{"id":5942,"date":"2025-11-15T13:38:31","date_gmt":"2025-11-15T13:38:31","guid":{"rendered":"https:\/\/www.codexworld.com\/?p=5942"},"modified":"2025-11-15T13:44:03","modified_gmt":"2025-11-15T13:44:03","slug":"rest-api-with-jwt-authentication-using-php","status":"publish","type":"post","link":"https:\/\/www.codexworld.com\/rest-api-with-jwt-authentication-using-php\/","title":{"rendered":"REST API with JWT Authentication using PHP"},"content":{"rendered":"<p>Implementing secure authentication in REST APIs is a must for modern applications. One of the most widely used methods is JWT (JSON Web Token), which allows stateless, scalable authentication without storing sessions on the server.<\/p>\n<p>In this tutorial, you\u2019ll learn how to build a complete REST API with JWT Authentication using Core PHP (without any framework). We\u2019ll cover:<\/p>\n<ul>\n<li>API structure<\/li>\n<li>Database design<\/li>\n<li>User registration API<\/li>\n<li>Login API with JWT generation<\/li>\n<li>Token verification middleware<\/li>\n<li>Protected API endpoints<\/li>\n<li>Token blacklist \/ logout system<\/li>\n<li>Testing using Postman<\/li>\n<\/ul>\n<h2>What is JWT and Why Use It?<\/h2>\n<p>JWT (JSON Web Token) is a compact, URL-safe token used to secure API endpoints.<br \/>\nAfter the user logs in, the server returns a signed JWT token, and the client must send this token in every request.<\/p>\n<p>A JWT contains three parts:<\/p>\n<ol>\n<li><b>Header<\/b> \u2013 algorithm and token type<\/li>\n<li><b>Payload<\/b> \u2013 user data (id, email, roles, etc.)<\/li>\n<li><b>Signature<\/b> \u2013 verifies integrity<\/li>\n<\/ol>\n<p>Example:<\/p>\n<pre>xxxxx.yyyyy.zzzzz<\/pre>\n<p>\ud83d\udc49 Using JWT avoids storing sessions, making the API fully stateless and scalable.<\/p>\n<p><b>\ud83d\ude80 Let&#8217;s get started building the Complete REST API with JWT Authentication in PHP!<\/b><\/p>\n<h2>\ud83d\udcc1 Folder Structure<\/h2>\n<p>Before getting started to build a Complete PHP REST API with MySQL, PDO, JWT Authentication, take a look at the file structure for this project:<\/p>\n<pre class=\"file-struc\">rest_api_with_jwt_authentication_in_php\/\r\n\u251c\u2500\u2500 api\/\r\n\u2502   \u251c\u2500\u2500 _init.php\r\n\u2502   \u251c\u2500\u2500 login.php\r\n\u2502   \u251c\u2500\u2500 register.php\r\n\u2502   \u251c\u2500\u2500 user.php\r\n\u2502   \u251c\u2500\u2500 update.php\r\n\u2502   \u251c\u2500\u2500 change_password.php\r\n\u2502   \u2514\u2500\u2500 logout.php\r\n\u2502\r\n\u251c\u2500\u2500 config.php\r\n\u251c\u2500\u2500 db.php\r\n\u251c\u2500\u2500 jwt.php\r\n\u251c\u2500\u2500 user.php\r\n\u2514\u2500\u2500 blacklist.php\r\n<\/pre>\n<h2>Step 1: Create Database and Tables<\/h2>\n<p>Create a MySQL database (e.g., <code>rest_api_jwt<\/code>) and then run the following SQL to create the necessary tables: <code>users<\/code> and <code>jwt_blacklist<\/code>.<\/p>\n<pre style=\"color: rgb(68, 68, 68);\"><span class=\"hljs-keyword\" style=\"font-weight: 700;\">CREATE<\/span> <span class=\"hljs-keyword\" style=\"font-weight: 700;\">TABLE<\/span> <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">`users`<\/span> (\r\n  <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">`id`<\/span> <span class=\"hljs-built_in\" style=\"color: rgb(57, 115, 0);\">INT<\/span> <span class=\"hljs-keyword\" style=\"font-weight: 700;\">UNSIGNED<\/span> <span class=\"hljs-keyword\" style=\"font-weight: 700;\">NOT<\/span> <span class=\"hljs-literal\" style=\"color: rgb(120, 169, 96);\">NULL<\/span> AUTO_INCREMENT,\r\n  <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">`name`<\/span> <span class=\"hljs-built_in\" style=\"color: rgb(57, 115, 0);\">VARCHAR<\/span>(<span class=\"hljs-number\" style=\"color: rgb(136, 0, 0);\">191<\/span>) <span class=\"hljs-keyword\" style=\"font-weight: 700;\">NOT<\/span> <span class=\"hljs-literal\" style=\"color: rgb(120, 169, 96);\">NULL<\/span>,\r\n  <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">`email`<\/span> <span class=\"hljs-built_in\" style=\"color: rgb(57, 115, 0);\">VARCHAR<\/span>(<span class=\"hljs-number\" style=\"color: rgb(136, 0, 0);\">191<\/span>) <span class=\"hljs-keyword\" style=\"font-weight: 700;\">NOT<\/span> <span class=\"hljs-literal\" style=\"color: rgb(120, 169, 96);\">NULL<\/span> <span class=\"hljs-keyword\" style=\"font-weight: 700;\">UNIQUE<\/span>,\r\n  <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">`password_hash`<\/span> <span class=\"hljs-built_in\" style=\"color: rgb(57, 115, 0);\">VARCHAR<\/span>(<span class=\"hljs-number\" style=\"color: rgb(136, 0, 0);\">255<\/span>) <span class=\"hljs-keyword\" style=\"font-weight: 700;\">NOT<\/span> <span class=\"hljs-literal\" style=\"color: rgb(120, 169, 96);\">NULL<\/span>,\r\n  <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">`created_at`<\/span> DATETIME <span class=\"hljs-keyword\" style=\"font-weight: 700;\">NOT<\/span> <span class=\"hljs-literal\" style=\"color: rgb(120, 169, 96);\">NULL<\/span>,\r\n  <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">`updated_at`<\/span> DATETIME <span class=\"hljs-keyword\" style=\"font-weight: 700;\">NOT<\/span> <span class=\"hljs-literal\" style=\"color: rgb(120, 169, 96);\">NULL<\/span>,\r\n  PRIMARY <span class=\"hljs-keyword\" style=\"font-weight: 700;\">KEY<\/span> (<span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">`id`<\/span>)\r\n) <span class=\"hljs-keyword\" style=\"font-weight: 700;\">ENGINE<\/span>=<span class=\"hljs-keyword\" style=\"font-weight: 700;\">InnoDB<\/span> <span class=\"hljs-keyword\" style=\"font-weight: 700;\">DEFAULT<\/span> <span class=\"hljs-keyword\" style=\"font-weight: 700;\">CHARSET<\/span>=utf8mb4;\r\n\r\n<span class=\"hljs-keyword\" style=\"font-weight: 700;\">CREATE<\/span> <span class=\"hljs-keyword\" style=\"font-weight: 700;\">TABLE<\/span> <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">`jwt_blacklist`<\/span> (\r\n  <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">`id`<\/span> <span class=\"hljs-built_in\" style=\"color: rgb(57, 115, 0);\">INT<\/span> <span class=\"hljs-keyword\" style=\"font-weight: 700;\">UNSIGNED<\/span> <span class=\"hljs-keyword\" style=\"font-weight: 700;\">NOT<\/span> <span class=\"hljs-literal\" style=\"color: rgb(120, 169, 96);\">NULL<\/span> AUTO_INCREMENT,\r\n  <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">`jti`<\/span> <span class=\"hljs-built_in\" style=\"color: rgb(57, 115, 0);\">VARCHAR<\/span>(<span class=\"hljs-number\" style=\"color: rgb(136, 0, 0);\">64<\/span>) <span class=\"hljs-keyword\" style=\"font-weight: 700;\">NOT<\/span> <span class=\"hljs-literal\" style=\"color: rgb(120, 169, 96);\">NULL<\/span>,\r\n  <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">`expires_at`<\/span> DATETIME <span class=\"hljs-keyword\" style=\"font-weight: 700;\">NOT<\/span> <span class=\"hljs-literal\" style=\"color: rgb(120, 169, 96);\">NULL<\/span>,\r\n  <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">`created_at`<\/span> DATETIME <span class=\"hljs-keyword\" style=\"font-weight: 700;\">NOT<\/span> <span class=\"hljs-literal\" style=\"color: rgb(120, 169, 96);\">NULL<\/span>,\r\n  PRIMARY <span class=\"hljs-keyword\" style=\"font-weight: 700;\">KEY<\/span> (<span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">`id`<\/span>),\r\n  <span class=\"hljs-keyword\" style=\"font-weight: 700;\">INDEX<\/span> (<span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">`jti`<\/span>)\r\n) <span class=\"hljs-keyword\" style=\"font-weight: 700;\">ENGINE<\/span>=<span class=\"hljs-keyword\" style=\"font-weight: 700;\">InnoDB<\/span> <span class=\"hljs-keyword\" style=\"font-weight: 700;\">DEFAULT<\/span> <span class=\"hljs-keyword\" style=\"font-weight: 700;\">CHARSET<\/span>=utf8mb4;<\/pre>\n<h2>Step 2: Database and JWT Configuration<\/h2>\n<p>Create a <code>config.php<\/code> file in the root directory to store database and JWT configuration settings.<\/p>\n<pre><span style=\"color: #0000BB\">&lt;?php <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;Database&nbsp;configuration <br \/><\/span><span style=\"color: #0000BB\">define<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'DB_HOST'<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">'localhost'<\/span><span style=\"color: #007700\">); <br \/><\/span><span style=\"color: #0000BB\">define<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'DB_NAME'<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">'rest_api_jwt'<\/span><span style=\"color: #007700\">); <br \/><\/span><span style=\"color: #0000BB\">define<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'DB_USER'<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">'root'<\/span><span style=\"color: #007700\">); <br \/><\/span><span style=\"color: #0000BB\">define<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'DB_PASS'<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">'root_pass'<\/span><span style=\"color: #007700\">); <br \/> <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;JWT&nbsp;secret&nbsp;-&nbsp;change&nbsp;to&nbsp;a&nbsp;long&nbsp;random&nbsp;string&nbsp;in&nbsp;production <br \/><\/span><span style=\"color: #0000BB\">define<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'JWT_SECRET'<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">'replace_this_with_a_long_random_secret'<\/span><span style=\"color: #007700\">); <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;Token&nbsp;lifetime&nbsp;in&nbsp;seconds <br \/><\/span><span style=\"color: #0000BB\">define<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'JWT_TTL'<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">3600<\/span><span style=\"color: #007700\">); <br \/> <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;Optional&nbsp;issuer\/audience <br \/><\/span><span style=\"color: #0000BB\">define<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'JWT_ISS'<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">'my-php-api'<\/span><span style=\"color: #007700\">); <br \/><\/span><span style=\"color: #0000BB\">define<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'JWT_AUD'<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">'my-php-api-users'<\/span><span style=\"color: #007700\">); <br \/> <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;Set&nbsp;default&nbsp;timezone <br \/><\/span><span style=\"color: #0000BB\">date_default_timezone_set<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'UTC'<\/span><span style=\"color: #007700\">); <br \/><\/span><span style=\"color: #0000BB\">?&gt;<\/span><\/pre>\n<h2>Step 3: Database Connection<\/h2>\n<p>Create a <code>db.php<\/code> file to handle the database connection using PDO.<\/p>\n<pre><span style=\"color: #0000BB\">&lt;?php <br \/><\/span><span style=\"color: #007700\">require_once&nbsp;<\/span><span style=\"color: #0000BB\">__DIR__&nbsp;<\/span><span style=\"color: #007700\">.&nbsp;<\/span><span style=\"color: #DD0000\">'\/config.php'<\/span><span style=\"color: #007700\">; <br \/> <br \/>class&nbsp;<\/span><span style=\"color: #0000BB\">Database&nbsp;<\/span><span style=\"color: #007700\">{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;private&nbsp;static&nbsp;<\/span><span style=\"color: #0000BB\">$pdo&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">null<\/span><span style=\"color: #007700\">; <br \/> <br \/>&nbsp;&nbsp;&nbsp;&nbsp;public&nbsp;static&nbsp;function&nbsp;<\/span><span style=\"color: #0000BB\">getConnection<\/span><span style=\"color: #007700\">()&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;(<\/span><span style=\"color: #0000BB\">self<\/span><span style=\"color: #007700\">::<\/span><span style=\"color: #0000BB\">$pdo&nbsp;<\/span><span style=\"color: #007700\">===&nbsp;<\/span><span style=\"color: #0000BB\">null<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$dsn&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #DD0000\">\"mysql:host=\"&nbsp;<\/span><span style=\"color: #007700\">.&nbsp;<\/span><span style=\"color: #0000BB\">DB_HOST&nbsp;<\/span><span style=\"color: #007700\">.&nbsp;<\/span><span style=\"color: #DD0000\">\";dbname=\"&nbsp;<\/span><span style=\"color: #007700\">.&nbsp;<\/span><span style=\"color: #0000BB\">DB_NAME&nbsp;<\/span><span style=\"color: #007700\">.