This skeleton uses sessions (cookies) to handle the logged-in users.

For APIs you should consider other options:

Basic authentication is a simple authentication scheme built into the HTTP protocol. As long as the client transmits its data over HTTPS, it's a secure authentication mechanism.

Authorization: Basic ZGVtbzpwQDU1dzByZA==

You could also consider to use OAuth 2.0 in combination with a signed JSON Web Token.

The JWTs can be used as OAuth 2.0 Bearer-Tokens to encode all relevant parts of an access token into the access token itself instead of having to store them in a database.

Please note: OAuth 2.0 is not an authentication protocol.

Clients may use the HTTP Basic authentication scheme, as defined in RFC2617, to authenticate with the server.

After successful authentication, the client sends its token within the Authorization request header:

Authorization: Bearer RsT5OjbzRn430zqMLgV3Ia

lcobucci/jwt is a good library to work with JSON Web Token (JWT) and JSON Web Signature based on RFC 7519.

Read more:

• Swagger - Basic authentication
• Swagger - OAuth 2.0
• OAuth Libraries for PHP
• Slim 4 - OAuth 2.0 and JSON Web Token (JWT) Setup
• Stop using JWT for sessions