Kotchasan Framework Documentation

Kotchasan Framework Documentation

ApiController

EN 05 Feb 2026 06:23

ApiController

Kotchasan\ApiController is a base class for building RESTful APIs, supporting Request handling, Authentication, Validation, and Standard Response generation.

Basic Usage

Create a Controller that extends Kotchasan\ApiController and implement the index method.

namespace App\Api;

use Kotchasan\ApiController;
use Kotchasan\Http\Request;

class UserController extends ApiController
{
    /**
     * API Entry Point
     * GET /api/v1/users
     */
    public function index(Request $request)
    {
        // Validate Method
        if (!self::validateMethod($request, 'GET')) {
            throw new \Kotchasan\ApiException('Method Not Allowed', 405);
        }

        return $this->successResponse(['id' => 1, 'name' => 'Demo User']);
    }
}

Methods

Validation Methods (Static)

validateMethod(Request $request, string $method): bool

Validates the HTTP Method.

  • $request: Request object
  • $method: Allowed method (e.g., 'GET', 'POST')
  • Throws: Does not throw exception, returns boolean.

validateToken(string $token): bool

Validates the API Token (checks against self::$cfg->api_token).

validateTokenBearer(Request $request): bool

Validates the Bearer Token from Authorization header.

validateIpAddress(Request $request): bool

Validates if the Client IP Address is allowed (checks against self::$cfg->api_ips).

validateSign(array $params): bool

Validates the Request Signature (uses self::$cfg->api_secret).

Response Methods

successResponse(mixed $data = null, string $message = 'Success', int $code = 200): Response

Sends a success response (Status 200 OK).

errorResponse(string $message = 'Error', int $code = 400, Exception $error = null): Response

Sends an error response.

formErrorResponse(array $errors, int $code = 400): Response

Sends a form validation error response.

notificationResponse(string $message): Response

Sends a notification response.

Authentication & Utility

getAccessToken(Request $request): ?string

Retrieves the Access Token from the request (Header or Parameter).

validate(Request $request, array $rules): array

Validates request data against specified rules.

  • Returns: ['isValid' => bool, 'errors' => array]

Implementation Example

Comprehensive Security Check

public function action(Request $request)
{
    // 1. Check Method
    if (!self::validateMethod($request, 'POST')) {
        return $this->errorResponse('Method Not Allowed', 405);
    }

    // 2. Check IP
    if (!self::validateIpAddress($request)) {
        return $this->errorResponse('IP Not Allowed', 403);
    }

    // 3. Check Token
    if (!self::validateToken($request->getHeaderLine('X-API-KEY'))) {
        return $this->errorResponse('Invalid API Key', 401);
    }

    // Process...
    return $this->successResponse(['status' => 'ok']);
}

Configuration

Configuration can be set in settings/config.php or at runtime:

  • api_token: Token for validation (used by validateToken).
  • api_secret: Secret Key for signature (used by validateSign).
  • api_ips: Array of allowed IPs (used by validateIpAddress).
  • api_cors: Domains allowed for Cross-Origin Resource Sharing.

Did you spot an improvement?

Enhance the documentation by contributing updates or translations.

Visit project repository