Main structure and the technology

As I discussed in the previous post, one of the most important parts is to keep the syntax as simple as possible for a newbie to be able to jump on right away. We also should avoid using any sort of fancy tools which would basically complicate the development process. We also should use most popular tools which have proved themselves and supported by a strong community.

No need to mention that we will use composer for the package management.

The framework will be a Backend API. Therefore we will not have a template engine. It will simply be used for terminal usage and the REST API Endpoint creation. We will create an interface for the back office and also a front end for the end product, but those are going to be different products and won’t be included in this framework out of the box since it’s not our intention to create a Web based product solution at this stage.

File structure

Cache folder will be used for file caching if we choose php file caching rather than Redis or Memcache.

Documentation is simply the documentation of the framework. I chose to work with docsify since their interface is very simple and user friendly. All we are looking for is a single page readme document anyways.

Inc folder will include the core files such as global.php and routing.php. These will not be modules and the system will not be able to run without them.

Misc folder will contain miscellaneous files, folders to be used in the future. Currently it will be empty.

Modules will contain features that we want to develop. Some system work will still be considered as modules such as database, oauth, role, permission, user, entity. There will also be an autoload.php file to load all the module files at once so we won’t need to manually include our modules.

.env file

Phpdotenv package looks for a .env file and loads the global variables with the help of inc/global.php file. There is an example file in the root directory as follows




The content of the file is pretty self explanatory, firstly we define which environment this will be, then the database connection information and finally the public and private keys for the oauth2. Let me explain what these keys are and why it is necessary.

As I mentioned above, we are using The Php League’s Oauth2 server. You may take a look at what it is and how it works for more information here ( If you visit the installation section, we can see that we need to generate some keys to be able to use the package.

First, go to your terminal and generate your private key as follows:

openssl genrsa -out private.key 2048

After this, you can extract the public key out of the private key:

openssl rsa -in private.key -pubout -out public.key

Of course it will be a good idea to change the names private.key and public.key for security reasons. As you can imagine, you should never share your private key and keep it outside of the web directory.

We will also need to generate an encryption key. This key will be used to encrypt the authorization and access tokens. There are two types of keys, string password and key object, we will be using string password in this framework. To generate one, run the following in your terminal:

php -r 'echo base64_encode(random_bytes(32)), PHP_EOL;'

Simply use this as your OAUTH_ENCRYPTION_KEY in the .env file. Also add your private and public key paths into the same file, as well as your DB credentials.


The content of the index.php file is as follows:

require_once "vendor/autoload.php";
require_once "inc/global.php";
require_once "modules/system/system.php";
require_once "modules/autoload.php";
require_once "inc/routing.php";

Basically, it loads the composer packages we are using, global variables, system file, modules and lastly the routing.php to direct the requests into the correct places. We will continue with the routing explanation.