Welcome Guest, Not a member yet? Register   Sign In
How to include token in API rest
#1

Hello!!  I am trying to create an API rest, I am simply fetching data from a Database via GET.

It works perfectly but, I want to generate tokens so that it has security.

I have searched but still can not find something that can serve me. I was recommended to use https://jwt.io but I really do not understand it, if someone has a document or guide that can send me, I will appreciate it.
Reply
#2

How complex/complicated do you want/need to be? Your question is rather generic to be answered easily.

Here is what i do. I only need simple security as in my case its public data that is returned. But I want to stop just anybody using this API.

I create a client_secret that I send to everybody that will be using the API. They need to send this client_secret with each request.

The API checks if that client_secret exist in my user table before returning any data. This way I can add or remove clients_secrets easily and make sure only people that I want to can access the data.

If you tell us a bit more about your setup and what you try to archive and avoid we might be able to help you a little better.
On the package it said needs Windows 7 or better. So I installed Linux.
Reply
#3

Method to create UUID's

PHP Code:
/**
 * guidV4 ()
 * --------------------------------------------------------------------
 *
 * A universally unique identifier (UUID) it is a 128-bit number
 * used to identify information in computer systems.
 * xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx
 *
 */
if ( ! function_exists('guidV4'))
{
    
/**
     * guidV4 ()
     * ---------------------------------------------------------------------------
     *
     * @return string
     */
    
function guidV4()
    {
        
// Microsoft guid {xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx}
        
if (function_exists('com_create_guid') === true)
        {
            return 
trim(com_create_guid(), '{}');
        }

        
$data openssl_random_pseudo_bytes(16);

        
// set version to 0100
        
$data[6] = chr(ord($data[6]) & 0x0f 0x40);

        
// set bits 6-7 to 10
        
$data[8] = chr(ord($data[8]) & 0x3f 0x80);

        return 
vsprintf('%s%s-%s-%s-%s-%s%s%s'str_split(bin2hex($data), 4));
    }


Create a helper and add the code above.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#4
Lightbulb 
(This post was last modified: 07-08-2017, 04:31 AM by arisroyo. Edit Reason: Change constant for generated key )

Here my example Angel

1. I create Libraries Jsonwebtokens.php and put it on /application/libraries
2. Download https://github.com/firebase/php-jwt and put on /application/third_party/firebase-jwt
3. Here how I used it

Example:

PHP Code:
$this->load->library('jsonwebtokens');
$data = array('email' => $email);
$token $this->jsonwebtokens->generate_jswt($data,'P30D'); 

Jsonwebtokens.php
PHP Code:
<?php
defined
('BASEPATH') OR exit('No direct script access allowed');

use \
Firebase\JWT\JWT;

class 
Jsonwebtokens {

public function 
init() {
include 
APPPATH 'third_party/firebase-jwt/JWT.php';
}

public function 
 generate_jswt($data = array(), $validity 'P30D') {

$CI =& get_instance();

$this->init();
$jwt '';

$date = new DateTime();
$timeStart $date->getTimestamp();
$date->add(new DateInterval($validity));
$timeEnd $date->getTimestamp();

/*
* iss – Issuer application.
* iat – timestamp of token issuing.
* nbf – Timestamp of when the token should start being considered valid.
* exp – Timestamp of when the token should cease to be valid.
* data – Array of data
*/

try {

$token = array(
"iss" => "MyApplicationName.com",
"aud" => "MyApplication Name",
"iat" => $timeStart,
"nbf" => $timeStart,
"exp" => $timeEnd,
"data" => $data);

$jwt JWT::encode($token"MyGeneratedKey","HS256");

} catch (
Exception $ex) {
log_message('error',$ex->getMessage());
} finally {
return 
$jwt;
}


}

public function 
 validate_jswt($token) {

$this->init();

$jwt null;

try {
$jwt JWT::decode($token"MyGeneratedKey",array("HS256"));
} catch (
Exception $ex) {
log_message('error',$ex->getMessage());
} finally {
return 
$jwt;
}

}

There are those who tell lies with meaning behind them and those meaning less lies!
Reply




Theme © iAndrew 2016 - Forum software by © MyBB