This project is an example of how to create a JSON Web Token (JWT) based API using PHP 8 and the Symfony framework with the API Platform. The API has been tested with Newman, which is generated by Postman.
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes.
- PHP 8
- Composer
- Symfony CLI
- A database (MySQL, PostgreSQL, SQLite, etc.)
- Postman
- Newman (for running the Postman tests)
- Clone the repository:
git clone https://github.com/Barvoziker/JWTApi.git
- Navigate to the project directory:
cd jwt_api
- Install the dependencies:
composer install
- Create a
.env
file:cp .env.example .env
- Configure the database connection in the
.env
file - Create the database:
php bin/console doctrine:database:create
- Apply the migrations:
php bin/console doctrine:migrations:migrate
- Create a JWT private key:
openssl genpkey -out config/jwt/private.pem -aes256 -algorithm rsa -pkeyopt rsa_keygen_bits:4096
- Create a JWT public key:
openssl pkey -in config/jwt/private.pem -out config/jwt/public.pem -pubout
- Start the built-in web server:
symfony serve
- Import the
postman_collection.json
file into Postman - Run the tests using Newman by executing the command
newman run postman_collection.json
- Register a new user by making a POST request to
/api/register
with a JSON body containing the following fields:email
,password
, andname
. - Login with the registered user by making a POST request to
/api/login
with a JSON body containing the following fields:email
andpassword
. The response will contain a JWT token that can be used to authenticate future requests. - Make authenticated requests by including the JWT token in the
Authorization
header of the request, with a value of Bearer .
- Symfony - The web framework used
- API Platform - The API framework used
- LexikJWTAuthenticationBundle - JWT authentication bundle for Symfony
- FOSUserBundle - User management bundle for Symfony
- Postman - API testing tool
- Newman - Command line tool for running Postman tests
- JWT.io - For providing a great resource on JSON Web Tokens
- Auth0 - For their excellent documentation on JWT and API security
- [ Barvoziker ] - Initial work