How to create a REST API using CodeIgniter4 and JWT (JSON Web Tokens) authentication

CodeIgniter 4 is a popular PHP framework for building web applications, and JWT is a method for securely transmitting information between parties as a JSON object. It’s often used for authentication and authorization in RESTful APIs.

Let’s break down the steps to create a REST API with JWT authentication using CodeIgniter4:

1. Install CodeIgniter4:
   If you haven’t already, you need to install CodeIgniter4 on your server. You can follow the installation instructions provided in the official CodeIgniter4 documentation.
2. Install Required Packages:
   You’ll need to install the codeigniter4-restful-api and firebase/php-jwt packages. You can do this using Composer, the PHP package manager.

   composer require kenjis/codeigniter-restserver
   composer require firebase/php-jwt

3. Create the REST Controller:
   Create a new controller that will handle your API endpoints. This controller should extend the RestController class provided by the codeigniter4-restful-api package. Define your RESTful methods (GET, POST, PUT, DELETE, etc.) in this controller.

   namespace App\Controllers;

   use CodeIgniter\RESTful\ResourceController;

   class ApiController extends ResourceController
   {
       public function index()
       {
           return $this->respond(['message' => 'Welcome to the API']);
       }

       // Define more methods for your API
   }

4. Configure Routes:
   Configure your API routes in the Routes.php file located in the app/Config directory. Map your endpoints to the appropriate methods in your controller.

   $routes->get('api', 'ApiController::index');
   // Define more routes for your API

5. Implement JWT Authentication:
   Create an authentication method that generates and verifies JWT tokens. You can create a helper function for this purpose. Here’s a simplified example:

   namespace App\Helpers;

   use Firebase\JWT\JWT;

   class JwtHelper
   {
       private static $key = 'your-secret-key';

       public static function generateToken($data)
       {
           $payload = array(
               'data' => $data,
               'exp' => time() + 3600 // Token expiration time (1 hour)
           );

           return JWT::encode($payload, self::$key);
       }

       public static function verifyToken($token)
       {
           try {
               return JWT::decode($token, self::$key, array('HS256'));
           } catch (\Exception $e) {
               return false;
           }
       }
   }

6. Protect Routes with JWT:
   In your controller methods that require authentication, you can use the verifyToken method from your JwtHelper to protect those routes.

   $token = $this->request->getHeaderLine('Authorization');
   $token = str_replace('Bearer ', '', $token);

   if (!empty($token) && JwtHelper::verifyToken($token)) {
       // Token is valid, proceed with the API logic
   } else {
       return $this->respondUnauthorized('Invalid token');
   }

7. Testing the API:
   You can use tools like Postman to test your API endpoints. Make requests to the defined endpoints, including the JWT token in the Authorization header.

Remember that this is a simplified example to give you an idea of how to create a CodeIgniter4 REST API with JWT authentication. In a real-world scenario, you’d likely need to implement more robust error handling, user management, and additional security measures. Always refer to the official documentation of CodeIgniter4 and the packages you’re using for the most up-to-date and comprehensive information.