0

I never built a REST API, so, My idea is: I have an SQL database that has a table with name and description (for this example it is car name and its description is somewhat simple) I want to create a REST API, and thus be able to consume it in any future application. I thought I would do it in php, now my question is for me to be able to access this rest api I must access using url and this will return the results in json form. But as it is done so that only my website can use it (in this example I am developing it in reactjs) and not any other that does not have authorization. I know something about JWT, but I do not know if it is indicated, this web page has no users, it only serves for you to see these "products", I read something about oauth 2.0, I do not know if this is what I am thinking of.

MAGICK
  • 79
  • 2
  • 7

1 Answers1

0

https://blog.restcase.com/4-most-used-rest-api-authentication-methods/

Basic Authentication is probably the easiest. Just google PHP Basic Authentication REST API implementation

There's a very basic old example on php.net in the comments https://www.php.net/manual/en/features.http-auth.php

<?php

$valid_passwords = array ("mario" => "carbonell");
$valid_users = array_keys($valid_passwords);

$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];

$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]);

if (!$validated) {
  header('WWW-Authenticate: Basic realm="My Realm"');
  header('HTTP/1.0 401 Unauthorized');
  die ("Not authorized");
}

// If arrives here, is a valid user.
echo "<p>Welcome $user.</p>";
echo "<p>Congratulation, you are into the system.</p>";

?>

But the above is not using a database to store user login/hashed password, it's just storing it in an array. But it would be very quick to prototype your authentication before making something a bit more complicated

Here's another basic example along the same lines https://gist.github.com/rchrd2/c94eb4701da57ce9a0ad4d2b00794131

So with this setup, if you're sending a GET request to your REST API endpoints to get the json, you would also need to include the username/pass in the Http request headers otherwise you would get the 401 not authorized response instead of the JSON.

See the answer here for how you would code the GET request from your PHP to call the REST endpoint How do I make a request using HTTP basic authentication with PHP curl? or here also has a good example PHP: how to make a GET request with HTTP-Basic authentication

namrogom
  • 155
  • 9
  • This is not passing "parameters" through a url? Not still visible to developer tools in browsers? – MAGICK May 31 '20 at 15:48
  • @MAGICK No, Basic Auth is trasmitted in the request header: `Authorization: Basic bG9sOnNlY3VyZQ==` – odan May 31 '20 at 15:53
  • Right, I also should have said GET request if you're passing your parameters through the URL. I'm editing the answer – namrogom May 31 '20 at 15:57
  • It depends what you want to do, do you want to take in parameters from the URL for car details e.g. http://www.example.com/?carColour=red&carDescription=Big or do you want to send that with POST parameters, either is fine. Usually REST API endpoints would have the parameters passed through the URL and the Basic Auth in the HTTP header – namrogom May 31 '20 at 16:00
  • For a website like the one I comment on, the most recommended would be oauth2 according to the article you passed me, right? – MAGICK May 31 '20 at 16:56
  • The problem with these solutions is that they use tokens for users, and here there are not multiple users, I am quite lost :/ – MAGICK May 31 '20 at 17:03