The process of creating REST API in Codeigniter covers the following steps: Installation of Codeigniter framework on Cloudways Database and table(s) creation Setup libraries and permissions Setup authentication and API key(s) Setup HTTP calls (GET, PUT, POST, DELETE) Test the HTTP calls. The CodeIgniter RESTful API is a set of simple, modular helpers that can be easily integrated into your CodeIgniter projects, allowing you to create customizable RESTful APIs that suit all your needs. The package includes helpers for database manipulation, JSON Web Token generation, validation and signing, authentication methods, methods for accessing resources using a URI, as well as some utility.
REST API's are meant to be stateless. What that means is that each request from a client should include all the information needed to process the request. In other words, if you are writing a REST API in PHP then you should not be using $_SESSION to store data about the client's session. But then how do we remember if a client is logged in or anything else about their state? The only possibility is that the client must be tasked with keeping track of the state. How could this ever be done securely? The client can't be trusted!
Enter JSON web tokens. A JSON web token is a bit of JSON, perhaps something that looks like this:
Of course, we can't just give this to a client and have them give it back to us without some sort of assurance that it hasn't been tampered with. After all, what if they edit the token as follows:
The solution to this is that JSON web tokens are signed by the server. If the client tampers with the data then the token's signature will no longer match and an error can be raised.
The JWT PHP class makes this easy to do. For example, to create a token after the client successfully logs in, the following code could be used:
And then on later API calls the token can be retrieved and verified by this code:
If the token has been tampered with then $token will be empty there will not be an id available. The JWT class makes sure that invalid data is never made available. If the token is tampered with, it will be unusable. Pretty simple stuff!
Codeigniter Rest Server
You can get the PHP JWT class as a single file from: https://github.com/rmcdaniel/angular-codeigniter-seed/blob/master/api/application/helpers/jwt_helper.php
as it is used by the AngularJS CodeIgniter Seed project:
or the original code from:
CodeIgniter-REST Client is a CodeIgniter library which makes it easy to do use REST services/API's such as Twitter, Facebook and Flickr, whether they are public or hidden behind HTTP Basic/Digest. The examples below are VERY simple ones and more can much more can be done with it.
Rest Api Codeigniter
Please take a look at the code to see about things like api_key() and other post/put/delete methods.
Requirements
- PHP 5.1+
- CodeIgniter 2.0.0+
- cURL
- CodeIgniter Curl library: http://getsparks.org/packages/curl/show
Usage
Acknowledgements
CodeIgniter Rest Client was origionally written by Phil Sturgeon, The following people have contributed to this project:
- Chris Kacerguis (https://github.com/kitsched)
- vlakoff (https://github.com/vlakoff)
- Steven Bullen (https://github.com/StevenBullen)
- rhbecker (https://github.com/rhbecker)
- János Rusiczki (https://github.com/kitsched)
- David Genelid (https://github.com/junkie)
- Dmitry Serzhenko (https://github.com/serzhenko) -> Added PATCH support
- Paul Yasi (https://github.com/paulyasi) -> SSL Peer Verification