composer create-project chalarangelo/codeigniter-rap
The CodeIgniter RESTful API is a set of simple, modular helpers that can be easily integrated into your CodeIgniter projects, allowing you to create customizable RESTful APIs that suit all your needs. The package includes helpers for database manipulation, JSON Web Token generation, validation and signing, authentication methods, methods for accessing resources using a URI, as well as some utility methods that will help streamline your workflow.
config.example.ini
file outside your application folder or create yours, based on the example provided. Remember to name your file config.ini
or rename the sample provided.config.ini
to be completely secure..example.htaccess
file and tweak it to your liking. Remember to rename it to .htaccess
.The API is made up of a set of helpers, each one serving a different purpose. Click on each helper below to read about its functionality.
Contains values for various error codes. The codes are mostly matched to HTTP status codes, but some of them might not be perfect matches. The error codes are stored as global variables.
Variable | Value | Description |
---|---|---|
PROHIBITED | 405 | The action is not allowed. |
BAD_DATA | 400 | The data is malfored or does not match expected input. |
BAD_CREDENTIALS | 403 | The credentials provided cannot be successfully authorized. |
UNAUTHORIZED | 403 | The user has not the proper authorization to perform this action. |
NO_COOKIE | 409 | The expected cookie was not found. |
SUCCESS | 200 | The action was successful. |
Contains a single method for retrieving the body of the current request.
get_request_body()
: Retrieves the body of the current request.Contains multiple methods for connecting and retrieving information from the database.
database_connect()
: Establishes a connection to the database. The connection's parameters (host, username, password and database name) are parsed from the config.ini
file, residing in the CodeIgniter root folder.database_query($query, $types, $params, $query_type)
: Uses a prepared statement to query the database, returning an associative array or false, based on the query's results.$query
: The query to the database, as a string.$types
: A string that contains one or more characters which specify the types for the corresponding bind variables.$params
: An array of values that will be passed as parameters to the query. The types of the parameters must match the types specified by $types
.$query_type
: (Optional) The type of query that will be executed ("SELECT" (default), "INSERT", "UPDATE", "DELETE"). The execution of the prepared statement will return different kinds of results based on the type specified.database_no_args_query($query)
:$query
: The query to the database, as a string.database_error()
: Returns the last connection error, if any.Heavily based on this implementation, the JWT helper allows for the creation of JSON Web Tokens. The secret key provided in config.ini
will be used to sign the token.
jwt_encode($payload, $key, $algo)
: Creates a JWT string.$payload
: The payload of the JSON Web Token.$key
: The secret key$algo
: (Optional) The signing algorithm ('HS256' (default), 'HS384' or 'HS512').jwt_decode($jwt, $key, $verify)
: Decodes a JWT string.$jwt
: The JSON Web Token.$key
: The secret key.$verify
: (Optional) Toggles verification of token on/off.sign($msg, $key, $method)
: Signs a string with a given key and algorithm.$msg
: The message to sign.$key
: The secret key.$algo
: (Optional) The signing algorithm ('HS256' (default), 'HS384' or 'HS512').json_e_encode($input)
: Encodes into a JSON string (with error handling).$input
: Object to be encoded.json_e_decode($input)
: Decodes a JSON string (with error handling).)$input
: JSON string to be decoded.urlsafe_base64_encode($input)
: Encodes a string with URL-safe Base64.$input
: A string to be encoded.urlsafe_base64_decode($input)
: Decodes a string with URL-safe Base64.$input
: A Base64 string to be decoded.Contains multiple methods used for authorization, authorization validation and usage with JSON Web Tokens in cookies.
