Download the PHP package bitshost/php-crud-api-generator without Composer
On this page you can find all versions of the php package bitshost/php-crud-api-generator. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download bitshost/php-crud-api-generator
More information about bitshost/php-crud-api-generator
Files in bitshost/php-crud-api-generator
Package php-crud-api-generator
Short Description Instant REST API for MySQL/MariaDB with JWT auth, rate limiting, monitoring, and zero code generation
License MIT
Homepage https://github.com/BitsHost/php-crud-api-generator
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package php-crud-api-generator
PHP CRUD API Generator
Expose your MySQL/MariaDB database as a secure, flexible, and instant REST-like API.
Features optional authentication (API key, Basic Auth, JWT, OAuth-ready),
OpenAPI (Swagger) docs, and zero code generation.
π Features
- Auto-discovers tables and columns
- Full CRUD endpoints for any table
- Bulk operations - Create or delete multiple records efficiently
- Configurable authentication (API Key, Basic Auth, JWT, or none)
- Rate limiting - Prevent API abuse with configurable request limits
- Request logging - Comprehensive logging for debugging and monitoring
- Advanced query features:
- Field selection - Choose specific columns to return
- Advanced filtering - Support for multiple comparison operators (eq, neq, gt, gte, lt, lte, like, in, notin, null, notnull)
- Sorting - Multi-column sorting with ascending/descending order
- Pagination - Efficient pagination with metadata
- Input validation - Comprehensive validation to prevent SQL injection and invalid inputs
- RBAC: per-table role-based access control
- Admin panel (minimal)
- OpenAPI (Swagger) JSON endpoint for instant docs
- Clean PSR-4 codebase
- PHPUnit tests and extensible architecture
π See detailed enhancement documentation β π Rate Limiting Documentation β π Request Logging Documentation β π Quick Start (5 minutes) β π Integration with upMVC Framework β - NEW! Full-stack power combo βοΈ Comparison with PHP-CRUD-API v2 β - NEW! Detailed feature comparison and when to use each πΊοΈ Feature Roadmap β - NEW! Upcoming features and integrations
π SECURITY WARNING
β οΈ CRITICAL: The admin dashboard (dashboard.html) and health endpoint (health.php) expose sensitive information and MUST BE PROTECTED before deploying to production!
These files reveal:
- API statistics, error rates, and performance metrics
- Authentication failures and security threats
- System information (memory, CPU, disk usage)
π‘οΈ SECURE YOUR DASHBOARD NOW β - Complete protection guide
Quick Fix (5 minutes): Add IP whitelist to .htaccess (Apache 2.4+):
π¦ Installation
Option 1: Install as Library (Recommended) β‘
Just 4 simple steps:
That's it! Total modifications: 2 lines of code π
π 5-Minute Quick Start Guide β π Secure Your Dashboard β β DO THIS BEFORE PRODUCTION!
Option 2: Standalone Project (Even Simpler!)
Download complete ready-to-use project:
That's it! Everything in one folder, ready to run. 0 lines to modify π
βοΈ Configuration
If installed as library (via composer require):
Edit config files in vendor directory:
If standalone project (via composer create-project):
Copy and edit config files:
Config file structure:
Edit config/db.php:
Edit config/api.php:
Environment variables (.env)
For easier secret management and 12-factor style deployments, the project also supports a root-level .env file.
- Copy
.env.exampleto.envand adjust values for your environment. - The following keys override values from
config/db.phpandconfig/api.phpwhen defined:DB_HOST,DB_NAME,DB_USER,DB_PASS,DB_CHARSETAPI_AUTH_METHODAPI_KEYS(comma-separated list)BASIC_ADMIN_PASSWORD,BASIC_USER_PASSWORDJWT_SECRET,JWT_EXPIRATION,JWT_ISSUER,JWT_AUDIENCE
- The public entrypoint loads
.envbefore configs, and.htaccessprotects.envfrom direct web access.
π Security Setup (Production)
β οΈ IMPORTANT: This framework ships with example credentials for development.
You MUST change these before deploying to production!
Quick Security Setup:
What to Change:
- [ ]
jwt_secret- Generate with:php scripts/generate_jwt_secret.php - [ ]
api_keys- Use long random strings (64+ characters) - [ ] Default admin password in
sql/create_api_users.sql - [ ] Database credentials in
config/db.php
π Full security guide: docs/AUTHENTICATION.md
π Authentication Modes
Configure in config/api.php:
- No auth:
'auth_enabled' => false - API Key:
'auth_enabled' => true, 'auth_method' => 'apikey'
Client:X-API-Keyheader or?api_key=... - Basic Auth:
'auth_method' => 'basic'
Client: HTTP Basic Auth (username:password) - JWT:
'auth_method' => 'jwt'(Recommended for production)- POST to
/index.php?action=loginwith credentials - Use returned token as
Authorization: Bearer <token>
- POST to
- OAuth (future):
'auth_method' => 'oauth'
π Complete Authentication Guide β - Detailed examples with Postman, HTTPie, cURL (JSON, Form Data, Multipart)
π API Endpoints
All requests go through public/index.php with action parameter.
| Action | Method | Usage Example |
|---|---|---|
| tables | GET | /index.php?action=tables |
| columns | GET | /index.php?action=columns&table=users |
| list | GET | /index.php?action=list&table=users |
| count | GET | /index.php?action=count&table=users |
| read | GET | /index.php?action=read&table=users&id=1 |
| create | POST | /index.php?action=create&table=users (form POST or JSON) |
| update | POST | /index.php?action=update&table=users&id=1 (form POST or JSON) |
| delete | POST | /index.php?action=delete&table=users&id=1 |
| bulk_create | POST | /index.php?action=bulk_create&table=users (JSON array) |
| bulk_delete | POST | /index.php?action=bulk_delete&table=users (JSON with ids) |
| openapi | GET | /index.php?action=openapi |
| login | POST | /index.php?action=login (JWT only) |
π€ Example curl Commands
πͺ Bulk Operations
The API supports bulk operations for efficient handling of multiple records:
Bulk Create
Create multiple records in a single transaction. If any record fails, the entire operation is rolled back.