&nbsp;<\/span><span style=\"color: #DD0000\">\";charset=utf8mb4\"<\/span><span style=\"color: #007700\">; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$options&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;[ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">PDO<\/span><span style=\"color: #007700\">::<\/span><span style=\"color: #0000BB\">ATTR_ERRMODE&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">PDO<\/span><span style=\"color: #007700\">::<\/span><span style=\"color: #0000BB\">ERRMODE_EXCEPTION<\/span><span style=\"color: #007700\">, <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">PDO<\/span><span style=\"color: #007700\">::<\/span><span style=\"color: #0000BB\">ATTR_DEFAULT_FETCH_MODE&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">PDO<\/span><span style=\"color: #007700\">::<\/span><span style=\"color: #0000BB\">FETCH_ASSOC<\/span><span style=\"color: #007700\">, <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">PDO<\/span><span style=\"color: #007700\">::<\/span><span style=\"color: #0000BB\">ATTR_EMULATE_PREPARES&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">false<\/span><span style=\"color: #007700\">, <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;]; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;try&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">self<\/span><span style=\"color: #007700\">::<\/span><span style=\"color: #0000BB\">$pdo&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;new&nbsp;<\/span><span style=\"color: #0000BB\">PDO<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$dsn<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">DB_USER<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">DB_PASS<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$options<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;}&nbsp;catch&nbsp;(<\/span><span style=\"color: #0000BB\">PDOException&nbsp;$e<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">http_response_code<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">500<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;echo&nbsp;<\/span><span style=\"color: #0000BB\">json_encode<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">\"error\"&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">\"Database&nbsp;connection&nbsp;failed:&nbsp;\"&nbsp;<\/span><span style=\"color: #007700\">.&nbsp;<\/span><span style=\"color: #0000BB\">$e<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">getMessage<\/span><span style=\"color: #007700\">()]); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;exit; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;} <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;} <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">self<\/span><span style=\"color: #007700\">::<\/span><span style=\"color: #0000BB\">$pdo<\/span><span style=\"color: #007700\">; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/>} <br \/><\/span><span style=\"color: #0000BB\">?&gt;<\/span><\/pre>\n<h2>Step 4: JWT Helper Functions<\/h2>\n<p>Create a <code>jwt.php<\/code> file to handle JWT creation and verification using PHP.<\/p>\n<p>We will use PHP\u2019s OpenSSL to generate and verify JWT tokens:<\/p>\n<ul>\n<li>Function to base64UrlEncode data<\/li>\n<li>Function to base64UrlDecode data<\/li>\n<li>Function to encode JWT token<\/li>\n<li>Function to decode JWT token<\/li>\n<li>Function to generate JWT token for user authentication<\/li>\n<\/ul>\n<pre><span style=\"color: #0000BB\">&lt;?php <br \/><\/span><span style=\"color: #007700\">require_once&nbsp;<\/span><span style=\"color: #0000BB\">__DIR__&nbsp;<\/span><span style=\"color: #007700\">.&nbsp;<\/span><span style=\"color: #DD0000\">'\/config.php'<\/span><span style=\"color: #007700\">; <br \/> <br \/>function&nbsp;<\/span><span style=\"color: #0000BB\">base64url_encode<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$data<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">rtrim<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">strtr<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">base64_encode<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$data<\/span><span style=\"color: #007700\">),&nbsp;<\/span><span style=\"color: #DD0000\">'+\/'<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">'-_'<\/span><span style=\"color: #007700\">),&nbsp;<\/span><span style=\"color: #DD0000\">'='<\/span><span style=\"color: #007700\">); <br \/>} <br \/> <br \/>function&nbsp;<\/span><span style=\"color: #0000BB\">base64url_decode<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$data<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$remainder&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">strlen<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$data<\/span><span style=\"color: #007700\">)&nbsp;%&nbsp;<\/span><span style=\"color: #0000BB\">4<\/span><span style=\"color: #007700\">; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;(<\/span><span style=\"color: #0000BB\">$remainder<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$padlen&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">4&nbsp;<\/span><span style=\"color: #007700\">-&nbsp;<\/span><span style=\"color: #0000BB\">$remainder<\/span><span style=\"color: #007700\">; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$data&nbsp;<\/span><span style=\"color: #007700\">.=&nbsp;<\/span><span style=\"color: #0000BB\">str_repeat<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'='<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$padlen<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/>&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">base64_decode<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">strtr<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$data<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">'-_'<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">'+\/'<\/span><span style=\"color: #007700\">)); <br \/>} <br \/> <br \/>function&nbsp;<\/span><span style=\"color: #0000BB\">jwt_encode<\/span><span style=\"color: #007700\">(array&nbsp;<\/span><span style=\"color: #0000BB\">$payload<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$secret&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">JWT_SECRET<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$header&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;[<\/span><span style=\"color: #DD0000\">'alg'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">'HS256'<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">'typ'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">'JWT'<\/span><span style=\"color: #007700\">]; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$header_encoded&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">base64url_encode<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">json_encode<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$header<\/span><span style=\"color: #007700\">)); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$payload_encoded&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">base64url_encode<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">json_encode<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$payload<\/span><span style=\"color: #007700\">)); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$signature&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">hash_hmac<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'sha256'<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">\"<\/span><span style=\"color: #0000BB\">$header_encoded<\/span><span style=\"color: #DD0000\">.<\/span><span style=\"color: #0000BB\">$payload_encoded<\/span><span style=\"color: #DD0000\">\"<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$secret<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">true<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$signature_encoded&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">base64url_encode<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$signature<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #DD0000\">\"<\/span><span style=\"color: #0000BB\">$header_encoded<\/span><span style=\"color: #DD0000\">.<\/span><span style=\"color: #0000BB\">$payload_encoded<\/span><span style=\"color: #DD0000\">.<\/span><span style=\"color: #0000BB\">$signature_encoded<\/span><span style=\"color: #DD0000\">\"<\/span><span style=\"color: #007700\">; <br \/>} <br \/> <br \/>function&nbsp;<\/span><span style=\"color: #0000BB\">jwt_decode<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$token<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$secret&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">JWT_SECRET<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$parts&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">explode<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'.'<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$token<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;(<\/span><span style=\"color: #0000BB\">count<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$parts<\/span><span style=\"color: #007700\">)&nbsp;!==&nbsp;<\/span><span style=\"color: #0000BB\">3<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">null<\/span><span style=\"color: #007700\">; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/>&nbsp;&nbsp;&nbsp;&nbsp;list(<\/span><span style=\"color: #0000BB\">$header_b64<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$payload_b64<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$sig_b64<\/span><span style=\"color: #007700\">)&nbsp;=&nbsp;<\/span><span style=\"color: #0000BB\">$parts<\/span><span style=\"color: #007700\">; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$header&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">json_decode<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">base64url_decode<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$header_b64<\/span><span style=\"color: #007700\">),&nbsp;<\/span><span style=\"color: #0000BB\">true<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$payload&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">json_decode<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">base64url_decode<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$payload_b64<\/span><span style=\"color: #007700\">),&nbsp;<\/span><span style=\"color: #0000BB\">true<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$sig&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">base64url_decode<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$sig_b64<\/span><span style=\"color: #007700\">); <br \/> <br \/>&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;(!<\/span><span style=\"color: #0000BB\">$header&nbsp;<\/span><span style=\"color: #007700\">||&nbsp;!<\/span><span style=\"color: #0000BB\">$payload<\/span><span style=\"color: #007700\">)&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">null<\/span><span style=\"color: #007700\">; <br \/> <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$signed&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">hash_hmac<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'sha256'<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">\"<\/span><span style=\"color: #0000BB\">$header_b64<\/span><span style=\"color: #DD0000\">.<\/span><span style=\"color: #0000BB\">$payload_b64<\/span><span style=\"color: #DD0000\">\"<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$secret<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">true<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;(!