Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zend Framework Blog:
REST Representations for Expressive
Aug 09, 2017 @ 10:12:18

On the Zend Framework blog there's a new post from project lead Matthew Weier O'Phinney covering REST representations in Expressive and the release of two new components to help with their implementation.

We've been working towards our various Apigility on Expressive goals, and have recently published two new components: zend-problem-details and zend-expressive-hal.

These components provide response representations for APIs built with PSR-7 middleware. Specifically, they provide: Problem Details for HTTP APIs (RFC 7807) and Hypertext Application Language (HAL).

These two formats provide both JSON and XML representation options (the latter through a secondary proposal).

The post then goes on to talk about the idea of "representations" and how it relates back to the structure of the data returned and how the user knows what operations they can take on it. He also talks about the differences between normal responses and errors and gives example output helping to illustrate his points. The remainder of the post gets into the details of the two new components, their use and how to implement them in Expressive.

tagged: zendexpressive rest representation data structure response api component tutorial

Link: https://framework.zend.com/blog/2017-08-08-expressive-rest-representations.html

Toptal.com:
Laravel API Tutorial: How to Build and Test a RESTful API
Jul 11, 2017 @ 11:58:15

On the TopTal site they've posted a tutorial from author André Castelo showing you how to create a Laravel-based RESTful API with functionality that already exists in the framework.

With the rise of mobile development and JavaScript frameworks, using a RESTful API is the best option to build a single interface between your data and your client.

Laravel is a PHP framework developed with developer productivity in mind. [...] In this article, we’ll explore the ways you can build—and test—a robust API using Laravel with authentication. We’ll be using Laravel 5.4, and all of the code is available for reference on GitHub.

He starts off by talking about RESTful APIs, what actions the HTTP verbs represent and a note about consistency in URLs. He then starts in on the project setup, creating a new Laravel application and configuring the database for a Homestead environment. Next he creates the models and data seeders for articles and users for the API. Routes and controllers come next showing how to work with route model binding and response codes to correctly relay the status of the request back to the user. Following this he covers authentication on the API (using a token) and building out the endpoints for login, registration and logging out.

Finally he shows how to test the endpoints using some simple Laravel-enabled testing and PHPUnit. His tests check things like login error handling, missing data on registration and the correct flow on the logout process.

tagged: laravel tutorial build test rest api framework

Link: https://www.toptal.com/laravel/restful-laravel-api-tutorial

Building Your Startup:
Securing an API
May 22, 2017 @ 13:16:19

The TutsPlus.com site has continued their "Building Your Startup" tutorial series with a new post about APIs and security. In this series, they've been using the Yii2 framework to create a calendaring "startup" site. Now they're to the point of adding a "RESTful" API to the system and want to be sure it's secure.

Recently, I introduced you to Yii's simple REST API generation and Meeting Planner's new "RESTful" service API. At that time, I mentioned that these APIs were only loosely secured. Sure, there was a shared secret between the client and the server, but there were a couple of problems.

First, the secret key and user tokens were repeatedly transmitted in query parameters of SSL calls. And there was no other authenticity check for the data, allowing a middle-person attack. In today's episode, I'll guide you through how I secured the API against these weaknesses for a more robust API.

They start off looking at the API security that was previously put in place using an "app ID" and "app secret" values to identify the user. To improve on this, the system is updated to use the "app secret" value to sign the outgoing data via a HMAC hash that is sent along with the request.

tagged: api security tutorial yii2 build startup series hmac rest

Link: https://code.tutsplus.com/tutorials/building-your-startup-securing-an-api--cms-27867

Toptal.com:
PhalconPHP: A Solution for High-load RESTful APIs
Apr 11, 2017 @ 10:26:37

The Toptal.com blog has a tutorial posted from Andrew Belousoff today sharing what he sees as a solution for high-load RESTful APIs in your application: PhalconPHP.

Suppose you need to create a high-load project based on a PHP MVC framework. You would probably use caching wherever possible. Maybe you would build the project in a single file, or maybe even write your own MVC framework with minimal functionality, or rewrite some parts of another framework. While, yes, this works, it’s a little bit tricky, isn’t it? Fortunately, there is one more solution that makes most of these manipulations unnecessary (save for the cache, perhaps), and this solution is called the PhalconPHP framework.

