PHP API Framework supporting multiple functions and arguments

Here’s a scalable framework to make API’s that support multiple functions. Each function in turn has mandatory and/or optional parameters. The parameters are combined to create a hash for security and it’s dynamically generated based on the function definition.

<?
define('SECRET', 'p24gvszaox6a1b2c392uewkyhezyqwk9');

class ApiFuncs {
	const FileDownload			=	'file-download';
	const FileAdd				=	'file-add';
	const MailSend				=	'mail-send';
	const FoldersList			=	'folders-list';
	const LastModFileFromFolder		=	'getLastModFileFromFolder';
	const AllFilesFromFolder		=	'getAllFilesFromFolder';
}

$INPUT_PARAMS = array (
	ApiFuncs::FileDownload	=> array('mandatory' => array('fileId')),
	ApiFuncs::FileAdd	=> array('mandatory' => array('fileContent','fileName','folderId')),
	ApiFuncs::MailSend	=> array('mandatory' => array('csv_fileIds', 'to', 'subject'),
							'optional' => array('message', 'cc', 'bcc')),
	ApiFuncs::FoldersList	=> array('mandatory' => array('folderId')),
	ApiFuncs::LastModFileFromFolder	=> array('mandatory' => array('folderId'),
						'optional' => array('fileExtension')),
	ApiFuncs::AllFilesFromFolder	=> array('mandatory' => array('folderId'),
						'optional' => array('fileExtension')),
);

validate();

//**************************************
//-- API Functions
//**************************************

function validate() {
	global $_POST, $INPUT_PARAMS;
	try {
		if(!array_key_exists('function', $_POST) || !array_key_exists($_POST['function'], $INPUT_PARAMS)) {
			exit(json_encode(getSimpleDictResponse(ReturnType::Error, ReturnCode::InvalidFunction)));
		}
		$token_params = $INPUT_PARAMS[$_POST['function']]['mandatory'];
		foreach($token_params as $key => $value) {
			if(!array_key_exists($value, $_POST)) {
				exit(json_encode(getSimpleDictResponse(ReturnType::Error, ReturnCode::MissingApiParam, $value)));
			}
		}
	}
	catch(Exception $e){
		exit(json_encode(getSimpleDictResponse(ReturnType::Error, ReturnCode::InvalidAPICall, $e)));
	}
	
	validate_values();
	verify_token();
}

function validate_values() {
	global $_POST, $INPUT_PARAMS;
	switch($_POST['function']) {
		case ApiFuncs::FileDownload:
			if(!preg_match('/^\d+$/',$_POST['fileId'])) {
				exit(json_encode(getSimpleDictResponse(ReturnType::Error, ReturnCode::InvalidFileId, $_POST['fileId'])));
			}
			break;
		default:
			break;
	}
}

function verify_token() {
	global $_POST, $INPUT_PARAMS, $SECRET;
	$token_params = $INPUT_PARAMS[$_POST['function']]['mandatory'];
	$hash = "function=".$_POST['function'];
	foreach($token_params as $key => $value) {
		$hash .= $value.'='.$_POST[$value];
	}
	$hash .= "secret=".SECRET;
	if(getSHA1Token($hash) != $_POST['token']) {
		exit(json_encode(getSimpleDictResponse(ReturnType::Error, ReturnCode::InvalidToken)));
	}
}
?>

Advertisements
Posted in PHP

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s