<\/span><span style=\"color: #0000BB\">hash_equals<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$signed<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$sig<\/span><span style=\"color: #007700\">))&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">null<\/span><span style=\"color: #007700\">; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/> <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #FF8000\">\/\/&nbsp;check&nbsp;exp <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #007700\">if&nbsp;(isset(<\/span><span style=\"color: #0000BB\">$payload<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'exp'<\/span><span style=\"color: #007700\">])&nbsp;&amp;&amp;&nbsp;<\/span><span style=\"color: #0000BB\">time<\/span><span style=\"color: #007700\">()&nbsp;&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$payload<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'exp'<\/span><span style=\"color: #007700\">])&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">null<\/span><span style=\"color: #007700\">; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/> <br \/>&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">$payload<\/span><span style=\"color: #007700\">; <br \/>} <br \/> <br \/>function&nbsp;<\/span><span style=\"color: #0000BB\">create_jwt_for_user<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$userId<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$now&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">time<\/span><span style=\"color: #007700\">(); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$jti&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">bin2hex<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">random_bytes<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">16<\/span><span style=\"color: #007700\">)); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$payload&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;[ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #DD0000\">'iat'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$now<\/span><span style=\"color: #007700\">, <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #DD0000\">'nbf'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$now<\/span><span style=\"color: #007700\">, <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #DD0000\">'exp'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$now&nbsp;<\/span><span style=\"color: #007700\">+&nbsp;<\/span><span style=\"color: #0000BB\">JWT_TTL<\/span><span style=\"color: #007700\">, <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #DD0000\">'iss'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">JWT_ISS<\/span><span style=\"color: #007700\">, <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #DD0000\">'aud'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">JWT_AUD<\/span><span style=\"color: #007700\">, <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #DD0000\">'sub'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$userId<\/span><span style=\"color: #007700\">, <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #DD0000\">'jti'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$jti <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #007700\">]; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;[<\/span><span style=\"color: #DD0000\">'token'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">jwt_encode<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$payload<\/span><span style=\"color: #007700\">),&nbsp;<\/span><span style=\"color: #DD0000\">'payload'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$payload<\/span><span style=\"color: #007700\">]; <br \/>} <br \/><\/span><span style=\"color: #0000BB\">?&gt;<\/span><\/pre>\n<h2>Step 5: JWT Blacklist Management<\/h2>\n<p>Create a <code>blacklist.php<\/code> file to manage blacklisted JWTs. This JWTBlacklist class will interact with the database to add and check blacklisted JWTs.<\/p>\n<pre><span style=\"color: #0000BB\">&lt;?php <br \/><\/span><span style=\"color: #007700\">require_once&nbsp;<\/span><span style=\"color: #0000BB\">__DIR__&nbsp;<\/span><span style=\"color: #007700\">.&nbsp;<\/span><span style=\"color: #DD0000\">'\/db.php'<\/span><span style=\"color: #007700\">; <br \/> <br \/>class&nbsp;<\/span><span style=\"color: #0000BB\">JWTBlacklist&nbsp;<\/span><span style=\"color: #007700\">{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;private&nbsp;<\/span><span style=\"color: #0000BB\">$db<\/span><span style=\"color: #007700\">; <br \/> <br \/>&nbsp;&nbsp;&nbsp;&nbsp;public&nbsp;function&nbsp;<\/span><span style=\"color: #0000BB\">__construct<\/span><span style=\"color: #007700\">()&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$this<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">db&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">Database<\/span><span style=\"color: #007700\">::<\/span><span style=\"color: #0000BB\">getConnection<\/span><span style=\"color: #007700\">(); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/> <br \/>&nbsp;&nbsp;&nbsp;&nbsp;public&nbsp;function&nbsp;<\/span><span style=\"color: #0000BB\">add<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$jti<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$expiresAt<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$sql&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #DD0000\">\"INSERT&nbsp;INTO&nbsp;jwt_blacklist&nbsp;(jti,&nbsp;expires_at,&nbsp;created_at)&nbsp;VALUES&nbsp;(:jti,&nbsp;:expires_at,&nbsp;NOW())\"<\/span><span style=\"color: #007700\">; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$stmt&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">$this<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">db<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">prepare<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$sql<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$params&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;[ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #DD0000\">'jti'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">trim<\/span><span style=\"color: #007700\">((string)<\/span><span style=\"color: #0000BB\">$jti<\/span><span style=\"color: #007700\">), <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #DD0000\">'expires_at'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">date<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'Y-m-d&nbsp;H:i:s'<\/span><span style=\"color: #007700\">,&nbsp;(int)<\/span><span style=\"color: #0000BB\">$expiresAt<\/span><span style=\"color: #007700\">) <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;]; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">$stmt<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">execute<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$params<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/> <br \/>&nbsp;&nbsp;&nbsp;&nbsp;public&nbsp;function&nbsp;<\/span><span style=\"color: #0000BB\">isBlacklisted<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$jti<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$jti&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">trim<\/span><span style=\"color: #007700\">((string)<\/span><span style=\"color: #0000BB\">$jti<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;(<\/span><span style=\"color: #0000BB\">$jti&nbsp;<\/span><span style=\"color: #007700\">===&nbsp;<\/span><span style=\"color: #DD0000\">''<\/span><span style=\"color: #007700\">)&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">false<\/span><span style=\"color: #007700\">; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$sql&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #DD0000\">\"SELECT&nbsp;id&nbsp;FROM&nbsp;jwt_blacklist&nbsp;WHERE&nbsp;jti&nbsp;=&nbsp;:jti&nbsp;AND&nbsp;expires_at&nbsp;&gt;&nbsp;NOW()&nbsp;LIMIT&nbsp;1\"<\/span><span style=\"color: #007700\">; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$stmt&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">$this<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">db<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">prepare<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$sql<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$stmt<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">execute<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'jti'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$jti<\/span><span style=\"color: #007700\">]); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;(bool)&nbsp;<\/span><span style=\"color: #0000BB\">$stmt<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">fetch<\/span><span style=\"color: #007700\">(); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/> <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #FF8000\">\/\/&nbsp;optional:&nbsp;cleanup&nbsp;expired&nbsp;entries <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #007700\">public&nbsp;function&nbsp;<\/span><span style=\"color: #0000BB\">cleanup<\/span><span style=\"color: #007700\">()&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$sql&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #DD0000\">\"DELETE&nbsp;FROM&nbsp;jwt_blacklist&nbsp;WHERE&nbsp;expires_at&nbsp;&lt;=&nbsp;NOW()\"<\/span><span style=\"color: #007700\">; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$this<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">db<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">exec<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$sql<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/>} <br \/><\/span><span style=\"color: #0000BB\">?&gt;<\/span><\/pre>\n<h2>Step 6: Database Handler for User Management<\/h2>\n<p>Create a <code>user.php<\/code> file to handle database interactions related to user management. This UserModel class will provide methods to create new users and retrieve user information.<\/p>\n<pre><span style=\"color: #0000BB\">&lt;?php <br \/><\/span><span style=\"color: #007700\">require_once&nbsp;<\/span><span style=\"color: #0000BB\">__DIR__&nbsp;<\/span><span style=\"color: #007700\">.&nbsp;<\/span><span style=\"color: #DD0000\">'\/db.php'<\/span><span style=\"color: #007700\">; <br \/> <br \/>class&nbsp;<\/span><span style=\"color: #0000BB\">UserModel&nbsp;<\/span><span style=\"color: #007700\">{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;private&nbsp;<\/span><span style=\"color: #0000BB\">$db<\/span><span style=\"color: #007700\">; <br \/> <br \/>&nbsp;&nbsp;&nbsp;&nbsp;public&nbsp;function&nbsp;<\/span><span style=\"color: #0000BB\">__construct<\/span><span style=\"color: #007700\">()&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$this<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">db&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">Database<\/span><span style=\"color: #007700\">::<\/span><span style=\"color: #0000BB\">getConnection<\/span><span style=\"color: #007700\">(); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/> <br \/>&nbsp;&nbsp;&nbsp;&nbsp;public&nbsp;function&nbsp;<\/span><span style=\"color: #0000BB\">create<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$name<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$email<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$password<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$hash&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">password_hash<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$password<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">PASSWORD_DEFAULT<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$sql&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #DD0000\">\"INSERT&nbsp;INTO&nbsp;users&nbsp;(name,&nbsp;email,&nbsp;password_hash,&nbsp;created_at,&nbsp;updated_at)&nbsp;VALUES&nbsp;(:name,&nbsp;:email,&nbsp;:hash,&nbsp;NOW(),&nbsp;NOW())\"<\/span><span style=\"color: #007700\">; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$stmt&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">$this<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">db<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">prepare<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$sql<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$stmt<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">execute<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">':name'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$name<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">':email'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$email<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">':hash'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$hash<\/span><span style=\"color: #007700\">]); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">$this<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">getById<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$this<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">db<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">lastInsertId<\/span><span style=\"color: #007700\">()); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/> <br \/>&nbsp;&nbsp;&nbsp;&nbsp;public&nbsp;function&nbsp;<\/span><span style=\"color: #0000BB\">getByEmail<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$email<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$sql&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #DD0000\">\"SELECT&nbsp;id,&nbsp;name,&nbsp;email,&nbsp;password_hash,&nbsp;created_at,&nbsp;updated_at&nbsp;FROM&nbsp;users&nbsp;WHERE&nbsp;email&nbsp;=&nbsp;:email\"<\/span><span style=\"color: #007700\">; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$stmt&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">$this<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">db<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">prepare<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$sql<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$stmt<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">execute<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">':email'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$email<\/span><span style=\"color: #007700\">]); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">$stmt<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">fetch<\/span><span style=\"color: #007700\">(); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/> <br \/>&nbsp;&nbsp;&nbsp;&nbsp;public&nbsp;function&nbsp;<\/span><span style=\"color: #0000BB\">getById<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$id<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$sql&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #DD0000\">\"SELECT&nbsp;id,&nbsp;name,&nbsp;email,&nbsp;created_at,&nbsp;updated_at&nbsp;FROM&nbsp;users&nbsp;WHERE&nbsp;id&nbsp;=&nbsp;:id\"<\/span><span