See the Project License for the project's license.
This example utilizes Lumen and Spomky Labs Web Token framework. As such, you must meet the installation requirements for Lumen and Spomky Labs Web Token framework.
The combined requirements are PHP 7.1.3+ with the following extensions:
- OpenSSL
- PDO
- GMP
- MBString
- Memcached
This example utilizes Composer to manage its dependencies. So make sure you have Composer installed on your machine.
From the project root directory, execute the compose install command:
composer installThe quick and easy way to get the example up and running is to serve it with the built-in PHP development server. From the project home directory, run the following command:
php -S localhost:8080 -t publicAlthough any HTP client can access the example server, there is a ready made client to properly handle authentication, request signing and encryption, and response validation and decrypting. The client is a Lumen command. As such, it can be accessed as such:
php artisan api:requestTo see the available options for the client, simply instruct the command to show its help:
php artisan api:request -hTo see detailed information about the request and response, turn on verbose messaging:
php artisan api:request -vThere are a number of pieces of functionality that are in this example. Toggling them on and off can be accomplished
with environment settings and command options. In lumen, you can change the environment settings via the .env
file. Copy the .env.example to .env and make all the changes you like.
Make sure you pay attention to the table below regarding enabling and disabling features. Some features depend on others to work. Others have stipulations.
| Feature | Environment Setting | Command Option | Requires Features | Stipulations |
|---|---|---|---|---|
| Replay Prevention | WITH_REPLAY_PREVENTION |
--no-nonce --use-nonce[=USE-NONCE] |
Request Validation | JWT must be present as it is used as the unique identifier for replay |
| Request Validation | WITH_REQUEST_VALIDATION |
--no-req-validation |
Replay Prevention | Commands without JWT will fail as 401 |
| User Authentication | WITH_AUTHENTICATION |
--no-auth --user-name[=USER-NAME] --password[=PASSWORD] |
N/A | Basic authentication |
| Rate Limit | WITH_RATE_LIMITING |
N/A | User Authentication | GET is not rate limited. Post is rate limited |
| Encryption | WITH_JWE_ENCRYPTION |
--no-encryption --key-id[=KEY-ID] --key[=KEY] |
User Authentication | User authentication is required to properly determine keys for decryption. Both client and API will abide by the environment setting but client can be overridden by command option |
If you discover an issue with or would like to add additional features to this example app, feel free to fork the repository and then submit a pull request with your changes.