Module to create a REST API with ProcessWire.

⚠ Deprecated Warning

This module is not under active development anymore. The successor AppApi is available here: https://github.com/Sebiworld/AppApi

RestApi Module

Module to create a rest API with ProcessWire.

Disclaimer: This is an example, there is no guarantee this code is secure! Use at your own risk and/or send me PRs with improvements.

Credits: go to Benjamin Milde for his code example on how to use FastRoute with ProcessWire and Camilo Castro for this Gist

Install

Install the module and on the module page, make sure to save the page at least once to save the automatically created JWT Secret.

The Rest-API should work now. To check you can use Postman or Insomnia and run a GET Request: http://yourhost.test/api/users

However http://yourhost.test/api/test is not going to work, since this route needs Authentification (if you activated session or jwt authentication method in your settings).

It is generally a good idea, to use a secure HTTPS connection in production environments, especially if you transmit sensitive user data!

All you routes are defined under /site/api/Routes.php. This folder will be created while you install the module (in case it's not, you can find the example content in the modules folder of this module under apiTemplate). To add new routes, just add items to the array in the following format:

['httpMethod (e.g. GET', 'endpoint', HandlerClass::class, 'methodInHandlerClass', ["options" => "are optional"],

With the optional options you can control the behaviour of the router, at the moment there is just one supported parameter:

ParameterTypeDefaultDescription
authBooleantruecontrols if Authorization is required for this route

Check https://github.com/nikic/FastRoute#usage for more information about routing (e.g. url params like /user/41)

Also you need to require your handler classes you might create in Routes.php.

You can also create groups, which makes it a bit easier to create multiple sub-routes for the same endpoint (for example it is a good idea to version your API):

'v1' => [
  ['GET', 'posts', Posts::class, 'getAllPosts'],
],
'v2' => [
  ['GET', 'posts', NewPostsClass::class, 'getAllPosts'],
],

This is going to create the following endpoints for your API:

/v1/posts
/v2/posts

There are some default routes defined in the module:

MethodRouteDescription
*/no Endpoint
OPTIONS, POST, DELETE/authLogic for JWT Authorization

You can check the default routes in DefaultRoutes.php of the modules folder.

Endpoint

The default endpoint for the API is /api. That means a page with the name api is not going to work if you've installed this module. However, the endpoint is configurable in the module settings (falls back to api if no value is present)

Authorization

You can choose between none, session and jwt in module settings.

Authorization: Session

If you are using axios you need to include the withCredentials options to make it work cross-origin:

axios.defaults.withCredentials = true

Authorization: JWT

To use JWT-Auth you have to send a POST Request to http://yourhost/api/auth with two parameters, username and password. The API will create and return you the JWT-Token which you have to add as a header to every following request:

Authorization: Bearer+yourtoken

An example for a simple login form is implemented as a Vue SPA, you can find it in this repository: https://github.com/thomasaull/RestApi-Vue-Example

Helper

There is a small helper class, which exposes some often used functionality. At the moment there's basically just one function available, but I for my part use it all the time: checkAndSanitizeRequiredParameters. This function checks if the client send all the parameters required and sanitizes them against a specified ProcessWire sanitizer. To use it call it first thing in your Api endpoint function:

public static function postWithSomeData($data) {
  // Check for required parameter "message" and sanitize with PW Sanitizer
  $data = RestApiHelper::checkAndSanitizeRequiredParameters($data, ['message|text']);

  return "Your message is: " . $data->message;
}

Install and use modules at your own risk. Always have a site and database backup before installing new modules.

Latest news

  • ProcessWire Weekly #549
    In the 549th issue of ProcessWire Weekly we’re going to check out the latest core updates, highlight one older yet still very relevant third party module, and more. Read on!
    Weekly.pw / 17 November 2024
  • Custom Fields Module
    This week we look at a new ProFields module named Custom Fields. This module provides a way to rapidly build out ProcessWire fields that contain any number of subfields/properties within them.
    Blog / 30 August 2024
  • Subscribe to weekly ProcessWire news

“Indeed, if ProcessWire can be considered as a CMS in its own right, it also offers all the advantages of a CMF (Content Management Framework). Unlike other solutions, the programmer is not forced to follow the proposed model and can integrate his/her ways of doing things.” —Guy Verville, Spiria Digital Inc.