Background
So I've been researching quite a bit for the past week about API's and have been reading about concepts and also programming one.
Currently I have a website which is programmed in PHP using a popular framework called Laravel. The website has a user database and users are able to log into the dashboard on my website, everything works as I want it to for my website side.
Now for the next project of my business i'm focusing on creating my mobile applications (IOS & Andriod).What I need for these mobile applications is being able to login through the application UI (not being redirected to my site with a callback URL) so they are able to view and manage the dashboard.
The method of authentication and authorization that i want to use for my application will go something like
- Client asks user to login through UI
- User enters credentials
- Client sends a request to login to the API
- The API checks if the credentials are correct
- API creates a token which is stored in token database linked to user ID
- API returns 200 OK with a json response or something like this
{ "token" : "OLS25usJIay81hdy81", "expiry" : 3/06/2016 14:00}
- Client remembers token and expiry
- Whenever a user/client makes a request such as
api/v1/mystuff/ordersit sends the token with the request(probably through the http headers?) - API verifies token, gets user ID and finds users orders
Questions
I know this is one hell a question and i'm not asking you people to program my entire software haha but what I need to know is
- What should I use to create the API (needs to be PHP, and preferably laravel integrated)
- What are some good resources to help me program my API
- Is there any suggestions/changes you'd recommend?
Requirements
- Username/Password authentication
- Token Authorization
- Login through app UI (Not on my website with a callback)
Notes
- My website has a SSL cert.
