14

I writing REST API form my web application. Application is written using CodeIgniter framework. Application itself is working fine, but I'm stuck on making REST Authentication. I think that basic Http Authentication will be good enough for some time. Public API is not yet planned.

Is there any code example how to achieve REST Authentication so after user is authenticated he can freely call all protected methods.

Improve this question

2 Answers 2

Reset to default
40

I have written up a REST Controller to make your REST applications easier to build. You can read all about it on NetTuts: Working with RESTful services in CodeIgniter.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

This looks like a very comprehensive tutorial, I will read it certainly.
Just checked out Phil's tut, great stuff Phil, very informative!
You coverd security in REST_Controller! This is great, thx again!
I have used your Class and it worked perfectly. I didn't even know this article existed. Looks like a good read.
Hi. we are already now in authentication problem using the REST you made @PhilSturgeon. We try to login post but it seems it cant remember the session. the next request is not logged in. how can we access the session made on the login request?
|
8

If you use HTTPS, you can use Basic authentication and it's very easy to do. Just add following code to your controller,

   if (empty($this->input->server('PHP_AUTH_USER')))
   {
       header('HTTP/1.0 401 Unauthorized');
       header('HTTP/1.1 401 Unauthorized');
       header('WWW-Authenticate: Basic realm="My Realm"');
       echo 'You must login to use this service'; // User sees this if hit cancel
       die();
    }

    $username = $this->input->server('PHP_AUTH_USER');
    $password = $this->input->server('PHP_AUTH_PW');

    // Check username and password

I use mod_php, your auth variable names maybe different if using other SAPI modules.

Improve this answer

1 Comment

So HTTP is a must, for encrypting plain user name and password in each request. Thx!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.