I’ve made my own API_Actions but it seems, that the user is not validated against the token, so every token (expired or not) works - what am I missing?
The sample in the docu shows no security validation so I thought this is handled like the other REST Apis
Thank you for your quick answer. I added the PedraApiController.php file with the following code. is it ok?
<?php
// PedraApiController.php
namespace {ProjectNamespace}; // NOTE: Make sure you use {ProjectNamespace}
use Psr\Container\ContainerInterface;
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Message\ResponseInterface as Response;
use {ProjectNamespace}\Attributes\Delete;
use {ProjectNamespace}\Attributes\Get;
use {ProjectNamespace}\Attributes\Map;
use {ProjectNamespace}\Attributes\Options;
use {ProjectNamespace}\Attributes\Patch;
use {ProjectNamespace}\Attributes\Post;
use {ProjectNamespace}\Attributes\Put;
/**
* My API controller
*/
class PedraApiController extends AbstractController
{
$app->post('/getLetterTemplates', function ($request, $response) {
$params = $request->getParsedBody();
... rest of the code ...
})->add(JwtMiddleware::class);
}