APIs in PHP: from Basic to Advanced
- Description
- Curriculum
- FAQ
- Reviews
An API is a way for a program to interact with another program. By using third-party APIs from your code, you can utilise functionality developed elsewhere. By creating an API to access your own data, other programs can take advantage of your services in a secure and easy fashion.
Learn how to Use and Create Secure and Scalable APIs in PHP in this Comprehensive Course.
-
Understand how APIs work
-
Learn how to use an API from PHP
-
Understand how HTTP requests and responses work
-
Understand what REST and RESTful APIs are
-
Create a RESTful API from scratch, using plain PHP and MySQL
-
Understand how API authentication works
-
Add API key authentication to your API
-
Understand how JSON Web Tokens (JWTs) work
-
Add JWT access token authentication to your API
The essential skills required to use and develop APIs with PHP.
Unless you create every component of your application from scratch, your code will need to interact with external services – for example a payment gateway, or currency data. To use such services, you need to consume their APIs. On this course you’ll learn how to do this from PHP, and also how to create an API so that external programs can interact with your application.
Content and Overview
This course is designed for the PHP developer who wants to learn in depth how to use APIs from their code. I designed the course to be easily understood by PHP developers who have no previous experience of using APIs, and who want to develop full, secure APIs quickly and easily. Learning the techniques on this course will enable you to create APIs that are secure, robust and that comply with industry standards.
-
Suitable for all PHP developers, you’ll start by learning the basics of how APIs work.
-
You’ll learn various techniques for consuming APIs from PHP, along with their advantages and disadvantages.
-
We’ll build a full API from scratch, with each concept explained in detail at every stage.
-
You’ll learn what REST and what RESTful APIs are, why we use them, and how to make your API RESTful.
-
Throughout the course, we’ll build code that you can reuse in all your projects.
-
All the source code developed in the lectures is available to download.
-
All the time we’ll adhere to industry standards and best practices.
-
Each section has short, self-contained lectures that you can go back to reinforce specific concepts if you need to.
When you complete the course you’ll be able to use APIs in your PHP applications to leverage third-party components and services. You’ll also be able to create your own API, using various authentication techniques depending on the type of API you want to create.
Complete with all the code shown in the lectures, you’ll be able to work alongside the instructor and will receive a verifiable certificate of completion upon finishing the course.
Also, at all times throughout the course you have access to the instructor in the Q&A section to ask for help with any topic related to the course.
Enrol now and become a master of APIs in PHP!
-
1Introduction and welcome: how to get the most out of the course
Get an introduction to the course, and learn how to get the most out of it.
-
2Install a package with a web server, PHP, a database server and phpMyAdmin
Find out how to install a web server package, including PHP, a database server like MySQL or MariaDB, and phpMyAdmin, for Windows, macOS or Linux.
-
3Install Composer: manage third-party packages and autoload class files
Learn how to install the Composer package manager.
-
4What is an API?
Learn exactly what an API (application programming interface) is, and who it's for.
-
5Make an API call: access an API from PHP
Make a basic API call from PHP code.
-
6Decode API results: reading JSON in PHP
Learn what JSON is, and how to decode it in PHP.
-
7Use API data in a web application
Learn how we might integrate API data into a page we view in a browser.
-
8API basics
Test your knowledge of what APIs are and how they work.
-
9Use cURL instead of file_get_contents to make an API request
Learn how to use cURL to make a simple API request.
-
10Response codes: get the HTTP status code
Learn what HTTP status codes are, and how to get them the response using cURL.
-
11Request headers: add meta data about the request
Learn what request headers are, and how to add them to the request using cURL.
-
12Response headers: read meta data about the response
Learn what response headers are, and how to get them from the response using cURL.
-
13Get all individual response headers in an array
Learn how to get individual response headers in an array using cURL.
-
14Use an API that requires a specific request header
Learn an API that requires a specific request header responds.
-
15Request method: change the method to get a different result with the same URL
Learn what request methods are, and how to change it when requesting an API using cURL.
-
16Request body: add a payload to send data along with the request
Learn what the request body is, and how to add data to it when requesting an API with cURL.
-
17HTTP fundamentals
-
18REST and RESTful APIs: what are they?
Learn what the REST architectural style is when developing APIs, and what a RESTful API is.
-
19Access a RESTful API in PHP with cURL
Learn how to access a RESTful API using cURL.
-
20Use the Guzzle HTTP client for object-oriented API code
Learn how to use the Guzzle PHP HTTP client, and see its advantages over file_get_contents and cURL.
-
21Use an SDK: compare the Stripe API to its SDK
Compare an API to an SDK for the same third-party resource.
-
22Start writing the API: enable URL rewriting
Enable RESTful URLs by configuring the web server using an .htaccess file.
-
23The front controller: get the resource, ID and the request method
Add code to get the resource name, optional resource ID and request method in the front controller.
-
24Use a client for API development: cURL, Postman or HTTPie
Choose an API client for testing the API - using cURL on the command line, the Postman GUI, or HTTPie, also on the command line.
-
25Set the HTTP status code: best practices
Set the HTTP status code for the response. Learn which method is the best one to use, based on standards.
-
26Add a controller class to decide the response
Add a class that will act as a controller, deciding which response to return.
-
27Use Composer's autoloader to load classes automatically
Configure Composer'a autoloader to load class files automatically.
-
28Make debugging easier: add type declarations and enable strict type checking
Add type declarations to function arguments and return types, and enable strict type checking to make debugging easier.
-
29Always return JSON: add a generic exception handler and JSON Content-Type header
Add a generic exception handler to make sure that any errors caught are returned as JSON, not HTML. Also add the Content-type header set to JSON to tell the client that the response body contains JSON.