authorize($table, $fields, $username_field, $password_field, $id_field, $username_value, $password_value, $service_name, $cookie_name)
: Provides authorized access to the system for a user, based on the provided credentials, using a query to the database. If the authorization is successful, a unique JSON Web Token is generated and stored in a cookie.$table
: The database table to query.$fields
: An array of names for the fields to be requested.$username_field
: The name of the username field.$password_field
: The name of the password field.$id_field
: The name of the id field.$username_value
: The value of the username field.$password_value
: The value of the password field.$service_name
: The name of the service.$cookie_name
: The name of the cookie used to store the authorization token.generate_jwt_cookie($username_value, $id_value, $service_name, $cookie_name)
: Generates a unique JSON Web Token from the values provided.$username_value
: The user's unique username.$id_value
: The user's unique id.$service_name
: The name of the service.$cookie_name
: The name of the cookie used to store the authorization token.regenerate_jwt_cookie($service_name, $cookie_name)
: Regenerates a unique JSON Web Token from the values provided. Will return a message if no existing cookie is found.$service_name
: The name of the service.$cookie_name
: The name of the cookie used to store the authorization token.check_jwt_cookie($service_name, $cookie_name)
: Checks the validity of a unique JSON Web Token.$service_name
: The name of the service.$cookie_name
: The name of the cookie used to store the authorization token.get_jwt_data($cookie_name)
: Gets the data stored in a unique JSON Web Token.$cookie_name
: The name of the cookie used to store the authorization token.Contains multiple methods, implementing generic CRUD methods for a RESTful API. For security reasons, certain methods are not implemented, but rather return an associative array with an error code and a message.
createResourceRoot()
: Creates a new collection, using a query to the database.createResourceElement($table, $input_fields, $input_types, $input_values)
: Creates a new entry in a collection, using a query to the database.$table
: The database table to query.$input_fields
: An array of names for the fields to be filled.$input_types
: A string that contains one or more characters$input_values
: An array of values for the fields to be filled.readResourceRoot($table, $fields)
: Lists the members of a collection, using a query to the database.$table
: The database table to query.$fields
: The table's fields to be retrieved.readResourceElement($table, $fields, $element_key, $key_value)
: Retrieves a specific member of a collection, using a query to the database.$table
: The database table to query.$fields
: The table's fields to be retrieved.$element_key
: The table's field that will be used for the specific$key_value
: The value to be used for the specific resource'supdateResourceRoot()
: Updates a resource collection, using a query to the database.updateResourceElement($table, $input_fields, $input_types, $input_values, $element_key, $key_value)
: Updates a specific member of a collection, using a query to the database.$table
: The database table to query.$input_fields
: An array of names for the fields to be updated.$input_types
: A string that contains one or more characters$input_values
: An array of values for the fields to be updated.$element_key
: The table's field that will be used for the specific$key_value
: The value to be used for the specific resource'sdeleteResourceRoot()
: Deletes a resource collection, using a query to the database.deleteResourceElement($table, $element_key, $key_value)
: Deletes a specific member of a collection, using a query to the database.$table
: The database table to query.$element_key
: The table's field that will be used for the specific$key_value
: The value to be used for the specific resource'sThe provided helpers are supposed to be used in a CI_Controller
, but you can use them any way you like. The sample provided (controllers/Api.php) is a pretty good starting point for a RESTful API implementation:
__construct()
method of the Api
class. Certain variables are also instantiated to be used for the API's requests.index()
method is an empty method returning an error message, when no resource is specified in the request in the form of a URI.users($param)
method maps the different API methods to HTTP methods (CREATE = POST, READ = GET, UPDATE = PUT, DELETE = DELETE) and uses the various helpers and class variables to provide a sample RESTful API implementation.login($param)
method allows for the authorization of a user (needed to update or delete a resource matched to his/her username).To query the API, you should use something like example.com/index.php/api/resource_name
(or example.com/api/resource_name
, if you are using the .htaccess
file provided, configured to your environment), replacing resource_name
with your resource's name (e.g. users
). Bear in mind that certain requests will return errors due to implementation specifics. All responses are encoded as JSON for easier use with frontend frameworks.
The project is licensed under the MIT license.