Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

APIs in PHP: from Basic to Advanced

Name: APIs in PHP: from Basic to Advanced
Rating: 4.7 (1350 reviews)

Use REST APIs from PHP, and create your own RESTful API using plain PHP, with API key and JWT token authentication

Created byDave Hollingworth

Last updated 4/2026

English

What you'll learn

Understand how APIs work
Learn how to use an API from PHP
Create an API from scratch in plain PHP
Create, Read, Update, Delete (CRUD) using an API
Understand what REST and RESTful APIs are
Create a RESTful API in PHP
Understand how different API authentication mechanisms work
Create API-key authentication for your API
Understand how JSON web tokens (JWTs) work, the advantages and disadvantages, and why we use them
Understand how HTTP requests and responses work

Course content

12 sections • 90 lectures • 5h 11m total length

Introduction and welcome: how to get the most out of the course1:23
Get an introduction to the course, and learn how to get the most out of it.
Install a package with a web server, PHP, a database server and phpMyAdmin1:26
Find out how to install a web server package, including PHP, a database server like MySQL or MariaDB, and phpMyAdmin, for Windows, macOS or Linux.
Install Composer: manage third-party packages and autoload class files0:51
Learn how to install the Composer package manager.

What is an API?3:57
Learn exactly what an API (application programming interface) is, and who it's for.
Make an API call: access an API from PHP2:56
Make a basic API call from PHP code.
Decode API results: reading JSON in PHP3:59
Learn what JSON is, and how to decode it in PHP.
Use API data in a web application4:12
Learn how we might integrate API data into a page we view in a browser.
API basics

Use cURL instead of file_get_contents to make an API request5:01
Learn how to use cURL to make a simple API request.
Response codes: get the HTTP status code5:08
Learn what HTTP status codes are, and how to get them the response using cURL.
Request headers: add meta data about the request3:48
Learn what request headers are, and how to add them to the request using cURL.
Response headers: read meta data about the response2:55
Learn what response headers are, and how to get them from the response using cURL.
Get all individual response headers in an array3:54
Learn how to get individual response headers in an array using cURL.
Use an API that requires a specific request header3:24
Learn an API that requires a specific request header responds.
Request method: change the method to get a different result with the same URL3:43
Learn what request methods are, and how to change it when requesting an API using cURL.
Request body: add a payload to send data along with the request3:32
Learn what the request body is, and how to add data to it when requesting an API with cURL.
HTTP fundamentals

REST and RESTful APIs: what are they?3:40
Learn what the REST architectural style is when developing APIs, and what a RESTful API is.
Access a RESTful API in PHP with cURL3:51
Learn how to access a RESTful API using cURL.
Use the Guzzle HTTP client for object-oriented API code5:06
Learn how to use the Guzzle PHP HTTP client, and see its advantages over file_get_contents and cURL.
Use an SDK: compare the Stripe API to its SDK5:40
Compare an API to an SDK for the same third-party resource.

Start writing the API: enable URL rewriting3:30
Enable RESTful URLs by configuring the web server using an .htaccess file.
The front controller: get the resource, ID and the request method4:18
Add code to get the resource name, optional resource ID and request method in the front controller.
Use a client for API development: cURL, Postman or HTTPie3:41
Choose an API client for testing the API - using cURL on the command line, the Postman GUI, or HTTPie, also on the command line.
Set the HTTP status code: best practices4:22
Set the HTTP status code for the response. Learn which method is the best one to use, based on standards.
Add a controller class to decide the response4:43
Add a class that will act as a controller, deciding which response to return.
Use Composer's autoloader to load classes automatically2:55
Configure Composer'a autoloader to load class files automatically.
Make debugging easier: add type declarations and enable strict type checking3:21
Add type declarations to function arguments and return types, and enable strict type checking to make debugging easier.
Always return JSON: add a generic exception handler and JSON Content-Type header5:35
Add a generic exception handler to make sure that any errors caught are returned as JSON, not HTML. Also add the Content-type header set to JSON to tell the client that the response body contains JSON.
Send a 405 status code and Allow header for invalid request methods4:41
Send a 405 status code if the method is incorrect, along with an Allow header to tell the client which methods are allowed.

