1

Background

So I've been researching quite a bit for the past week about API's and have been reading about concepts and also programming one.

Currently I have a website which is programmed in PHP using a popular framework called Laravel. The website has a user database and users are able to log into the dashboard on my website, everything works as I want it to for my website side.

Now for the next project of my business i'm focusing on creating my mobile applications (IOS & Andriod).What I need for these mobile applications is being able to login through the application UI (not being redirected to my site with a callback URL) so they are able to view and manage the dashboard.

The method of authentication and authorization that i want to use for my application will go something like

  • Client asks user to login through UI
  • User enters credentials
  • Client sends a request to login to the API
  • The API checks if the credentials are correct
  • API creates a token which is stored in token database linked to user ID
  • API returns 200 OK with a json response or something like this

{ "token" : "OLS25usJIay81hdy81", "expiry" : 3/06/2016 14:00}

  • Client remembers token and expiry
  • Whenever a user/client makes a request such as api/v1/mystuff/orders it sends the token with the request(probably through the http headers?)
  • API verifies token, gets user ID and finds users orders

Questions

I know this is one hell a question and i'm not asking you people to program my entire software haha but what I need to know is

  • What should I use to create the API (needs to be PHP, and preferably laravel integrated)
  • What are some good resources to help me program my API
  • Is there any suggestions/changes you'd recommend?

Requirements

  • Username/Password authentication
  • Token Authorization
  • Login through app UI (Not on my website with a callback)

Notes

  • My website has a SSL cert.
Improve this question

1 Answer 1

Reset to default
2

Laravel is definitely a very good choice to create your API and your plan for authentication and authorization is pretty solid.

I could recommend for you to use the JSON token authentication package for Laravel https://github.com/tymondesigns/jwt-auth

You can see some tutorials here:

https://scotch.io/tutorials/token-based-authentication-for-angularjs-and-laravel-apps

https://www.sitepoint.com/how-to-build-an-api-only-jwt-powered-laravel-app/

I would also recommend this API package https://github.com/dingo/api which will save you a lot of work.

If you need some help you could watch this series https://laracasts.com/series/incremental-api-development from Laracast, which requires a subscription, but it's more than worth it.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Thanks, I'll check out all these resources and get back to you!
Thank You, I just watched some tutorials and read some documentation. Its perfect for what I'll need!
Great, glad I could help.
@TheFallen jwt-auth will generate a token for each logged in user with one hour life time , it's ok for web applications like angular js but what should i do with mobile applications? should i login the users again and again to get the fresh token? of course this is not a good idea for mobile apps! what's your idea?
@AliSherafat yes, I don't think this is a good idea for mobile apps. Generally in mobile apps the user logs in once and he is logged in until he logs out, even if the application is closed or it's opened a week from then. So you should keep this token in the database and the session should not expire, like on web apps.
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.