I built a REST API and calling code using Zend Framework. This code also uses Doctrine (http://www.doctrine-project.org/projects/orm).
Prior to coding, I reviewed several resources on the ‘net in an attempt to follow best practices. I visited the following, as well as others:
These settings ensure the request is properly organized when received by the REST controller. Be sure the ACL is configured to allow access as appropriate as well.
The calling code is a subset, only the relevant code is included.
Authentication is handled by JSON encoding, then encrypting the username and password in the Authorization header.
The process has two phases, a GET to test whether the element exists and a POST, PUT or DELETE depending on existence, error, or requested action. Since the GET is a test, no data is returned. POST and PUT pass the data in the body text, JSON encoded.
The REST controller uses a preDispatch override to ensure the submitted id, username and password are valid. Invalid requests are discarded with an HTTP/400. Unauthorized requests receive an HTTP/403.
GET requests use the submitted UUID to test for the existence of the data. Using a UUID ensures the data will be identified the same across different systems. The data has local identifiers as well, and some translation is applied, although it has been removed from the posted code.
The JSON data is read from the request body with a file_get_contents on php://input
Use curl to test the interface, or PHP.