Create a new database and a database user to access it2:10
Create a new database in the database server and a user to access it that has all necessary privileges. This can be done on the command line or with a tool like phpMyAdmin.
Create a table to store resource data1:33
Create a table in the database to store the resource data for the API.
Connect to the database from PHP: add a Database class4:38
Add a class with the code to connect to the database using PDO.
Move the database connection data to a separate .env file4:07
Add a package to store configuration settings, and move the database connection credentials to a configuration file.
Create a table data gateway class for the resource table3:38
Add a class to act as a table data gateway for the resource table, dependent on the Database class.
Show a list of all records3:17
Add a method to get all the resource records, and use this to display them as JSON when the index endpoint is called.
Configure PDO to prevent numeric values from being converted to strings2:33
Configure the PDO connection to return values in their native format, not all as strings.
Convert database booleans to boolean literals in the JSON2:38
Add code to convert boolean values in the database to boolean literals in the JSON.
Show an individual record2:55
Add code to select an individual record based on the ID in the URL, and display it as JSON.
Respond with 404 if the resource with the specified ID is not found3:57
Respond with a status code of 404 if the resource with the ID specified in the URL doesn't exist in the database.

Get the data from the request as JSON5:33
Get JSON data from the body of the request for use in inserting and updating data.
Insert a record into the database and respond with a 201 status code5:05
Insert a record into the database with data from the request body, and return a 201 status code on success.
Add a generic error handler to output warnings as JSON2:52
Add a generic error handler so that any warnings are also output as JSON in the response body.
Validate the data and respond with a 422 status code if invalid4:36
Validate the data from the request and respond with a 422 status code if invalid.
Conditionally validate the data when updating an existing record3:17
Add conditional validation to the request data when updating an existing record.
Get the data from the request for updating an existing record4:50
Get the data from the request body when updating an existing resource.
Update the record in the database and return a 200 status code5:39
Update the record in the database with the validated data from the request and return a 200 status code in the response.
Delete the record in the database and return a 200 status code2:24
Delete the record identified by the ID in the URL and return a 200 status code in the response.

Create a table to store user account data3:40
Create a table in the database to store user account data.
Add a register page to insert a new user record and generate a new API key6:10
Add a register / sign up page to be viewed in a browser to insert a new user account into the database, also generating a new random API key in the process.
Send the API key with the request: query string or request header3:04
Decide if the query string or request header (X-API-Key) is the best place to send the API key with the request.
Check the API key is present in the request and return 400 if not1:43
Check the API key is present in the request and return a status code of 400 if not.
Create a table data gateway class for the user table2:29
Create a class to act as a table data gateway for the user table, having the Database class as a dependency.
Authenticate the API key and return a 401 status code if invalid2:16
Authenticate the API key and return a 401 status code in the response if the key isn't found in the database.
Refactor the front controller to a bootstrap file and Auth class4:45
Refactor the front controller code, reducing code duplication and simplifying the code, to a bootstrap file and Auth class.
Add a foreign key relationship to link task records to user records2:10
Add a foreign key relationship to link the task table to the user table in the database.
Retrieve the ID of the authenticated user when authenticating2:24
Restrict task records to the currently authenticated user in the API.
Restrict the tasks index endpoint to only show the authenticated user's tasks2:29
Restrict all the task records to those associated with the authenticated user ID.
Restrict the rest of the task endpoints to the authenticated user's tasks4:31
Restricted the rest of the task endpoints to the currently authenticated user's tasks.
Cache the database connection to avoid multiple connections in the same request2:03
Store the database connection in a property of the database class to avoid multiple database connections per request.

An introduction to authentication using access tokens2:27
Get an introduction to API authentication using access tokens - basically the main point of access tokens is that they can be used without database validation.
Create the login script and return 400 if the username and password are missing3:18
Add a login endpoint and return a status code of 400 if the username and password are missing from the request body.
Select the user record based on the username in the request2:51
Select the user record from the database based on the username passed in in the request body.
Check the username and password and return a 401 status code if invalid2:23
Check the username and password from the request and return a 401 status code if either one is invalid.
Generate an encoded access token containing the user details3:33
Generate an encoded access token containing the user details, using base64 encoding as a simple demonstration.
Pass the access token to the task API endpoints in the authorization header5:19
Get the value of the HTTP authorization header using one of two methods.
Validate the access token and decode its contents5:35
Check the access token is valid base64 and JSON.
Get the authenticated user data from the access token4:03
Get the authenticated user data from the access token's contents, if valid.

