Create and Consume Simple REST API in PHP
In this tutorial, we will create and consume simple REST API in PHP. REST enables you to access and work with web based services. But before moving ahead let me explain what is REST and how does it work.
What is REST?
REST stands for Representational State Transfer, REST is an architectural style which defines a set of constraints for developing and consuming web services through standard protocol (HTTP). REST API is a simple, easy to implement and stateless web service. There is another web service available which is SOAP which stands for Simple Object Access Protocol which is created by Microsoft.
REST API is widely used in web and mobile applications as compared to SOAP. REST can provide output data in multiple formats such as JavaScript Object Notation (JSON), Extensible Markup Language (XML), Command Separated Value (CSV) and many others while SOAP described output in Web Services Description Language (WSDL).
How Does REST API Work
REST requests are related to CRUD operations (Create, Read, Update, Delete) in database, REST uses GET, POST, PUT and DELETE requests. Let me compare them with CRUD.
- GET is used to retrieve information which is similar to Read
- POST is used to create new record which is similar to Create
- PUT is used to update record which is similar to Update
- DELETE is used to delete record which is similar to Delete
How to Create and Consume Simple REST API in PHP
JSON format is the most common output format of REST API, we will use the JSON format to consume our simple REST API. We will developed an online transaction payment REST API for our example. I will try to keep it as simple as possible so i will use GET request to retrieve information.
- Create REST API in PHP
- Consume REST API in PHP
1. Create REST API in PHP
To create a REST API, follow these steps:
- Create a Database and Table with Dummy Data
- Create a Database Connection
- Create a REST API File
1. Create a Database and Table with Dummy Data
To create database run the following query.
1 | CREATE DATABASE allphptricks; |
To create a table run the following query. Note: I have already attached the SQL file of this table with dummy data, just download the complete zip file of this tutorial.
1 2 3 4 5 6 7 8 9 | CREATE TABLE IF NOT EXISTS `transactions` ( `id` int(20) NOT NULL AUTO_INCREMENT, `order_id` int(50) NOT NULL, `amount` decimal(9,2) NOT NULL, `response_code` int(10) NOT NULL, `response_desc` varchar(50) NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `order_id` (`order_id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 ; |
2. Create a Database Connection
Just create a db.php file and paste the following database connection in it. Make sure that you update these credentials with your database credentials.
1 2 3 4 5 6 | // Enter your Host, username, password, database below. $con = mysqli_connect("localhost","root","","allphptricks"); if (mysqli_connect_errno()){ echo "Failed to connect to MySQL: " . mysqli_connect_error(); die(); } |
3. Create a REST API File
Create a api.php file and paste the following script in it.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | <?php header("Content-Type:application/json"); if (isset($_GET['order_id']) && $_GET['order_id']!="") { include('db.php'); $order_id = $_GET['order_id']; $result = mysqli_query( $con, "SELECT * FROM `transactions` WHERE order_id=$order_id"); if(mysqli_num_rows($result)>0){ $row = mysqli_fetch_array($result); $amount = $row['amount']; $response_code = $row['response_code']; $response_desc = $row['response_desc']; response($order_id, $amount, $response_code,$response_desc); mysqli_close($con); }else{ response(NULL, NULL, 200,"No Record Found"); } }else{ response(NULL, NULL, 400,"Invalid Request"); } function response($order_id,$amount,$response_code,$response_desc){ $response['order_id'] = $order_id; $response['amount'] = $amount; $response['response_code'] = $response_code; $response['response_desc'] = $response_desc; $json_response = json_encode($response); echo $json_response; } ?> |
The above script will accept the GET request and return output in the JSON format.
I have created all these files in folder name rest, now you can get the transaction information by browsing the following URL.
1 | http://localhost/rest/api.php?order_id=15478959 |
You will get the following output.
Above URL is not user friendly, therefore we will rewrite URL through the .htaccess file, copy paste the following rule in .htaccess file.
1 2 3 | RewriteEngine On # Turn on the rewriting engine RewriteRule ^api/([0-9a-zA-Z_-]*)$ api.php?order_id=$1 [NC,L] |
Now you can get the transaction information by browsing the following URL.
1 | http://localhost/rest/api/15478959 |
You will get the following output.
2. Consume REST API in PHP
To consume a REST API, follow these steps:
- Create an Index File with HTML Form
- Fetch Records through CURL
1. Create an Index File with HTML Form
1 2 3 4 5 6 | <form action="" method="POST"> <label>Enter Order ID:</label><br /> <input type="text" name="order_id" placeholder="Enter Order ID" required/> <br /><br /> <button type="submit" name="submit">Submit</button> </form> |
2. Fetch Records through CURL
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | <?php if (isset($_POST['order_id']) && $_POST['order_id']!="") { $order_id = $_POST['order_id']; $url = "http://localhost/rest/api/".$order_id; $client = curl_init($url); curl_setopt($client,CURLOPT_RETURNTRANSFER,true); $response = curl_exec($client); $result = json_decode($response); echo "<table>"; echo "<tr><td>Order ID:</td><td>$result->order_id</td></tr>"; echo "<tr><td>Amount:</td><td>$result->amount</td></tr>"; echo "<tr><td>Response Code:</td><td>$result->response_code</td></tr>"; echo "<tr><td>Response Desc:</td><td>$result->response_desc</td></tr>"; echo "</table>"; } ?> |
You can do anything with these output data, you can insert or update it into your own database if you are using REST API of any other service provider. Usually in case of online transaction, the service provider provides status of payment via API. You can check either payment is made successfully or not. They also provide a complete guide of it.
Make sure CURL is enabled on your web server or on your localhost when you are testing demo.
