stackoom
  简体   繁体   中英

How should I create my API for mobile applications (Needs Authentication)

 原文  2016-06-02 08:58:54       php/ api/ laravel/ authentication/ api-design

Question

Background

So I've been researching quite a bit for the past week about API's and have been reading about concepts and also programming one.

Currently I have a website which is programmed in PHP using a popular framework called Laravel. The website has a user database and users are able to log into the dashboard on my website, everything works as I want it to for my website side.

Now for the next project of my business i'm focusing on creating my mobile applications (IOS & Andriod).What I need for these mobile applications is being able to login through the application UI (not being redirected to my site with a callback URL) so they are able to view and manage the dashboard.

The method of authentication and authorization that i want to use for my application will go something like

  • Client asks user to login through UI
  • User enters credentials
  • Client sends a request to login to the API
  • The API checks if the credentials are correct
  • API creates a token which is stored in token database linked to user ID
  • API returns 200 OK with a json response or something like this

{ "token" : "OLS25usJIay81hdy81", "expiry" : 3/06/2016 14:00}

  • Client remembers token and expiry
  • Whenever a user/client makes a request such as api/v1/mystuff/orders it sends the token with the request(probably through the http headers?)
  • API verifies token, gets user ID and finds users orders

Questions

I know this is one hell a question and i'm not asking you people to program my entire software haha but what I need to know is

  • What should I use to create the API (needs to be PHP, and preferably laravel integrated)
  • What are some good resources to help me program my API
  • Is there any suggestions/changes you'd recommend?

Requirements

  • Username/Password authentication
  • Token Authorization
  • Login through app UI (Not on my website with a callback)

Notes

  • My website has a SSL cert.

1 answers

solution1
 2 ACCPTED  2016-06-02 10:00:41

Laravel is definitely a very good choice to create your API and your plan for authentication and authorization is pretty solid.

I could recommend for you to use the JSON token authentication package for Laravel https://github.com/tymondesigns/jwt-auth

You can see some tutorials here:

https://scotch.io/tutorials/token-based-authentication-for-angularjs-and-laravel-apps

https://www.sitepoint.com/how-to-build-an-api-only-jwt-powered-laravel-app/

I would also recommend this API package https://github.com/dingo/api which will save you a lot of work.

If you need some help you could watch this series https://laracasts.com/series/incremental-api-development from Laracast, which requires a subscription, but it's more than worth it.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I create an api endpoint that needs authentication using jwt authentication for wp rest How I create a web server that can interact with mobile applications? My Wordpress plugin needs Facebook API access. Should each user create a Facebook app for access? How should I structure my query string in MVC htaccess applications? How should I create my GUID? should we create session on php server for uses accessing my php api from mobile How could I create two levels of authentication for registration on my site? How should I handle Facebook logins in my API [CakePHP 3] How should I create guest account pages on my website? How should I create my Data Mappers/Domain Objects/Services?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM