Tim Bond
PHP UK Conference - 16 February, 2023
'Automating' comes from the roots 'auto-' meaning 'self-', and 'mating', meaning 'screwing'.
Image credit: XKCD "Automation", licensed Creative Commons Attribution-NonCommercial 2.5
GET http://api.example.com/items
POST http://api.example.com/analytics
PUT http://api.example.com/scan/498044355635
POST http://api.example.com/analytics
GET /items
[
{
"title": "Bleach",
"ean": 0498044355635
},
// more items
]
PUT /scan/nnn
{
"user_id": 1234,
"latitude": 51.5205,
"longitude": 0.091
}
/user/123
/users
/docs
or /swagger.json
/user/123
/user/124
// GET /api/users/{id}
public function getUser(string $id) {
return $this->database->getUser($id);
}
public function getUser(string $id) {
$info = $this->database->getUser($id);
if($this->currentUser->isAdmin()) {
return new AdminUserResponse($info);
} elseif($this->currentUser->id == $info->id) {
return new UserResponse($info);
} else {
return new OtherUserResponse($info);
//or throw new HttpNotAuthorizedException();
}
}
Auth
Server
Search API
Map
API
👈 No access to Purchase API
GET /users/123
API_KEY = NWTPk4
APP_ID = wQrDfM
GET /users/123
API_KEY = NWTPk4
APP_ID = wQrDfM
HMAC = APvNwF
🔒
Bonus: the API can returned signed URLs
Example: concatenate:
API
Shared secret
Unauthenticated request
Secret token
API call ✅
Dynamic
Integrity
Check
API 1
API
Gateway
Authorization request
Auth token
App Auth request
App token
OAuth 2 service
App auth service
API calls
Registered
app info
Registered
user info
API 2
API 3
Key 3
Key 1
Key 2
<?php
$crawler = $client->get('https://www.example.com/log-in');
$crawler->filter('#email')->sendKeys('tim.bond');
$crawler->filter('#password')->sendKeys('test123');
$crawler->filter('#log-in')->click();
$client->waitForStaleness('#log-in');
$client->waitFor('#price')->filter('#price')->getText();