Search code examples
phpapilaravelauthenticationapi-design

How should I create my API for mobile applications (Needs Authentication)

Background

So I've been researching quite a bit for the past week about API's and have been reading about concepts and also programming one.

Currently I have a website which is programmed in PHP using a popular framework called Laravel. The website has a user database and users are able to log into the dashboard on my website, everything works as I want it to for my website side.

Now for the next project of my business i'm focusing on creating my mobile applications (IOS & Andriod).What I need for these mobile applications is being able to login through the application UI (not being redirected to my site with a callback URL) so they are able to view and manage the dashboard.

The method of authentication and authorization that i want to use for my application will go something like

  • Client asks user to login through UI
  • User enters credentials
  • Client sends a request to login to the API
  • The API checks if the credentials are correct
  • API creates a token which is stored in token database linked to user ID
  • API returns 200 OK with a json response or something like this

{ "token" : "OLS25usJIay81hdy81", "expiry" : 3/06/2016 14:00}

  • Client remembers token and expiry
  • Whenever a user/client makes a request such as api/v1/mystuff/orders it sends the token with the request(probably through the http headers?)
  • API verifies token, gets user ID and finds users orders

Questions

I know this is one hell a question and i'm not asking you people to program my entire software haha but what I need to know is

  • What should I use to create the API (needs to be PHP, and preferably laravel integrated)
  • What are some good resources to help me program my API
  • Is there any suggestions/changes you'd recommend?

Requirements

  • Username/Password authentication
  • Token Authorization
  • Login through app UI (Not on my website with a callback)

Notes

  • My website has a SSL cert.
Solution

  • Laravel is definitely a very good choice to create your API and your plan for authentication and authorization is pretty solid.

    I could recommend for you to use the JSON token authentication package for Laravel https://github.com/tymondesigns/jwt-auth

    You can see some tutorials here:

    https://scotch.io/tutorials/token-based-authentication-for-angularjs-and-laravel-apps

    https://www.sitepoint.com/how-to-build-an-api-only-jwt-powered-laravel-app/

    I would also recommend this API package https://github.com/dingo/api which will save you a lot of work.

    If you need some help you could watch this series https://laracasts.com/series/incremental-api-development from Laracast, which requires a subscription, but it's more than worth it.