A Production-Ready API Foundation Built with Vibe Coding
Built in days, not months. Documented for entrepreneurs, developers, and AI assistants.
LaunchPad API is a complete, production-ready REST API foundation featuring authentication, authorization, and best practicesβbuilt using our "Vibe Coding" methodology alongside AI assistance.
This isn't just another boilerplate. It's a documented journey showing how entrepreneurs can build professional backends without hiring expensive developers or drowning in complexity.
β
Complete Authentication System - Registration, login, password reset, API tokens, HMAC
β
Role-Based Authorization - Groups and permissions (admin, user, etc.)
β
RESTful API Structure - Proper HTTP methods, status codes, JSON responses
β
Security Hardened - CSRF protection, XSS filtering, rate limiting, secure headers
β
Database Ready - Migrations, seeders, query builder, model relationships
β
Development Tools - Local server, code generators, testing framework
β
Comprehensive Documentation - Every decision explained with rationale
This project follows a dual-documentation approach:
Start here if you're new!
Our comprehensive guide explaining:
- The Vibe Coding methodology
- Technical decisions and rationale
- PHP vs Node.js for entrepreneurs
- Cost comparisons and hosting options
- Complete walkthrough of how we built this
- Code examples for beginners
Read it like: A tutorial from a friend who's been there
π Spanish version available:
article_es.md- VersiΓ³n completa en espaΓ±ol
Reference this during development
Technical reference containing:
- Common commands and CLI tools
- Code standards and patterns
- Configuration file references
- Security checklists
- Troubleshooting guides
Read it like: A technical manual for your team
Context for AI assistants
Seven skill files that teach AI about our stack:
ci4-api-development- REST API patternsci4-shield-auth- Authentication & authorizationci4-routing-controllers- Routing and controllersci4-models-database- Database operationsci4-security- Security best practicesci4-configuration- Configuration managementci4-testing- Testing methodologies
- PHP 8.2 or higher
- Composer (PHP package manager)
- MySQL or SQLite (MySQL recommended for production)
- A code editor (VS Code recommended)
# Clone or download the project
git clone [your-repo-url] launchpad-api
cd launchpad-api
# Install dependencies
composer install
# Copy environment file
cp env .env
# Edit .env with your database credentials
# For SQLite (development): database.default.database = ../writable/database.sqlite
# For MySQL: configure hostname, database, username, password
# Run database migrations
php spark migrate --all
# Start development server
php spark serveVisit http://localhost:8080 - You should see the CodeIgniter welcome page!
This project was built using our 3-step approach:
We downloaded the complete CodeIgniter 4 user guide and Shield authentication docs into the project. This ensures our AI assistant gives accurate, version-specific advice.
Location: ci-userguide/ and shield-docs/
We trained OpenCode AI on our local documentation. It created 7 skill files that teach the AI about our specific tech stack, ensuring consistent, expert-level assistance.
Location: .opencode/skills/
Instead of writing authentication from scratch (weeks of work), we ran:
composer require codeigniter4/shieldFive minutes later, we had a complete authentication system.
Read article.md for the full story!
| Component | Purpose | Why We Chose It |
|---|---|---|
| PHP 8.2+ | Programming language | Fast, stable, runs on cheap hosting |
| CodeIgniter 4 | Web framework | Lightweight, excellent docs, API-focused |
| Shield | Authentication | Official CI4 solution, multiple auth methods |
| Composer | Package manager | One-command installs, automatic updates |
| MySQL/SQLite | Database | Universal support, easy deployment |
| OpenCode AI | Coding assistant | Context-aware, trained on our docs |
| Hosting Type | Monthly Cost | Yearly Cost | Complexity |
|---|---|---|---|
| PHP Shared Hosting | $3-10 | $36-120 | Upload files, done |
| VPS for Node/Python | $20-50 | $240-600 | Server setup, monitoring |
| Managed VPS | $50-150 | $600-1800 | Simpler but expensive |
Savings: $564 - $1,680 per year
PHP runs on shared hosting (just upload files). Node.js/Python generally need VPS (server management required).
See article.md for the full cost breakdown.
launchpad-api/
βββ π article.md # Comprehensive guide (START HERE!)
