Reputation: 1067
What should be the right API structure using CakePHP
I've been working for a while on an API-including project. I have an ApiUsersController which handles all user's actions for the API and another API controller.
But I need to ensure that this is secure, so I've created an apiKey() function which detects if the user sending the request to my API has the right credentials.
My question now is where should I put the apiKey() function in order to make use of it in any API controller?
Any API security recommendations are also very welcomed.
Thank you in advance!
Upvotes: 1
Views: 276
Answers (1)
Reputation: 25698
My question now is where should I put the apiKey() function in order to make use of it in any Api controller?
Easy to answer, the correct place is an authentication adapter. Ceeram has already created a token (that's what you're using) adapter for CakePHP. See this link here.
If you want a more secure way you should go for OAuth as suggested by Dave. But instead of using a specific OAuth plugin I would go for Opauth for CakePHP, it comes with an OAuth Strategy adapter.
Also instead of creating API controllers I would use prefix routing and share most of the code for the API actions with the normal actions in a model. This way it can be reused very easy and no need to duplicate work.
Upvotes: 1
Related Questions
- Best way to Call API in controller?
- CakePHP 4 - How do I create a simple proof of concept REST API?
- Writing API best practice in Cakephp
- What is the best practice to write REST API response
- Create API using CakePHP
- What parameters to create REST API using CakePHP
- CakePHP - creating an API for my cakephp app
- Creating REST API with CakePHP
- Restful API for CakePHP 2
- How to develop website and API using same CakePhp setup