novadaemon / skyflow-php
This PHP SDK is designed to help developers easily implement Skyflow into their php backend.
Fund package maintenance!
novadaemon
Requires
- php: >=8.1
- firebase/php-jwt: ^6.4
- guzzlehttp/guzzle: ^7.5
This package is auto-updated.
Last update: 2025-01-16 18:56:23 UTC
README
Description
This PHP SDK is designed to help developers easily implement Skyflow into their php backend.
Table of Contents
Features
Authentication with a Skyflow Service Account and generation of a bearer token.
Vault API operations to insert, retrieve, update, delete and tokenize sensitive data.
Execute SQL queries into vault scheme.
Invoking connections to call downstream third party APIs without directly handling sensitive data.
Installation
Requirements
- Require PHP 8.1 or above
- You need to have installed Composer
Install
Type in your terminal:
composer require novadaemon/skyflow-php
Examples
You can find samples for all the features of the SDK in the samples directory. To run a given example:
- Download the repository using
git clone https://github.com/novadaemon/skyflow-php.git - Run
$ composer installinto directory project. - Go to the
samplesdirectory in your terminal. - Change the values enclosed by
<>for the right values into the example file. - Execute the example you want:
$ php get_records.php
Prerequisites
- A Skyflow account. If you don't have one, register for one on the Try Skyflow page.
- PHP 8.1 or above.
- GIT
Create the vault
- In a browser, sign in to Skyflow Studio.
- Create a vault by clicking Create Vault > Start With a Template > Quickstart vault.
- Once the vault is ready, click the gear icon and select Edit Vault Details.
- Note your Vault URL and Vault ID values, then click Cancel. You will need these later.
Create a Service Account
- In the side navigation click, IAM > Service Accounts > New Service Account.
- For Name, enter "SDK Sample". For Roles, choose Vault Editor.
- Click Create. Your browser downloads a credentials.json file. Keep this file secure, as You will need it for each of the samples.
Service Account Bearer Token Generation
The Novadaemon\SkyFlow\ServiceAccount\Token class is used to generate service account tokens from service account credentials file which is downloaded upon creation of service account. The token generated from this class is valid for 60 minutes and can be used to make API calls to vault services as well as management API(s) based on the permissions of the service account.
The Token::generateBearerToken($credentialsPath) static method takes the credentials file path for token generation, alternatively, you can also send the entire credentials as array, by using Token::generateBearerTokenFromCredentials($credentials)
<?php declare(strict_types=1); use Novadaemon\Skyflow\Exceptions\SkyflowException; use Novadaemon\Skyflow\ServiceAccount\Token; require __DIR__ . '/../vendor/autoload.php'; try { $path = '<YOUR_CREDENTIALS_FILE_PATH>'; $token = Token::generateBearerToken($path); var_dump($token); } catch (SkyflowException $e) { echo($e->getMessage()); }
<?php declare(strict_types=1); use Novadaemon\Skyflow\ServiceAccount\Token; use Novadaemon\Skyflow\Exceptions\SkyflowException; require __DIR__ . '/../vendor/autoload.php'; try { $credentials = [ 'clientID' => '<CLIENT_ID>', 'clientName' => '<CLIENT_NAME>', 'tokenURI' => '<TOKEN_URI>', 'keyID' => '<KEY_ID>', 'privateKey' => '<PRIVATE_KEY>', ]; $token = Token::generateBearerTokenFromCredentials($credentials); var_dump($token); } catch (SkyflowException $e) { echo($e->getMessage()); }
Response:
<?php array ( 'accessToken' => 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJodHRwczovL21hbmFnZS5za3lmbG93YXBpcy5jb20iLCJjbGkiOiJlNzVkZmNmMzMwN2Q0M2I2YjZlN2JhNTk2ZTU5ODgxNyIsImV4cCI6MTY3ODEyMzI1NCwiaWF0IjoxNjc4MTE5NjU3LCJpc3MiOiJzYS1hdXRoQG1hbmFnZS5za3lmbG93YXBpcy5jb20iLCJqdGkiOiJmZTZkYzRjNGY1YmM0OTllODhjOTc0ZmNjZGRjZGMyZCIsImtleSI6ImJlNjk0YTJlYTFmNjQ3ZDM5N2E1YzIwNWZlYjRmMzUxIiwic2NwIjpudWxsLCJzdWIiOiJUZXN0U2VydmljZSJ9.WXSqZh7fQwx9E1ngKKSD9jfPLNWLzE46CKWuZ0bovbZFTGLKcHy94z-SKb1qxtW-CedcbgbnK7Wjd-H20PusjbLGCcjPcAQt7pghUvdpLabuR8DIW0sbfTwen5JnhVupHp0_3tXwp8jJDGF6s8JExVA9DhMLoyusqC9wD_Gmemdj4dU_r4drKhiVYgnsbD8NgZyc6yfgWXrE51IoqLd9FsZ0rDDrys3ttwEbYLRXnr1NGGsftqI0-y4K2gu090BJ2wtDlQO61ZD8_KZSZSEpxr6ZYIMuYsG7SxvnkR6OMz1fVWbtptf1EzEk-ky2M2r5oGGYH_WFBakVk8wKHQy3og', 'tokenType' => 'Bearer', )
Vault API
The Novadaemon\Skyflow\Vault\Client has all methods to perform operations on the vault such as get records, inserting records, detokenizing tokens, retrieving tokens for a skyflow_id, excute sql query and to invoke a connection.
