Posted on 11-16-2013
I'm working on a series of simple scripts that help people deploy APIs from some of the most common data sources. I'm starting with a series of PHP scripts, and a couple weeks ago I did a MySQL to API demo, and this week I want to show how to secure access to the API by requiring an AppID and AppKey which will allow you to track on who has access to the API.
For this PHP implementation, I'm using the SLIM framework, which provides a dead simple REST framework you can use to deploy an API from a variety of data sources. To begin deploying an API from your MySQL database, download the REST library and upload to your server that runs PHP.
Slim is pretty straightforward to work with, to add each API endpoint you just add a single PHP file under methods. For this how-to guide we are going to add a simple endpoint from our products database.
Next you just add an include reference in the index page for your slim implementation. Everything up until now was the same as the open MySQL to API solution, but not on the index page we will wrap the entry point to the API, with a 3Scale API Management layer. 3Scale is free to sign up and you pay as you scale, so all it takes to get going is register for a 3Scale account and choose the base account, and under your account settings you will find your key to link this code to your account.
This API just uses ID, Name, Price and Description of the product, and queries by a simple query parameter. You can use this as a template for your own product database, adding and removing fields as you need, or completely retrofitting for any database table. That is it, now you have a simple product API that pulls a list of products from a MySQL database.
There are any number of reasons you would want to secure an API driven from a MySQL database, to offer advanced search, filtering or just to track on who is accessing resources. This solution just uses 3Scale to secure the API interface, requiring an AppID and Appkey to use the API.
Hopefully that demonstrates a simple approach to securing an API that is driven from a JSON file.
Disclosure: 3SCale is an API Evangelist Partner
comments powered by Disqus
Winning in the API Economy
|Download as PDF|
Latest Blog Posts
- How Do We Continue Moving Green Button Data And APIs Forward?
- Beyond Public APIs In Government: Internal Access to Resources
- Can You Show Me The ROI On All Of This API Stuff Before We Commit
- In The Future APIs Will Be Default For All Cities
- No Public APIs Are Not Going Away Just Cause A Few BigCos Fumble At It
- Internal API Search Engine For Everyone At Your Company (Not Just Developers)
- If You Need Assistance With Your Healthcare API Strategy I Have The Person
- Explaining APIs To Senior Leadership: Access To Company Resources Without The IT Hassle
- A Conversation With @ijroth, @dorkitude, @antonyfalco, and @medjawii In The Next Generation API Stack Panel @APIStrat
- API Evangelist Thoughts On The Right To An API Key And Algorithmic Organizing
- Explaining APIs To Your Senior Leadership
- An API Evangelism Strategy To Map The Global Family Tree
- Thank You For Your API Evangelist Blog(s)
- Video From The Hypermedia Panel At API-Craft In Detroit Last Month
- Please Open Source Your API Before Shutting It Down
- Explaining My Work Around APIs In Higher Education To Institutions
- You Can Have An API Just By Choosing Products And Services That Have APIs
- Using Excel As An API Datasource And An API Client For The Masses
- Brewing Up Something Awesome With The Jive Software API
- Relationship Between APIs And Containers
- Real-time and Visualizations Will Be Key in Financial API Deployments
- Notification Focused Startups Within Leading API Ecosystems
- APIs That Do One Thing And Do It Well Like ZipLocate
- Which API Do I Need?
- The Expanding API Conference Landscape