CakePHP: Build REST APIs with RestApi plugin – Part 2

This is the second part of tutorial. If you haven’t look at first part, please read it here – CakePHP: Build REST APIs with RestApi plugin – Part 1

Okay, so let’s start with user registration and login APIs. We will use AccountController to handle these APIs. So, create a new controller at src/Controller/AccountController.php like,

We need a database table to store user’s data. Let’s create a users table with basic fields like,

Based on above table, create Table and Entity classes. See below for example.



Now, the basic things are ready to implement registration and login APIs.

User Registration API

First, let’s create a route for this API. The endpoint will be Set following route in your APP/config/routes.php file,

Now, let’s update our register() method code. It will now look like,

So, our register() method only allows POST request. Also note that, to generate a JWT token we have used an JwtToken utility class from RestApi plugin. We have passed email and name as a payload data to generate token. You can add whatever fields you want to generate token.

To test it, make a post request to using Postman or any other REST client and pass name, email and password parameters. See below screenshot of my Postman request.


The response should look like,


You can store this token and use it in further API requests which requires token. We will see it later.

Now, try with few more requests to check how this method works. For example, if you submit a new request with same email address, it will response with validation errors. See below example response,


User Login API

Similar to registration api, we will use as API endpoint. Set following route in your APP/config/routes.php file,

Now, modify the login() method like,

Similar to register api, this method allows only POST request. Now make a POST request to with email and password that we have used in our registration API example. See below sample request using Postman.


And it will return below response with token.


That is it. You can play around the example, update validations, modify code etc. etc.

User auth token in request

In our previous part, we made a sample API method which was returning a list of movies. For testing purpose, we have disabled the auth token check from that API request.

Let’s enable the token check. And to do that, remove allowWithoutToken parameter from route or set it to false.

Now, make a GET request to and it will return error response like below.

So, here we need to pass the auth token in request parameter by either using header, GET parameter or POST data field.

Let’s pass it in GET parameter, so our endpoint URL will be,

And it will return the response with movie list like below.

You can also pass this token in header. See my Postman request example below.



Access user data from token

It is important to know that which user is making an API request. In our case, we are using JWT token to identify the user who is making a request. The RestApi plugin decodes the token and set the payload data in jwtPayload variable. You can also access the token using jwtToken variable. Let’s modify our example API request and return the payload data in response.

And when you make the request again, it will return the response like below.

You can use the payload data in your logic wherever required.

That is it for now. Enjoy!

You may also like...