I want to create a REST api using php for my website so that, my app can access the data stored in the database.

I need for the user to be able to log in to the server through the app and i am unsure of how to implement this securly?

I have considerd oAuth but its not really what im looking for as it is for third party software

3 Years
Discussion Span
Last Post by phorce

OAuth can seem like a daunting task to implement, although, can be worth-while.

First of all: Choose the return type

What I mean by this is: How do you want the data to be processed? Should you use XML or JSON? It's entirely up to you, you might specifiy what the user wants and therefore chooses.

Second of all: Security

If people are accessing your data, you want to know who they are, right? You don' want someone randomly accessing all of your records. So, what you need to decide is which data is going to become available and to who.

You can specify the who by making sure that the users of the site have to request an API key from you; this key, once accepted is stored inside a database and you can deny access from this API should they start doing things that break the rules. Only members, whom have a valid API key should be allowed to request data.

If they wanted to sign in from the app, then, sure, that's possible. You could ensure that they have an API key. I suggest you read some more on API's to help you gain more knowlege before you start building your own.


Your question seems to broad, which, is probably going to land yourself getting answers that might not be what you're looking for. Which tells me that you do not understand the concepts of API's therefore, I have suggested that you research them, find out algorithms and implementation designs/methods for implementing this kind of technology and, if you have any specific concerns, feel free to post them.

Edited by phorce

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.