style=\"color: #007700\">; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$stmt&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">$this<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">db<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">prepare<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$sql<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$stmt<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">execute<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">':id'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$id<\/span><span style=\"color: #007700\">]); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">$stmt<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">fetch<\/span><span style=\"color: #007700\">(); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/> <br \/>&nbsp;&nbsp;&nbsp;&nbsp;public&nbsp;function&nbsp;<\/span><span style=\"color: #0000BB\">update<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$id<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$name<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$email<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$sql&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #DD0000\">\"UPDATE&nbsp;users&nbsp;SET&nbsp;name&nbsp;=&nbsp;:name,&nbsp;email&nbsp;=&nbsp;:email,&nbsp;updated_at&nbsp;=&nbsp;NOW()&nbsp;WHERE&nbsp;id&nbsp;=&nbsp;:id\"<\/span><span style=\"color: #007700\">; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$stmt&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">$this<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">db<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">prepare<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$sql<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$stmt<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">execute<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">':name'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$name<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">':email'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$email<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">':id'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$id<\/span><span style=\"color: #007700\">]); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">$this<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">getById<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$id<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/> <br \/>&nbsp;&nbsp;&nbsp;&nbsp;public&nbsp;function&nbsp;<\/span><span style=\"color: #0000BB\">changePassword<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$id<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$newPassword<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$hash&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">password_hash<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$newPassword<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">PASSWORD_DEFAULT<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$sql&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #DD0000\">\"UPDATE&nbsp;users&nbsp;SET&nbsp;password_hash&nbsp;=&nbsp;:hash,&nbsp;updated_at&nbsp;=&nbsp;NOW()&nbsp;WHERE&nbsp;id&nbsp;=&nbsp;:id\"<\/span><span style=\"color: #007700\">; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$stmt&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">$this<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">db<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">prepare<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$sql<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$stmt<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">execute<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">':hash'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$hash<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">':id'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$id<\/span><span style=\"color: #007700\">]); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">$this<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">getById<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$id<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/>} <br \/><\/span><span style=\"color: #0000BB\">?&gt;<\/span><\/pre>\n<h2>Step 7: API Initializer with CORS and Helper Functions<\/h2>\n<p>Create a <code>api\/_init.php<\/code> file to define Basic CORS and JSON headers for API responses.<\/p>\n<p>Some helper functions are also included for:<\/p>\n<ul>\n<li>Send JSON responses<\/li>\n<li>Get JSON data from requests<\/li>\n<li>Extract JWT from authorization header<\/li>\n<li>Get bearer token from authorization header<\/li>\n<li>Validate authorization header and bearer token<\/li>\n<li>Basic input validation functions (email, password, name)<\/li>\n<\/ul>\n<pre><span style=\"color: #0000BB\">&lt;?php <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;Shared&nbsp;initializer&nbsp;for&nbsp;API&nbsp;endpoints <br \/><\/span><span style=\"color: #007700\">require_once&nbsp;<\/span><span style=\"color: #0000BB\">__DIR__&nbsp;<\/span><span style=\"color: #007700\">.&nbsp;<\/span><span style=\"color: #DD0000\">'\/..\/config.php'<\/span><span style=\"color: #007700\">; <br \/>require_once&nbsp;<\/span><span style=\"color: #0000BB\">__DIR__&nbsp;<\/span><span style=\"color: #007700\">.&nbsp;<\/span><span style=\"color: #DD0000\">'\/..\/db.php'<\/span><span style=\"color: #007700\">; <br \/>require_once&nbsp;<\/span><span style=\"color: #0000BB\">__DIR__&nbsp;<\/span><span style=\"color: #007700\">.&nbsp;<\/span><span style=\"color: #DD0000\">'\/..\/jwt.php'<\/span><span style=\"color: #007700\">; <br \/>require_once&nbsp;<\/span><span style=\"color: #0000BB\">__DIR__&nbsp;<\/span><span style=\"color: #007700\">.&nbsp;<\/span><span style=\"color: #DD0000\">'\/..\/blacklist.php'<\/span><span style=\"color: #007700\">; <br \/>require_once&nbsp;<\/span><span style=\"color: #0000BB\">__DIR__&nbsp;<\/span><span style=\"color: #007700\">.&nbsp;<\/span><span style=\"color: #DD0000\">'\/..\/user.php'<\/span><span style=\"color: #007700\">; <br \/> <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;Basic&nbsp;CORS&nbsp;and&nbsp;JSON&nbsp;headers&nbsp;(adjust&nbsp;allowed&nbsp;origin&nbsp;in&nbsp;production) <br \/><\/span><span style=\"color: #0000BB\">header<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'Content-Type:&nbsp;application\/json;&nbsp;charset=utf-8'<\/span><span style=\"color: #007700\">); <br \/><\/span><span style=\"color: #0000BB\">header<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'Access-Control-Allow-Origin:&nbsp;*'<\/span><span style=\"color: #007700\">); <br \/><\/span><span style=\"color: #0000BB\">header<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'Access-Control-Allow-Methods:&nbsp;GET,&nbsp;POST,&nbsp;PUT,&nbsp;DELETE,&nbsp;OPTIONS'<\/span><span style=\"color: #007700\">); <br \/><\/span><span style=\"color: #0000BB\">header<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'Access-Control-Allow-Headers:&nbsp;Content-Type,&nbsp;Authorization'<\/span><span style=\"color: #007700\">); <br \/> <br \/>if&nbsp;(<\/span><span style=\"color: #0000BB\">$_SERVER<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'REQUEST_METHOD'<\/span><span style=\"color: #007700\">]&nbsp;===&nbsp;<\/span><span style=\"color: #DD0000\">'OPTIONS'<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">http_response_code<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">200<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;exit; <br \/>} <br \/> <br \/>function&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$data<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$status&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">200<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">http_response_code<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$status<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;echo&nbsp;<\/span><span style=\"color: #0000BB\">json_encode<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$data<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;exit; <br \/>} <br \/> <br \/>function&nbsp;<\/span><span style=\"color: #0000BB\">get_json_input<\/span><span style=\"color: #007700\">()&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$raw&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">file_get_contents<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'php:\/\/input'<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;(!<\/span><span style=\"color: #0000BB\">$raw<\/span><span style=\"color: #007700\">)&nbsp;return&nbsp;[]; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$data&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">json_decode<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$raw<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">true<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;(<\/span><span style=\"color: #0000BB\">json_last_error<\/span><span style=\"color: #007700\">()&nbsp;!==&nbsp;<\/span><span style=\"color: #0000BB\">JSON_ERROR_NONE<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'error'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">'Invalid&nbsp;JSON'<\/span><span style=\"color: #007700\">],&nbsp;<\/span><span style=\"color: #0000BB\">400<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/>&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">$data<\/span><span style=\"color: #007700\">; <br \/>} <br \/> <br \/>function&nbsp;<\/span><span style=\"color: #0000BB\">get_authorization_header<\/span><span style=\"color: #007700\">()&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #FF8000\">\/\/&nbsp;Try&nbsp;common&nbsp;server&nbsp;vars <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #007700\">if&nbsp;(!empty(<\/span><span style=\"color: #0000BB\">$_SERVER<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'HTTP_AUTHORIZATION'<\/span><span style=\"color: #007700\">]))&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">trim<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$_SERVER<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'HTTP_AUTHORIZATION'<\/span><span style=\"color: #007700\">]); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/>&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;(!empty(<\/span><span style=\"color: #0000BB\">$_SERVER<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'REDIRECT_HTTP_AUTHORIZATION'<\/span><span style=\"color: #007700\">]))&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">trim<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$_SERVER<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'REDIRECT_HTTP_AUTHORIZATION'<\/span><span style=\"color: #007700\">]); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #FF8000\">\/\/&nbsp;Fallback&nbsp;to&nbsp;apache_request_headers&nbsp;if&nbsp;available <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #007700\">if&nbsp;(<\/span><span style=\"color: #0000BB\">function_exists<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'apache_request_headers'<\/span><span style=\"color: #007700\">))&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$headers&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">apache_request_headers<\/span><span style=\"color: #007700\">(); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;(!empty(<\/span><span style=\"color: #0000BB\">$headers<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'Authorization'<\/span><span style=\"color: #007700\">]))&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">trim<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$headers<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'Authorization'<\/span><span style=\"color: #007700\">]); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;(!empty(<\/span><span style=\"color: #0000BB\">$headers<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'authorization'<\/span><span style=\"color: #007700\">]))&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">trim<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$headers<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'authorization'<\/span><span style=\"color: #007700\">]); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/>&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">null<\/span><span style=\"color: #007700\">; <br \/>} <br \/> <br \/>function&nbsp;<\/span><span style=\"color: #0000BB\">get_bearer_token<\/span><span style=\"color: #007700\">()&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$auth&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">get_authorization_header<\/span><span style=\"color: #007700\">(); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;(!