REST API Security

Hi,
PHPMaker 2025

I’ve made my own API_Actions but it seems, that the user is not validated against the token, so every token (expired or not) works - what am I missing?

The sample in the docu shows no security validation so I thought this is handled like the other REST Apis

thanks
Philipp

If you use API_Actions and want to reuse the built-in REST Security, when you add your API action, you need to add the JwtMiddleware, e.g.

$app->get('/hello/{name}', function ($request, $response, $args) {
//...
})->add(JwtMiddleware::class);

However, I recommend using the API controller approach instead.

Hi,
You recommended using the API controller approach. is it work with 2024? if so, please post and example for post and JwtMiddleware enabled.

Thanks

See Example 4 (v2024, which is same)

Thank you for your quick answer. I added the PedraApiController.php file with the following code. is it ok?

<?php

// PedraApiController.php

namespace {ProjectNamespace}; // NOTE: Make sure you use {ProjectNamespace}

use Psr\Container\ContainerInterface;

use Psr\Http\Message\ServerRequestInterface as Request;

use Psr\Http\Message\ResponseInterface as Response;

use {ProjectNamespace}\Attributes\Delete;

use {ProjectNamespace}\Attributes\Get;

use {ProjectNamespace}\Attributes\Map;

use {ProjectNamespace}\Attributes\Options;

use {ProjectNamespace}\Attributes\Patch;

use {ProjectNamespace}\Attributes\Post;

use {ProjectNamespace}\Attributes\Put;

/**

* My API controller

*/

class PedraApiController extends AbstractController

{

$app->post('/getLetterTemplates', function ($request, $response) {

$params = $request->getParsedBody();

... rest of the code ...

})->add(JwtMiddleware::class);

}

thanks

You need to follow the syntax in the example.