re going to take advantage of Acuity Scheduling in order to manage bookings for our classes, and everything that entails.

First he walks you through exactly what he'll guide you through building and a real world scenario where it might be used. Next he shows how to set up an account on Acuity, create appointment types and get the credentials for the API integration. From there he gets into the implementation:

  • Creating a new Lumen project
  • installing the PHP SDK from Acuity
  • Getting a list of available class times and showing the list in a view
  • Setting up the booking form and handling the submit

This last step includes reaching out to the Acuity API and submitting the information for the appointment. It's not tracked on the application's side opting to use the Acuity service as a source of record.

tagged: tutorial cookery class online scheduling acuity api

Link: https://www.sitepoint.com/booking-cookery-classes-with-acuity-scheduling-and-lumen/

TutsPlus.com:
Using the Twitter API to Tweet Repetitive Content
May 03, 2017 @ 09:58:18

On the TutsPlus.com site they've continued their series covering the use of the Twitter API from PHP. In this latest tutorial author Jeff Reifman shows you how to use the API to tweet content repetitively at different intervals and with randomized content. The tutorial uses a Yii2 framework application as its base.

Welcome back to our coverage of the Twitter API. If you use Twitter, you may have come across a friend sharing tweets from the @infinite_scream bot (shown above). I know it's mostly a bot because it tweets at ten-minute intervals. But it varies the string length of its virtual screams to avoid being blocked by the Twitter's API's infamous undocumented restrictions. Tweet too frequently or repeat the same content and you'll find your bots hopelessly blocked.

Recently, an online friend asked me to help them write code for a bot that might repeat but provide some intelligent content variation. In today's tutorial, I'll write about how to do this with the Twitter API.

He starts off with the registration of a new Twitter application and the creation of the table to store the tweet variations. Next he uses the CRUD and model generators in Yii2 to build out the model and controller skeletons. He then creates the migrations/tables/models for the random hashtags and URLs the bot will include in its tweets. Finally, he shows the creation of the code to make the random tweets and how he made the choice of when to tweet. The post ends with the code to send off the tweet (the job) and an example of the results.

tagged: twitter api repetitive content tutorial series bot random

Link: https://code.tutsplus.com/tutorials/using-the-twitter-api-to-tweet-repetitive-content--cms-28096

Laravel News:
Building an Interactive Voice Response System with Laravel and Nexmo
Apr 26, 2017 @ 09:37:45

On the Laravel News site there's a new tutorial posted showing you how to create a simple iVR system with Laravel and Nexmo that includes voice responses.

Want to dial your Laravel app, and have it talk back to you? Let’s take a quick look at how to build a really simple IVR (interactive voice response) – a ‘phone menu’ – with Laravel and Nexmo. When it’s done, you’ll be able to pick up your cell phone, dial a phone number, and have your Laravel app control what you hear.

It’s probably easier than you think, let’s get started!

Using a standard Laravel application and a Laradoc environment, they pull in the nexmo/laravel to connect with the Nexmo service. They also add two others to add additional functionality for reading Tweets and RSS feeds. After configuring the application providers to pull in the Nexmo and Twitter functionality they go over to the Nexmo site and create the application they'll use. The tutorial then shows how to generate a command (the AppCreate command), its signature and the code to make the Nexmo API request. They then create another command to link the application to numbers on the Nexmo account.

Finally, they get to the "good" part - creating the code to handle the incoming calls over webhooks. This includes the controller, routes and - based on user input - how the IVR will respond. In their example, when the number is called, the latest tweet from @taylorotwell is fetched and is converted to text, then spoken back to the caller.

tagged: tutorial ivr voice response system laravel nexmo api

Link: https://laravel-news.com/laravel-hotline-ivr

CloudWays Blog:
Phil Sturgeon Talks About API Development, PHP-FIG, PHP Books And The Future Of PHP
Apr 25, 2017 @ 12:34:44

On the Cloudways blog there's a new post sharing an interview with Phil Sturgeon with some of his thoughts about API development, the PHP-FIG organization, PHP-related books and the future of the language.

Today we are super excited to have Phil Sturgeon with us for this interview. Phil is a cool dude and an experienced API dev. He has a lot of experience in creating API for different platforms. Right now, he is working at WeWork as a Platform Engineer. He has written an excellent book on creating API, “Build APIs You Won’t Hate”. He has worked with popular PHP tools and frameworks including CodeIgniter, FuelPHP, PyroCMS. Phil also contributed to PHP The Right Way and PHP-FIG.

Phil also speaks at PHP conferences and often mentors budding developers. In this Interview he talks about his development experiences, workflows and experience with API development.

In the interview Phil answers questions about:

  • how he got started in PHP development
  • his opinions on PHP 7.x
  • preferred development workflows
  • his (previous) involvement with the PHP-FIG
  • his speaking and the topics he usually covers

Check out the full interview for answers to these and other questions.

tagged: cloudways interview philsturgeon development api phpfig books language

Link: https://www.cloudways.com/blog/phil-sturgeon-php-interview/

Laravel News:
Manage your Laravel Forge Sites and Servers through Alfred
Apr 17, 2017 @ 16:04:38

On the Laravel News site there's a quick post showing you how you can use the Alfred tool to manage your Forge created servers. Alfred is a productivity tool for OSX systems that makes it easier to create shortcuts and interface with external applications in a convenient way.

Since the release of the Forge API developers have started creating a lot of apps and integrations, as well as an unofficial SDK. For those that use Alfred on the Mac, Vince Mitchell, launched a Workflow so you can quickly run many Forge commands right from your desktop.

