onecommunity / client
PHP client to access the One Community API.
Installs: 3 404
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 2
Forks: 1
Open Issues: 0
Requires
- php: ^7.2|^8.0
- jarnovanleeuwen/jwtapi: ^0.4.0
Requires (Dev)
- symfony/var-dumper: ^4.1
README
An easy-to-use PHP client to access the One Community API.
Installation
Using Composer:
composer require onecommunity/client
Contact us with your public key to receive your API key.
Usage
Initializing the Client
use OneCommunity\Client; $apiKey = "xxxxxxx"; $projectName = "yourproject"; $userId = 1; $client = new Client($apiKey, $userId, $projectName); // Load private key from file.. $client->loadPrivateKey("private_rsa.pem"); // ..or string $client->setPrivateKey($privateKey);
Sending Requests
See the Examples directory for working examples.
UserRequest
Returns the User
object of the authenticated user. Great for testing.
use OneCommunity\Requests\UserRequest; $request = new UserRequest; $response = $client->send($request); if ($response->isSuccessful()) { var_dump($response->getData()); }
SendTransactionalMailRequest
use OneCommunity\Requests\SendTransactionalMailRequest; $accountId = 1; // Recipient $transactionalMailId = 1; // Mail $request = new SendTransactionalMailRequest($accountId, $transactionalMailId); $request->setSubstitutions(['gift' => 'Free coffee ☕']); $response = $client->send($request);
Responses
The following HTTP status codes are used:
HTTP Status Code | Description |
---|---|
200 OK | Everything is OK, the body contains the payload. |
400 Bad Request | Indicates an authentication error. |
404 Not Found | Some ID refers to an unknown model (e.g., unknown account or mail). |
422 Unprocessable Entity | Validation errors. |
429 Too Many Requests | You cannot send more than 60 requests per minute. |
If anything unexpected occurs a OneCommunity\Exceptions\RequestException
is thrown (e.g., if the API does not return a valid JSON response).
All responses (except 200 OK
) contain a message
attribute, explaining what went wrong. Furthermore, 400 Bad Requests
responses contain a code
attribute which can contain one of the following values:
code | message |
---|---|
100 | Invalid API key |
101 | Could not decode Bearer token |
102 | No API key found on request |
103 | No Bearer token found on request |
104 | Token could not be verified |
201 | Client not found |
202 | User not found or not accessible by this API Client |
501 | No access to this project or invalid project |
502 | No access from this IP |
The validation errors of a 422 Unprocessable Entity
response are structured as follows:
{ "errors": { "field1": [ "error1", "error2" ], "field2": [ "error3" ] } }
Security
The API is based on JWT API, an efficient and secure machine-to-machine API using JSON Web Tokens and asymmetric request signing. Advantages of this approach include:
- Requests and responses are sent over a secure channel.
- Requests can only be signed by the API consumer (providing non-repudiation).
- Requests are only valid for a short time (avoiding replay attacks).
Due to the asymmetric nature of this protocol, a public/private key pair needs to be generated (RSA 2048 bit). The key pair can be generated by issuing the following commands. Please send your public key (public_rsa.pem
) to us and keep your private key safe.
Generating the Public/Private Key Pair
# Generates RSA private key of 2048 bit size openssl genrsa -out private_rsa.pem 2048 # Generates public key from the private key openssl rsa -in private_rsa.pem -outform PEM -pubout -out public_rsa.pem