He starts off the article with a brief introduction to the PhalconPHP framework and some of the recent (2016) benchmarks of its performance against both raw PHP and other smaller, lighter MVC frameworks. With that out of the way he starts in on the creation of a sample project, first pointing out the difference between the "micro" and "full-stack" versions. He chooses the "micro" option for his API and walks you through installation of the framework extension, the directory structure it requires and what the code for the front controller looks like. From there he works up the rest of the code:

  • configuration handling
  • working with the DI container
  • creating the RESTful routes/controllers
  • building models
  • developing some business logic to work with user data

The post ends with a look at performing some testing on the result and mentions the addition of logging and caching functionality. He also points out one of the main disadvantages around using PhalconPHP - that it's an extension and is harder to customize than a PHP-land framework could be.

tagged: phalconphp rest api tutorial introduction framework benchmark

Link: https://www.toptal.com/phalcon/phalcon-php-restful-apis

TutsPlus.com:
Programming With Yii2: Building a RESTful API
Apr 06, 2017 @ 10:30:05

The TutsPlus.com site has posted the latest article in their "Programming with Yii2" series today, this time focusing on the creation of a RESTful API with the built-in framework support.

In this Programming With Yii2 series, I'm guiding readers in use of the Yii2 Framework for PHP. You may also be interested in my Introduction to the Yii Framework, which reviews the benefits of Yii and includes an overview of what's new in Yii 2.x.

In today's tutorial, I will review how to build a REST API in Yii to connect your application to the cloud, mobile apps, and other services. I'll guide you through Yii's REST API quick start guide and provide context and examples of common requests.

He starts off with some of the benefits of having a REST API for your Yii2 application and some of the functionality that comes included with the framework. He then starts in on building the base functionality of the API with a controller, a "tree" for the endpoints and configuration of the URL routing. The rest of the post is a set of example requests made to the API with the help of both cURL and the Postman app for Chrome.

tagged: yii2 framework series tutorial build rest api example

Link: https://code.tutsplus.com/tutorials/programming-with-yii2-building-a-restful-api--cms-27513

Esben Petersen:
A modern REST API in Laravel 5 Part 4: Authentication using Laravel Passport
Mar 20, 2017 @ 10:56:15

Esben Petersen has posted the fourth part of his tutorial series covering the creation of a "modern REST API" with Laravel. In this latest article he focuses on authenticating users with the help of an OAuth2 flow.

OAuth is all around us. Most of us have tried to login to a 3rd party service using our Facebook or Google account as a login. This login mechanism is one of many OAuth authentication types. However, you can also use OAuth to generate simple API keys. One of the OAuth authentication types generates API keys based on username and password and is therefore a solid authentication choice for SaaS-style apps. This article will explore how to setup the password grant authentication type in Laravel using Laravel Passport.

The article is broken up into a few different sections, each with explanations and code where appropriate to help illustrate the point:

  • a basic introduction to OAuth2 and grants
  • authentication in single-page applications
  • dependencies to use (and install/configuration)
  • creating the login proxy
  • building a consumer

The final step is an example (using a curl command) to test the API and ensure things are working as expected. The post ends with a more "real world" example of a Slack-style application and linking channels and user but only showing the channels users have access to based on scope.

tagged: tutorial rest api laravel series part4 oauth2 passport

Link: http://esbenp.github.io/2017/03/19/modern-rest-api-laravel-part-4/

Esben Petersen:
A modern REST API in Laravel 5 Part 1: Structure
Mar 09, 2017 @ 10:44:56

Esben Petersen has kicked off his series on creating a modern REST framework in Laravel 5 with part one in the series. This first tutorial focuses on the setup of the application using a "folders by component" approach.

Over time when your API grows in size it also grows in complexity. Many moving parts work together in order for it to function. If you do not employ a scaleable structure you will have a hard time maintaining your API. New additions will cause side effects and breakage in other places etc.

It is important to realize in software development no singular structure is the mother of all structures. It is important to build a toolbox of patterns which you can employ given different situations. This article will serve as an opinionated piece on how such a structure could look.

