Download the PHP package larananas/lumen-json-rpc without Composer

On this page you can find all versions of the php package larananas/lumen-json-rpc. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package lumen-json-rpc

Lumen JSON-RPC

Lumen JSON-RPC logo

[![Tests](https://github.com/larananas/lumen-json-rpc/actions/workflows/ci.yml/badge.svg)](https://github.com/larananas/lumen-json-rpc/actions/workflows/ci.yml) [![License: LGPL-3.0-or-later](https://img.shields.io/badge/license-LGPL--3.0--or--later-blue.svg)](LICENSE) [![PHP](https://img.shields.io/badge/PHP-modern-777bb4.svg)](#) [![Docs](https://img.shields.io/badge/docs-website-blue.svg)](https://larananas.github.io/lumen-json-rpc/)

✨ Framework-free JSON-RPC for PHP — strict handler.method routing, strong defaults, auth drivers, gzip, rate limiting, middleware, lightweight schema validation, direct JSON usage, and docs generation.

A framework-free JSON-RPC 2.0 server library for modern PHP.

It keeps the boring parts solid — request validation, batching, auth, compression, rate limiting, hooks, docs, and predictable handler execution — while keeping your application code explicit and reviewable.


📚 Documentation

Full documentation is available at the documentation website: https://larananas.github.io/lumen-json-rpc.


🚀 Why this feels good in real projects

Lumen JSON-RPC is built for developers who want a real server library, not a vague protocol toolkit and not a heavy framework abstraction.

You get, out of the box

What it is trying to be

A clean JSON-RPC 2.0 server for PHP that stays:

What it is not trying to be


📦 Install

Documentation website: larananas.github.io/lumen-json-rpc

Requires PHP >=8.2 and ext-json.

Composer consumers install the normal tagged package archive. Repository-only assets such as tests, examples, source docs, CI workflows, and docs-site tooling are intentionally excluded from package archives.

Optional extras

Without optional extras, the library still works.


✅ Quality and release checks


⚡ Quick Start

1) Create an entry point (public/index.php)

2) Create a handler (handlers/User.php)

3) Send a request

4) Response


🧭 The 30-second mental model

Methods follow the handler.method pattern:

JSON-RPC Method Handler Class Method
user.get handlers/User.php get()
user.create handlers/User.php create()
system.health handlers/System.php health()

That means:

No manual method registry. No hidden auto-generated procedures. No “where is this route even defined?” nonsense.


✨ What you gain beyond basic JSON-RPC

🔐 Multiple auth drivers

You can protect exact methods or method prefixes with:

Use exact method names like user.get to protect one procedure, or trailing-separator prefixes like user. to protect a whole handler surface.

🧩 Direct JSON usage

HTTP is still the default, but the stable transport-agnostic entry point is JsonRpcServer::handleJson().

If you need to resolve auth from request headers before handing the context around, use the stable server API instead of the internal engine:

If you need a custom header-based auth flow, install it on the stable server surface:

🏗️ Handler factory for lightweight DI

You can inject app services into handlers without forcing a framework container.

🪝 Middleware pipeline

Run logic before / after each request without mixing it into handlers.

📋 Explicit procedure descriptors (optional)

The default handler.method auto-discovery is the primary model. For advanced use cases, you can also register procedures explicitly:

Explicit descriptors work alongside auto-discovered handlers. Descriptor metadata is used by documentation generators. When you need richer machine-readable contracts, descriptor metadata can also provide resultSchema for generated JSON/OpenRPC output.

Auto-discovered handlers can also provide richer result contracts with a docblock tag such as @result-schema {"type":"object",...}.

✅ Optional schema validation

When you want more than simple type binding, a handler can provide a lightweight validation schema.

Enable it with:

If you do nothing, normal parameter binding still works exactly fine.

The schema support is intentionally a lightweight subset for runtime request validation. It is not a full JSON Schema implementation.

Generated JSON and OpenRPC docs also reuse these request schemas when available, and explicit descriptor metadata or handler docblock @result-schema tags can provide richer result contracts, so machine-readable docs can carry both parameter constraints and richer result contracts.


🆚 At a glance: how it compares

This is a scope-level comparison based on public docs and default library behavior. It is intentionally simplified and focused on developer-facing features.

Feature Lumen JSON-RPC uma/json-rpc datto/json-rpc fguillot/json-rpc
Framework-free server
HTTP support out of the box
Direct JSON usage without HTTP
Strict handler.method auto-discovery
Middleware pipeline
Optional advanced param validation 🟡~
JWT built in 🟡~
API key built in 🟡~
Basic auth built in 🟡~
Rate limiting built in
Gzip support built in
Docs generation built in
No mandatory external Composer deps in production

Why this matters

Lumen JSON-RPC is opinionated in a very specific way:

If that trade-off matches how you like to build plain PHP backends, that is exactly where it shines.


🧠 Design decisions

These choices are intentional. They are not accidental omissions.

1) Why handler.method?

Because it stays easy to reason about.

When you see user.get, you know where to look:

That keeps the execution path explicit, reviewable, and boring in a good way.

2) Why no manual method registry?

Because a second mapping layer becomes busywork fast.

A lot of JSON-RPC libraries let you manually register callbacks or procedure maps. That can be useful in tiny demos, but in real apps it also means:

Lumen JSON-RPC chooses discovery + convention instead. If the handler exists and the method is callable, the library can resolve it directly.

3) Why JWT by default when auth is enabled?

Because it is the most common modern default for API-style auth.

But “default” does not mean “forced”.

You can switch to:

without changing the rest of the server model.

So the default is opinionated, but the library is still practical.


🛡️ Handler Safety

The resolver is intentionally strict:

This keeps execution paths explicit and limits surprises.


