Gretings! I have decided to put together this series on how to create a modern API based on Slim's latest PHP-based framework, and we will be looking at each individual piece in detail that makes a good API: handling CORS requests from browsers, authentication, database links, encryption, validation, middleware, file uploads and downloads. As well as a couple of bonus "pieces".
This series assumes competency in PHP, your chosen version control system, in my case git; also file management, be this the terminal, VSCode's sidebar or even Windows Explorer, I'll mostly be using the terminal (and a Mac which completely rules out Windows Explorer!).
To use a practical example, all we will do is create a small bookstore API that stores info on books, prices, ISBNs, authors, and can be called to do various things with that info such as selling a book, adding new books, taking on a new author and managing stock.
What packages to install?
slim/slim
The base package that we will be using.slim/psr7
Slim requires a PSR7 implementation in order to handle request and response objects. There are a few available out there but I find it easier to simply use the one that the people at Slim have written themselves.vlucas/phpdotenv
Used for extracting environment variables from your.env
file.aws/aws-sdk-php
You found the first bonus piece! Used to connect to your AWS account. This is of course only necessary if you have an AWS account and plan to use any parts of it with your API. If not, then you can skip installing this and also skip its post later in the series.php-di/php-di
Used to build containers to make dependency injection much simpler.opis/json-schema
Used to validate JSON that is sent as part of a POST, PUT, or PATCH request.slim/twig-view
Another package from the people at Slim, this is to handle documentation. Slim is designed for more than just API responses, you can build whole web applications from it which would often involve HTML templates; not really necessary for an API in itself but very useful for documentation.tuupola/cors-middleware
This is some very handy middleware written by Mika Tuupola to handle CORS requests. Ah, CORS you beautiful infuriating 3xp1371v3, of all the times to rear your head, you decide to do it right at the end of my API building and when I try to get a browser to speak to it rather than mere cURL or Insomnia requests. Do not attempt to write your own CORS middleware unless you have unlimited time left on this earth!
We can install all of these with composer require opis/json-schema php-di/php-di phpmailer/phpmailer slim/psr7 slim/slim slim/twig-view tuupola/cors-middleware vlucas/phpdotenv
After a few minutes you'll find yourself with a composer.json
and composer.lock
in your project root. These can both be committed, composer.json
is the one that can be edited if you need to manipulate package versions or add additional properties (which we will be doing later), but do not touch composer.lock
! You can commit these straightaway.
What this will also create is a directory called vendor
which we should gitignore as that is all the code of all our installed packages.
Make sure to be in your project root when running the below command, where your composer.json
and composer.lock
are.
echo /vendor >> .gitignore
Side note - if you're coming from NPM world, you'll notice that all the packages are namespaced, that is true of all packages in Composer. You'll also note the similarity between composer.json
and package.json
, composer.lock
and package-lock.json
, and vendor
and node_modules
.
Top comments (2)
Hey, that was a nice read, you got my follow, keep writing 😉
Thanks Al, hope you enjoy the series! I'm aiming to release a new part every Sunday until completion.