Where does the creation of an API begin?

S

Sergey2019-04-07 21:01:23

PHP

Sergey, 2019-04-07 21:01:23

Hello.
There is a self-written site on php. There was a task, to divide it into 2 parts. One for the company's clients. The other is for company employees.
I think a good solution would be to create an API. Considering that in the future it is planned to develop mobile applications.
I'm thinking of implementing this in php7 and laravel.
I want to know your opinion or advice on where to start writing. I haven't written an API before. So much to rewrite, but at least understand why.
There are 2 things that interest me.
How to organize authorization based on access rights.
How is the version structure structured? Each version requires a separate project.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

I

Ivan Shumov, 2019-04-07
@seregali

You can do it with authorization. Authentication first - here you should look at openid or OAuth2, which is convenient for this. We settled on OpenId with a JWT token and are happy with it. Asymmetrical signature. If you want to do well right away and for the future, then you should add an identity server separately. Keycloak or wso2 (the former is easier). I generally care about Auth0, but it costs like a Boeing for small projects.
Be sure to document the API in swagger (oas 3) or raml. I version everything depending on the project. There are 2 main approaches: versioning all APIs or separately its methods. In the world of clouds, for example, a version is just traffic routing

E

EYPPNM, 2019-04-08
@EYPPNM

https://youtu.be/6Y7Glw6NzLM?t=520