The post includes the list of commands that the workflow includes allowing you to perform operations like opening the server's page in a browser, rebooting a system and restarting the web server on a specific machine. You can grab the workflow from the Packal site and drop it into your Alfred installation for immediate use.

tagged: alfred manage server laravel forge workflow example api

Link: https://laravel-news.com/forge-alfred-app

Toptal.com:
PhalconPHP: A Solution for High-load RESTful APIs
Apr 11, 2017 @ 10:26:37

The Toptal.com blog has a tutorial posted from Andrew Belousoff today sharing what he sees as a solution for high-load RESTful APIs in your application: PhalconPHP.

Suppose you need to create a high-load project based on a PHP MVC framework. You would probably use caching wherever possible. Maybe you would build the project in a single file, or maybe even write your own MVC framework with minimal functionality, or rewrite some parts of another framework. While, yes, this works, it’s a little bit tricky, isn’t it? Fortunately, there is one more solution that makes most of these manipulations unnecessary (save for the cache, perhaps), and this solution is called the PhalconPHP framework.

He starts off the article with a brief introduction to the PhalconPHP framework and some of the recent (2016) benchmarks of its performance against both raw PHP and other smaller, lighter MVC frameworks. With that out of the way he starts in on the creation of a sample project, first pointing out the difference between the "micro" and "full-stack" versions. He chooses the "micro" option for his API and walks you through installation of the framework extension, the directory structure it requires and what the code for the front controller looks like. From there he works up the rest of the code:

  • configuration handling
  • working with the DI container
  • creating the RESTful routes/controllers
  • building models
  • developing some business logic to work with user data

The post ends with a look at performing some testing on the result and mentions the addition of logging and caching functionality. He also points out one of the main disadvantages around using PhalconPHP - that it's an extension and is harder to customize than a PHP-land framework could be.

tagged: phalconphp rest api tutorial introduction framework benchmark

Link: https://www.toptal.com/phalcon/phalcon-php-restful-apis

Laravel News:
Using the Google API with Socialite
Apr 11, 2017 @ 09:47:36

On the Laravel News site there's a new tutorial posted showing you how to use the Socialite package with the Google API to connect a user's account and get a list of their contacts.

When I start a project that requires users to log in using their Google accounts, I immediately turned to Laravel Socialite. Socialite is one of Laravel’s official packages, but it is clear it only handles user authentication, making its use not as dynamic as I had hoped it would be. While I needed users to log in, I also needed to get a list of their Google Contacts. In this post, I’ll show you how I was able to query a list of contacts from Google’s People API and keep using Socialite.

They start with a basic guide to creating an application on the Google API Console and what information you'll need (credentials) to allow your application to connect. Then, using the Google API Client for PHP and the functionality built into Socialite they create the approval flow and how to handle refresh tokens should your token expire.

tagged: tutorial laravel socialite contacts google api token

Link: https://laravel-news.com/google-api-socialite

TutsPlus.com:
Programming With Yii2: Building a RESTful API
Apr 06, 2017 @ 10:30:05

The TutsPlus.com site has posted the latest article in their "Programming with Yii2" series today, this time focusing on the creation of a RESTful API with the built-in framework support.

In this Programming With Yii2 series, I'm guiding readers in use of the Yii2 Framework for PHP. You may also be interested in my Introduction to the Yii Framework, which reviews the benefits of Yii and includes an overview of what's new in Yii 2.x.

In today's tutorial, I will review how to build a REST API in Yii to connect your application to the cloud, mobile apps, and other services. I'll guide you through Yii's REST API quick start guide and provide context and examples of common requests.

He starts off with some of the benefits of having a REST API for your Yii2 application and some of the functionality that comes included with the framework. He then starts in on building the base functionality of the API with a controller, a "tree" for the endpoints and configuration of the URL routing. The rest of the post is a set of example requests made to the API with the help of both cURL and the Postman app for Chrome.

tagged: yii2 framework series tutorial build rest api example

Link: https://code.tutsplus.com/tutorials/programming-with-yii2-building-a-restful-api--cms-27513

TutsPlus.com:
Building With the Twitter API: Creating Friends to Follow
Mar 23, 2017 @ 12:32:04

The TutsPlus.com site has posted the latest tutorial in their "Building with the Twitter API" series showing how to, in a Yii2 application, automatically add friends to a Twitter account via the Twitter API. You've probably seen this in several services that offer suggestions of followers to add to your list.

Today I'll guide you through using the Yii2 Framework for PHP to access the Twitter API and automate adding friends to people's Twitter accounts. (If you'd like to learn more about Yii2, check out our parallel series Programming With Yii2.)

And, I've created a website, Twixxr.com, which will let you demonstrate the feature by adding prominent women on Twitter for your account to follow.

The tutorial starts with links to some of the other Twitter tutorials that have been posted in the past and how things have evolved to make it easier in a Yii2 application. He starts by helping you get the Twitter OAuth PHP Library installed and lists some of the goals of the end result. The code is included to authorize the user and handle the callback once they've approved the app in the normal OAuth flow. It then shows how to connect via the API using that user's information, load profiles for the suggested users and link them as a friend. The tutorial finishes with a look at performance and a bit of code used to handle the backend processing of the request instead of performing it in real time.

tagged: twitter tutorial api oauth2 friends follow suggestion yii2

Link: https://code.tutsplus.com/tutorials/building-with-the-twitter-api-creating-friends-to-follow--cms-27492