Using Basic Auth REST API Development in CodeIgniter 4

Share this Article
Reading Time: 9 minutes

CodeIgniter 4 is an open source framework of PHP. There are several libraries available in codeigniter 4 which makes application development very easy.

Inside this article we will see the concept of Using Basic Auth REST API development in CodeIgniter 4. Additionally we will cover the API data validations and their outputs. Article is very interesting to learn and super easy to implement.

HTTP Basic Access Authentication involves adding a header that contains your username and password. That auth values will be check at server side, if valid details will process next else access denied.

Learn more –

  • CodeIgniter 4 RESTful APIs with JWT Authentication, Click here.
  • CodeIgniter 4 CRUD REST APIs Development (without validation), Click here.
  • REST API Development with Validation in CodeIgniter 4, Click here.
  • Upload Image by REST API in CodeIgniter 4 Tutorial, Click here.

Note*: For this article, CodeIgniter v4.1 setup has been installed. May be when you are seeing, version will be updated. CodeIgniter 4.x still is in development mode.

Let’s get started.

Download & Install CodeIgniter 4 Setup

We need to download & install CodeIgniter 4 application setup to system. To set application we have multiple options to proceed.

Here are the following ways to download and install CodeIgniter 4 –

  • Manual Download
  • Composer Installation
  • Clone Github repository of CodeIgniter 4

Complete introduction of CodeIgniter 4 basics – Click here to go. After going through this article you can easily download & install setup.

Here is the command to install via composer –

$ composer create-project codeigniter4/appstarter codeigniter-4

Assuming you have successfully installed application into your local system.

Turn Development Mode On

When we install CodeIgniter 4, we have env file at root. To use the environment variables means using variables at global scope we need to do env to .env

Open project in terminal

$ cp env .env

Above command will create a copy of env file to .env file. Now we are ready to use environment variables.

CodeIgniter starts up in production mode by default. Let’s do it in development mode. So that while working if we get any error then error will show up.

# CI_ENVIRONMENT = production

// Do it to 

CI_ENVIRONMENT = development

Now application is in development mode.

Create Database & Table in Application

To create a database, either we can create via Manual tool of PhpMyadmin or by means of a mysql command.

CREATE DATABASE codeigniter4_app;

Next, we need a table. That table will be responsible to store data. Let’s create table with some columns.

CREATE TABLE `employees` (
 `name` varchar(120) DEFAULT NULL,
 `email` varchar(120) DEFAULT NULL,
 `phone_no` varchar(45) DEFAULT NULL,

Successfully, we have created a database and a table.

Database Connectivity to Application

Open .env file from project root. Search for DATABASE. You should see the connection environment variables.

Let’s set the value for those to connect with database.

 database.default.hostname = localhost
 database.default.database = codeigniter4_app
 database.default.username = root
 database.default.password = root
 database.default.DBDriver = MySQLi

Now, database successfully connected with application.

How HTTP Basic Access Authentication works?

HTTP Basic Access Authentication is one of the very simple authentication available to process request. This involves adding a header that contains your username and password. The proper format for the header –

Authorization: Basic XXXXXX

Where XXXXXX is your credentials in the form of username:password with base64 encoding.

PHP automatically decodes and splits the username and password into special named constants:

  • PHP_AUTH_USER with the username as a plain-text string, access like – $_SERVER[‘PHP_AUTH_USER’]
  • PHP_AUTH_PW with the password as a plain-text string, access like – $_SERVER[‘PHP_AUTH_PW’]

Create Filter

Open terminal and run this spark command to create filter.

$ php spark make:filter Basicauth --suffix

It will creates a file with name BasicauthFilter.php at /app/Filters folder.

Open BasicauthFilter.php and write this code into it.


namespace App\Filters;

use CodeIgniter\Filters\FilterInterface;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;

class BasicauthFilter implements FilterInterface
	public function before(RequestInterface $request, $arguments = null)
		$username = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : "";
		$password = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : "";

		if($username != "onlinewebtutor" || $password != "admin123"){
			header("Content-type: application/json");
			echo json_encode(array(
				"status" => false,
				"message" => "Invalid credentials"

	public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)

Get header Authorization data and check here –

$username = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : "";
$password = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : "";

Register Filter To Application

Open Filters.php from /app/Config. Search for $aliases.

Add this line to header

use App\Filters\BasicauthFilter;

Add into $aliases

public $aliases = [
        "basicauth" => BasicauthFilter::class

Create Model

Open project into terminal and run this spark command.