To use this class, the skyflow client must first be initialized as follows.
<?php use Novadaemon\Skyflow\Vault\Client; use Novadaemon\Skyflow\ServiceAccount\Token; require __DIR__.'/../vendor/autoload.php'; # User defined function to provide access token to the vault apis $tokenProvider = function (string $token): string { if (Token::isExpired($token)) { $token = Token::generateBearerToken('<YOUR_CREDENTIALS_FILE_PATH>'); return $token['accessToken']; } return $token; }; #Initializing a Skyflow Client instance with the required constructor parameters $client = new Client( vaultID: '<YOUR_VAULT_ID>', vaultUrl: '<YOUR_VAULT_URL>', tokenProvider: $tokenProvider );
All Vault API endpoints must be invoked using a client instance.
Get Records
Use the method Client@getRecords() to perform bulk operation of retrieve records of table. This method has the following parameters:
Note: There are parameters that cannot be used together with others. If you pass the getRecords method arguments incorrectly, a SkyflowException is thrown.
Note: If the tokenization argument is true, you can set only tokenized field names in the fields parameter. An error is returned if you set the tokenization parameter to true and set a non-tokenized field name in the fields parameter.
An example of Client@getRecords() call:
<?php $response = $client->getRecords( table: 'cards', ids: [ "1a8ec9d5-9be6-465d-a8ad-2797d7258a10", "76c892f4-7523-4e74-ac82-afc7bdea7d74" ], redaction: RedactionType::PLAIN_TEXT, tokenization: false );
Response:
<?php array ( 'records' => array ( 0 => array ( 'fields' => array ( 'card_cvv' => '123', 'card_expiration' => '03/26', 'card_number' => '4242424242424242', 'skyflow_id' => '1a8ec9d5-9be6-465d-a8ad-2797d7258a10', ), ), 1 => array ( 'fields' => array ( 'card_cvv' => '234', 'card_expiration' => '12/24', 'card_number' => '4111111111111111', 'skyflow_id' => '76c892f4-7523-4e74-ac82-afc7bdea7d74', ), ), ), )
Error:
<?php array ( 'error' => array ( 'grpc_code' => 5, 'http_code' => 404, 'message' => 'No Records Found', 'http_status' => 'Not Found', ), )
Get record by id
To retrieve only once record from your Skyflow vault, use the method Client@getRecordById(). This method has the following parameters:
An example of Client@getRecordById() call:
<?php $response = $client->getRecordById( table: 'consumers', id: '76193681-d272-4ffe-80f9-6498398e4c7b', fields: [ 'first_name', 'last_name', 'email', 'phone', ] );
Response:
<?php array ( 'fields' => array ( 'email' => 'j******s@gmail.com', 'first_name' => '*REDACTED*', 'last_name' => '*REDACTED*', 'phone' => 'XXXXXX0000', ), )
Error:
<?php array ( 'error' => array ( 'grpc_code' => 5, 'http_code' => 404, 'message' => 'No Records Found', 'http_status' => 'Not Found', ), )
Insert records into the vault
To insert data into your vault use the Cient@insertRecord() method. The parameters to this method are:
An example of Client@insertRecords() call:
<?php $records = [ [ "fields" => [ "card_number" => "5555555555554444", "card_expiration" => "12/25", "card_cvv" => "111", ] ], [ "fields" => [ "card_number" => "5105105105105100", "card_expiration" => "04/28", "card_cvv" => "123", ] ], ]; $response = $client->insertRecords( table: 'cards', records: $records, tokenization: true, upsert: 'card_number' );
Response:
<?php array ( 'records' => array ( 0 => array ( 'skyflow_id' => '76c892f4-7523-4e74-ac82-afc7bdea7d74', 'tokens' => array ( 'card_cvv' => '19a364b9-0b39-4cad-a544-45c7ba1c52eb', 'card_expiration' => '1b4ab2f7-fdd8-48f2-8b50-eb97075eda2e', 'card_number' => '5554-3665-8198-3602', ), ), 1 => array ( 'skyflow_id' => '1a8ec9d5-9be6-465d-a8ad-2797d7258a10', 'tokens' => array ( 'card_cvv' => 'b5bade68-3a0d-4895-8c27-edd911c11e99', 'card_expiration' => '767eda0a-ed3a-4781-82d5-755207acf1e0', 'card_number' => '8080-3444-8671-2308', ), ), ), )
Error:
<?php array ( 'error' => array ( 'grpc_code' => 9, 'http_code' => 400, 'message' => 'Error Inserting Records due to unique constraint violation', 'http_status' => 'Bad Request', 'details' => array ( ), ), )
Update record
To update data in your vault, use the Client@updateRecord() method. The parameters to this method are:
An example of Client@updateRecord() call:
<?php $record = [ 'fields' => [ "email" => 'jhon@fake.com', "phone" => '+5478698765', ] ]; $response = $client->updateRecord( table: 'consumers', id: '76193681-d272-4ffe-80f9-6498398e4c7b', record: $record, tokenization: false );
Response:
<?php array ( 'skyflow_id' => '76193681-d272-4ffe-80f9-6498398e4c7b', 'createdTime' => '', 'updatedTime' => '', 'tokens' => array ( 'email' => 'nqmlqdxatzkwhqujzltu@opkfulnxkx.com', 'phone' => '54df9553-6688-4359-a8ff-df5cbd9cfa55', ), )
Error:
<?php array ( 'error' => array ( 'grpc_code' => 3, 'http_code' => 400, 'message' => 'Invalid field present in JSON invalid-field', 'http_status' => 'Bad Request', 'details' => array ( ), ), )
Delete record
The Client@deleteRecord() allow you to delete a record from your Skyflow vault. This method has the following parameters:
An example of Client@deleteRecord() call:
<?php $response = $client->deleteRecord('cards', 'e95834a2-cf1e-40ac-9f0d-0ea2c7920a8d');
Response:
<?php array ( 'skyflow_id' => 'e95834a2-cf1e-40ac-9f0d-0ea2c7920a8d', 'deleted' => true, )
Error:
<?php array ( 'error' => array ( 'grpc_code' => 5, 'http_code' => 404, 'message' => 'No Records Found', 'http_status' => 'Not Found', ), )
Bulk delete
The Client@bulkDelete() allow you to delete specified record from your Skyflow vault. This method has the following parameters:
An example of Client@bulkDelete() call:
<?php #Delete all records from cards table $response = $client->bulkDelete('cards');
Response:
<?php array ( 'RecordIDResponse' => array ( 0 => '*', ), )
Error:
<?php array ( 'error' => array ( 'grpc_code' => 13, 'http_code' => 500, 'message' => 'Couldn\'t load data', 'http_status' => 'Internal Server Error', 'details' => array ( ), ), )
Detokenization
In order to retrieve data from your vault using tokens that you have previously generated for that data, you can use the Client@detokenize() method. The parameters to this method are:
An example of Client@detokenize() call:
<?php $params = [ ['token' => 'aa3cc614-af50-4365-a7ac-82f83a79eef8'], ['token' => 'e77674ac-4a21-4318-8bdd-5ad20f1b47c7'], ['token' => 'nqmlqdxatzkwhqujzltu@opkfulnxkx.com'] ]; $response = $client->detokenize($params);
Response:
<?php array ( 'records' => array ( 0 => array ( 'token' => 'aa3cc614-af50-4365-a7ac-82f83a79eef8', 'valueType' => 'STRING', 'value' => '234', ), 1 => array ( 'token' => 'e77674ac-4a21-4318-8bdd-5ad20f1b47c7', 'valueType' => 'STRING', 'value' => '12/24', ), 2 => array ( 'token' => 'nqmlqdxatzkwhqujzltu@opkfulnxkx.com', 'valueType' => 'STRING', 'value' => 'jhon@fake.com', ), ), )
Error:
