Guards

All interfaces and resources made available through the API can be secured by guards. The guard’s isAuthorized() method is called before each request. If it returns false the request is cancelled and an HTTP 403 status code is returned.

AccessTokenGuard

The AccessTokenGuard checks the token presented in the X-TOKEN header or in a token value sent to the API. If the sent token is valid the user the token is associated with is logged in.

IPWhitelisteGuard

This guard checks the remote address of the request against a whitelist, that is supplied in the configuration. The $_SERVER array index from which the remote address is read is also set via configuration. See the section on configuration values for details.

ChainGuard

The ChainGuard can be used if multiple guards shall be asked for their authorization. The chain stops at the first guard that returns false. Only when all guards return true the request is performed.

Related pages