Download the PHP package roadiz/abstract-api-theme without Composer

On this page you can find all versions of the php package roadiz/abstract-api-theme. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of roadiz/abstract-api-theme

Informations about the package abstract-api-theme

Abstract API theme

Exposes Roadiz content as a public REST API. Mainly used in Roadiz Headless edition.

Build Status

OAuth2 classes and logic are highly based on trikoder/oauth2-bundle which implemented thephpleague/oauth2-server to Symfony ecosystem.

Configuration

Use .env file

This middleware theme uses symfony/dotenv to import .env variables to your project. Be sure to create one with at least this configuration:

Your Roadiz entry points must initialize DotEnv object to fetch this configuration from a .env file our from your system environment (i.e. your Docker container environment).

Registering API theme

or in your config.yml:

Choose between simple API-Key or full OAuth2 authentication schemes

Enable grant types for your website

If you opted for OAuth2 applications, you must enable grant-type(s) for the Authorization server before going further: just extend the AuthorizationServer::class Roadiz service as below.

AbstractApiTheme currently supports:

Customize CORS

CORS handling is highly based on nelmio/NelmioCorsBundle, options are just handled as a service you can extend for your website. \ This will automatically intercept requests containing an Origin header. Pre-flight requests must be performed using OPTIONS verb and must contain Origin and Access-Control-Request-Method headers.

Use cache-tags

Serialization context can gather every nodes ID, documents ID and tags ID they find during requests, as known as cache tags.

Cache tags will be appended to response X-Cache-Tags header and will allow you to clear your reverse-proxy caches more selectively. Here are cache tags syntax:

Cache-tags syntax is the shortest possible to avoid hitting maximum header size limit in your Nginx configuration.

Create a new application

Applications hold your API keys and control incoming requests Referer against a regex pattern.

Confidential applications: OAuth2

Reserved roles / scope

Generic Roadiz API

API Route listing

OAuth2 entry points

For authorization code grant you will find more detail on ThePHPLeague OAuth2 Server documentation

Authorization code grant flow will redirect non-authenticated users to GET /oauth2-login with the classic Roadiz login form. You can call GET /authorize/logout to force user logout. Note that authorization code grant won't give each application' roles if logged-in user does not have them before (except for ROLE_SUPERADMIN). User will be asked to grant permission on application role but he won't benefit from them for security reasons (permissions escalation). Make sure your users have the right roles before inviting them to use your OAuth2 application.

User detail entry point

Listing nodes-sources

If you created a Event node-type, API content will be available at /api/1.0/event endpoint. Serialization context will automatically add @id, @type, slug and url fields in your API resource:

Note: In listing context, only node-type-fields from default group will be exposed. If you want to prevent some node-type fields to be serialized during listing you can give them a Group name. This can be helpful for avoiding document or node reference fields to bloat your JSON responses.

Filters

On NodesSources content:

Plus any date, datetime and boolean node-type fields which are indexed.

Locale filter

_locale filter set Roadiz main translation for all database lookups, make sure to always set it to the right locale, or you won't get any result with search or path filters against French queries.

Path filter

path filter uses Roadiz internal router to search only one result to match against your query. You can use:

If you get one result, you'll find canonical path in hydra:member > 0 > url field to create a redirection in your frontend framework and advertise node-source new URL.

Redirect home path with Accept-Language

Using path filter with / value only, you can send Accept-Language header to the API to let it decide with translation is best for your consumer. If a valid data is found, API will respond with Content-Language header contain accepted locale. To enable this behaviour, you must enable force_locale Roadiz setting to make sure each home page path displays its locale and to avoid infinite redirection loops.

Search nodes-sources

If your search parameter is longer than 3 characters, each API result item will be composed with:

Filters

Listing tags per node-types

If you created a Event node-type, you may want to list any Tags attached to events, API will be available at /api/1.0/event/tags endpoint. Be careful, this endpoint will display all tags, visible or not, unless you filter them.

Filters

On Tag content:

Listing archives per node-types

If you created a Event node-type, you may want to list any archives from events, API will be available at /api/1.0/event/archives endpoint. Here is a response example which list all archives grouped by year:

Filters

Getting node-source details

For each node-source, API will expose detailed content on /api/1.0/event/{id} and /api/1.0/event/by-slug/{slug} endpoints.

Getting node-source details directly from its path

Filters

Alternate resources URLs

Any node-source detail response will have a Link header carrying URLs for all alternate translations. For example a legal page which is translated in English and French will have this Link header data:

text/html resources URL will always be absolute paths instead of absolute URL in order to generate your own URL in your front-end framework without carrying API scheme.

Listing node-source children

For safety reasons, we do not embed node-sources children automatically. We invite you to use TreeWalker library to extend your JSON serialization to build a safe graph for each of your node-types. Create a JMS\Serializer\EventDispatcher\EventSubscriberInterface subscriber to extend serializer.post_serialize event with StaticPropertyMetadata.

Serialization context

For each request, serialization context holds many useful objects during serializer.post_serialize events:

Breadcrumbs

If you want your API to provide breadcrumbs for each reachable nodes-sources, you can implement Themes\AbstractApiTheme\Breadcrumbs\BreadcrumbsFactoryInterface and register it in your AppServiceProvider. For each NodeTypeSingle API request (i.e. not in listing context), a breadcrumbs will be injected with all your node parents as defined in your BreadcrumbsFactoryInterface.

Here is a vanilla implementation which respects Roadiz node tree structure:

Errors

If you want to get detailed errors in JSON, do not forget to add the header: Accept: application/json to every request you make. You'll get message such as:

with the right status code (40x or 50x). Make sure to catch and read your response data from your frontend framework when your request fails to know more about errors.

Using Etags

Every NodeSources based response will contain a ETag header calculated on API response content checksum.

You can setup your API consumer to send a If-None-Match header containing the latest ETag found. API will return an empty 304 Not Modified response if content has not changed, or the whole response if it changed with a new ETag header.

All versions of abstract-api-theme with dependencies

PHP Build Version
Package Version
Requires php Version >=7.4
roadiz/roadiz Version ~1.7.0
roadiz/rozier Version ~1.7.0
ramsey/uuid Version ^3.8
friendsofsymfony/jsrouting-bundle Version ^2.5.3
league/oauth2-server Version ^8.2.2
symfony/psr-http-message-bridge Version ^2.0
nyholm/psr7 Version ^1.3
symfony/rate-limiter Version ^5.2
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package roadiz/abstract-api-theme contains the following files

Loading the files please wait ....