PHP API create authentication method which returns a token, then with this token and other data the final response returns results

Question

There are two steps in the API:

1.) Request with a username and password is sent like this:

curl -X 'POST' \
  'https://api.webpage.com' \
  -H 'accept: text/plain' \
  -H 'Content-Type: application/json' \
  -d '{
  "username": "string",
  "password": "string"
}'

1.1) Server response should be:

response body

{
  "token": "33670dc8-1f24f-4482-2402f-d126t46tbdd7"
}

response headers

 content-type: application/json; charset=utf-8 
 date: Fri,14 Jul 2023 12:53:57 GMT 
 server: Microsoft-IIS/10.0 
 x-powered-by: ASP.NET

2.) As we get the token, the second request is as follows:

curl -X 'POST' \
  'https://api.webpage.com' \
  -H 'accept: text/plain' \
  -H 'Content-Type: application/json' \
  -d '{
  "token": "string",
  "name": string,
  "surname": "string"
}'

2.1) And the final response should be:

response body

{
  "age": 46
}

response headers

 content-type: application/json; charset=utf-8 
 date: Fri,14 Jul 2023 12:53:57 GMT 
 server: Microsoft-IIS/10.0 
 x-powered-by: ASP.NET

Question/Problem Not sure how to create this database and PHP scripts to correctly respond to the above scenario.

Until now I've created a MySQL database with the data, and PHP script which connects to the database and displays the whole dataset. But how do I incorporate authentication step, and display only the needed data ("age") if other two data ("name", "surrname") are sent to the API?

My SQL database schema:

table 1

"id", "name", "surname", "age"
"0", "Adam", "Smith", "46"
...

table 2

"id", "username", "password", "token"
"0", "user", "pass", "33670dc8-1f24f-4482-2402f-d126t46tbdd7"

My php script:

<?php

class API {
    function Select(){

        $conn = mysqli_connect("mysqlserver.com", "root", "", "api_database");
        if($conn == false){
            // reconnect
        }
        else{
            echo "connected.. \n";
        }
        
        $sqlq = "SELECT * FROM table 1 ORDER BY id";
        $results = $conn-> query($sqlq);

        $data = array();

        while($OutputData = $results->fetch_assoc()){
            $data[$OutputData['id']] = array(
                'id' => $OutputData['id'],
                'name' => $OutputData['name'],
                'surname' => $OutputData['surname'],
                'age' => $OutputData['age']
            );
        }
        return json_encode($data);
    }
}

$API = new API;
header('Content-Type: application/json');
echo $API->Select();
?>

My current curl response (with still no authentication step incorporated):

connected.. [{"id":"0","name":"Adam","surname":"Smith","age":"46"},{"id":"1","name":"Jessica","surname":"Smith","age":"44"}, ...]

Am I even going in the right direction? Stuck here after my basic PHP knowledge ran out.

Well you'd need to store the issued token against the user record in your database, so that when the second request occurs, you can check if the token is valid and current, and matches a specific user. Then you check the name sent in the request too, and if it all matches up to a database record, you provide the requested info. If not, send back an error. It's not clear if you've tried anything or what, specifically, is preventing you from doing so. — ADyson, Jul 14 '23 at 13:22
Thank you, so far. I understand, but don't know how to actually create/code it. New to PHP and databases. Created the first lines with help of some basic tutorials. — belosand, Jul 14 '23 at 13:32
Well, which bit of what I wrote above are you stuck with exactly? It seems you already know how to write queries to interact with your database. Or is that just stuff you pasted from tutorials without really understanding it properly? It might be that you need to get to a higher level of knowledge before attempting this...it's not completely trivial. And security is not really a good topic for beginners anyway - too many ways to mess it up! We can help you with a specific issue at Stackoverflow, but we can't teach you PHP or make up for lack of core, basic knowledge that comes through studying — ADyson, Jul 14 '23 at 13:36
Not sure how exactly to handle the passing data from curl -d, and use it in the php script — belosand, Jul 14 '23 at 13:39
Ah ok. Take a look at [Receive JSON POST with PHP](https://stackoverflow.com/questions/18866571/receive-json-post-with-php), then — ADyson, Jul 14 '23 at 13:39
How can I format the final api output from {“”:{“age”:”46”}}, to just {“age”:”46”}? — belosand, Jul 14 '23 at 16:09
Well you haven't shared the code which resulted in that output in the first place, but at a guess you've wrapped the data in some outer object which doesn't need to be there. [edit] your question if you need more specific help, and show the relevant code — ADyson, Jul 14 '23 at 16:26
The code for this result is in the original question: $data = array(); while($OutputData = $results->fetch_assoc()){ $data[$OutputData['id']] = array( 'id' => $OutputData['id'], 'name' => $OutputData['name'], 'surname' => $OutputData['surname'], 'age' => $OutputData['age'] ); } return json_encode($data); — belosand, Jul 14 '23 at 16:58
No, that would produce an object with multiple properties, not just age — ADyson, Jul 14 '23 at 17:11
$data = array(); while($OutputData = $results->fetch_assoc()){ $data[$OutputData['id']] = array( 'age' => $OutputData['age'] ); } return json_encode($data); — belosand, Jul 14 '23 at 17:15
Ok. Just write `$data = array( 'age' => $OutputData['age'] ); } return json_encode($data);` instead. That will be fine unless there is ever more than one row of matching data from the query — ADyson, Jul 14 '23 at 17:29

PHP API create authentication method which returns a token, then with this token and other data the final response returns results

0 Answers0