APIs in PHP: from Basic to Advanced

Course Curriculum

Chapter 1: Introduction: how to use the course and software installation

Lecture 1: Introduction and welcome: how to get the most out of the course

Lecture 2: Install a package with a web server, PHP, a database server and phpMyAdmin

Lecture 3: Install Composer: manage third-party packages and autoload class files

Chapter 2: API basics: what APIs are and how to use them

Lecture 1: What is an API?

Lecture 2: Make an API call: access an API from PHP

Lecture 3: Decode API results: reading JSON in PHP

Lecture 4: Use API data in a web application

Chapter 3: HTTP basics: requests, responses and using cURL

Lecture 1: Use cURL instead of file_get_contents to make an API request

Lecture 2: Response codes: get the HTTP status code

Lecture 3: Request headers: add meta data about the request

Lecture 4: Response headers: read meta data about the response

Lecture 5: Get all individual response headers in an array

Lecture 6: Use an API that requires a specific request header

Lecture 7: Request method: change the method to get a different result with the same URL

Lecture 8: Request body: add a payload to send data along with the request

Chapter 4: REST and RESTful APIs: using them from PHP

Lecture 1: REST and RESTful APIs: what are they?

Lecture 2: Access a RESTful API in PHP with cURL

Lecture 3: Use the Guzzle HTTP client for object-oriented API code

Lecture 4: Use an SDK: compare the Stripe API to its SDK

Chapter 5: Create a RESTful API: build a framework for serving the API

Lecture 1: Start writing the API: enable URL rewriting

Lecture 2: The front controller: get the resource, ID and the request method

Lecture 3: Use a client for API development: cURL, Postman or HTTPie

Lecture 4: Set the HTTP status code: best practices

Lecture 5: Add a controller class to decide the response

Lecture 6: Use Composer's autoloader to load classes automatically

Lecture 7: Make debugging easier: add type declarations and enable strict type checking

Lecture 8: Always return JSON: add a generic exception handler and JSON Content-Type header

Lecture 9: Send a 405 status code and Allow header for invalid request methods

Chapter 6: Create a RESTful API: create a database and retrieve data from it

Lecture 1: Create a new database and a database user to access it

Lecture 2: Create a table to store resource data

Lecture 3: Connect to the database from PHP: add a Database class

Lecture 4: Move the database connection data to a separate .env file

Lecture 5: Create a table data gateway class for the resource table

Lecture 6: Show a list of all records

Lecture 7: Configure PDO to prevent numeric values from being converted to strings

Lecture 8: Convert database booleans to boolean literals in the JSON

Lecture 9: Show an individual record

Lecture 10: Respond with 404 if the resource with the specified ID is not found

Chapter 7: Create a RESTful API: create, update and delete individual resources

Lecture 1: Get the data from the request as JSON

Lecture 2: Insert a record into the database and respond with a 201 status code

Lecture 3: Add a generic error handler to output warnings as JSON

Lecture 4: Validate the data and respond with a 422 status code if invalid

Lecture 5: Conditionally validate the data when updating an existing record

Lecture 6: Get the data from the request for updating an existing record

Lecture 7: Update the record in the database and return a 200 status code

Lecture 8: Delete the record in the database and return a 200 status code

Chapter 8: API key authentication

Lecture 1: Create a table to store user account data

Lecture 2: Add a register page to insert a new user record and generate a new API key

Lecture 3: Send the API key with the request: query string or request header

Lecture 4: Check the API key is present in the request and return 400 if not

Lecture 5: Create a table data gateway class for the user table

Lecture 6: Authenticate the API key and return a 401 status code if invalid

Lecture 7: Refactor the front controller to a bootstrap file and Auth class

Lecture 8: Add a foreign key relationship to link task records to user records

Lecture 9: Retrieve the ID of the authenticated user when authenticating

Lecture 10: Restrict the tasks index endpoint to only show the authenticated user's tasks

Lecture 11: Restrict the rest of the task endpoints to the authenticated user's tasks

Lecture 12: Cache the database connection to avoid multiple connections in the same request

Chapter 9: An introduction to authentication using access tokens

Lecture 1: An introduction to authentication using access tokens

Lecture 2: Create the login script and return 400 if the username and password are missing

Lecture 3: Select the user record based on the username in the request

Lecture 4: Check the username and password and return a 401 status code if invalid

Lecture 5: Generate an encoded access token containing the user details

Lecture 6: Pass the access token to the task API endpoints in the authorization header

Lecture 7: Validate the access token and decode its contents

Lecture 8: Get the authenticated user data from the access token

Chapter 10: Authentication using JSON Web Tokens (JWTs)

Lecture 1: An introduction to JSON web tokens (JWTs)

Lecture 2: Create a class to encode a payload in a JWT

Lecture 3: Generate a JWT access token in the login endpoint containing JWT claims

Lecture 4: Add a method to decode the payload from the JWT

Lecture 5: Pass in the secret key used for hashing as a dependency

Lecture 6: Authenticate the task endpoints using the JWT

Lecture 7: Use a custom exception class to return 401 if the signature is invalid

Lecture 8: Don't store sensitive data in the JWT

Chapter 11: Expiring and refreshing access tokens

Lecture 1: Why access tokens need to expire and how to refresh them in a user-friendly way

Lecture 2: Add an expiry claim to the access token payload when logging in

Lecture 3: Throw a custom exception to not accept the JWT if it has expired

Lecture 4: Issue a refresh token in addition to the access token when logging in

Lecture 5: Add a refresh endpoint and validate the refresh token in the request

Lecture 6: Validate the user in the refresh token using the database

Lecture 7: Issue a new access token and refresh token to the authenticated user

Lecture 8: Create a table to store a refresh token whitelist

Lecture 9: Store the refresh token in the whitelist when issued in the login endpoint

Lecture 10: Replace the refresh token in the whitelist when issued in the refresh endpoint

Lecture 11: Validate the refresh token is on the whitelist and return a 400 response if not

Lecture 12: Add a logout endpoint to remove the an active refresh token from the whitelist

Lecture 13: Add a script to clear out expired refresh tokens from the whitelist