🔐 Authentication

Available drivers

Example: JWT

Example: API key

Example: Basic auth

Prefer password_hash for production credentials. Plaintext password remains supported for development and tests.

Access auth data in handlers

See:

Apache note: depending on your setup, you may need to forward the Authorization header explicitly. See the authentication guide and the auth example for a working .htaccess snippet.


🚦 Rate Limiting

File-based rate limiting with atomic file locking:

By default, rate limiting is fail-closed: if the storage backend cannot be opened or locked, the request is denied with HTTP 429 instead of silently bypassing the limit. Set fail_open: true only when you explicitly prefer availability over strict enforcement.

Rate-limited requests return:

Batch weight counts actual items received, and consumption is atomic.

Custom backends

The rate limit storage is pluggable. Implement RateLimiterInterface to use Redis, Memcached, or any backend:

An InMemoryRateLimiter is included for testing.

📦 Batch Limits

Batch requests are limited to batch.max_items (default: 100):


🗜️ Compression

If ext-zlib is available:

If ext-zlib is not available, the library degrades cleanly. It does not become uninstallable just because gzip is unavailable.


🧬 Response Fingerprinting

Successful single responses can include an ETag header. Clients can then use If-None-Match for conditional requests:


🪝 Hooks and middleware

Hooks and middleware are complementary:

Hook flow

Hook example

Hook callbacks run inline. By default, thrown hook exceptions are logged and suppressed so request execution can continue. Set hooks.isolate_exceptions to false if you want hook failures to abort the request instead.


🌐 Transport behavior

HTTP status codes are reserved for transport-level outcomes:


🧠 Parameter binding

Parameters are type-checked and mapped to -32602 Invalid params for mismatches.

Supported behavior

This keeps handler signatures clean without turning binding into magic.


📚 Documentation generation

Generate docs from handler metadata:

Adjust --config to your application's config file path. The docs generator is included in Composer package archives; repository docs, examples, and the docs-site builder remain repository-only.

Supported formats:


🔒 Stability and versioning

The stable public surface is centered on JsonRpcServer and its documented collaborators such as RequestContext, HandlerFactoryInterface, MiddlewareInterface, RateLimiterInterface, hooks, procedure descriptors, and stable server accessors like getHooks(), getRegistry(), and getLogger().

JsonRpcServer::getEngine() is available as an escape hatch for advanced integrations, but JsonRpcEngine remains internal and is not covered by backward-compatibility guarantees between minor releases.

Release policy:


🧪 Examples

Basic example

A minimal server with handlers and no auth. Repository examples are published with the source repository, not the package archive:

Auth example

Shows JWT auth with a working example app:

Advanced example

Shows:

Browser demo

A tiny HTML page that lets you send raw JSON-RPC requests and inspect the raw response:


🚨 Error codes

Code Meaning When
-32700 Parse error Invalid JSON
-32600 Invalid Request Malformed request, empty body, empty batch
-32601 Method not found Unknown or reserved method
-32602 Invalid params Missing, wrong type, unknown, or surplus parameters
-32603 Internal error Handler or middleware exception, serialization failure
-32000 Rate limit exceeded Too many requests
-32001 Authentication required Protected method without valid credentials
-32099 Custom server error Application-defined

Error handling notes


⚙️ Configuration

See the configuration guide for the full configuration reference with all keys, defaults, and descriptions.

For architecture details and the request lifecycle, see the architecture guide.

For authentication-specific setup and integration notes, see the authentication guide.


🧪 Running tests


🔒 Security

Security-sensitive behavior includes:

See the security guide for details.


📖 Documentation Website

This repository includes a static documentation site published via GitHub Pages.

Default URL: larananas.github.io/lumen-json-rpc

Build the site locally

This is a repository-only maintenance step. The generated docs-site/ output is gitignored, and the source docs plus site builder are export-ignored from package archives.

This generates the docs-site/ directory with 15 HTML pages.

Deployment

Docs are deployed automatically by the Deploy Docs GitHub Actions workflow:

Enabling GitHub Pages (one-time setup)

  1. Go to Settings → Pages
  2. Set Source to GitHub Actions (not "Deploy from a branch")
  3. Trigger a deployment (release or manual workflow dispatch)
  4. The site will be available at https://larananas.github.io/lumen-json-rpc/

Custom domain (optional)

Custom domains are not automatic — they require manual DNS and GitHub configuration.

To use a custom domain:

  1. Configure your DNS provider to point a CNAME record to larananas.github.io
  2. In GitHub Settings → Pages → Custom domain, enter your domain
  3. Build the docs with the DOCS_CNAME environment variable set:

For CI deployments, add DOCS_CNAME as a repository secret and reference it in the workflow.

Without DOCS_CNAME, no CNAME file is emitted and the standard GitHub Pages project URL is used.


📄 License

Lumen JSON-RPC is free software licensed under the GNU Lesser General Public License, version 3 or any later version (LGPL-3.0-or-later).

In practical terms: you can use this library in both open-source and proprietary applications. You can integrate it into your own codebase, extend it, subclass it, and build commercial or closed-source software on top of it without having to release your whole application under the LGPL.

The main condition is about the library itself:

This is an intentional choice: the goal is to keep the library easy to adopt in real-world PHP projects while ensuring that improvements to the core engine are contributed back when they are distributed.

For the exact legal terms, see the LICENSE file.


✉️ Contact

For licensing or project-related questions: [email protected]


All versions of lumen-json-rpc with dependencies

PHP Build Version
Package Version
Requires php Version >=8.2
ext-json Version *
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package larananas/lumen-json-rpc contains the following files

Loading the files please wait ...