Codeigniter RESTful web API for web and mobile applications

Question

I'm having application with running good in codeigniter, mysql and jquery. Currently we are planning to evaluate our web application with mobile application. So we planned to develop web application, android, ios and blackberry. Everything is native application.

For everything we planned to develop codeigniter restful API (This is server for all the client web and mobiles). For web application we planned to develop client with angular js. But every client access web api server only. My codeigniter controller now looks like API.

My question is, 1.Is this good idea to create single server for all the client both web and mobile 2.How to create unique authentication for both web and mobile apps

Because in web app we have the session but in mobile there is no session. So how to create authentication uniquely for both apps.

I have planned to send a token to client, once login get successful. And then after for each and every request to server, the client will send a token with the request header. I have no idea of how to do the same for mobile apps, as web app having session, and hence we can save the token into session variable in server. But in-case of mobile app, how to create server variable and maintain the tokens.

Please anyone help me to get clarify my doubts.

Answer 1

You can check out Codeigniter REST Controller (https://github.com/chriskacerguis/codeigniter-restserver/tree/master/application). It has different methods POST, GET etc

For Authentication: If a server get a login request, if the login parameters are valid allow the user to login, at the same time update the user db column with a session id (this is not php session id) - create a session with user id+time+some random string sha 1 or some other encryption. And valid this session with all other request.If session is not matching the services return invalid session message.

If a server get a login request from a user even if there is session exist, regenerate the session and update corresponding column in db, this will make previous session invalid.

And also, we can share a API KEY (known to developer of web and app) as http header parameter. If API key matches then only the request proceeds. The mentioned codeigniter controller has the option to set API key.

Hope it is clear..

Answer 2

<?php
class Api_ci extends CI_Controller
{
    public function __construct()
{
parent::__construct();
$this->load->model('Api_model');
$this->load->helper('text');
}

// code for login *api*-------------------------------

public function login_api_ci(){
$email =   $this->input->get('email');
$pass =    $this->input->get('password');
$query = $this->Api_model->login_api($email,$pass);
echo json_encode($query);
}
}
?>

<?php
class Api_model extends CI_Model{
    public function __construct()
{
parent::__construct();
// Your own constructor code
$this->load->database();
}

// code for login api

public function login_api($username,$password){
$query = $this->db->query("SELECT * FROM `host_users` WHERE `email` = '$username' AND `password` = '$password'");
return $query->result_array();
}
}
?>



After these process, your API URL your domain name and / class name, class function:
 www.example.com/Api_ci/login_api_ci?email=gaurav@gmail.com&password=1234567899


Output like this :




[{"id":"112","f_name":"gaurav","l_name":"singh","email":"gaurav@gmail.com","mob":"1234567899","password":"1234567899","img":null}]

Answer 3

Just to update this thread, I feel like creating a RESTFUL web API using Codeigniter is overkill, there's a lot of things that are unnecessary unless you are building a monolith system.

I prefer just creating a simple API without framework is better and lighter, it can also easily be scaled because nowadays microservices has more benefits than a monolith type of development.