- This documentation serves as a comprehensive
guide
that empowers developers tounderstand
,interact
with, andintegrate
anApplication Programming Interface
(API) seamlessly into your applications. - It includes essential details such as
authentication
methods, availableendpoints
,request
andresponse
formats, error handling, andusage
examples. - This API documentation simplifies the process of
leveraging
external services, fostering efficient and effective software development.
-
Created By
: Selepe Sello- The
End
Goal is to Have thesame
API Implemented using.NET 6
. - The Implementation is in this Repository: RESTful_API_Implementation_In_DotNet
-
-
Name
: TestSurname
: UserEmail
: testuser@tuks.co.zaPassword
: @TestUser#564API_key
: a9198b68355f78830054c31a39916b7f
-
Name
: JohnSurname
: DoeEmail
: johndoe3@gmail.comPassword
: tEst@us5e#hdAPI_key
: K9yW8cGnE3qTfR7xV2sZ6bN1mJ4jL5p
-
-
-
All Requests to the
Database
should be Sent viaPOST
method for security Purposes. -
All
API
Request/Response bodies are in the Form of aJSON
object. -
The JSON Object Must contain the
type
attribute and some more data, this is so that the requests can bedistinguishable
andhandled
accordingly. -
The
Database
in Question is aMySQL
Database, Tool:phpMyAdmin
. -
The the
API_keys
on thedatabase
for sendingrequests
to the API are included inSECTION 1
. -
- All
SENSITIVE
data sent to the api likepasswords
,usernames/emails
and etc will beencrypted
from the client side first. - Then on the
API
, The Data will beDecrypted
andHandled
accordingly.
- All
-
-
-
{ "type":"signup", "signup":{ "name":"John", "surname":"Doe", "email":"johndoe3@gmail.com", "password":"tEst@us5e#hd", "PassConfirmation":"tEst@us5e#hd", "account": "default" } }
-
{ "status": "success", "timestamp": 1680911562, "data": "K9yW8cGnE3qTfR7xV2sZ6bN1mJ4jL5p" }
-
-
-
{ "type":"login", "login":{ "username":"johndoe3@gmail.com", "password":"tEst@us5e#hd" } }
-
{ "status": "success", "timestamp": 1680911562, "data": "K9yW8cGnE3qTfR7xV2sZ6bN1mJ4jL5p" }
-
-
-
{ "type":"logout", "logout":{ "apikey":"K9yW8cGnE3qTfR7xV2sZ6bN1mJ4jL5p" } }
-
{ "status": "success", "timestamp": 1680911562, "data": "User Successfully Logged Out!" }
-
-
-
{ "type":"preferences", "preferences":{ "apikey":"K9yW8cGnE3qTfR7xV2sZ6bN1mJ4jL5p", "theme":"dark", "pref":"param" } }
-
{ "status": "success", "timestamp": 1680911562, "data": "Preferences Set Successfully!" }
-
-
-
{ "type":"delete_account", "delete_account":{ "apikey":"K9yW8cGnE3qTfR7xV2sZ6bN1mJ4jL5p", "username":"johndoe3@gmail.com", "password":"tEst@us5e#hd" } }
-
{ "status": "success", "timestamp": 1680911562, "data": "Account Deletion Successful!" }
-
-
-
For this request, A user is not allowed to change their username/
-
-
{ "type":"change_password", "change_password":{ "apikey":"K9yW8cGnE3qTfR7xV2sZ6bN1mJ4jL5p", "new_password":"tEst@us5e#hd" } }
-
{ "type":"change_password", "change_password":{ "username":"johndoe3@gmail.com", "password":"tEst@us5e#hd", "new_password":"tEerray@5e#hd" } }
-
-
{ "status": "success", "timestamp": 1680911562, "data": "Password Changed Successfully!" }
-
-
-
For this request, A user is not allowed to change their username/email
-
{ "type":"generate_apikey", "generate_apikey":{ "apikey":"K9yW8cGnE3qTfR7xV2sZ6bN1mJ4jL5p" } }
-
{ "status": "success", "timestamp": 1680911562, "data": "API Key Updated Successfully!" }
-
-
-
{ "type":"get_data", "get_data":{ "apikey":"K9yW8cGnE3qTfR7xV2sZ6bN1mJ4jL5p", "limit":4, "sort":"id_trim", "order": "ASC" } }
-
{ "status": "success", "timestamp": 1680911562, "data": [ {...}, {...}, {...}, {...} ] }
-
-
-
{ "type":"Generate_External_data", "Generate_External_data":{ "apikey":"K9yW8cGnE3qTfR7xV2sZ6bN1mJ4jL5p" } }
-
{ "status": "success", "timestamp": 1680911562, "data": [ {...}, {...}, {...}, {...}, {...}, {...}, {...} ] }
-
-
-
-
-
- A User must have an account to view the Cars for practical 3, and all the other page.
- If a
user
doesn't have an account they can only access thesignup
,login
andlaunch
pages. - So the
user
will have tocreate an account
andlogin
. - When a
user
submits the signup form, the'required'
from HTML will make sure all fields are filled, - Then
JavaScript
will be loaded, And it will do signup validation on theclient side
. - Thereafter, If
javascript
is done, the form will be sent tovalidate-signup.php
viaPOST
. - This is to make sure the request is secured, Then
PHP
will do the validation on theserver side
. - Once all the validation is done, the user will be added to the 'users' database table, meaning they will have an account with
Jerman Otto
. Sign Up Instructions:
- All Fields SHOULD not be
Empty
- The
NAME
andSURNAME
fields SHOULD contain only Characters - The
EMAIL
SHOULD contain@gmail.com
or@tuks.co.za
, and AT LEAST a Character on the LEFT. - Make sure the EMAIL doesn't contain
Illegal Characters
- Make sure the PASSWORD is at least
8 Characters
long and contains aNumber
, Contains aSpecial Character
,Uppercase
andLowercase
letters. - Make sure the PASSWORD doesn't contain Illegal Characters
- The PASSWORD and CONFIRM PASSWORD SHOULD
match
- All Fields SHOULD not be
-
- Generate a
RANDOM
int, SALT value between[2000000000, 2147483646]
. - Encrypt PASSWORD using the random number as the
salt
withsha256
andhash_pbkdf2
method,hash_pbkdf2("sha256", p, s, i, b)
; - Using 1000 iterations for the hash_pbkdf2 method, and a HASH length of 32 BYTES, So that it can fit well into a column of this
size
=>VARCHAR(128)
. - Finally i
Concatenate
theSALT
andHASH
and the encode the resulting string to base 64, usingbase64_encode()
.
- Generate a
-
- The API key is a random string of
length=32
. - It Contains these
AlphaNumeric
Characters:0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
- The Key is then Displayed to the User using a
<p>
tag in every file right after the Heading.
- The API key is a random string of
-
-
-
-
Import the
data
table using the datadb database dumb. -
Import the
users
table using the usersdb database dumb, OR ALTERNATIVELY -
Create another table called
users
with the following fields: "id", "name", "surname", "email", "password", "API_key", "salt". -
The
id
field should beAutomatically
generated, UsingAUTO_INCREMENT=1
-
- At least Have Xampp installed
- Copy the souce code to the httdoc directory
- Run the
Apache
andMySQL
server - url:
"http://localhost/path/to/hack_api.php"
- method:
POST
- (HTTP method) - You may use PostMan to Test if the API Works:
- Postman Installation/Tutorial:
- Windows 10: YouTube-Link
- Windows 11: YouTube-Link
- Postman Installation/Tutorial:
- You may/may not use the examples in
Section 2
-
-
The End, Thank You