2

Ok, this is probably something answered millions of times, but I couldn't find an answer on Google (maybe I'm using the wrong parameters?).

Here is the thing:

I'm planning to implement a REST webservice using PHP. This webservice is supposed to serve a mobile app and also a website (located on the same server/virtualhost/whatever).

For example, URLs will be something like:

Now my question is:

Which type of query is the most recommended for querying the database? For example, if I login from the website (http://www.somedomain.com/), it would be better to implement another internal PHP API for that or to login using cURL to the REST API and why?

I know, if I implement another PHP function for login from the website, I will be using one less HTTP connection to my server, but wouldn't it break the idea of the RESTful API?

Thank you in advance.

Alejandro Iván
  • 3,969
  • 1
  • 21
  • 30
  • 2
    Don't add any complexity just for the sake of using the latest trend in web technologies. Both your app and your website should be just fine using a web service. Adding a RESTful layer, just for the sake of using the technology is not the correct way to go about things. – Captain Skyhawk Oct 18 '13 at 18:59
  • 1
    Nonetheless, use [oAuth2](http://oauth.net/2/) for implement authentication on your web site. – Max Oct 18 '13 at 19:01
  • Thank you, CaptainSkyhawk and Max. Really helpful. – Alejandro Iván Oct 19 '13 at 00:49

2 Answers2

1

I'd say you want to leave out the HTTP round-trip where you can. That's potentially extremely wasteful, though if the calls are rare then it may be worth it for the code de-deduplication. It all depends on your application really.

Don't worry too much about "breaking the RESTful API" — by your logic, your own application should have no function calls and just be full of curl invocations to itself. No, instead, at some point, your code needs to shake off the management speak and just get down to bloody work. :)

Lightness Races in Orbit
  • 378,754
  • 76
  • 643
  • 1,055
1

I am sure most of you know this, but for the sake of completeness:

A function or procedure is a designated program-section that handles a specific task and usually consists out of a function declaration or definition and a function body.

When a function is called remotely, it is known as a remote procedure call (RPC), and the invocation implementation as a Remote Procedure, which is generally handled by an RPC- API and in rare cases by an ABI.

So at the heart of your quest lies questioning the necessity for remote procedure invocation, and how much a given procedure should perform. As such heeding good code-refactoring guidlines is a good start to a good API. I generally adhere to the following pointers:

  • If you do not need the necessity of remote invocation for a given procedure, do not expose it unnecessarily.
  • Choose wisely which procedures you make API accessible and unit-test them.
  • Create various wrapper functions which successively call a set of local functions to perform specific tasks as opposed to calling each function remotely, and render them accessible to the REST API.

An initial authentication procedure is a good idea, but I would recommend using established protocols such as OAuth 2 rather than implementing your own. As such may end up using curl in your remote php script.

This should get you started.

Other than that you do not provide enough information to give you a more specific answer. I would generally recommend to look at google, yahoo, facebook, and perhaps NCBI's PUG to see how they implement their REST APIs, which are often a good case-study.

Community
  • 1
  • 1
Lorenz Lo Sauer
  • 23,698
  • 16
  • 85
  • 87
  • Thank you. I upvoted this because the great explanation and a good amount of references. I had to accept Lightness' answer because that's exactly what I was asking for, but, as I said, this is a really good lecture. Thanks again! – Alejandro Iván Oct 19 '13 at 00:43