In this article, we are going to create an API (Application Programming Interface) using PHP and MySQL. A REST API goal is to create a system that can be used easily by other applications without even considering the language that the API was created in. REST means Representational State Transfer which is basically an architecture used by systems to define methods used to get access to web services.
In our previous article Introduction to APIS, we discussed what an API is, it’s importance, where it is used, and how it is used, having laid out the foundation of APIs we are going to create a simple login API.
REST APIS contains CRUD operations meaning that you can create an API that Creates (add data to database), Read (Select data from database), Update (change data in the database), and Delete (Remove data from the database) and can be accessed by creating a HTTP request either in form of POST, GET or PUT.
Creating Login REST API
Suppose we have users saved in a database table called customers like shown below
id | Customer Name | Email | Password |
|---|---|---|---|
1 | John Doe | [email protected] | 1234 |
2 | Mary Doe | [email protected] | 1011 |
We want to allow users using other applications, for example, an android app to be able to login when they key in their emails and passwords on the app.
In your server space, e.g. the Cpanel or any other server, create a file named login.php
- Open the file and add the following
<?phpheader("Content-Type:application/json");
//the above means that the request body format is JSON
?>
- Next add database connection
<?php$con=mysqli_connect("localhost","username","password1","databasename");
//update the above with your database credentials
?>
- Next we collect values sent from the outside application that want to access the database, in this case we are expecting email and password to be sent, therefore we use post method to extract these values and assign variables to them as shown below
<?php$email = $_POST["email"];
$password = $_POST["password"];
?>
- Next we are going to make a request to the database and confirm whether the values inserted by the customer matches the one in the database
We are going to use one of the CRUD operations READ (SELECT)
<?php$email = $_POST["email"];
$password = $_POST["password"];
if(mysqli_num_rows(mysqli_query($con,"SELECT * FROM customers WHERE Email='$email' AND Password='$password'"))> 0){
//if the result is greater than zero, it means that the values inserted by the customer matches what is saved in the database and therefore we grant the customer access to the system as he has been authenticated
}
?>
- Next we are going to display a success message in form of JSON array when the values match and at the same time show an error message when the values do not match
<?php$email = $_POST["email"];
$password = $_POST["password"];
if(mysqli_num_rows(mysqli_query($con,"SELECT * FROM customers WHERE Email='$email' AND Password='$password'"))> 0){
$json = array("status" => 200,'message' => "Success");
}else{
$json = array("status" => 300,'message' => "Error");
}
?>
- Finally, show the json result by printing the variable json and closing the mysql connection
<?phpecho $json;
mysqli_close($con)
?>
Full login code is as below
<?phpheader("Content-Type:application/json");
$con=mysqli_connect("localhost","username","password1","databasename");
$email = $_POST["email"];
$password = $_POST["password"];
if(mysqli_num_rows(mysqli_query($con,"SELECT * FROM customers WHERE Email='$email' AND Password='$password'"))> 0){
$json = array("status" => 200,'message' => "Success");
}else{
$json = array("status" => 300,'message' => "Error");
}
echo $json;
mysqli_close($con)
?>
We have created a simple REST API that can be used by other applications to access data in a database that is not within their application. Our next article will be how to secure the API and also how to use POSTMAN to test this API on real-time such that you will identify whether it has errors before sharing with other developers.
