If you are going to build an android application (it can be any other mobile platform or web too) that manages all the user data on a central database, REST API will be good architectural option to do the communication between the app and the server. This tutorial gives enough knowledge about building a REST API for very beginners. As this tutorial seems lengthy, I had divided it into 2 parts. In the 1st part we learn fundamental concepts of REST and do the required setup. In the 2nd part building actual API (writing PHP & MySQL code) is covered.



1. Basics of REST API Design

REST architecture will be useful to build client/server network applications. REST represents Representational State Transfer. Implementing REST is very simple compared to other methods like SOAP, CORBA, WSDL etc., It basically works on HTTP protocol.

How to create REST API for Android app using PHP, Slim and MySQL

Following are the list of things should be considered while building a REST API

» HTTP Methods

A well-designed Restful API should support most commonly used HTTP methods (GET, POST, PUT and DELETE). There are other HTTP methods like OPTIONS, HEAD but these are used most often. Each method should be used depending on the type of operation you are performing.

  • GET – To fetch a resource
  • POST – To create a new resource
  • PUT – To update existing resource
  • DELETE – To delete a resource

» HTTP Status Code

HTTP status codes in the response body tells client application what action should be taken with the response. For an example if the response code 200, it means on the server side the request is processed successfully and you can expect updated data in the response. As well if the status code is 401, the request is not authorized. An example cause for 401 could be API key is invalid.

It is not necessary to support all HTTP status codes, but supporting at least the following codes should be good enough. Check out list of HTTP codes from Here

  • 200 – OK
  • 201 – Created
  • 304 – Not Modified
  • 400 – Bad Request
  • 401 – Unauthorized
  • 403 – Forbidden
  • 404 – Not Found
  • 422 – Unprocessable Entity
  • 500 – Internal Server Error

» Content Type

The Content Type in HTTP headers specifies the kind of the data should be transferred between server and client. Depending upon the data your API supporting you need to set the content type.

For an example, JSON Mime type should be Content-Type: application/json, for XML Content-Type: application/xml. You can find list of supported MIME Types Here

» API Key

If you are building a private API where you want to restrict the access or limit to a private access, the best approach is to secure your API using an API key. The user is identified by the API key and all the actions can be performed only on the resources belongs to him.

The API key should be kept in request header Authorization filed instead of passing via URL.

2. Prerequisite

Before diving deep into this article, it is recommended that you have basic knowledge on PHP, MySQL, JSON Parsing, PHP and MySQL. Go through following links to get basic knowledge.

1. PHP Basics
2. MySQL Prepared Statements
3. Android JSON Parsing

3. Slim Framework

Instead of start developing a fresh REST framework from scratch, it is better go with a already proven framework. Then I came across Slim framework and selected it for the following reasons.

1. It is very light weight, clean and a beginner can easily understand the framework.
2. Supports all HTTP methods GET, POST, PUT and DELETE which are necessary for a REST API.
3. More importantly it provides a middle layer architecture which will be useful to filter the requests. In our case we can use it for verifying the API Key.

Downloading Slim Framework

Download the Slim framework from Here and keep it aside. We are gonna need this some point later after doing required setup.

4. Installing XAMPP Server (Apache, PHP and MySQL)

Download & Install XAMPP server from https://www.apachefriends.org/download.html. Once installed, launch the XAMPP control panel and Start Apache and MySQL.

You can test your server by opening the address http://localhost/ in your browser. Also you can check phpmyadmin by opening http://localhost/phpmyadmin

5. Installing POSTMAN

Postman is a great tool when trying to dissect RESTful APIs made by others or test ones you have made yourself. It offers a sleek user interface with which to make HTML requests, without the hassle of writing a bunch of code just to test an API’s functionality.

To install Postman, go to the This Link and click Download for Mac / Windows / Linux depending on your platform.

6. Creating TODO List REST API

To demonstrate REST API I am considering an example of TODO List App with very minimal functionalities.

1. User related operations like registration and login
2. Task related operations like creating, reading, updating and deleting task. All task related API calls should include API key in Authorization header field.

Following are the list of API calls we are going to build in this tutorial. You can notice that same URL endpoint is used for multiple API calls, but the difference is the type of HTTP method we use to hit the URL. Suppose if we hit /tasks with POST method, a newer task will be created. As well if we hit /tasks with GET method, all the tasks will be listed.

API URL Structure

URL Method Parameters Description
/register POST name, email, password User Registration
/login POST email, password User Login
/tasks POST task To Create New Task
/tasks GET   Fetching all Tasks
/tasks/:id GET   Fetching Single Task
/tasks/:id PUT   Updating Single Task
/tasks/:id DELETE task, status Deleting Single Task

7. Creating MySQL Database

For this app we don’t need a complex database design. All we need at this stage is only three tables. You can always add few more tables if you want to extend the functionality. I have created three tables userstasks and user_tasks.

users – All user related data will be stored here. A row will inserted when a new user register in our app.
tasks – All user tasks data will be stored in this table
user_tasks – Table used to store the relation between user and his tasks. Basically we store users id and task id in this table.

users – table to store users data

Field Type Key
name VARCHAR  
email VARCHAR  
password_hash TEXT  
api_key VARCHAR  
status INT  
created_at TIMESTAMP  

tasks – table to store tasks data

Field Type Key
task TEXT  
status INT  
created_at TIMESTAMP  

user_tasks – Relation between users and tasks tables

Field Type Key
user_id INT FK
task_id INT FK

Open the phpmyadmin from http://localhost/phpmyadmin and execute the following SQL queries. As well if you are familiar with phpmyadmin, you can use phpmyadmin graphical interface to create tables.

CREATE DATABASE todo_list_manager;
USE todo_list_manager;
  `name` varchar(250) DEFAULT NULL,
  `email` varchar(255) NOT NULL,
  `password_hash` text NOT NULL,
  `api_key` varchar(32) NOT NULL,
  `status` int(1) NOT NULL DEFAULT '1',
  `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
  PRIMARY KEY (`id`),
  UNIQUE KEY `email` (`email`)
  `task` text NOT NULL,
  `status` int(1) NOT NULL DEFAULT '0',
  `created_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
  PRIMARY KEY (`id`)
  `user_id` int(11) NOT NULL,
  `task_id` int(11) NOT NULL,
  PRIMARY KEY (`id`),
  KEY `user_id` (`user_id`),
  KEY `task_id` (`task_id`)
ALTER TABLE  `user_tasks` ADD FOREIGN KEY (  `user_id` ) REFERENCES  `todo_list_manager`.`users` (
ALTER TABLE  `user_tasks` ADD FOREIGN KEY (  `task_id` ) REFERENCES  `todo_list_manager`.`tasks` (

After executing these queries go through each tables and make sure that everything created correctly.

Until now we are done with getting your system ready for development. The next article How to create REST API for Android app using PHP, Slim and MySQL – Part 2/2 covers the overall process of starting and finishing the PHP and MySQL project.

Happy Coding 😀