I am creating an application which I would like to have communicate with my website. The app will have to get data for a particular app user from the website's database. I am unclear as to the best way to do this.
I have seen one way of doing this for example is creating a login page on the app which then hits a login.php logic on my website. This is convenient because I can use one code base to handle sign in for both the website and the app.
Another solution I've seen is using JSON requests to handle the communication between app and website. This is convenient because JSON objects are easy to create and parse.
I would basically like to know the best/common way to have this communication occur, what are the pros and cons to having one over the other, and any other security issues to consider.
For example, is there a risk of exposing sensitive user data when using one method over the other? If so how can this be prevented? How and where does encryption and user validations come into play here?
Best Answer
I would recommend building a REST API for your application and your website.
Building a web service is more work but I think it's a lot cleaner. If you do it this way, neither your website nor your application has to worry about how to connect to and query the database since all of those details will be abstracted by the API. Also, another benefit is security: if your website ever gets hacked, they won't necessarily have access to your database since the website is only making API calls (and not database calls.) Of course there are a lot of things to consider with security, but that's one less thing you have to worry about.
Here is a great starter guide on how to create a REST API in PHP:
http://www.gen-x-design.com/archives/create-a-rest-api-with-php/