Download the PHP package teoprayoga/teobiefy-laravel-api-response without Composer

On this page you can find all versions of the php package teoprayoga/teobiefy-laravel-api-response. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of teoprayoga/teobiefy-laravel-api-response

Informations about the package teobiefy-laravel-api-response

Teobiefy Laravel API Response

Laravel API response helpers with server-configured payload compression (zstd) and authenticated encryption (xchacha20-poly1305 / chacha20-poly1305-ietf via libsodium).

Inspired by obiefy/api-response, with first-class support for per-route payload profiles (plain / compressed / encrypted / compressed_encrypted).

Requirements

Installation

The service provider and API facade are auto-discovered.

Publish the config to config/teobiefy.php:

Optionally publish translations:

Quick start

Global helpers ok() and success() are also available.

Payload profiles

Each request/response can be transformed by a named profile resolved from the matched route:

Profile Behavior
plain No transformation
compressed Optional zstd compression on data
encrypted libsodium AEAD on data, replaced with data_enc + nonce
compressed_encrypted compress, then encrypt
signed HMAC-SHA256 tag attached as sig; integrity without encryption
compressed_signed compress, then attach HMAC tag

Configure per-route in config/teobiefy.php:

Inbound decryption is handled by PayloadDecryptMiddleware — register it in your HTTP kernel for routes that accept encrypted payloads.

Transformed response/request envelopes include:

Field Meaning
data_comp Base64 JSON payload for compressed and signed profiles
data_enc Base64 encrypted payload for encrypted profiles
nonce Base64 nonce used by encrypted profiles
cipher Encryption driver recorded in the payload
compression none or zstd, so receivers know whether decompression is required
kid Encryption key id; emitted only when key rotation is configured
sig / sig_alg / sig_kid HMAC tag, algorithm, and signing key id for signed profiles

Profile via PHP attribute

In addition to the route_profiles map, you can mark a controller method or controller class directly:

Resolution order: attribute on method → attribute on class → route_profiles pattern match → default_profile. Closure routes fall through to the config pattern stage.

Key rotation

To rotate the encryption key without breaking outstanding payloads, configure a named keyring and pick an active key id:

Envelopes encrypted with active = 'v2' carry "kid": "v2"; rotate by adding v3 to keys and setting active = 'v3'. Older envelopes with kid = v1 or kid = v2 continue to decrypt as long as those keys remain in keys.

If keys is empty and active is null, the package runs in legacy single-key mode and the envelope omits kid (byte-for-byte identical with pre-rotation deployments).

Response signing

Use signed / compressed_signed profiles when you want integrity without confidentiality (e.g. publicly cacheable responses that must not be tampered with).

Generate a key:

On inbound signed requests, PayloadDecryptMiddleware verifies before decompression and rejects with HTTP 401 plus WWW-Authenticate: TeobiefySig on tampering, unknown sig_kid, or an algorithm that is not in the allowlist.

AEAD-encrypted profiles already carry an integrity tag, so the package intentionally does not ship an encrypted_signed profile.

Replay protection

Optional, off by default. When enabled, encrypted and signed payloads wrap their inner content with a {ts, rnonce, payload} envelope inside the AEAD/HMAC scope, and inbound requests are rejected if (a) the timestamp falls outside the configured window or (b) the random nonce has already been seen. Plain and compressed-only profiles are never wrapped (no integrity guarantee).

Replay failures are reported as HTTP 409 Conflict. The nonce store uses the Laravel cache (Repository::add() for atomic check-and-set), so the cache_store should be one that is shared across workers in production (e.g. Redis); the default array driver only protects within a single process.

Encryption key

Set a base64-encoded 32-byte key in .env:

Generate one:

Config reference

See config/teobiefy.php for all options (response keys, status stringification, compression, encryption, signing, replay_protection, sodium_compat fallback toggle, etc.).

Compression options:

Set driver to none to keep compressed profiles in the same envelope format without requiring ext-zstd. min_bytes controls the smallest JSON payload that will be zstd-compressed; smaller payloads are sent with compression: none.

Encryption uses TEOBIEFY_ENCRYPTION_KEY by default:

Migrating from config/api.php

This release renames the package config namespace from api to teobiefy to avoid colliding with application config. Move any previous package settings from config/api.php to config/teobiefy.php, then update custom runtime reads from config('api...') to config('teobiefy...').

License

MIT — see LICENSE.

All versions of teobiefy-laravel-api-response with dependencies

PHP Build Version
Package Version
Requires php Version ^8.1
ext-json Version *
illuminate/cache Version ^10.0|^11.0|^12.0|^13.0
illuminate/console Version ^10.0|^11.0|^12.0|^13.0
illuminate/http Version ^10.0|^11.0|^12.0|^13.0
illuminate/support Version ^10.0|^11.0|^12.0|^13.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package teoprayoga/teobiefy-laravel-api-response contains the following files

Loading the files please wait ...