<\/span><span style=\"color: #0000BB\">$auth<\/span><span style=\"color: #007700\">)&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">null<\/span><span style=\"color: #007700\">; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;(<\/span><span style=\"color: #0000BB\">preg_match<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'\/Bearer\\s+(.*)$\/i'<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$auth<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$matches<\/span><span style=\"color: #007700\">))&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">$matches<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #0000BB\">1<\/span><span style=\"color: #007700\">]; <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/>&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">null<\/span><span style=\"color: #007700\">; <br \/>} <br \/> <br \/>function&nbsp;<\/span><span style=\"color: #0000BB\">require_auth<\/span><span style=\"color: #007700\">()&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$token&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">get_bearer_token<\/span><span style=\"color: #007700\">(); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;(!<\/span><span style=\"color: #0000BB\">$token<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'error'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">'Authorization&nbsp;header&nbsp;missing'<\/span><span style=\"color: #007700\">],&nbsp;<\/span><span style=\"color: #0000BB\">401<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$payload&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">jwt_decode<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$token<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;(!<\/span><span style=\"color: #0000BB\">$payload<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'error'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">'Invalid&nbsp;or&nbsp;expired&nbsp;token'<\/span><span style=\"color: #007700\">],&nbsp;<\/span><span style=\"color: #0000BB\">401<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$blacklist&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;new&nbsp;<\/span><span style=\"color: #0000BB\">JWTBlacklist<\/span><span style=\"color: #007700\">(); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;(<\/span><span style=\"color: #0000BB\">$blacklist<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">isBlacklisted<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$payload<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'jti'<\/span><span style=\"color: #007700\">]&nbsp;??&nbsp;<\/span><span style=\"color: #DD0000\">''<\/span><span style=\"color: #007700\">))&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'error'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">'Token&nbsp;revoked'<\/span><span style=\"color: #007700\">],&nbsp;<\/span><span style=\"color: #0000BB\">401<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;} <br \/>&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">$payload<\/span><span style=\"color: #007700\">; <br \/>} <br \/> <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;Basic&nbsp;validators <br \/><\/span><span style=\"color: #007700\">function&nbsp;<\/span><span style=\"color: #0000BB\">validate_email<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$email<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">filter_var<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$email<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">FILTER_VALIDATE_EMAIL<\/span><span style=\"color: #007700\">)&nbsp;!==&nbsp;<\/span><span style=\"color: #0000BB\">false<\/span><span style=\"color: #007700\">; <br \/>} <br \/> <br \/>function&nbsp;<\/span><span style=\"color: #0000BB\">validate_password<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$password<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">is_string<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$password<\/span><span style=\"color: #007700\">)&nbsp;&amp;&amp;&nbsp;<\/span><span style=\"color: #0000BB\">strlen<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$password<\/span><span style=\"color: #007700\">)&nbsp;&gt;=&nbsp;<\/span><span style=\"color: #0000BB\">6<\/span><span style=\"color: #007700\">; <br \/>} <br \/> <br \/>function&nbsp;<\/span><span style=\"color: #0000BB\">validate_name<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$name<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;return&nbsp;<\/span><span style=\"color: #0000BB\">is_string<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$name<\/span><span style=\"color: #007700\">)&nbsp;&amp;&amp;&nbsp;<\/span><span style=\"color: #0000BB\">strlen<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">trim<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$name<\/span><span style=\"color: #007700\">))&nbsp;&gt;=&nbsp;<\/span><span style=\"color: #0000BB\">2<\/span><span style=\"color: #007700\">; <br \/>} <br \/><\/span><span style=\"color: #0000BB\">?&gt;<\/span><\/pre>\n<h2>Step 8: User Registration Endpoint<\/h2>\n<p>Create a <code>api\/register.php<\/code> file to handle user registration requests. This endpoint will accept user details, validate them, hash the password, and store the new user in the database.<\/p>\n<ul>\n<li>Include the API initializer<\/li>\n<li>Get JSON input from the request<\/li>\n<li>Validate the name, email, and password<\/li>\n<li>Check if the email is already registered<\/li>\n<li>Create a new user and store it in the database<\/li>\n<li>Return a success message upon successful registration<\/li>\n<\/ul>\n<pre><span style=\"color: #0000BB\">&lt;?php <br \/><\/span><span style=\"color: #007700\">require_once&nbsp;<\/span><span style=\"color: #0000BB\">__DIR__&nbsp;<\/span><span style=\"color: #007700\">.&nbsp;<\/span><span style=\"color: #DD0000\">'\/_init.php'<\/span><span style=\"color: #007700\">; <br \/> <br \/><\/span><span style=\"color: #0000BB\">$input&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">get_json_input<\/span><span style=\"color: #007700\">(); <br \/><\/span><span style=\"color: #0000BB\">$name&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">trim<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$input<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'name'<\/span><span style=\"color: #007700\">]&nbsp;??&nbsp;<\/span><span style=\"color: #DD0000\">''<\/span><span style=\"color: #007700\">); <br \/><\/span><span style=\"color: #0000BB\">$email&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">trim<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$input<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'email'<\/span><span style=\"color: #007700\">]&nbsp;??&nbsp;<\/span><span style=\"color: #DD0000\">''<\/span><span style=\"color: #007700\">); <br \/><\/span><span style=\"color: #0000BB\">$password&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">$input<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'password'<\/span><span style=\"color: #007700\">]&nbsp;??&nbsp;<\/span><span style=\"color: #DD0000\">''<\/span><span style=\"color: #007700\">; <br \/> <br \/>if&nbsp;(!<\/span><span style=\"color: #0000BB\">validate_name<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$name<\/span><span style=\"color: #007700\">)&nbsp;||&nbsp;!<\/span><span style=\"color: #0000BB\">validate_email<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$email<\/span><span style=\"color: #007700\">)&nbsp;||&nbsp;!<\/span><span style=\"color: #0000BB\">validate_password<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$password<\/span><span style=\"color: #007700\">))&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'error'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">'Invalid&nbsp;input:&nbsp;name,&nbsp;valid&nbsp;email&nbsp;and&nbsp;password&nbsp;(min&nbsp;6&nbsp;chars)&nbsp;required'<\/span><span style=\"color: #007700\">],&nbsp;<\/span><span style=\"color: #0000BB\">422<\/span><span style=\"color: #007700\">); <br \/>} <br \/> <br \/><\/span><span style=\"color: #0000BB\">$userModel&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;new&nbsp;<\/span><span style=\"color: #0000BB\">UserModel<\/span><span style=\"color: #007700\">(); <br \/>if&nbsp;(<\/span><span style=\"color: #0000BB\">$userModel<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">getByEmail<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$email<\/span><span style=\"color: #007700\">))&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'error'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">'Email&nbsp;already&nbsp;in&nbsp;use'<\/span><span style=\"color: #007700\">],&nbsp;<\/span><span style=\"color: #0000BB\">409<\/span><span style=\"color: #007700\">); <br \/>} <br \/> <br \/>try&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$user&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">$userModel<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">create<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$name<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$email<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$password<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'user'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$user<\/span><span style=\"color: #007700\">],&nbsp;<\/span><span style=\"color: #0000BB\">201<\/span><span style=\"color: #007700\">); <br \/>}&nbsp;catch&nbsp;(<\/span><span style=\"color: #0000BB\">Exception&nbsp;$e<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'error'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">'Registration&nbsp;failed'<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">'details'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$e<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">getMessage<\/span><span style=\"color: #007700\">()],&nbsp;<\/span><span style=\"color: #0000BB\">500<\/span><span style=\"color: #007700\">); <br \/>} <br \/><\/span><span style=\"color: #0000BB\">?&gt;<\/span><\/pre>\n<h2>Step 9: User Login Endpoint<\/h2>\n<p>Create a <code>api\/login.php<\/code> file to handle user login requests. This endpoint will verify user credentials and return a JWT upon successful authentication.<\/p>\n<ul>\n<li>Include the API initializer<\/li>\n<li>Get JSON input from the request<\/li>\n<li>Validate the email and password<\/li>\n<li>Check if the user exists and verify the password<\/li>\n<li>Generate and return a JWT for authenticated sessions<\/li>\n<\/ul>\n<pre><span style=\"color: #0000BB\">&lt;?php <br \/><\/span><span style=\"color: #007700\">require_once&nbsp;<\/span><span style=\"color: #0000BB\">__DIR__&nbsp;<\/span><span style=\"color: #007700\">.&nbsp;<\/span><span style=\"color: #DD0000\">'\/_init.php'<\/span><span style=\"color: #007700\">; <br \/> <br \/><\/span><span style=\"color: #0000BB\">$input&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">get_json_input<\/span><span style=\"color: #007700\">(); <br \/><\/span><span style=\"color: #0000BB\">$email&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">trim<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$input<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'email'<\/span><span style=\"color: #007700\">]&nbsp;??&nbsp;<\/span><span style=\"color: #DD0000\">''<\/span><span style=\"color: #007700\">); <br \/><\/span><span style=\"color: #0000BB\">$password&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">$input<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'password'<\/span><span style=\"color: #007700\">]&nbsp;??&nbsp;<\/span><span style=\"color: #DD0000\">''<\/span><span style=\"color: #007700\">; <br \/> <br \/>if&nbsp;(!<\/span><span style=\"color: #0000BB\">validate_email<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$email<\/span><span style=\"color: #007700\">)&nbsp;||&nbsp;!<\/span><span style=\"color: #0000BB\">validate_password<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$password<\/span><span style=\"color: #007700\">))&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'error'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">'Email&nbsp;and&nbsp;password&nbsp;are&nbsp;required&nbsp;(password&nbsp;min&nbsp;6&nbsp;chars)'<\/span><span style=\"color: #007700\">],&nbsp;<\/span><span style=\"color: #0000BB\">422<\/span><span style=\"color: #007700\">); <br \/>} <br \/> <br \/><\/span><span style=\"color: #0000BB\">$userModel&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;new&nbsp;<\/span><span style=\"color: #0000BB\">UserModel<\/span><span style=\"color: #007700\">(); <br \/><\/span><span style=\"color: #0000BB\">$user&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">$userModel<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">getByEmail<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$email<\/span><span style=\"color: #007700\">); <br \/>if&nbsp;(!