PHPRunner can generate REST API endpoints for SQL databases that utilize HTTP Basic authorization or authorization via API key.
API endpoints let enterprises provide authorized users access to specific data sets while obfuscating database details.
In the first example the URL below returns pricing information from a proprietary SQL database...
https://valucalc.com/diamondpricesapi.php?apikey=ABC123&cut=ideal&clarity=VVS1&color=D&upper=10&lower=1
The API key is passed along with query parameters to the diamondpricesapi.php script below...
<?php
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
header("Cache-Control: no-cache, must-revalidate");
$apikey = $_GET["apikey"];
$cut = urlencode($_GET["cut"]);
$clarity = $_GET["clarity"];
$color = $_GET["color"];
$upper = $_GET["upper"];
$lower = $_GET["lower"];
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_HTTPHEADER => array("X-Auth-Token: $apikey"),
CURLOPT_URL => "https://valucalc.com/pricegrid/api/v1.php?table=grid&action=list&records=10&q=(CutType~equals~$cut)(Quality~equals~$clarity)(Color~equals~$color)(WeightUpper~lessequal~$upper)(WeightLower~moreequal~$lower)",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
?>


Different endpoints can use the same API key, embedded in the pricegridapi.php script in the second example below.
https://valucalc.com/pricegridapi.php?records=10
<?php
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
header("Cache-Control: no-cache, must-revalidate");
$records = $_GET["records"];
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_HTTPHEADER => array("X-Auth-Token: ABC123"),
CURLOPT_URL => "https://valucalc.com/pricegrid/api/v1.php?table=grid&action=list&records=$records",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
?>


The third example doesn't use the API, instead using PDOModel to connect to the database and execute the query with parameters supplied in the URL.
https://valucalc.com/pricequerypdomodel.php?CutType=ideal&Quality=VVS1&Color=D&Weight=1
<?php
require_once 'script/PDOModel.php';
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
header("Cache-Control: no-cache, must-revalidate");
$servername ="127.0.0.1";
$username="USERNAME";
$password="USERPASSWORD";
$dbname = "DATABASENAME";
$series = "Diamonds";
$gemtype = "Diamond";
$cuttype = $_GET["CutType"];
$weight = $_GET["Weight"];
$quality = $_GET["Quality"];
$color = $_GET["Color"];
$pdomodel = new PDOModel();
$pdomodel->connect($servername, $username, $password, $dbname);
$records = $pdomodel->executeQuery("select * from grid WHERE Series = ? and GemType = ? and CutType = ? and WeightLower <= ? and WeightUpper > ? and Quality = ? and Color = ?", array($series,$gemtype,$cuttype,$weight,$weight,$quality,$color));
$json=$pdomodel->arrayToJson($records);
print_r($json);
?>