Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Delicious Brains Blog:
PHP and cURL: How WordPress makes HTTP requests
Mar 30, 2017 @ 10:49:35

In a new post from the Delicious Brains site Peter Tasker looks at how WordPress makes HTTP requests with the help of the cURL functionality in PHP.

cURL is the workhorse of the modern internet. As its tagline says, cURL is a utility piece of software used to ‘transfer data with urls‘. According to the cURL website, the library is used by billions of people daily in everything from cars and television sets, to mobile phones. It’s the networking backbone of thousands of applications and services. Unsurprisingly, it’s also a core utility used by WordPress’ own Requests API as well as our own WP Migrate DB Pro.

If you’re curious about the power of the cURL library, how it works with WordPress and what to watch out for (especially on macOS), then you’re in the right place.

He starts by giving a bit of background on what cURL is and some examples of how its used to make requests. He then talks about the cURL integration with PHP via an extension and provides a simple code example fetching an endpoint from the httpbin.org site. With that background defined he moves into the main focus of the article - how cURL and PHP combine in the WordPress WP_Http class and Requests handling to make HTTP requests to remote (or local) resources. Code examples are included showing how to put these pieces to work in a custom script and includes some common issues you might see during your HTTP request development.

tagged: wordpress http request curl tutorial wphttp internal example

Link: https://deliciousbrains.com/php-curl-how-wordpress-makes-http-requests/

PHP Roundtable:
058: HTTPlug, Guzzle & API's
Jan 09, 2017 @ 12:58:11

The PHP Roundtable podcast, hosted by Sammy Powers, has posted their latest episode looking at HTTPlug, Guzzle and APIs. Sammy is joined by guests Tobias Nyholm, Woody Gilk, *
Steven Maguire* and Brian Retterer.

Guzzle has become the de-facto HTTP-client library for PHP. But recently a number of open source projects have been switching to HTTPlug which boasts itself as an HTTP-client abstraction. We chat about the problems HTTPlug aims to solve, the plans for its future and the reasons behind why some library maintainers have chosen to adopt it or not.

You can catch this latest episode in a few different ways - either through the in-page video or audio player, directly over on YouTube or you can download the audio version for listening at your leisure. If you enjoy the show, be sure to subscribe to their feed and follow them on Twitter to keep up with the latest shows as they're announced.

tagged: phproundtable ep58 httplug guzzle api http client podcast

Link: https://www.phproundtable.com/episode/httplug-guzzle-and-apis

Cloudflare Blog:
Using Guzzle and PHPUnit for REST API Testing
Dec 30, 2016 @ 10:19:48

On the Cloudflare blog there's a new post with an example of how to test APIs with Guzzle, a popular HTTP client for PHP. In their example they're focusing on the testing of REST APIs.

APIs are increasingly becoming the backbone of the modern internet - whether you're ordering food from an app on your phone or browsing a blog using a modern JavaScript framework, chances are those requests are flowing through an API. Given the need for APIs to evolve through refactoring and extension, having great automated tests allows you to develop fast without needing to slow down to run manual tests to work out what’s broken.

[...] In this post I'll be demonstrating how you can test RESTful APIs in an automated fashion using PHP, by building a testing framework through creative use of two packages - Guzzle and PHPUnit. The resulting tests will be something you can run outside of your API as part of your deployment or CI (Continuous Integration) process.

They start by setting up their testing environment, using Composer to install both the Guzzle HTTP client and the PHPUnit testing tool. They then create the example phpunit.xml configuration file and writing a first test. Their example runs a test against the "/user-agent" endpoint on httpbin.org, verifying that the response code is 200, content type of the return is correct and that the body contains the string "Guzzle". They build on this adding another test for a failure (a 405 response code) from a PUT request on the same endpoint.

tagged: guzzle testing http api rest phpunit tutorial introduction

Link: https://blog.cloudflare.com/using-guzzle-and-phpunit-for-rest-api-testing/

Paul Jones:
PECL Request Extension: Beta 1 Released!
Dec 21, 2016 @ 10:06:38

As Paul Jones has announced in this post to his site the PECL "Request" extension has reached the beta stage with the release of beta v1.

