Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Start a free Courses trial
to watch this video
As the client side frameworks improve and things get more and more mobile, providing a way to get at this mission-critical data is at the forefront of just about every companyโs mind. Exposing this data through a REST API is one of the most commonly chosen solutions. There are a few more items we haven't yet implemented in our REST API. These concepts apply, not only to APIs but also any other application.
Access Control
When attempting to access the API from another domain, you will be blocked by the browsers CORS policy. You'll need to enable access from other origins. A simple way to allow all origins is with the following middleware:
$app->add(function ($req, $res, $next) {
$response = $next($req, $res);
return $response
->withHeader('Access-Control-Allow-Origin', '*');
});
Authentication/Authorization
You'll need a way to authenticate users and control which actions and resources those users are authorized to manage. When learning about Authentication, the one thing to remember for a REST API is its statelessness. This means you will have to pass any user credentials with EACH request. Those credentials may be in the form of a username and password or some sort of token.
To learn more, check out some of our other courses:
Testing
- Manual testing using Postman
- Automated testing with Cucumber, an open source tool for testing business-readable specifications against your code on any modern development stack.
- Automated testing with Behat, an open source Behavior-Driven Development framework for PHP. It is a tool to support you in delivering software that matters through continuous communication, deliberate discovery and test-automation.
- Load testing can get expensive, but it can be extreemly helpful for high traffic APIs. There are different options available but one trusted source is Load Ninja by Smartbear.
- Monitoring can also be helpful to know how users are ACTUALLY using your APi. Common tools include Run Scope and or even Postman
Documentation
Creating great documentation requires effort and patience, but it has direct implications on API adoption and maintainability. Documenting your APIs can be made significantly more manageable by selecting the right API documentation tool. Popular open source description formats like OpenAPI Specification and commercial platforms like SwaggerHub allow teams to automate the documentation process and work on a great overall experience consuming APIs.
HATEOAS
Stands for Hypermedia as the Engine of Application State. It basically means two things for your API:
- Content negotiation
- Hypermedia controls
One of the most popular PHP library to support implementing representations for HATEOAS REST web services is willdurand/Hateoas
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up