RESTful API with JWT Authentication
A production-ready RESTful API demonstrating best practices for authentication, authorization, rate limiting, and API documentation.
Features
Authentication & Authorization
- JWT Authentication: Stateless token-based authentication
- Role-Based Access Control (RBAC): Fine-grained permissions
- Refresh Tokens: Secure token renewal mechanism
- Password Reset: Email-based password recovery
API Features
- RESTful Design: Standard HTTP methods and status codes
- API Versioning: Support for multiple API versions (v1, v2)
- Rate Limiting: Prevent abuse with configurable limits
- CORS Support: Cross-origin resource sharing
- Pagination: Efficient data retrieval
- Filtering & Sorting: Flexible query parameters
Documentation
- Swagger/OpenAPI: Interactive API documentation
- Postman Collection: Ready-to-use API testing collection
Endpoints
Authentication
POST /api/v1/auth/register
POST /api/v1/auth/login
POST /api/v1/auth/logout
POST /api/v1/auth/refresh
POST /api/v1/auth/forgot-password
POST /api/v1/auth/reset-password
Resources
GET /api/v1/users
GET /api/v1/users/{id}
POST /api/v1/users
PUT /api/v1/users/{id}
DELETE /api/v1/users/{id}
Security Features
- JWT Token Signing: HMAC-SHA256 algorithm
- Token Expiration: Configurable TTL
- HTTPS Only: Force secure connections
- Input Validation: Request validation rules
- SQL Injection Prevention: Eloquent ORM protection
- XSS Protection: Output sanitization
Rate Limiting
// 60 requests per minute for authenticated users
RateLimiter::for('api', function (Request $request) {
return Limit::perMinute(60)->by($request->user()?->id);
});
Response Format
{
"success": true,
"data": { ... },
"message": "Operation successful",
"meta": {
"pagination": { ... }
}
}
Testing
- PHPUnit Tests: Comprehensive test coverage
- API Integration Tests: End-to-end testing
- Postman Tests: Automated test scripts
Explore the API documentation or check the source code.