I am happy to announce that the PECL extension for server-side request and response objects has reached beta status! (Documentation here.)

[...] This completes the intended initial functionality of the extension. You should install it and try it out, because it might be make your work easier.

The post also lists out some of the new functionality introduced in this beta mostly focused around the fetching of the "forwarded for" information. You can find out more about the extension on the pecl.php.net website.

tagged: request extension beta release http

Link: http://paul-m-jones.com/archives/6461

SitePoint PHP Blog:
Shopify App Development Made Simple with HTTP APIs and Guzzle
Oct 27, 2016 @ 11:51:09

The SitePoint PHP blog has posted a tutorial from author Wern Ancheta digs into the Shopify API and shows you some simple methods to use it with Guzzle.

In this tutorial, you’re going to get started with developing Shopify apps. You’re going to create a simple app that lists out products from a Shopify store. [...] Shopify apps are a way of extending the functionality of a Shopify store or to provide ecommerce capabilities to websites or mobile apps.

The tutorial then starts in, showing you how to set up a Shopify Partner Account and create the "Store" instance you'll be using for the development. With that created, you'll have to set up a new application inside the store - this is what the script will actually connect with. From there they start in on the demo application, installing Twig, Slim, Guzzle and a few other libraries. They show the code to set up the simple Slim application along with a handful of routes, views and some SQL interaction. The tutorial includes the code for:

  • authenticating users against the API (and your store)
  • making requests to the API for product information
  • outputting the results to a simple page

If you're short on time or just want to jump to the end, you can get the code for this example in this GitHub repository.

tagged: shopify tutorial api http guzzle client shop application

Link: https://www.sitepoint.com/shopify-app-development-made-simple/

SitePoint PHP Blog:
From HTTP Messages to PSR-7: What’s It All About?
Oct 06, 2016 @ 11:57:03

The SitePoint PHP blog has a new tutorial posted hoping to demystify some of the confusion around HTTP and PSR-7, a standard from the PHP-FIG group around the handling of request and response messages in PHP applications.

The PHP Framework Interoperability Group (PHP-FIG) has relatively recently approved another proposal, the PSR-7: HTTP Messages Interface. The document crystallizes HTTP messages into 7 interfaces which a PHP library should implement if they subscribe to the specification. In PSR-7 By Example, Matthew Weier O’Phinney, editor of the PSR, gives an interesting overview of the specification. So what is it?

They start with the HTTP side of things, briefly covering what HTTP messages are and the format they're transmitted in. Using some example curl requests they show requests and responses involving normal responses, redirects and how they're broken down into objects implementing the MessageInterface, RequestInterface and ResponseInterface. They outline the PSR-7 specification in a UML diagram and talk about some of the challenges associated with PSR-7's handling (including the use of immutable objects and how it fits in with middleware handling).

The post ends with a listing of a few of the frameworks/libraries that already make use of the PSR-7 structure including Symfony, Slim, Guzzle and the HTTPlug client.

tagged: psr7 http messages tutorial introduction phpfig standard

Link: https://www.sitepoint.com/from-http-messages-to-psr-7-whats-it-all-about/

JoliCode.com Blog:
The journey of writing an API Client with PHP and some wise advices
Aug 25, 2016 @ 10:49:01

On the JoliCode.com blog there's a post sharing the experience of writing an API client with PHP including some advice to those out there considering doing the same.

My (love-)story with Docker started in December 2013, after having lost a 2 years long battle against Chef. I had been attracted to Docker for a couple of months, and I finally made the switch the day when I learned that it was built on a REST API. This meant that I could control all my infrastructure from PHP, which is the language I’m most partial to.

After some research, I found the library docker-php built by ubermuda, but, like all the things around Docker at that time, there was only a very limited support of the API. Like any decent developer (yes, it’s a troll), I started to write pull requests to fulfill my needs, and it was both the greatest and the worst thing that happened to me.

