For installation information please refer to DEPLOYMENT.md document.
With your favorite API client (personally I use Postman or cURL).
- Connect to any endpoints of the API.
- use
WWW-Authenticate
API response's headers combined with PHP toolphp src/DevTools/authenticationHelper.php
fom the app. - generate digest with
php src/DevTools/authenticationHelper.php
using your credentials (login, password) and at least the nonce from the API response's header. - example:
$ php src/DevTools/authenticationHelper.php auth:client:digest thierry thierry1234 4364cc022f1e5dadf21e53d68b8b0b78b6632f62ea49cc1c
Authorization:
Digest username="thierry", realm="zelty.fr", uri="/login", qop="auth", nonce="4364cc022f1e5dadf21e53d68b8b0b78b6632f62ea49cc1c", nc=00000001, cnonce="8dfbfd899361c6b93a58e85b086b29b978862eacd6934047", response="bb8077aa0d32e6ef4767a06e2d3eded5655a1d8eb2761762f38eeb2b558c311b"
- Copy Digest entirely (in yellow) with the quotes and paste it to Authorization header in your next API request
- If all goes well you should be answered back by the API with a token, something like
{
"token": "ZWQyZDNmYzcxNDI3YTVlODE1MDZjNjZlNGNiYTNjMjZmZGVhNzVjNzQ2ZWE="
}
- OK, you are almost done, now copy that token without quotes in your Authorization header field for your next API requests
Authorization: Bearer ZWQyZDNmYzcxNDI3YTVlODE1MDZjNjZlNGNiYTNjMjZmZGVhNzVjNzQ2ZWE
Note: You can add your credentials using src/DevTools/importDataFixtures.php
(don't forget to run the script again).
Note2: I decided to couple Token based Authentication (RFC6750) to HTTP Digest (RFC7616) for performances purposes.
For more information about authentication, please refer AUTHENTICATION.md document.
GET
- http(s)://hots:port
/
POST
- http(s)://hots:port
/article/
{"title": "Votre titre ici","content": "...","state": "draft", "publishedOn": "2022/11/15", "author": "thierry"}
GET
- http(s)://hots:port
/article/{id}
PATCH
- http(s)://hots:port
/article/{id}
{"state": "published", "author": "test admin"}
DELETE
- http(s)://hots:port
/article/{id}
GET
- http(s)://hots:port
/articles?page=1&perPage=4&renderHtml=on&filters=name%20LIKE%julie%20AND%20title%20LIKE%20click%20and%20collect
API payloads support solely JSON (Javascript Object Notation), for responses as well as requests, and otherwise it throws errors like:
{
"statusCode": 400,
"error": {
"type": "BAD_REQUEST",
"message": "Content-Type header is missing, JSON expected"
}
}
API performances could be improved using a memory based key => value Data Store for caching utilities. For instance, Redis =]
The original exercise subject available here (in french).