I’m working on a C# desktop app that needs to perform database operations through a PHP API connected to MySQL. Instead of just copying existing code, I want to properly understand how to build this from scratch.
Most PHP tutorials I find focus on web development and HTML output. I need something specifically about creating APIs that return JSON data. My C# application will send login credentials over HTTPS to authenticate users. The PHP API should verify these credentials against the database and only return specific data based on what the authenticated user requests.
I don’t want to connect directly from C# to MySQL because that would mean putting database credentials in the desktop application. The API approach seems more secure.
Can anyone recommend good learning resources for building secure PHP APIs? Most tutorials I’ve seen just focus on basic data retrieval without proper authentication or security considerations.
You’re right - direct database connections from desktop apps are a bad idea. I ran into this same issue two years back with an inventory system I built. The biggest shift is thinking stateless instead of session-based. API calls don’t maintain state like web apps do. Go with Laravel’s API resources or Slim Framework if you want something lighter. Both handle JSON responses out of the box and have middleware for auth built in. Skip traditional sessions and use JWT tokens instead. Your C# app sends credentials once, gets a token back, then just includes that token in every request after. No need to keep sending credentials. Don’t make my mistake - validate everything on the PHP side, even though you control both apps. I got lazy with input validation early on. If your desktop app gets compromised, you’re still vulnerable to SQL injection. Also, add rate limiting from the start. Desktop apps can hammer your server with rapid requests, which’ll either crash it or get you flagged by your host.