Gretings! I have decided to put together this series on how to create a modern API based on Slim's latest PHP-based framework, and we will be looking at each individual piece in detail that makes a good API: handling CORS requests from browsers, authentication, database links, encryption, validation, middleware, file uploads and downloads. As well as a couple of bonus "pieces".
This series assumes competency in PHP, your chosen version control system, in my case git; also file management, be this the terminal, VSCode's sidebar or even Windows Explorer, I'll mostly be using the terminal (and a Mac which completely rules out Windows Explorer!).
To use a practical example, all we will do is create a small bookstore API that stores info on books, prices, ISBNs, authors, and can be called to do various things with that info such as selling a book, adding new books, taking on a new author and managing stock.
What packages to install?
The base package that we will be using.
Slim requires a PSR7 implementation in order to handle request and response objects. There are a few available out there but I find it easier to simply use the one that the people at Slim have written themselves.
Used for extracting environment variables from your
You found the first bonus piece! Used to connect to your AWS account. This is of course only necessary if you have an AWS account and plan to use any parts of it with your API. If not, then you can skip installing this and also skip its post later in the series.
Used to build containers to make dependency injection much simpler.
Used to validate JSON that is sent as part of a POST, PUT, or PATCH request.
Another package from the people at Slim, this is to handle documentation. Slim is designed for more than just API responses, you can build whole web applications from it which would often involve HTML templates; not really necessary for an API in itself but very useful for documentation.
This is some very handy middleware written by Mika Tuupola to handle CORS requests. Ah, CORS you beautiful infuriating 3xp1371v3, of all the times to rear your head, you decide to do it right at the end of my API building and when I try to get a browser to speak to it rather than mere cURL or Insomnia requests. Do not attempt to write your own CORS middleware unless you have unlimited time left on this earth!
We can install all of these with
composer require opis/json-schema php-di/php-di phpmailer/phpmailer slim/psr7 slim/slim slim/twig-view tuupola/cors-middleware vlucas/phpdotenv
After a few minutes you'll find yourself with a
composer.lock in your project root. These can both be committed,
composer.json is the one that can be edited if you need to manipulate package versions or add additional properties (which we will be doing later), but do not touch
composer.lock! You can commit these straightaway.
What this will also create is a directory called
vendor which we should gitignore as that is all the code of all our installed packages.
Make sure to be in your project root when running the below command, where your
echo /vendor >> .gitignore
Side note - if you're coming from NPM world, you'll notice that all the packages are namespaced, that is true of all packages in Composer. You'll also note the similarity between
Top comments (2)
Hey, that was a nice read, you got my follow, keep writing 😉
Thanks Al, hope you enjoy the series! I'm aiming to release a new part every Sunday until completion.