The tutorial covers structure on three different levels (patterns): application flow, project folder structure and resource folder structure. For each level they cover some of the basic concepts involved and share code showing how it could be implemented including controllers, repositories, middleware and fitting it all into a a resource folder structure.

tagged: laravel rest api laravel5 tutorial series part1 structure

Link: http://esbenp.github.io/2016/04/11/modern-rest-api-laravel-part-1/

Dac Chartrand:
Building a Simple API using Opulence PHP
Jan 30, 2017 @ 11:27:35

Dac Chartrand has written up a post to his site showing you how to create a simple REST API with Opulence, a PHP framework that bills itself as a "modern framework for modern PHP".

This tutorial will show you how to code a simple JSON API using Opulence PHP. We will install Opulence’s skeleton project using composer, then create a ‘user’ database entity, and finally we will match CRUD (Create, Read, Update, Delete) to POST, GET, PUT, and DELETE.

The start of the tutorial helps you get a new Opulence project set up and running including updating the configuration for content type handling and the database connection details. With that set up he moves into the code creating the "User" entity and its matching classes. He builds out the controller, selecting a REST controller from the options and builds out all methods needed for the CRUD user operations. The tutorial finishes with a bit of testing information so you can see the framework in action.

tagged: opulence api rest tutorial simple user framework

Link: http://kizu514.com/blog/building-a-simple-api-using-opulence-php/

Scotch.io:
Laravel Random Keys with Keygen
Jan 27, 2017 @ 12:44:13

On the Scotch.io site they've posted a new Laravel-related tutorial covering the use of the keygen package to generate random keys via four generator types. These keys can be used for just about anything in your application and can be customized to fit your length and complexity requirements. One thing to note, however, is that the strings it generates are random but should not be considered strong enough to use for actual encryption purposes.

When developing applications, it is usually common to see randomness come into play - and as a result, many programming languages have built-in random generation mechanisms.

[...] When your application is required to generate very simple random character sequences like those enumerated above, then the Keygen package is a good option to go for. Keygen is a PHP package for generating simple random character sequences of any desired length and it ships with four generators, namely: numeric, alphanumeric, token and bytes.

For their example they chose to create a simple REST API service that allows for user creation, viewing users and generating a random (temporary) password using the Keygen package. They start by helping you get the package installed (via Composer) and adding an alias to your Laravel config for "Keygen" to make it easier to access. They then create the user model and add in a "setEmailAttribute" method to verify the email value submitted (for format and uniqueness). Next up is the route definition for the "user" endpoints, creation of the API controller and implementing the Keygen tool to create a random eight digit code for the user. They also include a few strategies to ensure the code generated (and the resulting hash) is unique across all users. The reminder of the post shows the full user creation, and implementing the remaining methods required to view the user's details.

tagged: laravel random key keygen tutorial package rest api

Link: https://scotch.io/tutorials/laravel-random-keys-with-keygen

Cloudflare Blog:
Using Guzzle and PHPUnit for REST API Testing
Dec 30, 2016 @ 10:19:48

On the Cloudflare blog there's a new post with an example of how to test APIs with Guzzle, a popular HTTP client for PHP. In their example they're focusing on the testing of REST APIs.

APIs are increasingly becoming the backbone of the modern internet - whether you're ordering food from an app on your phone or browsing a blog using a modern JavaScript framework, chances are those requests are flowing through an API. Given the need for APIs to evolve through refactoring and extension, having great automated tests allows you to develop fast without needing to slow down to run manual tests to work out what’s broken.

[...] In this post I'll be demonstrating how you can test RESTful APIs in an automated fashion using PHP, by building a testing framework through creative use of two packages - Guzzle and PHPUnit. The resulting tests will be something you can run outside of your API as part of your deployment or CI (Continuous Integration) process.

They start by setting up their testing environment, using Composer to install both the Guzzle HTTP client and the PHPUnit testing tool. They then create the example phpunit.xml configuration file and writing a first test. Their example runs a test against the "/user-agent" endpoint on httpbin.org, verifying that the response code is 200, content type of the return is correct and that the body contains the string "Guzzle". They build on this adding another test for a failure (a 405 response code) from a PUT request on the same endpoint.

tagged: guzzle testing http api rest phpunit tutorial introduction

Link: https://blog.cloudflare.com/using-guzzle-and-phpunit-for-rest-api-testing/