Download the PHP package vzool/api-hmac-guard without Composer

On this page you can find all versions of the php package vzool/api-hmac-guard. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package api-hmac-guard

ApiHmacGuard (Impersonate Protection Algorithm)

Latest Stable Version Total Downloads Join the chat at https://gitter.im/chrisbjr/api-guard

Impersonate Protection Algorithm

A simple way of authenticating your APIs with API HMAC keys using Laravel. This package uses the following libraries:

Laravel 5.3, 5.4 and 5.5 is finally supported!

*Laravel 5.3.x onwards: `~4.`

*Laravel 5.1.x to 5.2.x: [`~3.`](https://github.com/vzool/api-hmac-guard/blob/3.1/README.md)

*Laravel 5.1.x: `~2.`

*Laravel 4.2.x: [`~1.`](https://github.com/vzool/api-hmac-guard/tree/laravel4) (Recently updated version for Laravel 4. Please note that there are namespace changes here)

*Laravel 4.2.x: [`0.`](https://github.com/vzool/api-hmac-guard/tree/v0.7) (The version that most of you are using)

Fork overview points:

1- API tokens should never be saved in the database, which help us secure users token and protect them against impersonate user account by using tokens that leaked from database if breach take place.

2- Database will save a public_key which is an endpoint to access key pairs record, this key should be unique and indexed.

3- Database will save a private_key which will be kept private at server side.

4- Token which is a shared_key will be generated every time when the request happen.

5- Token will be generated on the fly by Hmac and using Application Key config('app.key') as server private key with private_key which considered a client private key on server side.

6- Default Hmac algo is sha3-384, there are many algo out there.

7- If you change Hmac algo, the key length will be different which depends on algo itself.

8- The Middleware will expect two keys as headers which are:

9- If you don't like a default headers name, then you can update them from apiguard.php config file.

10- You should send these two keys public_key & shared_key to your clients and make them send it back to server in order to be identified.

Quick Example

Quick start

Installation for Laravel 5.3 to 5.4

Run composer require vzool/api-hmac-guard 4.*

In your config/app.php add Vzool\ApiHmacGuard\Providers\ApiGuardServiceProvider to the end of the providers array

Now publish the migration and configuration files for api-guard:

$ php artisan vendor:publish --provider="Vzool\ApiHmacGuard\Providers\ApiGuardServiceProvider"

Then run the migration:

$ php artisan migrate

It will setup api_keys table.

Generating your first API key

Once you're done with the required setup, you can now generate your first API key.

Run the following command to generate an API key:

php artisan api-key:generate

Generally, the ApiKey object is a polymorphic object meaning this can belong to more than one other model.

To generate an API key that is linked to another object (a "user", for example), you can do the following:

+php artisan api-key:generate --id=1 --type="App\User"

To specify that a model can have API keys, you can attach the Apikeyable trait to the model:

This will attach the following methods to the model:

To generate an API key from within your application, you can use the following method in the ApiKey model:

To access client keys:

Usage

You can start using ApiGuard by simply attaching the auth.apikey middleware to your API route:

This effectively secures your API with an API key which needs to specified in the X-Authorization header. This can be configured in config/apiguard.php.

Here is a sample cURL command to demonstrate:

You might also want to attach this middleware to your api middleware group in your app/Http/Kernel.php to take advantage of other Laravel features such as throttling.

If you noticed in the basic example, you can also access the attached model to the API key by calling $request->user(). We are attaching the related model in this method because in most use cases, this is actually the user.

Unauthorized Requests

Unauthorized requests will get a 401 status response with the following JSON:

ApiGuardController

The ApiGuardController takes advantage of Fractal and api-response libraries.

This enables us to easily create APIs with models and use transformers to give a standardized JSON response.

Here is an example:

Let's say you have the following model:

You can make a basic controller which will return all books like this:

Now, you'll need to make the transformer for your Book object. Transformers help with defining and manipulating the variables you want to return to your JSON response.

Once you have this accessible in your routes, you will get the following response from the controller:

More examples can be found on the Github page: https://github.com/ellipsesynergie/api-response.

To learn more about transformers, visit the PHP League's documentation on Fractal: Fractal

API Validation Responses

ApiGuard comes with a request class that can handle validation of requests for you and throw a standard response.

You can create a Request class as you usually do but in order to get a standard JSON response you'll have to extend the ApiGuardFormRequest class.

Now you can use this in your controller as you normally do with Laravel:

If the request failed to pass the validation rules, it will return with a response like the following:


All versions of api-hmac-guard with dependencies

PHP Build Version
Package Version
Requires php Version >=5.6.4
illuminate/support Version ^5.3.0
illuminate/database Version ^5.3.0
ellipsesynergie/api-response Version *
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package vzool/api-hmac-guard contains the following files

Loading the files please wait ....