Mini-project 6: Implementing a RESTful API
Instructions
This project focuses on implementing a RESTful API. This API should have the following operations (note, all URIs are relative to:
http://joust.cs.endicott.edu/~USERNAME/csc401/mp6/
where USERNAME is your Joust username):
| Method | URI | Parameters | Description |
|---|---|---|---|
| POST | api/signup | email and name | This should either report an error (if the email already exists), or: 1. generate a random 30-character authorization key for the user, 2. should generate a new entry in the database with the users's email, name, and authorization key, 3. email the authorization key to the user, and 4. return a success message. |
| GET | api/lookup/key/[email] | none | If the email does not exist in the database, report an error message. Otherwise, send the authorization key associated with the given email to that email address. |
| GET | api/[auth-key]/users/[email] | none | First, authenticate the user (the [email]-[auth-key] pair should match what's in the database). If authentication fails, return an error message. Otherwise, return all information about the user (their email, name, and authorization key) |
| PUT | api/[auth-key]/users/[email] | name, email, key | First, authenticate the user (the [email]-[auth-key] pair should match what's in the database). If authentication fails, return an error message. Otherwise, if an email or name change, changes the name and/or email associated with account. If key is requested, change the authorization key. Return the updated information. |
| DELETE | api/[auth-key]/users/[email]/ | none | First, authenticate the user (the [email]-[auth-key] pair should match what's in the database). If authentication fails, return an error message. Otherwise, delete the user from the database and return a "deletion successful" message if all goes well. |
All returned data should be in JSON or XML format (not HTML). For error messages, return something like:
For other messages, return something like:
JSON is easy to use in PHP: use json_encode() to convert an
associative array to a JSON encoded string. Then echo the result. More
information is on the PHP Basics page.
On Joust, make the directories: ~/public_html/csc401/mp6, ~/public_html/csc401/mp6/api and ~/public_html/csc401/mp6/db. In the mp6 directory, create the files mp6.php and mp6.html (see below for what they are each responsible for). From that directory, run the following command:
chmod 777 db
That will allow your php code to create new database files in that directory. Now create a file in the mp6 directory called .htaccess and put the following text in it:
<Files *.db>
Order deny,allow
Deny from all
</Files>
This will make it so that no one can access your db/mp6.db database file, which will be created by the helper script I'm giving you.
In the api directory, paste the following text into the hidden file .htaccess (this is an Apache configuration file):
Options -Indexes FallbackResource /~USERNAME/csc401/mp6/mp6.php
where USERNAME is your Joust username (e.g., jdoe). This will direct all requests to http://joust.cs.endicott.edu/~USERNAME/csc401/mp6/api/* to mp6.php.
Responsibilities
Your mp6.php script should be in charge of routing REST requests to the proper function for processing based on the URI and the HTTP method invoked (i.e., POST, GET, PUT, or DELETE). Feel free to use more than one file to break up the functionality.
Your mp6.html file should display the forms used for testing each of the API functions. You can start with the HTML for this example (you can copy the file on Joust easily: it's in ~hfeild/public_html/csc401/examples/rest/api.html).
Resources
For more information about REST, see this IBM page.
For information about accessing URIs and request methods, see the PHP + Server information section of the PHP Basics page. Also, the PHP + Reading Request Methods section will be helpful in accessing data sent to PHP scripts.
Helper files
I've made a couple of files to help you out. You can find these on Joust in ~hfeild/public_html/csc401/examples/mp6. You should copy these over to your directory. From your mp6 directory, do:
cp ~hfeild/public_html/csc401/examples/mp6/*.{php,html} .
The files include:
| File | Description |
|---|---|
| mp6.html | The start of the MP6 interface. This has three of the API functions implemented. There are two more you must implement. Note that two of the implemented solutions are not implemented on the back end (e.g., in mp6.php). You must edit this file. |
| constants.php | A list of constants. You should update some of these, namely $BASE_URI and $EMAIL. You must edit this file. |
| mp6.php | The start of the MP6 back end. Some helper functions are present, as well as a function that handles incoming requests and another one that implements one of the API functions. You must edit this file. |
| db.php | A bunch of database functions. Take a look at them. You don't need to edit this file. |
| email.php | Contains functions to send email. You don't need to edit this file. |
| db-example.php | An example that makes use of db.php and email.php. You don't need to edit this file. |
Submission
Your files should be located on Joust in the directory ~/public_html/csc401/mp6/, in addition to being uploaded to Canvas. The rubric can be found here. The Canvas submission page is here.
(Back to top)