Hi,
PHPMaker 2025
I’ve made my own API_Actions but it seems, that the user is not validated against the token, so every token (expired or not) works - what am I missing?
The sample in the docu shows no security validation so I thought this is handled like the other REST Apis
thanks
Philipp
If you use API_Actions and want to reuse the built-in REST Security, when you add your API action, you need to add the JwtMiddleware, e.g.
$app->get('/hello/{name}', function ($request, $response, $args) {
//...
})->add(JwtMiddleware::class);
However, I recommend using the API controller approach instead.