<\/span><span style=\"color: #0000BB\">$user&nbsp;<\/span><span style=\"color: #007700\">||&nbsp;!<\/span><span style=\"color: #0000BB\">password_verify<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$password<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$user<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'password_hash'<\/span><span style=\"color: #007700\">]))&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'error'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">'Invalid&nbsp;credentials'<\/span><span style=\"color: #007700\">],&nbsp;<\/span><span style=\"color: #0000BB\">401<\/span><span style=\"color: #007700\">); <br \/>} <br \/> <br \/><\/span><span style=\"color: #0000BB\">$jwt&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">create_jwt_for_user<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$user<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'id'<\/span><span style=\"color: #007700\">]); <br \/><\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'token'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$jwt<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'token'<\/span><span style=\"color: #007700\">],&nbsp;<\/span><span style=\"color: #DD0000\">'expires_in'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">JWT_TTL<\/span><span style=\"color: #007700\">]); <br \/><\/span><span style=\"color: #0000BB\">?&gt;<\/span><\/pre>\n<h2>Step 10: Protected Endpoint &#8211; User Profile<\/h2>\n<p>Create a <code>api\/profile.php<\/code> file to provide a protected endpoint that returns the authenticated user&#8217;s profile information. This endpoint will require a valid JWT for access.<\/p>\n<ul>\n<li>Include the API initializer<\/li>\n<li>Authenticate the request using the JWT<\/li>\n<li>Retrieve and return the user&#8217;s profile information<\/li>\n<\/ul>\n<pre><span style=\"color: #0000BB\">&lt;?php <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;include&nbsp;initialization&nbsp;file <br \/><\/span><span style=\"color: #007700\">require_once&nbsp;<\/span><span style=\"color: #0000BB\">__DIR__&nbsp;<\/span><span style=\"color: #007700\">.&nbsp;<\/span><span style=\"color: #DD0000\">'\/_init.php'<\/span><span style=\"color: #007700\">; <br \/> <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;authenticate&nbsp;request <br \/><\/span><span style=\"color: #0000BB\">$payload&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">require_auth<\/span><span style=\"color: #007700\">(); <br \/><\/span><span style=\"color: #0000BB\">$userModel&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;new&nbsp;<\/span><span style=\"color: #0000BB\">UserModel<\/span><span style=\"color: #007700\">(); <br \/><\/span><span style=\"color: #0000BB\">$user&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">$userModel<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">getById<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$payload<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'sub'<\/span><span style=\"color: #007700\">]); <br \/>if&nbsp;(!<\/span><span style=\"color: #0000BB\">$user<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'error'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">'User&nbsp;not&nbsp;found'<\/span><span style=\"color: #007700\">],&nbsp;<\/span><span style=\"color: #0000BB\">404<\/span><span style=\"color: #007700\">); <br \/>} <br \/> <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;return&nbsp;user&nbsp;profile <br \/><\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'user'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$user<\/span><span style=\"color: #007700\">]); <br \/><\/span><span style=\"color: #0000BB\">?&gt;<\/span><\/pre>\n<h2>Step 11: Protected Endpoint &#8211; Update User Profile<\/h2>\n<p>Create a <code>api\/update.php<\/code> file to provide a protected endpoint that allows users to update their profile information. This endpoint will require a valid JWT for access.<\/p>\n<ul>\n<li>Include the API initializer<\/li>\n<li>Authenticate the request using the JWT<\/li>\n<li>Get JSON input from the request<\/li>\n<li>Validate and update the user&#8217;s profile information<\/li>\n<li>Return the updated user profile<\/li>\n<\/ul>\n<pre><span style=\"color: #0000BB\">&lt;?php <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;include&nbsp;initialization&nbsp;file <br \/><\/span><span style=\"color: #007700\">require_once&nbsp;<\/span><span style=\"color: #0000BB\">__DIR__&nbsp;<\/span><span style=\"color: #007700\">.&nbsp;<\/span><span style=\"color: #DD0000\">'\/_init.php'<\/span><span style=\"color: #007700\">; <br \/> <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;authenticate&nbsp;request <br \/><\/span><span style=\"color: #0000BB\">$payload&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">require_auth<\/span><span style=\"color: #007700\">(); <br \/><\/span><span style=\"color: #0000BB\">$input&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">get_json_input<\/span><span style=\"color: #007700\">(); <br \/><\/span><span style=\"color: #0000BB\">$name&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">trim<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$input<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'name'<\/span><span style=\"color: #007700\">]&nbsp;??&nbsp;<\/span><span style=\"color: #DD0000\">''<\/span><span style=\"color: #007700\">); <br \/><\/span><span style=\"color: #0000BB\">$email&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">trim<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$input<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'email'<\/span><span style=\"color: #007700\">]&nbsp;??&nbsp;<\/span><span style=\"color: #DD0000\">''<\/span><span style=\"color: #007700\">); <br \/> <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;validate&nbsp;inputs <br \/><\/span><span style=\"color: #007700\">if&nbsp;(!<\/span><span style=\"color: #0000BB\">validate_name<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$name<\/span><span style=\"color: #007700\">)&nbsp;||&nbsp;!<\/span><span style=\"color: #0000BB\">validate_email<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$email<\/span><span style=\"color: #007700\">))&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'error'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">'Name&nbsp;and&nbsp;valid&nbsp;email&nbsp;required'<\/span><span style=\"color: #007700\">],&nbsp;<\/span><span style=\"color: #0000BB\">422<\/span><span style=\"color: #007700\">); <br \/>} <br \/> <br \/><\/span><span style=\"color: #0000BB\">$userModel&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;new&nbsp;<\/span><span style=\"color: #0000BB\">UserModel<\/span><span style=\"color: #007700\">(); <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;Prevent&nbsp;updating&nbsp;to&nbsp;an&nbsp;email&nbsp;already&nbsp;used&nbsp;by&nbsp;another&nbsp;account <br \/><\/span><span style=\"color: #0000BB\">$existing&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">$userModel<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">getByEmail<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$email<\/span><span style=\"color: #007700\">); <br \/>if&nbsp;(<\/span><span style=\"color: #0000BB\">$existing&nbsp;<\/span><span style=\"color: #007700\">&amp;&amp;&nbsp;<\/span><span style=\"color: #0000BB\">$existing<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'id'<\/span><span style=\"color: #007700\">]&nbsp;!=&nbsp;<\/span><span style=\"color: #0000BB\">$payload<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'sub'<\/span><span style=\"color: #007700\">])&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'error'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">'Email&nbsp;already&nbsp;in&nbsp;use&nbsp;by&nbsp;another&nbsp;account'<\/span><span style=\"color: #007700\">],&nbsp;<\/span><span style=\"color: #0000BB\">409<\/span><span style=\"color: #007700\">); <br \/>} <br \/> <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;update&nbsp;user&nbsp;profile <br \/><\/span><span style=\"color: #007700\">try&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$user&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">$userModel<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">update<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$payload<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'sub'<\/span><span style=\"color: #007700\">],&nbsp;<\/span><span style=\"color: #0000BB\">$name<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$email<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'user'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$user<\/span><span style=\"color: #007700\">]); <br \/>}&nbsp;catch&nbsp;(<\/span><span style=\"color: #0000BB\">Exception&nbsp;$e<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'error'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">'Update&nbsp;failed'<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">'details'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$e<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">getMessage<\/span><span style=\"color: #007700\">()],&nbsp;<\/span><span style=\"color: #0000BB\">500<\/span><span style=\"color: #007700\">); <br \/>} <br \/><\/span><span style=\"color: #0000BB\">?&gt;<\/span><\/pre>\n<h2>Step 12: Protected Endpoint &#8211; Update Password<\/h2>\n<p>Create a <code>api\/change_password.php<\/code> file to provide a protected endpoint that allows users to update their password. This endpoint will require a valid JWT for access.<\/p>\n<ul>\n<li>Include the API initializer<\/li>\n<li>Authenticate the request using the JWT<\/li>\n<li>Get JSON input from the request<\/li>\n<li>Validate the current and new passwords<\/li>\n<li>Verify the current password and update to the new password<\/li>\n<li>Return a success message upon successful password change<\/li>\n<\/ul>\n<pre><span style=\"color: #0000BB\">&lt;?php <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;include&nbsp;initialization&nbsp;file <br \/><\/span><span style=\"color: #007700\">require_once&nbsp;<\/span><span style=\"color: #0000BB\">__DIR__&nbsp;<\/span><span style=\"color: #007700\">.&nbsp;<\/span><span style=\"color: #DD0000\">'\/_init.php'<\/span><span style=\"color: #007700\">; <br \/> <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;authenticate&nbsp;request <br \/><\/span><span style=\"color: #0000BB\">$payload&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">require_auth<\/span><span style=\"color: #007700\">(); <br \/><\/span><span style=\"color: #0000BB\">$input&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">get_json_input<\/span><span style=\"color: #007700\">(); <br \/><\/span><span style=\"color: #0000BB\">$current&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">$input<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'current_password'<\/span><span style=\"color: #007700\">]&nbsp;??&nbsp;<\/span><span style=\"color: #DD0000\">''<\/span><span style=\"color: #007700\">; <br \/><\/span><span style=\"color: #0000BB\">$new&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">$input<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'new_password'<\/span><span style=\"color: #007700\">]&nbsp;??&nbsp;<\/span><span style=\"color: #DD0000\">''<\/span><span style=\"color: #007700\">; <br \/>if&nbsp;(!<\/span><span style=\"color: #0000BB\">$current&nbsp;<\/span><span style=\"color: #007700\">||&nbsp;!<\/span><span style=\"color: #0000BB\">validate_password<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$new<\/span><span style=\"color: #007700\">))&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'error'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">'Current&nbsp;password&nbsp;and&nbsp;new&nbsp;password&nbsp;(min&nbsp;6&nbsp;chars)&nbsp;are&nbsp;required'<\/span><span style=\"color: #007700\">],&nbsp;<\/span><span style=\"color: #0000BB\">422<\/span><span style=\"color: #007700\">); <br \/>} <br \/> <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;verify&nbsp;current&nbsp;password <br \/><\/span><span style=\"color: #0000BB\">$db&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">Database<\/span><span style=\"color: #007700\">::<\/span><span style=\"color: #0000BB\">getConnection<\/span><span style=\"color: #007700\">(); <br \/><\/span><span style=\"color: #0000BB\">$stmt&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">$db<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">prepare<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #DD0000\">'SELECT&nbsp;password_hash&nbsp;FROM&nbsp;users&nbsp;WHERE&nbsp;id&nbsp;=&nbsp;:id'<\/span><span style=\"color: #007700\">); <br \/><\/span><span style=\"color: #0000BB\">$stmt<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">execute<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">':id'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$payload<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'sub'<\/span><span style=\"color: #007700\">]]); <br \/><\/span><span style=\"color: #0000BB\">$row&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">$stmt<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">fetch<\/span><span style=\"color: #007700\">(); <br \/>if&nbsp;(!