Home > Blockchain >  What is the benefit of using REST API instead of my simplistic approach?
What is the benefit of using REST API instead of my simplistic approach?

Time:10-23

I read an article on how to create a REST API.

While my APIs (in /app/api/ folder) normally just check $_POST parameters and echo json_encode($response); die; after doing some database manipulations, I find here in the article, that some headers are set, which I don't normally do.

Why is that necessary and/or is it better to do it that way?

Will I still be able to get the JSON result from JavaScript using Fetch API if I convert my code to REST API?

I saw there are SOAP clients as well (and I have to do some reading on that as well), but I'm curious which of these three (or possibly any other) ways is usually the best.

It seems to me, that my way is easier for fetching with JavaScript, but perhaps it's also good enough make API calls (using CURL?) from PHP directly.

My usual example:

require_once __DIR__ . '/../../init.php';
require_once env('SHOP_ROOT') . '/inc_functions.php';

$cmd = $_REQUEST['cmd'] ?? null;
$token = $_REQUEST['token'] ?? null;

if ($token !== env('API_TOKEN'))
    json_response(false, ['Incorrect token']);

/*--------------------------------------------------------*
 * cmd : delete                                           *
 *--------------------------------------------------------*
 * parameters : user, uploadId                            *
 *--------------------------------------------------------*/
if ($cmd == 'delete') {

    $email = $_REQUEST['user'] ?? '';
    $uploadId = intval($_REQUEST['uploadId'] ?? 0);

    $selClientQ = <<<SQL

        SELECT id_client
        FROM client
        WHERE
            email = ? AND
            is_active = 1 AND
            is_banned = 0

    SQL;

    $clientId = data_select($selClientQ, $email)[0]['id_client'] ?? 0;

    $delClientUploadQ = <<<SQL

        DELETE FROM client_uploads WHERE client_id = ? AND id = ?

    SQL;

    $isDeleted = data_delete($delClientUploadQ, $clientId, $uploadId);

    json_response($isDeleted, [
        'clientId' => $clientId,
        'success' => $isDeleted,
    ]);
}

data_select, data_delete and json_response are of course my own functions, where the first two allow me to avoid all those lines for mysqli prepared statements and binding parameters, and the latter is basically the same json_encode only with some headers before (giving 200 or 500 HTTP response based on the boolean) and exiting script execute with die afterwards.

CodePudding user response:

"Why is that necessary and/or is it better to do it that way?"

It looks like you're referring to the Cross Origin Resource Sharing (CORS) headers. These headers are used to increase the security of your REST API and allow you to control which websites can actually call your API. Basically, if you set your 'Access-Control-Allow-Origin' to your website's address, only your website can call this API. You can also have a look at this link which describes how this works: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

"Will I still be able to get the JSON result from JavaScript using Fetch API if I convert my code to REST API?"

Definitely :) As long as you ensure that you're setting the 'Accept' HTTP header to 'application/json' on your request and your API responds with a 'Content-Type' header of 'application/json'.

Here is a link showing how that works: https://javascript.info/fetch

If you want to venture into the world of SOAP, I'd recommend you rather look into GRPC. SOAP is mostly used in legacy systems nowadays

Page link:https//www.codepudding.com/Blockchain/162928.html

Prev:GET request working from Postman but not in Android and the browser
Next:Should a RESTful GET collection API return content of elements
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding