juzaweb / api
Api Module
Maintainers
Requires
- php: ^8.2
- darkaonline/l5-swagger: ^8.6
- laravel/passport: ^13.0
Requires (Dev)
- juzaweb/core: ^5.0
- laravel/pint: dev-main
- orchestra/testbench: ^8.0|^9.0
- phpunit/phpunit: ^10.0
- dev-master
- 1.0.4
- 1.0.3
- 1.0.2
- 1.0.1
- 1.0.0
- dev-add-notification-api-12989998552948100856
- dev-add-user-schema-profile-api-9474531699374606607
- dev-feature/api-profile-update-14591754575027910103
- dev-feature/add-generate-api-key-command-4556732868311739540
- dev-refactor-api-key-controller-3872570399849964442
This package is auto-updated.
Last update: 2026-03-22 07:08:50 UTC
README
The Juzaweb API Module (juzaweb/api) provides a robust authentication mechanism for Juzaweb CMS applications. It introduces API Key authentication via the x-api-key header while seamlessly falling back to Laravel Passport for OAuth2 token-based authentication. This module also includes an administrative interface for managing API keys.
Features
- Dual Authentication: Support for both API Keys (
x-api-key) and OAuth2 Access Tokens (Laravel Passport). - Secure Key Management: API Keys are automatically hashed (SHA-256) upon creation. Plain-text keys are shown only once.
- Admin Interface: Built-in interface to create, list, and revoke API keys within the Juzaweb admin panel.
- Expiration & Revocation: Support for key expiration dates and manual revocation.
- Usage Tracking: Tracks the last usage timestamp for each API key.
- Configurable: Easy configuration via standard Laravel config files.
Installation
You can install the package via composer:
composer require juzaweb/api
Configuration
1. Publish Configuration
Publish the configuration file to config/jw-api.php:
php artisan vendor:publish --tag=api-config
2. Run Migrations
Run the migrations to create the necessary tables (api_keys, oauth_clients, etc.):
php artisan migrate
3. Configure Authentication Guard
Update your config/auth.php to use the juzaweb driver for your API guard. This driver prioritizes the x-api-key header and falls back to Passport's passport driver if no key is present.
'guards' => [ 'api' => [ 'driver' => 'juzaweb', 'provider' => 'users', ], // ... ],
Usage
Authentication
To authenticate a request using an API Key, include the x-api-key header in your HTTP request:
GET /api/user HTTP/1.1 Host: your-app.com Accept: application/json x-api-key: YOUR_GENERATED_API_KEY
If the x-api-key is valid, the request will be authenticated as the user associated with that key. If the header is missing or invalid, the guard will attempt to authenticate using a Bearer token (Laravel Passport).
Managing API Keys
- Log in to the Juzaweb Admin Panel.
- Navigate to Settings > API Keys (or the configured menu location).
- Click Add New to generate a new API Key.
- Important: Copy the generated key immediately. It will not be shown again.
- You can view the list of active keys, their expiration status, and last usage time.
- To revoke a key, simply delete it from the list.
License
The Juzaweb API Module is open-sourced software licensed under the GPL-2.0 license.