<\/span><span style=\"color: #0000BB\">$row&nbsp;<\/span><span style=\"color: #007700\">||&nbsp;!<\/span><span style=\"color: #0000BB\">password_verify<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$current<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$row<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'password_hash'<\/span><span style=\"color: #007700\">]))&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'error'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">'Current&nbsp;password&nbsp;is&nbsp;incorrect'<\/span><span style=\"color: #007700\">],&nbsp;<\/span><span style=\"color: #0000BB\">401<\/span><span style=\"color: #007700\">); <br \/>} <br \/> <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;update&nbsp;password <br \/><\/span><span style=\"color: #0000BB\">$userModel&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;new&nbsp;<\/span><span style=\"color: #0000BB\">UserModel<\/span><span style=\"color: #007700\">(); <br \/>try&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$user&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">$userModel<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">changePassword<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$payload<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'sub'<\/span><span style=\"color: #007700\">],&nbsp;<\/span><span style=\"color: #0000BB\">$new<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'user'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$user<\/span><span style=\"color: #007700\">]); <br \/>}&nbsp;catch&nbsp;(<\/span><span style=\"color: #0000BB\">Exception&nbsp;$e<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'error'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">'Password&nbsp;change&nbsp;failed'<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">'details'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$e<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">getMessage<\/span><span style=\"color: #007700\">()],&nbsp;<\/span><span style=\"color: #0000BB\">500<\/span><span style=\"color: #007700\">); <br \/>} <br \/><\/span><span style=\"color: #0000BB\">?&gt;<\/span><\/pre>\n<h2>Step 13: Logout Endpoint<\/h2>\n<p>Create a <code>api\/logout.php<\/code> file to handle user logout requests. This endpoint will invalidate the JWT on the client side.<\/p>\n<ul>\n<li>Include the API initializer<\/li>\n<li>Authenticate the request using the JWT<\/li>\n<li>Extract the token&#8217;s JTI (JWT ID) and expiration time<\/li>\n<li>Add the token&#8217;s JTI to the blacklist to invalidate it<\/li>\n<li>Return a success message indicating logout<\/li>\n<\/ul>\n<pre><span style=\"color: #0000BB\">&lt;?php <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;include&nbsp;initialization&nbsp;file <br \/><\/span><span style=\"color: #007700\">require_once&nbsp;<\/span><span style=\"color: #0000BB\">__DIR__&nbsp;<\/span><span style=\"color: #007700\">.&nbsp;<\/span><span style=\"color: #DD0000\">'\/_init.php'<\/span><span style=\"color: #007700\">; <br \/> <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;authenticate&nbsp;request <br \/><\/span><span style=\"color: #0000BB\">$payload&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">require_auth<\/span><span style=\"color: #007700\">(); <br \/><\/span><span style=\"color: #0000BB\">$blacklist&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;new&nbsp;<\/span><span style=\"color: #0000BB\">JWTBlacklist<\/span><span style=\"color: #007700\">(); <br \/><\/span><span style=\"color: #0000BB\">$jti&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">$payload<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'jti'<\/span><span style=\"color: #007700\">]&nbsp;??&nbsp;<\/span><span style=\"color: #0000BB\">null<\/span><span style=\"color: #007700\">; <br \/><\/span><span style=\"color: #0000BB\">$exp&nbsp;<\/span><span style=\"color: #007700\">=&nbsp;<\/span><span style=\"color: #0000BB\">$payload<\/span><span style=\"color: #007700\">[<\/span><span style=\"color: #DD0000\">'exp'<\/span><span style=\"color: #007700\">]&nbsp;??&nbsp;<\/span><span style=\"color: #0000BB\">time<\/span><span style=\"color: #007700\">(); <br \/>if&nbsp;(!<\/span><span style=\"color: #0000BB\">$jti<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'error'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">'Token&nbsp;missing&nbsp;jti'<\/span><span style=\"color: #007700\">],&nbsp;<\/span><span style=\"color: #0000BB\">400<\/span><span style=\"color: #007700\">); <br \/>} <br \/> <br \/><\/span><span style=\"color: #FF8000\">\/\/&nbsp;add&nbsp;token&nbsp;to&nbsp;blacklist <br \/><\/span><span style=\"color: #007700\">try&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">$blacklist<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">add<\/span><span style=\"color: #007700\">(<\/span><span style=\"color: #0000BB\">$jti<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #0000BB\">$exp<\/span><span style=\"color: #007700\">); <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'message'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">'Logged&nbsp;out'<\/span><span style=\"color: #007700\">]); <br \/>}&nbsp;catch&nbsp;(<\/span><span style=\"color: #0000BB\">Exception&nbsp;$e<\/span><span style=\"color: #007700\">)&nbsp;{ <br \/>&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span style=\"color: #0000BB\">send_json<\/span><span style=\"color: #007700\">([<\/span><span style=\"color: #DD0000\">'error'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #DD0000\">'Logout&nbsp;failed'<\/span><span style=\"color: #007700\">,&nbsp;<\/span><span style=\"color: #DD0000\">'details'&nbsp;<\/span><span style=\"color: #007700\">=&gt;&nbsp;<\/span><span style=\"color: #0000BB\">$e<\/span><span style=\"color: #007700\">-&gt;<\/span><span style=\"color: #0000BB\">getMessage<\/span><span style=\"color: #007700\">()],&nbsp;<\/span><span style=\"color: #0000BB\">500<\/span><span style=\"color: #007700\">); <br \/>} <br \/><\/span><span style=\"color: #0000BB\">?&gt;<\/span><\/pre>\n<h2>Test API Endpoints<\/h2>\n<p>You can use tools like Postman or cURL to test the API endpoints you have created. Here are some example requests:<\/p>\n<p><u>Register User:<\/u><\/p>\n<pre style=\"color: rgb(68, 68, 68);\">`POST \/api\/register.php` - JSON: `{ <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">\"name\"<\/span>:<span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">\"...\"<\/span>, <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">\"email\"<\/span>:<span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">\"...\"<\/span>, <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">\"password\"<\/span>:<span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">\"...\"<\/span> }`<\/pre>\n<p><u>Login User:<\/u><\/p>\n<pre style=\"color: rgb(68, 68, 68);\">`POST \/api\/login.php` - JSON: `{ <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">\"email\"<\/span>:<span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">\"...\"<\/span>, <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">\"password\"<\/span>:<span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">\"...\"<\/span> }` -&gt; returns `{ <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">\"token\"<\/span>:<span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">\"...\"<\/span>, <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">\"expires_in\"<\/span>:<span class=\"hljs-number\" style=\"color: rgb(136, 0, 0);\">3600<\/span> }`<\/pre>\n<p><u>Get User Profile:<\/u><\/p>\n<pre style=\"color: rgb(68, 68, 68);\">`GET \/api\/profile.php` - Authorization: `Bearer &lt;token&gt;` -&gt; returns logged-in user details<\/pre>\n<p><u>Update User Profile:<\/u><\/p>\n<pre style=\"color: rgb(68, 68, 68);\">`PUT \/api\/update.php` - Authorization: `Bearer &lt;token&gt;`, JSON: `{ <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">\"name\"<\/span>:<span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">\"...\"<\/span>, <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">\"email\"<\/span>:<span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">\"...\"<\/span> }` -&gt; update account<\/pre>\n<p><u>Change Password:<\/u><\/p>\n<pre style=\"color: rgb(68, 68, 68);\">`PUT \/api\/change_password.php` - Authorization: `Bearer &lt;token&gt;`, JSON: `{ <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">\"current_password\"<\/span>:<span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">\"...\"<\/span>, <span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">\"new_password\"<\/span>:<span class=\"hljs-string\" style=\"color: rgb(136, 0, 0);\">\"...\"<\/span> }`<\/pre>\n<p><u>Logout User:<\/u><\/p>\n<pre style=\"color: rgb(68, 68, 68);\">`POST \/api\/logout.php` - Authorization: `Bearer &lt;token&gt;` -&gt; invalidates token (blacklist)<\/pre>\n<p>With these endpoints implemented, you now have a functional RESTful API that supports user registration, authentication, profile management, password updates, and logout functionality using JWT for secure access control.<\/p>\n<h2>\ud83d\udee1\ufe0f Security Best Practices<\/h2>\n<p>To harden your API:<br \/>\n\u2714 Always use HTTPS<br \/>\n\u2714 Keep JWT secret key private<br \/>\n\u2714 Use short token expiration<br \/>\n\u2714 Validate inputs to avoid SQL injection<br \/>\n\u2714 Implement throttling \/ rate-limiting<br \/>\n\u2714 Refresh tokens (optional improvement)<\/p>\n<h2>Conclusion<\/h2>\n<p>You have successfully built a RESTful API in PHP with JWT-based authentication. This API allows users to register, log in, manage their profiles, change passwords, and log out securely. You can further enhance this API by adding more features or integrating it with a frontend application.<\/p>\n<p>With this PHP script, you have a fully working, framework-independent REST API with JWT Authentication, including:<br \/>\n\u2714 User registration<br \/>\n\u2714 Secure login<br \/>\n\u2714 JWT generation &#038; validation<br \/>\n\u2714 Middleware for protected routes<br \/>\n\u2714 Logout via token blacklist<\/p>\n<p>This API structure is scalable and production-ready with minor enhancements like refresh tokens and HTTPS. Happy coding! \ud83d\ude80<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Implementing secure authentication in REST APIs is a must for modern applications. One of the most widely used methods is JWT (JSON Web Token), which allows stateless, scalable authentication without storing sessions on the server. <\/p>\n","protected":false},"author":1,"featured_media":5948,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[4],"tags":[393,84,14,361],"class_list":["post-5942","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-php","tag-jwt","tag-login","tag-php","tag-rest-api","cat-4-id","has_thumb"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>REST API with JWT Authentication using PHP - CodexWorld<\/title>\n<meta name=\"description\" content=\"Learn how to build a secure REST API with JWT Authentication using PHP. Step-by-step guide with user login, token validation, protected API endpoints, and logout.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.codexworld.com\/rest-api-with-jwt-authentication-using-php\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"REST API with JWT Authentication using PHP - CodexWorld\" \/>\n<meta property=\"og:description\" content=\"Learn how to build a secure REST API with JWT Authentication using PHP. Step-by-step guide with user login, token validation, protected API endpoints, and logout.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.codexworld.com\/rest-api-with-jwt-authentication-using-php\/\" \/>\n<meta property=\"og:site_name\" content=\"CodexWorld\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/codexworld\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/codexworld\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-15T13:38:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-15T13:44:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.codexworld.com\/wp-content\/uploads\/2025\/11\/rest-api-with-jwt-authentication-using-php-codexworld.