Start with something that accepts a
post(s)
You could use
Spring,
PHP and many things to achieve this.
My weapon of choice is usually PHP but for bigger projects/ enterprise level usually a framework that can work more structured (MVC, application + database layer etc) would be used.
Take a look at this very simple API in php to give you an idea of how something like this could work:
Code:
<?php
header('Content-type: application/json');
include("App.php");
/**
* User: Darryl
* Date: 26/04/13
* Time: 15:17
*/
$request = $_SERVER['REQUEST_URI'];
$request = explode("/", $request);
foreach ($request as $key => $value) {
}
if (isset($_POST['apikey'])) {
$apikey = $_POST['apikey'];
} else {
$apikey = "null";
$return_array['code'] = "404";
$return_array['msg'] = "method not found";
$return_array['apikey'] = $apikey;
$return_array['data'] = "";
$return_array['authorised'] = false;
}
if ($apikey == "12345") {
$return_array['authorised'] = true;
} else {
$return_array['code'] = "404";
$return_array['msg'] = "invalid api key";
$return_array['authorised'] = false;
echo json_encode($return_array);
return false;
}
if ($return_array['authorised'] == true) {
if ($request[2] == "request") {
switch ($request[3]) {
case "login":
$tryLogin = App::checkLogin($_POST['email'], $_POST['password']);
if ($tryLogin == false) {
$return_array['code'] = "400";
$return_array['msg'] = "login checked, failed";
$return_array['data'] = false;
} else {
$return_array['code'] = "100";
$return_array['msg'] = "login checked, returning result";
$return_array['data'] = $tryLogin;
}
break;
default:
$return_array['code'] = "404";
$return_array['msg'] = "method not found";
break;
}
} else {
$return_array['code'] = "404";
$return_array['msg'] = "method not found";
$return_array['apikey'] = $apikey;
$return_array['data'] = "";
}
} else {
$return_array['msg'] = "Unauthorised request to API";
$return_array['code'] = "500";
}
//generate json array
echo json_encode($return_array);
?>
I wrote this when I first started getting into PHP so it may be a bit shoddy but good starting ground. Accepts posts of apikey, email and password so I can hit whatever method is defined by the URL so in this case login is the only one implemented and we would be triggering that for a successful API hit. This is calling an external class that will have a method executing MySQL to query the database for the requested information/ authentication. See below:
Code:
<?php
/**
* Created by PhpStorm.
* User: Darryl
* Date: 26/04/14
* Time: 15:17
*/
include("../classes/Config.php");
include("../classes/DB.php");
// Standard includes
function hashPassword($password)
{
return hash("sha512", $password);
}
class App
{
public static function checkLogin($email, $password)
{
if ($email != "" && $password != "") {
$email = htmlentities(strtolower($email));
$password = hashPassword($password);
$sql = "SELECT * FROM `users` WHERE `email` = :email AND `password` = :password";
$core = DB::getInstance();
$stmt = $core->dbh->prepare($sql);
$result = $stmt->execute(array(
':email' => $email,
':password' => $password
));
$row = $stmt->fetchAll(PDO::FETCH_ASSOC);
if (!$stmt) {
print_r($core->dbh->errorInfo());
}
if ($row) {
$user = array();
$user["email"] = $row[0]['email'];
$user["forename"] = $row[0]['forename'];
$user["surname"] = $row[0]['surname'];
$user["level"] = $row[0]['level'];
$user["avatar"] = $row[0]['avatar'];
$user["confirmed"] = $row[0]['confirmed'];
return $user;
} else {
$fail_message = "invalid email / password";
return false;
}
} else {
$null_message = "Error";
return false;
}
}
}
?>
The end result will be a json array which can be decoded by pretty much any framework/ language these days - you will also need a DB config file with your MySQL database username and password
Some good tools: PHP Storm,
Online tool for testing posts, and a PHP enabled instance of
apache server to test, instance of MySQL for database