$ php spark make:model Employee --suffix

It will create EmployeeModel.php file inside /app/Models folder.

Open EmployeeModel.php and write this complete code into it.


namespace App\Models;

use CodeIgniter\Model;

class EmployeeModel extends Model
	protected $DBGroup              = 'default';
	protected $table                = 'employees';
	protected $primaryKey           = 'id';
	protected $useAutoIncrement     = true;
	protected $insertID             = 0;
	protected $returnType           = 'array';
	protected $useSoftDelete        = false;
	protected $protectFields        = true;
	protected $allowedFields        = [

	// Dates
	protected $useTimestamps        = false;
	protected $dateFormat           = 'datetime';
	protected $createdField         = 'created_at';
	protected $updatedField         = 'updated_at';
	protected $deletedField         = 'deleted_at';

	// Validation
	protected $validationRules      = [];
	protected $validationMessages   = [];
	protected $skipValidation       = false;
	protected $cleanValidationRules = true;

	// Callbacks
	protected $allowCallbacks       = true;
	protected $beforeInsert         = [];
	protected $afterInsert          = [];
	protected $beforeUpdate         = [];
	protected $afterUpdate          = [];
	protected $beforeFind           = [];
	protected $afterFind            = [];
	protected $beforeDelete         = [];
	protected $afterDelete          = [];

Create Controller

Open project into terminal and run this spark command.

$ php spark make:controller Api/Api --suffix --restful

It will create ApiController.php file inside /app/Controllers/Api folder. Along with controller it will also create a folder.

Open ApiController.php and write this complete code into it.


namespace App\Controllers\Api;

use CodeIgniter\RESTful\ResourceController;
use App\Models\EmployeeModel;

class ApiController extends ResourceController
	public function addEmployee()
		$rules = [
			"name" => "required",
			"email" => "required|valid_email|is_unique[]|min_length[6]",
			"phone_no" => "required",

		$messages = [
			"name" => [
				"required" => "Name is required"
			"email" => [
				"required" => "Email required",
				"valid_email" => "Email address is not in format",
				"is_unique" => "Email address already exists"
			"phone_no" => [
				"required" => "Phone Number is required"

		if (!$this->validate($rules, $messages)) {

			$response = [
				'status' => 500,
				'error' => true,
				'message' => $this->validator->getErrors(),
				'data' => []
		} else {

			$emp = new EmployeeModel();

			$data['name'] = $this->request->getVar("name");
			$data['email'] = $this->request->getVar("email");
			$data['phone_no'] = $this->request->getVar("phone_no");


			$response = [
				'status' => 200,
				'error' => false,
				'message' => 'Employee added successfully',
				'data' => []

		return $this->respondCreated($response);

	public function listEmployee()
		$emp = new EmployeeModel();

		$response = [
			'status' => 200,
			"error" => false,
			'messages' => 'Employee list',
			'data' => $emp->findAll()

		return $this->respondCreated($response);

We have added few methods like for add, list. You can add all methods for a CRUD application.

Add Routes

Open Routes.php file from /app/Config folder. Add these routes into it.


 $routes->group("api", ["namespace" => "App\Controllers\Api", "filter" => "basicauth"] , function($routes){

	 $routes->get("list-employee", "ApiController::listEmployee");
     $routes->post("add-employee", "ApiController::addEmployee");


Application Testing

Start development server:

$ php spark serve


URL: http://localhost:8080/api/add-employee


Basic Auth Settings:

When you do this, automatically it will create a new header called Authorization into headers. It contains the value in the format of Basic b25saW5ld2VidHV0b3I6YWRtaW4xMjM=


Authorization:Basic b25saW5ld2VidHV0b3I6YWRtaW4xMjM=

HANDLER: \App\Controllers\Api\ApiController::addEmployee


URL: http://localhost:8080/api/list-employee



Authorization:Basic b25saW5ld2VidHV0b3I6YWRtaW4xMjM=

HANDLER: \App\Controllers\Api\ApiController::listEmployee

We hope this article helped you to learn Basic Auth REST API Development in CodeIgniter 4 in a very detailed way.

Buy Me a Coffee

If you liked this article, then please subscribe to our YouTube Channel for PHP & it’s framework, WordPress, Node Js video tutorials. You can also find us on Twitter and Facebook.

Find More on CodeIgniter 4 here