A flawless framework for building scalable and testable API-Centric Apps with PHP and Laravel.


Build great API's faster | with PHP and laravel 5.5

Apiato Logo

apiato Scrutinizer Code Quality Codacy Badge Build Status Build Status Dependency Status Latest Stable Version License

What is Apiato?

A flawless framework for building scalable and testable API-Centric Applications with PHP.

Apiato is designed to help you build scalable API's faster, by providing tools and functionalities that facilitates the development of any API-Centric App.

It uses the best frameworks, tools and conventions in a creative way to deliver a rich set of features in a modern PHP Application.

Why!? setting up a solid API from scratch is time consuming (and time is money). Apiato gives you the core features of robust API's, so you can focus on your business logic and deliver faster. Skip the repetitive work and enjoy the open source fun.

Why API-Centric Apps?

Today we’re living in a digital era, where almost everything is connected to the Internet.

Building cross-devices applications is becoming a must. And to do it, you need APIs (Application Programing Interfaces).

Web developers are used to serve HTML pages directly from the Backend. However, this traditional method has many disadvantages nowadays.

API's can serve anything and everything (Mobile Apps, Web Apps, Smart TVs, Smart Watches,...). As well as, it can be exposed to the world allowing developers to interact with your Application and help growing your business.

API-Centric Apps allows Frontend (Web + Mobile) and Backend developers to work on their codes in parallel. After the Frontend Apps are ready they get attached to the Backend (API-Centric) code to start functioning. This leads to zero decoupling between the Frontend and the Backend code and also removes the dependencies. The API documentation acts as the contract between both sides during the development life cycle of all the Apps.


Apiato comes with great features:

  1. Authentication with OAuth2.0 for first/third-party clients (using Laravel Passport).
  2. Role-Based Access Control (RBAC), seeded with a Super Admin, Roles and Permissions.
  3. Query Parameters support (orderBy, sortedBy and filter) with full-text search (search, searchFields).
  4. Useful endpoints for managing users, roles/permissions, tokens and more. All implemented, documented and tested.
  5. API Documentations generator (auto generates API docs from PHP Docblock, using the ApiDocJS tool).
  6. Supports for CORS "Cross-Origin Resource Sharing", allowing access from different domians.
  7. Auto encoding/decoding of real ID's, to prevent exposing real ID's to the outer world.
  8. API Throttling (rate limiting to control the rate of traffic received).
  9. Include (a.k.a embedding, nesting or side-loading) relationships for complex data structures.
  10. Support Data Caching (with auto clearing on Create, Update and Delete).
  11. API versioning in the URL or Header (versioning based on the route file name).
  12. Exception handleing with custom JSON errors responses (using Exceptions Formatters).
  13. Support Shallow ETag HTTP Header, to reduce client bandwidth.
  14. Localization (multiple languages via Content-Language header).
  15. Automatic Data Pagination (meta links to next and previous data).
  16. WEB and API Authentication Middlewares. With Proxy endpoints for safer authentication from first-party clients.
  17. Http Requests/Response Monitor and DB Query Debugger (from the Debugger Container).
  18. Profiler, to display profiling data from any part of your application in the response (using Laravel Debugbar).
  19. Social Authentication supported out of the box (Facebook, Twitter, Google+).
  20. Type-Casting JSON responses with Transformers (using Fractal).
  21. Useful Tests Helpers for faster and more enjoyable automated testing (using PHPUnit).
  22. Support multiple response payload formats (JSON API specification v1.0, Data Array and pure Data).
  23. Automatic dates conversion to ISO format in responses.
  24. Support Stripe payment gateway (extandable to support other payment gatways).
  25. System and User level Settings out of the box (by the Settings Container).
  26. Support JSONP (JSON with padding).
  27. Better Request Validation (easy validate User data, accessibility and ownership).
  28. Maintainable and scalable Software Architectural Pattern (using the Porto SAP).
  29. Code generator, allows generating Containers of code for faster development.
  30. Useful Commands such as "list all Application Actions", "encoding a decoded ID", "seeds testing/deployment data", and more.
  31. Separation of UI's (Web, API and CLI) compnents (routes, controllers, requests, tests...).
  32. Ready Admin dashboard infrastructure with Login view (admin.apiato.dev).
  33. Detailed documentation (on apiato.io).
  34. 100% customizable and Open Code. Using latest and greatest frameworks, tools, packages and standards.
  35. Much more...



Apiato is built using the new architectural pattern Porto.

Porto SAP is a modern Software Architectural Pattern, designed to help developers organize their Code in a super maintainable way. It is very helpful for big and long term projects, as they tend to have higher complexity with time.

You are NOT forced to build your Application using the Porto architecture. You can build it using the MVC architecture, and still benifit from all the features that Apiato provides. (The Apiato MVC version is a little different than the standrd MVC). The Apiato features themselves are written using Porto, but can be used by any architecture.

Apiato Docs

Join our Slack chatting room, by clicking on the icon below.

Apiato SLACK


Created by Mahmoud Zalt (Twitter @Mahmoud_Zalt).

And a list of awesome contributors:





The MIT License (MIT).