PHP download

Download the PHP package ninjaportal/portal-api without Composer

On this page you can find all versions of the php package ninjaportal/portal-api. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download ninjaportal/portal-api
More information about ninjaportal/portal-api
Files in ninjaportal/portal-api

Vendor ninjaportal
Package portal-api
Short Description REST API package for NinjaPortal
License MIT

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of ninjaportal/portal-api

Informations about the package portal-api

NinjaPortal API Package

REST API package for NinjaPortal (ninjaportal/portal) with:

Versioned routes (/api/v1/...)
Admin + consumer auth flows (JWT access token + DB refresh token)
Admin RBAC (Spatie permissions)
Consistent response envelope + API exception normalization
Activity logging subscriber for Portal domain events

Routes

Default base path: api/v1
Admin sub-prefix: admin (full admin base path: api/v1/admin)

Configuration Highlights

Main config: config/portal-api.php

Important keys:

portal-api.prefix
portal-api.admin_prefix
portal-api.auth.consumer_model
portal-api.auth.admin_model
portal-api.auth.guards.*
portal-api.rbac.enabled
portal-api.authorization.use_policies
portal-api.tokens.*
portal-api.tokens.prune.*

Out of the box, portal-api ships JWT-ready auth models:

NinjaPortal\Api\Models\User
NinjaPortal\Api\Models\Admin

When the shared ninjaportal.models.User / ninjaportal.models.Admin config values are still pointing at the core Portal models, portal-api promotes them to these API models automatically so the Portal repositories and API auth layer resolve the same classes. If your application already overrides those model config values, portal-api leaves them untouched.

Extensibility (Client Customization)

1) Custom User/Admin Models

The package supports overriding the consumer/admin auth models via config:

PORTAL_API_CONSUMER_MODEL
PORTAL_API_ADMIN_MODEL

The API package now resolves model classes and table names through NinjaPortal\Api\Support\PortalApiContext, which is used by:

auth flow (login)
route-adjacent user resolution in admin user endpoints
request validation rules that previously hardcoded users table

2) Authentication Plugins (MFA / SSO)

Auth controllers now depend on NinjaPortal\Api\Contracts\Auth\AuthFlowInterface instead of directly implementing login logic.

Default implementation:

NinjaPortal\Api\Auth\AuthFlow

Token lifecycle is abstracted by:

NinjaPortal\Api\Contracts\Auth\TokenServiceInterface
default: NinjaPortal\Api\Services\TokenService

This makes it easier for a separate package to:

replace the auth flow (SSO-first login, MFA challenge flow)
decorate token issuing/refresh/revoke behavior
listen to auth lifecycle events

3) Auth Lifecycle Events (for plugins)

Events emitted by the API package:

NinjaPortal\Api\Events\Auth\LoginAttemptedEvent
NinjaPortal\Api\Events\Auth\LoginFailedEvent
NinjaPortal\Api\Events\Auth\LoginSucceededEvent
NinjaPortal\Api\Events\Auth\TokenIssuedEvent
NinjaPortal\Api\Events\Auth\TokenRefreshedEvent
NinjaPortal\Api\Events\Auth\TokenRevokedEvent

Suggested MFA package approach:

Bind your own AuthFlowInterface implementation.
Reuse TokenServiceInterface after challenge success.
Optionally listen to auth events for auditing / throttling / risk scoring.

4) Authorization Strategy Replacement

Admin controllers can optionally perform policy checks through:

NinjaPortal\Api\Contracts\Authorization\ApiAuthorizerInterface
default implementation: NinjaPortal\Api\Authorization\PolicyApiAuthorizer

Disable policy checks (keep route RBAC only):

PORTAL_API_USE_POLICIES=false

Replace the authorizer in another package/service provider if you need:

ABAC
tenant-aware checks
external policy engines

RBAC vs Policy Checks

Two layers can coexist:

Route RBAC (Spatie): controlled by PORTAL_API_RBAC_ENABLED
Controller policy checks: controlled by PORTAL_API_USE_POLICIES

Recommended for standalone portal deployments:

Keep both enabled (true)

Pagination / List Endpoint Conventions

Shared helpers live in:

src/Http/Controllers/Controller.php
src/Http/Mixins/ApiRequestMixin.php

Preferred list pattern:

Use listParams() for per_page, order_by, direction
Query/paginate in service or query builder
Return via respondPaginated()

Intentionally Unpaginated Endpoints (Current Design)

These are intentionally returned as full collections because they are typically small/config-like datasets:

Admin settings index
Admin menus index
Admin menu items index (per menu)
RBAC roles index
RBAC permissions index

If a client deployment grows these significantly, convert them to the standard paginated pattern.

Refresh Token Pruning

Refresh tokens are stored in portal_api_refresh_tokens.

Prune expired/revoked rows manually:

Queue prune job instead:

Optional scheduler integration (package-level):

PORTAL_API_REFRESH_PRUNE_ENABLED=true
PORTAL_API_REFRESH_PRUNE_QUEUE=false
PORTAL_API_REFRESH_PRUNE_FREQUENCY=daily (daily or hourly)
PORTAL_API_REFRESH_PRUNE_TIME=03:00 (used for daily)

Docs (Scribe)

Generate docs: php artisan scribe:generate
Docs endpoint (if enabled in config/scribe.php): /docs

Development (Package-local)

Available scripts:

composer test
composer analyse
composer format

Note:

In this monorepo, package-local installs may need Composer path repositories for local package dependencies (ninjaportal/portal, etc.).

All versions of portal-api with dependencies

PHP Build Version

Package Version

Version 0.1.1 Release 01. Mar 2026
create-project require 0 people chose require and
0 people chose create-project.

Download

Download latest version of portal-api from vendor ninjaportal

Requires php Version ^8.2
spatie/laravel-package-tools Version ^1.16
spatie/laravel-permission Version ^6.0
php-open-source-saver/jwt-auth Version ^2.8
illuminate/contracts Version ^11.0||^12.0
illuminate/support Version ^11.0||^12.0
ninjaportal/portal Version ^0.1

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package ninjaportal/portal-api contains the following files

Loading the files please wait ...