The post starts off with a brief history of PHP libraries working with HTTP requests (and the difficulties he had with Guzzle). This includes the fast pace that the library was changing at the time, making it difficult to keep the code maintained. He took a "step back" and decided to look more into HTTPlug and some changes to help bring it up to date. With that choice made, he got into the automation portion and using it work with the Docker API. He talks about some of the other technologies and tools he investigated along the way including Jane for working with JSON message schemas.

Maintaining an open source library is hard and takes time. However, these last years made me realize that we can control it, by moving features into other projects, trust people behind it, and by reducing the feature sets.
tagged: api client library advice http httplug jane json schema

Link: https://jolicode.com/blog/the-journey-of-writing-an-api-client-with-php-and-some-wise-advices

IBM Developer Blog:
Get Started With CouchDB Using PHP and Guzzle
Jul 28, 2016 @ 13:07:48

On the IBM Developer Blog they've posted a new article from Lorna Mitchell helping you get started with CouchDB and Guzzle, making use of this popular HTTP client package to interface with CouchDB's HTTP interface quickly and easily.

In today’s post, we’ll look at how we can use CouchDB in our PHP applications, using the excellent PHP HTTP library Guzzle. Guzzle is a modern, PSR-7 compliant object-oriented PHP library that handles all aspects of HTTP in a correct and — importantly, a scalable — way. So it’s a great way to add any HTTP-interfaced services into your application (PHP 5.5 and later, does support PHP 7).

She then starts off with the installation of Guzzle via Composer and some sample code to make the initial connection to the CouchDB server (either local or remote). With the connection up and working and a "welcome" banner returned, she shows some simple operations like:

  • getting a list of all databases
  • creating a new database
  • inserting and selecting data
  • updating and deleting data

Code is provided for each of these and, thankfully, Guzzle makes it a pretty simple process and handles most of the heavy lifting on the HTTP requests for you.

tagged: couchdb guzzle introduction database http install connect crud

Link: https://developer.ibm.com/clouddataservices/2016/07/27/get-started-with-couchdb-php-guzzle/

Community News:
HTTPoxy Vulnerability Announcement
Jul 19, 2016 @ 12:40:10

Recently a major security vulnerability was announced centering around the the HTTP "Proxy" header and how incorrect handling could result in major issues with external requests. In the PHP ecosystem, a major HTTP library - Guzzle - was vulnerable (along with any application using it). However, according to Michael Dowling, a lead developer on the project, a new release has already been made to correct the problem.

httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict [between the "Proxy" and "HTTP_Proxy" headers]. This leads to a remotely exploitable vulnerability. If you’re running PHP or CGI, you should block the Proxy header now. Here’s how.

The main HTTPoxy site as more information about how you can test to see if your application is vulnerable and what software/server configurations are typically vulnerable. There's also more language-specific information on the page as well as some immediate mitigations for various web server types.

tagged: httpoxy http proxy header vulnerability announcement guzzle webserver

Link: https://httpoxy.org/

Alejandro Celaya:
Dispatch REST-like requests with a single controller class in Zend Expressive
Jun 27, 2016 @ 10:21:25

In a new post to his site Alejandro Celaya shows you how to dispatch REST-like requests in Zend Expressive using a single-controller method.

I was digging into Zend Expressive and how to use controllers that allow me to share dependencies between different routes, instead of having to use different middlewares every time. Abdul wrote a great article on this subject that you can find here, which also became part of Expressive's cookbook some time later.

This is a perfect approach that easily allows to reuse some code, but then I thought how to do something similar in a rest environment, having a single class with different dispatchable methods that will be called depending on the request's HTTP method. This is a possible solution based on ZF2's AbstractRestfulController.

He starts by creating an AbstractRestController class to handle the basics of the REST handling, essentially matching verbs to their actions. He then extends this with a RestUserController class that overrides the necessary methods for only the HTTP verbs you want to change. He then shows how to register the route so it can be used by any request verb type (GET, POST, PUT, etc).

tagged: zendexpressive tutorial rest request verb http zendframework2 abstractcontroller

Link: http://blog.alejandrocelaya.com/2016/06/24/dispatch-rest-like-requests-with-a-single-controller-class-in-zend-expressive/