I try my best to explain this tutorial as simple as possible.
If you found this tutorial helpful, share it with your friends and developers group.
I spent several hours to create this tutorial, if you want to say thanks so like my page on Facebook and share it.
Please remove this post
It fails on numerous points of best practise and fundamental security.
You have managed to create an article advising people to write code which features XSS & SQL Injection vulnerabilities, as well as not being particularly robust and prone to errors.
You should never be outputting database error messages straight to the user
You should be using prepared queries to parameterize user input going into the database to make it safe from injection
You should be using html escaping (html_special_chars or htmlentities) before outputting any user input to a web browser.
Kindly read my post title again, this is just simple tutorial example which means as simple as possible, yes you will need to secure your program too, this is only for basic concept for newcomers.
dear Rehman,
i’ve apreciated your tuto.
i’m new in API development with PHP. i’m goint to ask a ridiculos questions:
i was trying to define a variable containing the currant date, that i would use to build my insert request in the API source code.
i’ve done that in my API:
$curDate= now();
but it generating an error.
i do not understand why?
should i always call the API with this current date as a parameter?
no system function can be called in the API source code?
thank you for your highlighting.
Moussa
regards
do we have to install mysqli to execute this code ??
If you do not have mysqli then yes this code is not going to work, you will require mysqli extension.
Javed excelent tutorial !
How do i adapt it to receive a Json input that contains several input values ?
Thank you so much from Argentina!
Hi sir, how if get API from other web ?
Yes API is actually made for sharing purpose, we mostly use other websites API’s for integration with our website.
thanks, very useful tutorial.
You welcome Dank
Notice: Trying to get property ‘order_id’ of non-object in C:\xampp\htdocs\rest\index.php on line 35
Notice: Trying to get property ‘amount’ of non-object in C:\xampp\htdocs\rest\index.php on line 36
Notice: Trying to get property ‘response_code’ of non-object in C:\xampp\htdocs\rest\index.php on line 37
Notice: Trying to get property ‘response_desc’ of non-object in C:\xampp\htdocs\rest\index.php on line 38
You can not use them, if you CURL is not enabled on your server. Also make sure that your database connection is working fine too.
Hi Javed,
I want to know how I can make this API get database credentials from a client side a shown below.
// Enter your Host, username, password, database below.
$con = mysqli_connect(“localhost”,”{$db_username}”,”{$db_pass}”,”{$db_name}”);
if (mysqli_connect_errno()){
echo “Failed to connect to MySQL: ” . mysqli_connect_error();
die();
}
so how can I store those variables($db_username,$db_pass,$db_name) on the index.php file?
You do not need credentials in API, API are used to interact with database, mostly to view data or if they gave you access, you can update the data too.
You can see in my tutorial, it consist of two section, create and consume so if you are consuming API, you will get API to consume that do not required database credentials.
Thanks a lot ! I liked this post so much.
I have downloaded your code and it works fine in my testing environment, after updated “http://localhost/rest/api/” to “”http://localhost/rest/api.php?order_id=”.
when we refresh the page records were still there on the page , how to remove the records on refresh.
If you are sending order id it will fetch the record, keep in mind that you are fetching data using API, if you were using form submit method so records can be vanish after refresh.
where i have to link the curl code ie 2. Fetch Records through CURL
For testing run it on browser directly, if it is working fine use it in the code like i did in form submission page, download my tutorial and run it.
Hi sir my fields are shown null value please find out this. And also explain how i set my header.
{“order_id”:null,”amount”:null,”response_code”:400,”response_desc”:”Invalid Request”}
Guruveer you are getting Invalid Request, did you try to copy paste the same tutorial which i provided in download link? or you have made change in it? You are getting null because you are doing invalid request.
table does not display data but data store in array but it not display data on table view
I am actually fetching data from database, kindly make sure you have data in db and then fetch it simply and print array using print_r() function to check if you have data or not.
Are there any sources that fully explain this?
Hi Ahmad,
Well this is all my code, you can learn more about it by searching on Google. I tried my best to explain things as simple as possible.
Thanks my man, i liked this post so much.
You welcome Isaac M Machakata. 🙂
How can i fix this error ??
Notice: Trying to get property of non-object in C:\xampp\htdocs\rest\index.php on line 32
Notice: Trying to get property of non-object in C:\xampp\htdocs\rest\index.php on line 33
Notice: Trying to get property of non-object in C:\xampp\htdocs\rest\index.php on line 34
Notice: Trying to get property of non-object in C:\xampp\htdocs\rest\index.php on line 35
It seems like you are getting error on printing, first you should try to print the array, check if values are available in the array.
Try to close the function before the else statement and it will work fine
what is the benefit of using APIs instead of an simple php file for the operation ?
There is lot of benefit, now a days data sharing is very common, for example suppose you are going to integrate online payment system and you need to send or fetch data from online payment server which is paid service, they will provide you API for this purpose, they will not give you their database credentials, i hope you find this helpful.
How to post to the database using Postman?
Sorry, i didn’t get you.
but how to update some data
This post is about consume REST API, to update, first you will need to create API which gives access to update any data.
You are incredible awesome man. Keep fast paced!
Thanks Joe 🙂
I am not getting the desired output for the .htaccess file. I am getting a invalid request response.What can I do to make it proper?Please help!
Although i am not using much code in htaccess file, i think you should create a fresh copy of htaccess file, sometimes issue raised due to corrupt htaccess file.
Incredible work, thank you, this is very useful to consume the information from a mobile app.
You welcome Pedro, if you found this helpful share it with your friends and also like our pages to keep update of our new posts.