Week 2 - Making the first API calls

After successfully creating the login and logout API calls, the next step was to create some basic API calls. The very first area that we decided to implement was courses.

The following API calls were implemented.

GET /api/courses/  
GET /api/courses/[course_id]  
GET /api/courses?title=[title]&category_id=[category_id]&primary_language=[primary_language]  

In my previous post, I mentioned that I hadn't implemented how to decide the access level of a member. This week, I added the feature by making queries to two different tables- one for members and the other for admins. Since that was accomplished, I could proceed with two courses related calls for instructors and students.

GET /api/students/[student_id]/courses  
GET /api/instructors/[instructor_id]/courses  

The first would return list the courses that a student is enrolled in and the second would return the list of courses that an instructor teaches.

I had created a function last week to authenticate an access token. Because of the two above APIs, I needed to cross check if the access token matched the student or instructor ID provided in the URL above. That would mean an extra query. To avoid that, I added an extra argument to the authentication function that returns the member_id along with the token. Here's how it looks.

function (..., $return_member_id = false) {  
    ...
    return array($token, $member_id);
}

How do I get the value?

list($token, $member_id) = get_access_token(..., true);  

Pretty Pythonic, isn't it?

Another important task accomplished in the week is the logging of all API calls. The request URI, token, HTTP method, IP address and the response are logged in the database.

One last thing to do is to create logs in case of errors.