βββ π οΈ AGENTS.md # Technical reference
βββ π README.md # This file
βββ
βββ π app/ # Application code
β βββ Config/ # Configuration files
β βββ Controllers/ # API controllers
β βββ Models/ # Data models
β βββ Filters/ # Authentication filters
β βββ Database/ # Migrations and seeds
β
βββ π ci-userguide/ # CodeIgniter 4 docs (local copy)
βββ π shield-docs/ # Shield auth docs (local copy)
βββ π .opencode/ # AI configuration
β βββ skills/ # AI knowledge files
β
βββ π public/ # Web root (index.php)
βββ π system/ # Framework core
βββ π vendor/ # Composer dependencies
βββ π writable/ # Logs, cache, uploads
# Start development server
php spark serve
# Clear cache
php spark cache:clear
# Generate code
php spark make:controller Api/UserController
php spark make:model Models/UserModel
php spark make:migration create_users_table# Run all migrations
php spark migrate --all
# Rollback last migration
php spark migrate:rollback
# Seed database with test data
php spark db:seed DatabaseSeeder# Create new user
php spark shield:user create
# List all users
php spark shield:user list
# Add user to group
php spark shield:user addgroup
# Manage HMAC keys
php spark shield:hmac reencrypt# Run all tests
vendor/bin/phpunit
# Run with coverage
vendor/bin/phpunit --coverage-html coverage/See AGENTS.md for complete command reference.
Here's what a protected API endpoint looks like:
<?php
namespace App\Controllers\Api;
use CodeIgniter\RESTful\ResourceController;
class UserController extends ResourceController
{
protected $modelName = 'App\Models\UserModel';
protected $format = 'json';
// GET /api/users
public function index()
{
$users = $this->model->findAll();
return $this->respond(['status' => 200, 'data' => $users]);
}
// GET /api/users/{id}
public function show($id = null)
{
$user = $this->model->find($id);
if (!$user) {
return $this->failNotFound('User not found');
}
return $this->respond(['status' => 200, 'data' => $user]);
}
}Protect the route:
// routes.php
$routes->group('api', ['filter' => 'tokens'], function($routes) {
$routes->resource('users');
});That's it! One line protects all user endpoints with token authentication.
See article.md for more examples and detailed explanations.
Every technical decision in this project is documented using this format:
## Decision: [What we decided]
**Date**: [When decided]
**Context**: [What led to this]
**Options Considered**:
- Option A: [description]
- Option B: [description]
**Decision**: We chose [Option] because [reasoning]
**Trade-offs**:
- Pros: [benefits]
- Cons: [drawbacks]
**Reversible?**: [Yes/No]This ensures:
- We remember why we made choices
- New team members understand the codebase
- AI assistants give consistent advice
- We can evaluate decisions later
See article.md for examples of documented decisions.
- Read
article.md- Complete guide with explanations - Understand the costs - Hosting comparison tables
- Follow the methodology - 3-step Vibe Coding process
- Start small - Build a simple feature first
- Read
AGENTS.md- Technical reference - Study the skills -
.opencode/skills/*.md - Review the code -
app/Controllers/Api/ - Check decisions - Documented in
article.md
- CodeIgniter 4:
ci-userguide/(local) or https://codeigniter.com/user_guide/ - Shield Auth:
shield-docs/(local) or https://shield.codeigniter.com/ - PHP: https://www.php.net/docs.php
This is a learning project built with Vibe Coding. We welcome:
- Questions and clarifications
- Suggestions for better documentation
- Bug reports (with context)
- Improvements to the methodology
Before contributing:
- Read
article.mdto understand our approach - Check
AGENTS.mdfor technical standards - Document your reasoning using our decision format
-
Check the docs first
article.mdfor methodology questionsAGENTS.mdfor technical issuesci-userguide/for CodeIgniter specifics
-
Ask the AI
- OpenCode is trained on our documentation
- Reference specific skill files for context
-
Community
- CodeIgniter Forum: https://forum.codeigniter.com
- PHP Help: https://www.reddit.com/r/PHPhelp
"Page Not Found" errors:
- Check
app/Config/Routes.php - Ensure you're accessing via
http://localhost:8080(notpublic/)
Database connection errors:
- Verify
.envconfiguration - Run
php spark migrate --all - Check MySQL is running
Authentication not working:
- Verify Shield setup:
php spark shield:setup - Check filters in
app/Config/Filters.php - Ensure tokens haven't expired
See AGENTS.md troubleshooting section for more.
- β
Read
article.mdcompletely - β Set up local environment
- β Install dependencies with Composer
- β Run migrations
- β Test the API with Postman or curl
- β Build your first feature
- API documentation with Swagger/OpenAPI
- Frontend integration examples
- Deployment guides (shared hosting, VPS)
- Video tutorial series
- Advanced features (webhooks, notifications)
Vibe Coding is the art of building software alongside AI, not against it. It's about:
- Leveraging documentation - Give AI context for better help
- Documenting decisions - Understand the "why" not just the "what"
- Iterative learning - Build while you learn, learn while you build
- Collaborative development - AI as pair programmer, not replacement
This project is proof that entrepreneurs can build production-ready software without:
- Months of learning before starting
- Expensive developer hires
- Compromising on quality or security
This project extends CodeIgniter 4, which is licensed under the MIT License.
Shield authentication is also MIT licensed.
Our documentation and methodology are shared freely to help other entrepreneurs build their dreams.