This plugin provides basic support for building REST API services in your CakePHP 3 application. Read a detailed guide on how to implement this here - CakePHP: Build REST APIs with RestApi plugin
This plugin has the following requirements:
- CakePHP 3.0.0 or greater.
- PHP 5.4.16 or greater.
You can install this plugin into your CakePHP application using composer.
The recommended way to install composer packages is:
composer require multidots/cakephp-rest-api
After installation, Load the plugin
Plugin::load('RestApi', ['bootstrap' => true]);
Or, you can load the plugin using the shell command
$ bin/cake plugin load -b RestApi
You just need to create your API related controller and extend it to ApiController
instead of default AppController
. You just need to set you results in apiResponse
variable and your response code in httpStatusCode
variable. For example,
namespace App\Controller;
use RestApi\Controller\ApiController;
/**
* Foo Controller
*/
class FooController extends ApiController
{
/**
* bar method
*
*/
public function bar()
{
// your action logic
// Set the HTTP status code. By default, it is set to 200
$this->httpStatusCode = 200;
// Set the response
$this->apiResponse['you_response'] = 'your response data';
}
}
You can define your logic in your action function as per your need. For above example, you will get following response in json
format,
{"status":"OK","result":{"you_response":"your response data"}}
The URL for above example will be http://yourdomain.com/foo/bar
. You can customize it by setting the routes in APP/config/routes.php
.
Simple :)
This plugin provides several configuration related to CORS
, Request Logging and JWT
authentication. The default configurations are as below and defined in RestApi/config/api.php
.
<?php
return [
'ApiRequest' => [
'log' => false,
'jwtAuth' => [
'enabled' => true,
'cypherKey' => 'R1a#2%dY2fX@3g8r5&s4Kf6*sd(5dHs!5gD4s',
'tokenAlgorithm' => 'HS256'
],
'cors' => [
'enabled' => true,
'origin' => '*',
'allowedMethods' => ['GET', 'POST', 'OPTIONS'],
'allowedHeaders' => ['Content-Type, Authorization, Accept, Origin'],
'maxAge' => 2628000
]
]
];
You can check for presence of auth token in API request. By default it is enabled. You need to define a flag allowWithoutToken
to true
or false
. For example,
$routes->connect('/demo/foo', ['controller' => 'Demo', 'action' => 'foo', 'allowWithoutToken' => false]);
Above API method will require auth token in request. You can pass the auth token in either header, in GET parameter or in POST field.
If you want to pass token in header, use below format.
Authorization: Bearer [token]
In case of GET or POST parameter, pass the token in token
parameter.
This plugin provides Utility class to generate jwt token and sign with same key and algorithm. Use JwtToken::generate()
method wherever required. Most probably, you will need this in user login and register API. See below example,
<?php
namespace App\Controller;
use RestApi\Controller\ApiController;
use RestApi\Utility\JwtToken;
/**
* Account Controller
*
*/
class AccountController extends ApiController
{
/**
* Login method
*
* Returns a token on successful authentication
*
* @return void|\Cake\Network\Response
*/
public function login()
{
$this->request->allowMethod('post');
/**
* process your data and validate it against database table
*/
// generate token if valid user
$payload = ['email' => $user->email, 'name' => $user->name];
$this->apiResponse['token'] = JwtToken::generateToken($payload);
$this->apiResponse['message'] = 'Logged in successfully.';
}
}
By default, cors requests are enabled and allowed from all domains. You can overwrite these settings by creating config file at APP/config/api.php
. The content of file will look like,
<?php
return [
'ApiRequest' => [
'cors' => [
'enabled' => true,
'origin' => '*',
'allowedMethods' => ['GET', 'POST', 'OPTIONS'],
'allowedHeaders' => ['Content-Type, Authorization, Accept, Origin'],
'maxAge' => 2628000
]
]
];
To disable cors request, set enabled
flag to false
. To allow requests from specific domains, set them in origin
option like,
<?php
return [
'ApiRequest' => [
'cors' => [
'enabled' => true,
'origin' => ['localhost', 'www.example.com', '*.example.com'],
'allowedMethods' => ['GET', 'POST', 'OPTIONS'],
'allowedHeaders' => ['Content-Type, Authorization, Accept, Origin'],
'maxAge' => 2628000
]
]
];
By default, request log is disabled. You can overwrite this by creating/updating config file at APP/config/api.php
. The content of file will look like,
<?php
return [
'ApiRequest' => [
'log' => true,
// other config options
]
];
After enabling the log, you need to create a table in your database. Below is the table structure.
CREATE TABLE IF NOT EXISTS `api_requests` (
`id` char(36) NOT NULL,
`http_method` varchar(10) NOT NULL,
`endpoint` varchar(2048) NOT NULL,
`token` varchar(2048) DEFAULT NULL,
`ip_address` varchar(50) NOT NULL,
`request_data` longtext,
`response_code` int(5) NOT NULL,
`response_data` longtext,
`exception` longtext,
`created` datetime NOT NULL,
`modified` datetime NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Or you can use the bake
command to automatically generate the above table.
$ bin/cake migrations migrate --plugin RestApi
The default response format of API is json
and its structure is defined as below.
{
"status": "OK",
"result": {
//your result data
}
}
If you have set httpResponseCode to any value other that 200, the status
value will be NOK
otherwise OK
. In case of exceptions, it will be handled automatically and set the appropriate status code.
Below are few examples to understand how this plugin works.
Let's create an API which returns a list of articles with basic details like id and title. Our controller will look like,
<?php
namespace App\Controller;
use RestApi\Controller\ApiController;
/**
* Articles Controller
*
* @property \App\Model\Table\ArticlesTable $Articles
*/
class ArticlesController extends ApiController
{
/**
* index method
*
*/
public function index()
{
$articles = $this->Articles->find('all')
->select(['id', 'title'])
->toArray();
$this->apiResponse['articles'] = $articles;
}
}
The response of above API call will look like,
{
"status": "OK",
"result": {
"articles": [
{
"id": 1,
"title": "Lorem ipsum"
},
{
"id": 2,
"title": "Donec hendrerit"
}
]
}
}
This plugin will handle the exceptions being thrown from your action. For example, if you API method only allows POST
method and someone makes a GET
request, it will generate NOK
response with proper HTTP response code. For example,
<?php
namespace App\Controller;
use RestApi\Controller\ApiController;
/**
* Foo Controller
*
*/
class FooController extends ApiController
{
/**
* bar method
*
*/
public function restricted()
{
$this->request->allowMethod('post');
// your other logic will be here
// and finally set your response
// $this->apiResponse['you_response'] = 'your response data';
}
}
The response will look like,
{"status":"NOK","result":{"message":"Method Not Allowed"}}
Another example of throwing an exception,
<?php
namespace App\Controller;
use Cake\Network\Exception\NotFoundException;
use RestApi\Controller\ApiController;
/**
* Foo Controller
*
*/
class FooController extends ApiController
{
/**
* error method
*
*/
public function error()
{
$throwException = true;
if ($throwException) {
throw new NotFoundException();
}
// your other logic will be here
// and finally set your response
// $this->apiResponse['you_response'] = 'your response data';
}
}
And the response will be,
{"status":"NOK","result":{"message":"Not Found"}}
If you have a problem with this plugin or any bug, please open an issue on GitHub.