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"CodexWorld\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@codexworldblog\" \/>\n<meta name=\"twitter:site\" content=\"@codexworldweb\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"CodexWorld\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.codexworld.com\\\/rest-api-with-jwt-authentication-using-php\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.codexworld.com\\\/rest-api-with-jwt-authentication-using-php\\\/\"},\"author\":{\"name\":\"CodexWorld\",\"@id\":\"https:\\\/\\\/www.codexworld.com\\\/#\\\/schema\\\/person\\\/9da51d8fa3cdefeb5ec9c69136d4baf0\"},\"headline\":\"REST API with JWT Authentication using PHP\",\"datePublished\":\"2025-11-15T13:38:31+00:00\",\"dateModified\":\"2025-11-15T13:44:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.codexworld.com\\\/rest-api-with-jwt-authentication-using-php\\\/\"},\"wordCount\":995,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.codexworld.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.codexworld.com\\\/rest-api-with-jwt-authentication-using-php\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.codexworld.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/rest-api-with-jwt-authentication-using-php-codexworld.jpg\",\"keywords\":[\"JWT\",\"Login\",\"PHP\",\"REST API\"],\"articleSection\":[\"PHP\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.codexworld.com\\\/rest-api-with-jwt-authentication-using-php\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.codexworld.com\\\/rest-api-with-jwt-authentication-using-php\\\/\",\"url\":\"https:\\\/\\\/www.codexworld.com\\\/rest-api-with-jwt-authentication-using-php\\\/\",\"name\":\"REST API with JWT Authentication using PHP - CodexWorld\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.codexworld.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.codexworld.com\\\/rest-api-with-jwt-authentication-using-php\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.codexworld.com\\\/rest-api-with-jwt-authentication-using-php\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.codexworld.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/rest-api-with-jwt-authentication-using-php-codexworld.jpg\",\"datePublished\":\"2025-11-15T13:38:31+00:00\",\"dateModified\":\"2025-11-15T13:44:03+00:00\",\"description\":\"Learn how to build a secure REST API with JWT Authentication using PHP. Step-by-step guide with user login, token validation, protected API endpoints, and logout.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.codexworld.com\\\/rest-api-with-jwt-authentication-using-php\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.codexworld.com\\\/rest-api-with-jwt-authentication-using-php\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.codexworld.com\\\/rest-api-with-jwt-authentication-using-php\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.codexworld.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/rest-api-with-jwt-authentication-using-php-codexworld.jpg\",\"contentUrl\":\"https:\\\/\\\/www.codexworld.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/rest-api-with-jwt-authentication-using-php-codexworld.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"rest-api-with-jwt-authentication-using-php-codexworld\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.codexworld.com\\\/rest-api-with-jwt-authentication-using-php\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.codexworld.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"REST API with JWT Authentication using PHP\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.codexworld.com\\\/#website\",\"url\":\"https:\\\/\\\/www.codexworld.com\\\/\",\"name\":\"CodexWorld\",\"description\":\"Web &amp; Mobile App Development Company\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.codexworld.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.codexworld.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.codexworld.com\\\/#organization\",\"name\":\"CodexWorld\",\"url\":\"https:\\\/\\\/www.codexworld.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.codexworld.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.codexworld.com\\\/wp-content\\\/uploads\\\/2014\\\/09\\\/codexworld-logo.png\",\"contentUrl\":\"https:\\\/\\\/www.codexworld.com\\\/wp-content\\\/uploads\\\/2014\\\/09\\\/codexworld-logo.png\",\"width\":200,\"height\":19,\"caption\":\"CodexWorld\"},\"image\":{\"@id\":\"https:\\\/\\\/www.codexworld.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/codexworld\",\"https:\\\/\\\/x.com\\\/codexworldweb\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/codexworld\",\"https:\\\/\\\/www.youtube.com\\\/codexworld\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.codexworld.com\\\/#\\\/schema\\\/person\\\/9da51d8fa3cdefeb5ec9c69136d4baf0\",\"name\":\"CodexWorld\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cf4999db3b409de559f80677afa01729bb2eeda19be273c254e8b2c22729e386?s=96&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cf4999db3b409de559f80677afa01729bb2eeda19be273c254e8b2c22729e386?s=96&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cf4999db3b409de559f80677afa01729bb2eeda19be273c254e8b2c22729e386?s=96&r=g\",\"caption\":\"CodexWorld\"},\"description\":\"CodexWorld is a programming blog, one-stop destination for web professionals \u2014 developers, programmers, freelancers, and site owners.\",\"sameAs\":[\"http:\\\/\\\/www.codexworld.com\",\"https:\\\/\\\/www.facebook.com\\\/codexworld\",\"https:\\\/\\\/x.com\\\/codexworldblog\"],\"url\":\"https:\\\/\\\/www.codexworld.com\\\/author\\\/nitya192265\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"REST API with JWT Authentication using PHP - CodexWorld","description":"Learn how to build a secure REST API with JWT Authentication using PHP. Step-by-step guide with user login, token validation, protected API endpoints, and logout.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.codexworld.com\/rest-api-with-jwt-authentication-using-php\/","og_locale":"en_US","og_type":"article","og_title":"REST API with JWT Authentication using PHP - CodexWorld","og_description":"Learn how to build a secure REST API with JWT Authentication using PHP. Step-by-step guide with user login, token validation, protected API endpoints, and logout.","og_url":"https:\/\/www.codexworld.com\/rest-api-with-jwt-authentication-using-php\/","og_site_name":"CodexWorld","article_publisher":"https:\/\/www.facebook.com\/codexworld","article_author":"https:\/\/www.facebook.com\/codexworld","article_published_time":"2025-11-15T13:38:31+00:00","article_modified_time":"2025-11-15T13:44:03+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/www.codexworld.com\/wp-content\/uploads\/2025\/11\/rest-api-with-jwt-authentication-using-php-codexworld.jpg","type":"image\/jpeg"}],"author":"CodexWorld","twitter_card":"summary_large_image","twitter_creator":"@codexworldblog","twitter_site":"@codexworldweb","twitter_misc":{"Written by":"CodexWorld","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.codexworld.com\/rest-api-with-jwt-authentication-using-php\/#article","isPartOf":{"@id":"https:\/\/www.codexworld.com\/rest-api-with-jwt-authentication-using-php\/"},"author":{"name":"CodexWorld","@id":"https:\/\/www.codexworld.com\/#\/schema\/person\/9da51d8fa3cdefeb5ec9c69136d4baf0"},"headline":"REST API with JWT Authentication using PHP","datePublished":"2025-11-15T13:38:31+00:00","dateModified":"2025-11-15T13:44:03+00:00","mainEntityOfPage":{"@id":"https:\/\/www.codexworld.com\/rest-api-with-jwt-authentication-using-php\/"},"wordCount":995,"commentCount":0,"publisher":{"@id":"https:\/\/www.codexworld.com\/#organization"},"image":{"@id":"https:\/\/www.codexworld.com\/rest-api-with-jwt-authentication-using-php\/#primaryimage"},"thumbnailUrl":"https:\/\/www.codexworld.com\/wp-content\/uploads\/2025\/11\/rest-api-with-jwt-authentication-using-php-codexworld.jpg","keywords":["JWT","Login","PHP","REST API"],"articleSection":["PHP"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.codexworld.com\/rest-api-with-jwt-authentication-using-php\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.codexworld.com\/rest-api-with-jwt-authentication-using-php\/","url":"https:\/\/www.codexworld.com\/rest-api-with-jwt-authentication-using-php\/","name":"REST API with JWT Authentication using PHP - CodexWorld","isPartOf":{"@id":"https:\/\/www.codexworld.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.codexworld.com\/rest-api-with-jwt-authentication-using-php\/#primaryimage"},"image":{"@id":"https:\/\/www.codexworld.com\/rest-api-with-jwt-authentication-using-php\/#primaryimage"},"thumbnailUrl":"https:\/\/www.codexworld.com\/wp-content\/uploads\/2025\/11\/rest-api-with-jwt-authentication-using-php-codexworld.jpg","datePublished":"2025-11-15T13:38:31+00:00","dateModified":"2025-11-15T13:44:03+00:00","description":"Learn how to build a secure REST API with JWT Authentication using PHP. Step-by-step guide with user login, token validation, protected API endpoints, and logout.","breadcrumb":{"@id":"https:\/\/www.codexworld.com\/rest-api-with-jwt-authentication-using-php\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.codexworld.com\/rest-api-with-jwt-authentication-using-php\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.codexworld.com\/rest-api-with-jwt-authentication-using-php\/#primaryimage","url":"https:\/\/www.codexworld.com\/wp-content\/uploads\/2025\/11\/rest-api-with-jwt-authentication-using-php-codexworld.jpg","contentUrl":"https:\/\/www.codexworld.com\/wp-content\/uploads\/2025\/11\/rest-api-with-jwt-authentication-using-php-codexworld.jpg","width":1920,"height":1080,"caption":"rest-api-with-jwt-authentication-using-php-codexworld"},{"@type":"BreadcrumbList","@id":"https:\/\/www.codexworld.com\/rest-api-with-jwt-authentication-using-php\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.codexworld.com\/"},{"@type":"ListItem","position":2,"name":"REST API with JWT Authentication using PHP"}]},{"@type":"WebSite","@id":"https:\/\/www.codexworld.com\/#website","url":"https:\/\/www.codexworld.com\/","name":"CodexWorld","description":"Web &amp; Mobile App Development Company","publisher":{"@id":"https:\/\/www.codexworld.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.codexworld.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.codexworld.com\/#organization","name":"CodexWorld","url":"https:\/\/www.codexworld.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.codexworld.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.codexworld.com\/wp-content\/uploads\/2014\/09\/codexworld-logo.png","contentUrl":"https:\/\/www.codexworld.com\/wp-content\/uploads\/2014\/09\/codexworld-logo.png","width":200,"height":19,"caption":"CodexWorld"},"image":{"@id":"https:\/\/www.codexworld.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/codexworld","https:\/\/x.com\/codexworldweb","https:\/\/www.linkedin.com\/company\/codexworld","https:\/\/www.youtube.com\/codexworld"]},{"@type":"Person","@id":"https:\/\/www.codexworld.com\/#\/schema\/person\/9da51d8fa3cdefeb5ec9c69136d4baf0","name":"CodexWorld","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/cf4999db3b409de559f80677afa01729bb2eeda19be273c254e8b2c22729e386?s=96&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/cf4999db3b409de559f80677afa01729bb2eeda19be273c254e8b2c22729e386?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cf4999db3b409de559f80677afa01729bb2eeda19be273c254e8b2c22729e386?s=96&r=g","caption":"CodexWorld"},"description":"CodexWorld is a programming blog, one-stop destination for web professionals \u2014 developers, programmers, freelancers, and site owners.","sameAs":["http:\/\/www.codexworld.com","https:\/\/www.facebook.com\/codexworld","https:\/\/x.com\/codexworldblog"],"url":"https:\/\/www.codexworld.com\/author\/nitya192265\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/www.codexworld.com\/wp-content\/uploads\/2025\/11\/rest-api-with-jwt-authentication-using-php-codexworld.jpg","jetpack_shortlink":"https:\/\/wp.me\/p6bxIh-1xQ","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.codexworld.com\/wp-json\/wp\/v2\/posts\/5942","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.codexworld.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.codexworld.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.codexworld.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.codexworld.com\/wp-json\/wp\/v2\/comments?post=5942"}],"version-history":[{"count":3,"href":"https:\/\/www.codexworld.com\/wp-json\/wp\/v2\/posts\/5942\/revisions"}],"predecessor-version":[{"id":5945,"href":"https:\/\/www.codexworld.com\/wp-json\/wp\/v2\/posts\/5942\/revisions\/5945"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.codexworld.com\/wp-json\/wp\/v2\/media\/5948"}],"wp:attachment":[{"href":"https:\/\/www.codexworld.com\/wp-json\/wp\/v2\/media?parent=5942"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.codexworld.com\/wp-json\/wp\/v2\/categories?post=5942"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.codexworld.com\/wp-json\/wp\/v2\/tags?post=5942"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}