An introduction to JSON web tokens (JWTs)3:48
Get an introduction to JSON Web Tokens (JWTs).
Create a class to encode a payload in a JWT5:15
Create a class from scratch to encode a payload in a JWT.
Generate a JWT access token in the login endpoint containing JWT claims2:19
Generate a JWT access token when requesting the login endpoint that contains specific keys known as JWT claims.
Add a method to decode the payload from the JWT5:34
Add a method to the JWT class to decode the payload from a JWT and check its validity.
Pass in the secret key used for hashing as a dependency1:51
Extract the secret key used for hashing out to the configuration file, and pass it in as a dependency to the JWT codec class.
Authenticate the task endpoints using the JWT3:40
Change the front controller so that the task endpoints are authenticated using the JWT instead of the API key.
Use a custom exception class to return 401 if the signature is invalid2:29
Add a custom exception class to return a status code of 401 instead of 400 if the signature in the request is invalid.
Don't store sensitive data in the JWT2:54
Learn why you shouldn't store sensitive data in the JWT, as it's only encoded, not encrypted, and can be easily decoded.

Requirements

You need to know PHP, including the basics of classes and objects, and how to work with a database
You need to be happy using the command line, although full instruction on what commands to use will be given
Ideally have a web server with PHP and Composer installed, but a brief overview of installing these will be covered

Description

An API is a way for a program to interact with another program. By using third-party APIs from your code, you can utilise functionality developed elsewhere. By creating an API to access your own data, other programs can take advantage of your services in a secure and easy fashion.

Learn how to Use and Create Secure and Scalable APIs in PHP in this Comprehensive Course.

Understand how APIs work
Learn how to use an API from PHP
Understand how HTTP requests and responses work
Understand what REST and RESTful APIs are
Create a RESTful API from scratch, using plain PHP and MySQL
Understand how API authentication works
Add API key authentication to your API
Understand how JSON Web Tokens (JWTs) work
Add JWT access token authentication to your API

The essential skills required to use and develop APIs with PHP.

Unless you create every component of your application from scratch, your code will need to interact with external services - for example a payment gateway, or currency data. To use such services, you need to consume their APIs. On this course you'll learn how to do this from PHP, and also how to create an API so that external programs can interact with your application.

Content and Overview

This course is designed for the PHP developer who wants to learn in depth how to use APIs from their code. I designed the course to be easily understood by PHP developers who have no previous experience of using APIs, and who want to develop full, secure APIs quickly and easily. Learning the techniques on this course will enable you to create APIs that are secure, robust and that comply with industry standards.

Suitable for all PHP developers, you'll start by learning the basics of how APIs work.
You'll learn various techniques for consuming APIs from PHP, along with their advantages and disadvantages.
We'll build a full API from scratch, with each concept explained in detail at every stage.
You'll learn what REST and what RESTful APIs are, why we use them, and how to make your API RESTful.
Throughout the course, we'll build code that you can reuse in all your projects.
All the source code developed in the lectures is available to download.
All the time we'll adhere to industry standards and best practices.
Each section has short, self-contained lectures that you can go back to reinforce specific concepts if you need to.

When you complete the course you'll be able to use APIs in your PHP applications to leverage third-party components and services. You'll also be able to create your own API, using various authentication techniques depending on the type of API you want to create.

Complete with all the code shown in the lectures, you'll be able to work alongside the instructor and will receive a verifiable certificate of completion upon finishing the course.

Also, at all times throughout the course you have access to the instructor in the Q&A section to ask for help with any topic related to the course.

Enrol now and become a master of APIs in PHP!

Who this course is for:

PHP developers of all levels who want to learn how to use third-party APIs in their code
PHP developers of all levels who want to create their own APIs
Experienced PHP API developers who want to add authentication to their APIs

APIs in PHP: from Basic to Advanced

What you'll learn

Explore related topics

Course content

Introduction: how to use the course and software installation3 lectures • 4min

API basics: what APIs are and how to use them4 lectures • 15min

HTTP basics: requests, responses and using cURL8 lectures • 31min

REST and RESTful APIs: using them from PHP4 lectures • 18min

Create a RESTful API: build a framework for serving the API9 lectures • 37min

Create a RESTful API: create a database and retrieve data from it10 lectures • 31min

Create a RESTful API: create, update and delete individual resources8 lectures • 34min

API key authentication12 lectures • 38min

An introduction to authentication using access tokens8 lectures • 29min

Authentication using JSON Web Tokens (JWTs)8 lectures • 28min

Requirements

Description

Who this course is for: