cpsit/api-token

Generate and validate token auth for api requests.

Installs: 9 625

Dependents: 1

Suggesters: 0

Security: 0

Stars: 0

Watchers: 13

Forks: 0

Open Issues: 0

Type:typo3-cms-extension

1.0.0 2025-05-28 09:43 UTC

This package is auto-updated.

Last update: 2025-05-28 09:44:29 UTC


README

TYPO3 12 TYPO3 13 PHP 8.3+ License: GPL v2+

Secure API authentication for TYPO3 CMS applications using token-based authentication.

Features

  • ๐Ÿ” Secure Token Generation - Cryptographically secure random tokens
  • ๐Ÿ›  Easy Integration - Simple PHP API for authentication checks
  • ๐Ÿ“Š Backend Management - TYPO3 backend module for token administration
  • โšก CLI Support - Command-line interface for automation
  • ๐Ÿงช Modern Testing - Comprehensive test suite with PHPUnit 11
  • ๐Ÿš€ TYPO3 v12/v13 Compatible - Full support for latest TYPO3 versions

Quick Start

1. Installation

composer require cpsit/api-token

2. Generate a Token

./vendor/bin/typo3 apitoken:generate

3. Protect Your API

use CPSIT\ApiToken\Request\Validation\ApiTokenAuthenticator;

if (ApiTokenAuthenticator::isNotAuthenticated($request)) {
    return ApiTokenAuthenticator::returnErrorResponse();
}

// Your protected API logic here

4. Make API Requests

curl -X POST "https://your-site.com/api/endpoint" \
     -H "x-api-identifier: your-identifier" \
     -H "application-authorization: your-secret" \
     -H "Content-Type: application/json"

Documentation

๐Ÿ“š Complete Documentation

Topic Description
Introduction Overview and key features
Installation Setup and configuration
Usage Guide How to use the extension
CLI Commands Command-line interface
Backend Module Admin interface guide
API Reference Complete API documentation
Development Development environment setup
Testing Testing guide and best practices
Migration Guide Upgrade and migration notes
Troubleshooting Common issues and solutions

Requirements

  • TYPO3: 12.4 LTS or 13.0+
  • PHP: 8.3 or higher
  • Database: MySQL 8.0+, MariaDB 10.5+, or PostgreSQL 12+

Example Usage

Protecting an API Endpoint

<?php
declare(strict_types=1);

namespace MyVendor\MyExtension\Controller;

use CPSIT\ApiToken\Request\Validation\ApiTokenAuthenticator;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use TYPO3\CMS\Core\Http\JsonResponse;

class ApiController
{
    public function getData(ServerRequestInterface $request): ResponseInterface
    {
        // Check authentication
        if (ApiTokenAuthenticator::isNotAuthenticated($request)) {
            return ApiTokenAuthenticator::returnErrorResponse();
        }

        // Return protected data
        return new JsonResponse([
            'status' => 'success',
            'data' => ['message' => 'Authenticated access granted!']
        ]);
    }
}

Frontend Request Example

// JavaScript example
fetch('/api/data', {
    method: 'GET',
    headers: {
        'x-api-identifier': 'your-identifier-here',
        'application-authorization': 'your-secret-here',
        'Content-Type': 'application/json'
    }
})
.then(response => response.json())
.then(data => console.log(data));

Development

Quick Development Setup

# Clone repository
git clone https://github.com/CPS-IT/api-token.git
cd api-token

# Start DDEV environment
ddev start

# Install dependencies
ddev composer install

# Run tests
ddev composer test

Quality Assurance

# Code style and quality checks
ddev composer lint
ddev composer sca:php

# Fix code style issues
ddev composer fix

# Run test suite
ddev composer test:unit
ddev composer test:functional

Architecture

The extension follows modern TYPO3 development patterns:

  • Domain-Driven Design with clear separation of concerns
  • Dependency Injection using TYPO3's DI container
  • PSR Standards compliance (PSR-7, PSR-15, PSR-12)
  • Modern PHP features (type declarations, readonly classes)
  • Comprehensive Testing with PHPUnit 11 and TYPO3 TestingFramework

Security

  • Cryptographically secure token generation using random_bytes()
  • Password hashing with TYPO3's PasswordHashFactory
  • Configurable token expiration (default: 1 year)
  • No secrets stored in plain text
  • Rate limiting and audit logging (planned features)

Contributing

We welcome contributions! Please see our Development Guide for details on:

  • Setting up the development environment
  • Code style and quality requirements
  • Testing requirements
  • Pull request process

Support

License

This extension is licensed under the GNU General Public License v2.0 or later.

Copyright (c) 2021-2024 CPS-IT GmbH

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

Changelog

See CHANGELOG.md for a detailed history of changes and releases.

Made with โค๏ธ by the CPS-IT team for the TYPO3 community.