cpsit / api-token
Generate and validate token auth for api requests.
Installs: 9 625
Dependents: 1
Suggesters: 0
Security: 0
Stars: 0
Watchers: 13
Forks: 0
Open Issues: 0
Type:typo3-cms-extension
Requires
- php: ^8.3
- symfony/polyfill-uuid: ^1.31
- typo3/cms-core: ^12.4 || ^13.0
Requires (Dev)
- armin/editorconfig-cli: ^2.0
- cpsit/test-api-extension: @dev
- ergebnis/composer-normalize: ^2.43
- friendsofphp/php-cs-fixer: ^3.64
- helmich/typo3-typoscript-lint: ^3.1
- phpstan/phpstan: ^1.12
- phpstan/phpstan-phpunit: ^1.4
- phpunit/phpunit: ^10.5 || ^11.0
- roave/security-advisories: dev-latest
- saschaegerer/phpstan-typo3: ^1.10
- ssch/typo3-rector: ^2.8
- typo3/cms-extbase: ^12.4 || ^13.0
- typo3/coding-standards: ^0.8.0
- typo3/testing-framework: ^8.2
This package is auto-updated.
Last update: 2025-05-28 09:44:29 UTC
README
Secure API authentication for TYPO3 CMS applications using token-based authentication.
Features
- ๐ Secure Token Generation - Cryptographically secure random tokens
- ๐ Easy Integration - Simple PHP API for authentication checks
- ๐ Backend Management - TYPO3 backend module for token administration
- โก CLI Support - Command-line interface for automation
- ๐งช Modern Testing - Comprehensive test suite with PHPUnit 11
- ๐ TYPO3 v12/v13 Compatible - Full support for latest TYPO3 versions
Quick Start
1. Installation
composer require cpsit/api-token
2. Generate a Token
./vendor/bin/typo3 apitoken:generate
3. Protect Your API
use CPSIT\ApiToken\Request\Validation\ApiTokenAuthenticator; if (ApiTokenAuthenticator::isNotAuthenticated($request)) { return ApiTokenAuthenticator::returnErrorResponse(); } // Your protected API logic here
4. Make API Requests
curl -X POST "https://your-site.com/api/endpoint" \ -H "x-api-identifier: your-identifier" \ -H "application-authorization: your-secret" \ -H "Content-Type: application/json"
Documentation
Topic | Description |
---|---|
Introduction | Overview and key features |
Installation | Setup and configuration |
Usage Guide | How to use the extension |
CLI Commands | Command-line interface |
Backend Module | Admin interface guide |
API Reference | Complete API documentation |
Development | Development environment setup |
Testing | Testing guide and best practices |
Migration Guide | Upgrade and migration notes |
Troubleshooting | Common issues and solutions |
Requirements
- TYPO3: 12.4 LTS or 13.0+
- PHP: 8.3 or higher
- Database: MySQL 8.0+, MariaDB 10.5+, or PostgreSQL 12+
Example Usage
Protecting an API Endpoint
<?php declare(strict_types=1); namespace MyVendor\MyExtension\Controller; use CPSIT\ApiToken\Request\Validation\ApiTokenAuthenticator; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use TYPO3\CMS\Core\Http\JsonResponse; class ApiController { public function getData(ServerRequestInterface $request): ResponseInterface { // Check authentication if (ApiTokenAuthenticator::isNotAuthenticated($request)) { return ApiTokenAuthenticator::returnErrorResponse(); } // Return protected data return new JsonResponse([ 'status' => 'success', 'data' => ['message' => 'Authenticated access granted!'] ]); } }
Frontend Request Example
// JavaScript example fetch('/api/data', { method: 'GET', headers: { 'x-api-identifier': 'your-identifier-here', 'application-authorization': 'your-secret-here', 'Content-Type': 'application/json' } }) .then(response => response.json()) .then(data => console.log(data));
Development
Quick Development Setup
# Clone repository git clone https://github.com/CPS-IT/api-token.git cd api-token # Start DDEV environment ddev start # Install dependencies ddev composer install # Run tests ddev composer test
Quality Assurance
# Code style and quality checks ddev composer lint ddev composer sca:php # Fix code style issues ddev composer fix # Run test suite ddev composer test:unit ddev composer test:functional
Architecture
The extension follows modern TYPO3 development patterns:
- Domain-Driven Design with clear separation of concerns
- Dependency Injection using TYPO3's DI container
- PSR Standards compliance (PSR-7, PSR-15, PSR-12)
- Modern PHP features (type declarations, readonly classes)
- Comprehensive Testing with PHPUnit 11 and TYPO3 TestingFramework
Security
- Cryptographically secure token generation using
random_bytes()
- Password hashing with TYPO3's
PasswordHashFactory
- Configurable token expiration (default: 1 year)
- No secrets stored in plain text
- Rate limiting and audit logging (planned features)
Contributing
We welcome contributions! Please see our Development Guide for details on:
- Setting up the development environment
- Code style and quality requirements
- Testing requirements
- Pull request process
Support
- ๐ Documentation
- ๐ Issue Tracker
- ๐ฌ Discussions
License
This extension is licensed under the GNU General Public License v2.0 or later.
Copyright (c) 2021-2024 CPS-IT GmbH
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
Changelog
See CHANGELOG.md for a detailed history of changes and releases.
Made with โค๏ธ by the CPS-IT team for the TYPO3 community.