Skip to content

Secure API End Points

Jump to bottom Edit New page
Jim edited this page Feb 24, 2017 · 3 revisions

This application makes use of the API's built in security model to block access to end points. The example in this project is very basic and only meant to demonstrate how to connect together the basic requirements for working with the built in API Package classes. A more complete example of the Phalcon JSON API security system can be found in the Smores Project.

The minimum requirements are a few defined services and supporting classes.

The service definitions are stock Phalcon services:

A defined Security Service a blank example is loaded here:

// load a security service applied to select controllers
$di->setShared('securityService', function () use ($config) {
    return new \PhalconRest\Libraries\Security\SecurityService();
});

A defined auth service, which itself require some authentication class and a user profile object.

$di->setShared('auth', function ($type = 'Employee') use ($config) {
    $adapter = new \PhalconRest\Libraries\Authentication\Local();
    $profile = new \PhalconRest\Libraries\Authentication\UserProfile();
    $auth = new \PhalconRest\Authentication\Authenticator($adapter, $profile);
    return $auth;
});

The supporting classes can be written anywhere, but examples are provided in the sample app here:

Libraries->Authentication
  - Local.php
  - UserProfile.php
Add a custom footer
Add a custom sidebar
Clone this wiki locally