-
30Send a 405 status code and Allow header for invalid request methods
Send a 405 status code if the method is incorrect, along with an Allow header to tell the client which methods are allowed.
-
31Create a new database and a database user to access it
Create a new database in the database server and a user to access it that has all necessary privileges. This can be done on the command line or with a tool like phpMyAdmin.
-
32Create a table to store resource data
Create a table in the database to store the resource data for the API.
-
33Connect to the database from PHP: add a Database class
Add a class with the code to connect to the database using PDO.
-
34Move the database connection data to a separate .env file
Add a package to store configuration settings, and move the database connection credentials to a configuration file.
-
35Create a table data gateway class for the resource table
Add a class to act as a table data gateway for the resource table, dependent on the Database class.
-
36Show a list of all records
Add a method to get all the resource records, and use this to display them as JSON when the index endpoint is called.
-
37Configure PDO to prevent numeric values from being converted to strings
Configure the PDO connection to return values in their native format, not all as strings.
-
38Convert database booleans to boolean literals in the JSON
Add code to convert boolean values in the database to boolean literals in the JSON.
-
39Show an individual record
Add code to select an individual record based on the ID in the URL, and display it as JSON.
-
40Respond with 404 if the resource with the specified ID is not found
Respond with a status code of 404 if the resource with the ID specified in the URL doesn't exist in the database.
-
41Get the data from the request as JSON
Get JSON data from the body of the request for use in inserting and updating data.
-
42Insert a record into the database and respond with a 201 status code
Insert a record into the database with data from the request body, and return a 201 status code on success.
-
43Add a generic error handler to output warnings as JSON
Add a generic error handler so that any warnings are also output as JSON in the response body.
-
44Validate the data and respond with a 422 status code if invalid
Validate the data from the request and respond with a 422 status code if invalid.
-
45Conditionally validate the data when updating an existing record
Add conditional validation to the request data when updating an existing record.
-
46Get the data from the request for updating an existing record
Get the data from the request body when updating an existing resource.
-
47Update the record in the database and return a 200 status code
Update the record in the database with the validated data from the request and return a 200 status code in the response.
-
48Delete the record in the database and return a 200 status code
Delete the record identified by the ID in the URL and return a 200 status code in the response.
-
49Create a table to store user account data
Create a table in the database to store user account data.
-
50Add a register page to insert a new user record and generate a new API key
Add a register / sign up page to be viewed in a browser to insert a new user account into the database, also generating a new random API key in the process.
-
51Send the API key with the request: query string or request header
Decide if the query string or request header (X-API-Key) is the best place to send the API key with the request.
-
52Check the API key is present in the request and return 400 if not
Check the API key is present in the request and return a status code of 400 if not.
-
53Create a table data gateway class for the user table
Create a class to act as a table data gateway for the user table, having the Database class as a dependency.
-
54Authenticate the API key and return a 401 status code if invalid
Authenticate the API key and return a 401 status code in the response if the key isn't found in the database.
-
55Refactor the front controller to a bootstrap file and Auth class
Refactor the front controller code, reducing code duplication and simplifying the code, to a bootstrap file and Auth class.
-
56Add a foreign key relationship to link task records to user records
Add a foreign key relationship to link the task table to the user table in the database.
-
57Retrieve the ID of the authenticated user when authenticating
Restrict task records to the currently authenticated user in the API.
-
58Restrict the tasks index endpoint to only show the authenticated user's tasks
Restrict all the task records to those associated with the authenticated user ID.
-
59Restrict the rest of the task endpoints to the authenticated user's tasks
Restricted the rest of the task endpoints to the currently authenticated user's tasks.
-
60Cache the database connection to avoid multiple connections in the same request
Store the database connection in a property of the database class to avoid multiple database connections per request.
-
61An introduction to authentication using access tokens
Get an introduction to API authentication using access tokens - basically the main point of access tokens is that they can be used without database validation.
-
62Create the login script and return 400 if the username and password are missing
Add a login endpoint and return a status code of 400 if the username and password are missing from the request body.
-
63Select the user record based on the username in the request
Select the user record from the database based on the username passed in in the request body.
-
64Check the username and password and return a 401 status code if invalid
Check the username and password from the request and return a 401 status code if either one is invalid.
-
65Generate an encoded access token containing the user details
Generate an encoded access token containing the user details, using base64 encoding as a simple demonstration.
-
66Pass the access token to the task API endpoints in the authorization header
Get the value of the HTTP authorization header using one of two methods.
-
67Validate the access token and decode its contents
Check the access token is valid base64 and JSON.
-
68Get the authenticated user data from the access token
Get the authenticated user data from the access token's contents, if valid.
-
69An introduction to JSON web tokens (JWTs)
Get an introduction to JSON Web Tokens (JWTs).
-
70Create a class to encode a payload in a JWT
Create a class from scratch to encode a payload in a JWT.
-
71Generate a JWT access token in the login endpoint containing JWT claims
Generate a JWT access token when requesting the login endpoint that contains specific keys known as JWT claims.
-
72Add a method to decode the payload from the JWT
Add a method to the JWT class to decode the payload from a JWT and check its validity.
-
73Pass in the secret key used for hashing as a dependency
Extract the secret key used for hashing out to the configuration file, and pass it in as a dependency to the JWT codec class.
-
74Authenticate the task endpoints using the JWT
Change the front controller so that the task endpoints are authenticated using the JWT instead of the API key.
-
75Use a custom exception class to return 401 if the signature is invalid
Add a custom exception class to return a status code of 401 instead of 400 if the signature in the request is invalid.
-
76Don't store sensitive data in the JWT
Learn why you shouldn't store sensitive data in the JWT, as it's only encoded, not encrypted, and can be easily decoded.