Guards
All interfaces and resources made available through the API can be secured by guards. The guard’s isAuthorized() method is called before each request. If it returns false the request is cancelled and an HTTP 403 status code is returned.
AccessTokenGuard
The AccessTokenGuard checks the token presented in the X-TOKEN header or in a token value sent to the API. If the sent token is valid the user the token is associated with is logged in.
IPWhitelisteGuard
This guard checks the remote address of the request against a whitelist, that is supplied in the configuration. The $_SERVER array index from which the remote address is read is also set via configuration. See the section on configuration values for details.
ChainGuard
The ChainGuard can be used if multiple guards shall be asked for their authorization. The chain stops at the first guard that returns false. Only when all guards return true the request is performed.