Download the PHP package ottimis/ermes-php-sdk without Composer
On this page you can find all versions of the php package ottimis/ermes-php-sdk. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download ottimis/ermes-php-sdk
More information about ottimis/ermes-php-sdk
Files in ottimis/ermes-php-sdk
Package ermes-php-sdk
Short Description PHP SDK for Ermes notification platform
License
Informations about the package ermes-php-sdk
ermes-php-sdk
PHP SDK for the Ermes notification platform. Handles event ingestion, inbox proxy, user token generation, and JWKS exposure.
Requirements
- PHP 8.1+
- ext-curl
- ext-openssl
Installation
Via company VCS repository, add to your composer.json:
Configuration
Option A — explicit (recommended for multi-project setups)
Option B — from environment variables
| Env var | Required | Description |
|---|---|---|
NOTIFICATION_CORE_URL |
yes | Base URL of the Ermes core server |
NOTIFICATION_TENANT_KEY |
yes | Logical tenant identifier |
NOTIFICATION_APPLICATION_ID |
yes | Producer application identifier |
NOTIFICATION_ISSUER |
yes | iss claim expected in JWTs |
NOTIFICATION_API_KEY |
yes | Basic auth key for event ingestion |
NOTIFICATION_API_SECRET |
yes | Basic auth secret for event ingestion |
NOTIFICATION_RSA_PRIVATE_KEY |
yes* | RSA private key PEM (inline, \n escaped) |
NOTIFICATION_RSA_PRIVATE_KEY_PATH |
yes* | Path to RSA private key PEM file |
NOTIFICATION_KID |
no | Key ID for JWKS (default: key-1) |
*Either NOTIFICATION_RSA_PRIVATE_KEY or NOTIFICATION_RSA_PRIVATE_KEY_PATH is required.
Tenant registration
Before using the SDK, your tenant must be registered on the Ermes core. This is a one-time operation done by the platform operator:
The response returns credentials.api_key and credentials.api_secret. Store them immediately — they are shown only once.
Your backend must expose /.well-known/jwks.json so the Ermes core can validate user JWTs. Use getJwks() for this:
Sending events
tenant_key, application_id, and event_id are injected automatically by the SDK.
User token (Socket.IO + inbox API)
The frontend needs a signed JWT to connect to the Ermes WebSocket and call the inbox HTTP API directly. Issue it from your backend:
The JWT claims structure is fixed by the SDK to match Ermes server expectations. The private key is encapsulated — the only way to obtain a valid signed token is through these methods.
Frontend Socket.IO connection:
Inbox proxy methods
These methods act as a proxy: your backend generates a user-scoped JWT internally and forwards the request to the Ermes core. The frontend never calls the Ermes core HTTP API directly.
List notifications
Unread count
Sync (cursor-based, preferred for incremental updates)
Mark as read
All mark methods return ['success' => bool, 'statusCode' => int].
InboxItem shape
All notification items (from getNotifications, syncNotifications, Socket.IO event notification.new) share the same shape:
| Field | Type | Notes |
|---|---|---|
notification_uuid |
string (UUID) | Public identifier. Use for deduplication. |
topic |
string | Logical category (e.g. contracts.approved) |
title |
string | Short display title |
body |
string|null | Notification body, markdown or plain text |
severity |
string|null | info | warning | error | success |
entity_type |
string|null | Domain entity type (e.g. contract) |
entity_id |
string|null | Domain entity identifier |
payload |
object|null | Custom JSON metadata from producer |
read_at |
string|null | ISO 8601. null if unread |
created_at |
string | ISO 8601 creation timestamp |
Error handling
All methods return an array. Check success before using body:
Common error codes from the core:
| Code | HTTP | Meaning |
|---|---|---|
unauthorized |
401 | Missing or invalid credentials |
invalid_token |
401 | JWT invalid (signature, claims, expiry) |
invalid_payload |
400 | Request body does not match schema |
invalid_recipient_user |
400 | A user ID looks like a room name instead of a user ID |
tenant_mismatch |
403 | tenant_key in payload does not match authenticated tenant |
rate_limited |
429 | Rate limit exceeded (events: 100/min, read: 300/min per user) |
unknown_tenant |
400 | Tenant key not found or inactive |