Endpoint: POST /index.php?action=bulk_create&table=users
Request Body (JSON array):
Response:
Bulk Delete
Delete multiple records by their IDs in a single query.
Endpoint: POST /index.php?action=bulk_delete&table=users
Request Body (JSON):
Response:
π Count Records
Get the total count of records in a table with optional filtering. This is useful for analytics and doesn't include pagination overhead.
Endpoint: GET /index.php?action=count&table=users
Query Parameters:
filter- (Optional) Same filter syntax as the list endpoint
Examples:
Response:
π Advanced Query Features (Filtering, Sorting, Pagination, Field Selection)
The list action endpoint now supports advanced query parameters:
| Parameter | Type | Description |
|---|---|---|
filter |
string | Filter rows by column values. Format: filter=col:op:value or filter=col:value (backward compatible). Use , to combine multiple filters. |
sort |
string | Sort by columns. Comma-separated. Use - prefix for DESC. Example: sort=-created_at,name |
page |
int | Page number (1-based). Default: 1 |
page_size |
int | Number of rows per page (max 100). Default: 20 |
fields |
string | Select specific fields. Comma-separated. Example: fields=id,name,email |
Filter Operators
| Operator | Description | Example |
|---|---|---|
eq or : |
Equals | filter=name:eq:Alice or filter=name:Alice |
neq or ne |
Not equals | filter=status:neq:deleted |
gt |
Greater than | filter=age:gt:18 |
gte or ge |
Greater than or equal | filter=price:gte:100 |
lt |
Less than | filter=stock:lt:10 |
lte or le |
Less than or equal | filter=discount:lte:50 |
like |
Pattern match | filter=email:like:%@gmail.com |
in |
In list (pipe-separated) | filter=status:in:active|pending |
notin or nin |
Not in list | filter=role:notin:admin|super |
null |
Is NULL | filter=deleted_at:null: |
notnull |
Is NOT NULL | filter=email:notnull: |
Examples:
- Basic filtering:
GET /index.php?action=list&table=users&filter=name:Alice - Advanced filtering:
GET /index.php?action=list&table=users&filter=age:gt:18,status:eq:active - Field selection:
GET /index.php?action=list&table=users&fields=id,name,email - Sorting:
GET /index.php?action=list&table=users&sort=-created_at,name - Pagination:
GET /index.php?action=list&table=users&page=2&page_size=10 - Combined query:
GET /index.php?action=list&table=users&filter=email:like:%gmail.com&sort=name&page=1&page_size=5&fields=id,name,email - IN operator:
GET /index.php?action=list&table=orders&filter=status:in:pending|processing|shipped - Multiple conditions:
GET /index.php?action=list&table=products&filter=price:gte:10,price:lte:100,stock:gt:0
Response:
π OpenAPI Documentation (Swagger)
Your API automatically generates OpenAPI 3.0 documentation!
Get the OpenAPI Specification (JSON)
View Interactive Documentation (Swagger UI)
Option 1: Online Swagger Editor (Quick & Easy)
- Copy JSON from:
http://localhost:8000/index.php?action=openapi - Paste into: https://editor.swagger.io/
- See beautiful interactive documentation!
Option 2: Use dashboard.html (Recommended)
Your project includes dashboard.html which has API documentation built-in:
Example OpenAPI Path Structure
This is what the specification includes for /index.php?action=list&table={table}:
Note: The YAML above is just an example of the structure. The actual API returns JSON format.
π‘οΈ Security Notes
- Enable authentication for any public deployment!
- Enable rate limiting in production to prevent abuse
- Enable request logging for security auditing and debugging
- Never commit real credentialsβuse
.gitignoreand example configs. - Restrict DB user privileges.
- Input validation: All user inputs (table names, column names, IDs, filters) are validated to prevent SQL injection and invalid queries.
- Parameterized queries: All database queries use prepared statements with bound parameters.
- RBAC enforcement: Role-based access control is enforced at the routing level before any database operations.
- Rate limiting: Configurable request limits prevent API abuse and DoS attacks.
- Sensitive data redaction: Passwords, tokens, and API keys are automatically redacted from logs.
π Rate Limiting Documentation β π Request Logging Documentation β
π§ͺ Running Tests
π Working with Related Data (Client-Side Joins)
Your API provides all the data you need - it's up to the client to decide how to combine it. This approach gives you maximum flexibility and control.
Current approach: Fetch related data in separate requests and combine on the client side.
Quick Example: Get User with Posts
Optimization: Use IN Operator for Batch Fetching
Parallel Fetching for Performance
π See complete client-side join examples β
Why this approach?
- β Client decides what data to fetch and when
- β Easy to optimize with caching and parallel requests
- β Different clients can have different data needs
- β Standard REST API practice
- β No server-side complexity for joins
Future: Auto-join/expand features may be added based on user demand.
πΊοΈ Roadmap
- Client-side joins β (Current - simple and flexible!)
- Relations / Linked Data (auto-join, populate, or expand related records) - Future, based on demand
- API Versioning (when needed)
- OAuth/SSO (if targeting SaaS/public)
- More DB support (Postgres, SQLite, etc.)
- Analytics & promotion endpoints
π License
MIT
π Credits
Built by BitHost. PRs/issues welcome!
