Codeigniter 13: Building a REST API for User Management with CodeIgniter
User management is a fundamental feature in most applications. A REST API for managing users allows you to handle essential operations such as user registration, login, and profile updates. This guide will walk you through building a user management API using CodeIgniter.
Step 1: Setting Up the Database
Create ausers table to store user information:
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(100) NOT NULL,
email VARCHAR(100) NOT NULL UNIQUE,
password VARCHAR(255) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);Step 2: Create a User Model
- Navigate to the
app/Modelsdirectory. - Create a file named
UserModel.php:
namespace App\Models;
use CodeIgniter\Model;
class UserModel extends Model {
protected $table = 'users';
protected $primaryKey = 'id';
protected $allowedFields = ['name', 'email', 'password'];
protected $useTimestamps = true;
}Step 3: Create a Controller for User Management
- Navigate to the
app/Controllersdirectory. - Create a file named
UserController.php:
namespace App\Controllers;
use App\Models\UserModel;
use CodeIgniter\RESTful\ResourceController;
class UserController extends ResourceController {
protected $userModel;
public function __construct() {
$this->userModel = new UserModel();
}
// User Registration
public function register() {
$data = $this->request->getPost();
$data['password'] = password_hash($data['password'], PASSWORD_BCRYPT);
if (!$this->userModel->insert($data)) {
return $this->failValidationErrors($this->userModel->errors());
}
return $this->respondCreated(['message' => 'User registered successfully']);
}
// User Login
public function login() {
$data = $this->request->getPost();
$user = $this->userModel->where('email', $data['email'])->first();
if (!$user || !password_verify($data['password'], $user['password'])) {
return $this->failUnauthorized('Invalid email or password');
}
return $this->respond(['message' => 'Login successful']);
}
// Fetch User Profile
public function profile($id) {
$user = $this->userModel->find($id);
if (!$user) {
return $this->failNotFound('User not found');
}
unset($user['password']); // Remove password from the response
return $this->respond($user);
}
// Update User Profile
public function updateProfile($id) {
$data = $this->request->getRawInput();
if (!$this->userModel->update($id, $data)) {
return $this->fail('Failed to update profile');
}
return $this->respondUpdated(['message' => 'Profile updated successfully']);
}
// Delete User
public function deleteUser($id) {
if (!$this->userModel->delete($id)) {
return $this->failNotFound('User not found');
}
return $this->respondDeleted(['message' => 'User deleted successfully']);
}
}Step 4: Define Routes
Add the following routes inapp/Config/Routes.php:
$routes->group('users', function($routes) {
$routes->post('register', 'UserController::register');
$routes->post('login', 'UserController::login');
$routes->get('profile/(:num)', 'UserController::profile/$1');
$routes->put('profile/(:num)', 'UserController::updateProfile/$1');
$routes->delete('(:num)', 'UserController::deleteUser/$1');
});Step 5: Testing the API
- Register a User:
- Endpoint:
/users/register - Method: POST
- Body:
{ "name": "John Doe", "email": "john@example.com", "password": "password123" }
- Endpoint:
- Login:
- Endpoint:
/users/login - Method: POST
- Body:
{ "email": "john@example.com", "password": "password123" }
- Endpoint:
- Fetch Profile:
- Endpoint:
/users/profile/1 - Method: GET
- Endpoint:
- Update Profile:
- Endpoint:
/users/profile/1 - Method: PUT
- Body:
{ "name": "John Updated" }
- Endpoint:
- Delete User:
- Endpoint:
/users/1 - Method: DELETE
- Endpoint:
Best Practices for User Management APIs
- Hash Passwords: Always hash passwords before storing them in the database.
- Validate Input: Validate user input to prevent invalid or malicious data.
- Secure Endpoints: Protect sensitive endpoints with authentication and authorization mechanisms.
- Remove Sensitive Data: Exclude sensitive fields (e.g., passwords) from API responses.