<?php array ( 'error' => array ( 'grpc_code' => 5, 'http_code' => 404, 'message' => 'Token not found for invalid-token', 'http_status' => 'Not Found', 'details' => array ( ), ), )
Note: The structure for each item of the params parameter is:
<?php [ 'token' => 'STRING' # The Skyflow token to be detokenized 'redaction' => 'STRING' # Redaction policy. Not required. Default DEFAULT. Only accept values presente in RedactionType enum: DEFAULT, REDACTED, MASKED, PLAIN_TEXT ]
Tokenization
The method Client@tokenize() method returns tokens that correspond to the specified records. Only applicable for fields with deterministic tokenization. The parameters to this method are:
Note: This endpoint doesn't insert records, it returns tokens for existing values. To insert records and tokenize that new record's values, see Insert Records and the tokenization parameter.
An example of Client@tokenize() call:
<?php $params = [ [ 'value' => '5105105105105100', 'table' => 'cards', 'column' => 'card_number' ], ]; $response = $client->tokenize($params);
Response:
<?php array ( 'records' => array ( 0 => array ( 'token' => '0782-1334-4999-6413', ), ), )
Error:
<?php array ( 'error' => array ( 'grpc_code' => 5, 'http_code' => 404, 'message' => 'Tokenize returns previously issued tokens for existing data. Provided value(s) do not exist in the provided table.column(s): card_number', 'http_status' => 'Not Found', 'details' => array ( ), ), )
Execute SQL Query
The method Client@query() returns record for a valid SQL query. While this endpoint retrieves columns under a valid redaction scheme, it can't retrieve tokens. Only supports the SELECT command. The parameters to this method are:
Note: See the Skyflow API Documentation to know moer about the query restrictions.
An example of Client@query() call:
<?php $query = "SELECT * FROM cards WHERE card_number = '5105105105105100'"; $response = $client->query($query);
<?php array ( 'records' => array ( 0 => array ( 'fields' => array ( 'card_cvv' => '*REDACTED*', 'card_expiration' => '*REDACTED*', 'card_number' => '5105105105105100', 'orders_skyflow_id' => NULL, 'skyflow_id' => '1084350b-d4a2-45b1-801f-2fd46bef0721', ), ), ), )
Error:
<?php array ( 'error' => array ( 'grpc_code' => 13, 'http_code' => 500, 'message' => 'ERROR (internal_error): Could not find Field car_number', 'http_status' => 'Internal Server Error', 'details' => array ( ), ), )
Invoke Connection
Using Skyflow Connection, end-user applications can integrate checkout/card issuance flow with their apps/systems. To invoke connection, use the Client@invokeConnection() method of the Skyflow client. This method accepts the following parameters:
Note: See the Skyflow API Documentation to know more about Connections.
An example of Client@invokeConnection() call:
<?php $headers = [ 'Content-Type' => 'application/json', 'Authorization' => '<YOUR_CONNECTION_BASIC_AUTH>' ]; $body = [ 'firstName' => 'Jesús', 'lastName' => 'García', 'email' => 'nqmlqdxatzkwhqujzltu@opkfulnxkx.com', 'phone' => '54df9553-6688-4359-a8ff-df5cbd9cfa55', ]; $url = 'https://ebfc9bee4242.gateway.skyflowapis.com/v1/gateway/outboundRoutes/x2f47b94462a46989ac7b37817ef99bf/users/add'; $response = $client->invokeConnection( connectionUrl: $url, method: RequestMethodType::POST, headers: $headers, body: $body );
<?php array ( 'email' => 'jhon@fake.com', 'firstName' => 'Jesús', 'lastName' => 'García', 'phone' => '+5478698765' )