PHPackages getsupertab/connect-sdk-php - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. getsupertab/connect-sdk-php ActiveLibrary[Authentication & Authorization](/categories/authentication) getsupertab/connect-sdk-php =========================== Supertab Connect PHP SDK v1.0.0-beta(1mo ago)014↑542.9%MITPHPPHP >=8.1 Since Mar 17Pushed 1mo agoCompare [ Source](https://github.com/getsupertab/connect-sdk-php)[ Packagist](https://packagist.org/packages/getsupertab/connect-sdk-php)[ Docs](https://github.com/getsupertab/connect-sdk-php)[ RSS](/packages/getsupertab-connect-sdk-php/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (3)Versions (2)Used By (0) Supertab Connect PHP SDK ======================== [](#supertab-connect-php-sdk) Check our [documentation](https://supertab-connect.mintlify.app/introduction/about-supertab-connect) for more information on Supertab Connect. Installation ------------ [](#installation) ``` composer require getsupertab/connect-sdk-php ``` **Requirements:** PHP 8.1+, extensions: `ext-curl`, `ext-json`, `ext-openssl`, `ext-simplexml` Quick Start ----------- [](#quick-start) **Publisher — verify incoming requests:** ``` use Supertab\Connect\SupertabConnect; use Supertab\Connect\Enum\EnforcementMode; use Supertab\Connect\Result\AllowResult; use Supertab\Connect\Result\BlockResult; $connect = new SupertabConnect( apiKey: 'stc_live_your_api_key', enforcement: EnforcementMode::STRICT, ); $result = $connect->handleRequest(); // Send returned RSL headers (Link, WWW-Authenticate, X-RSL-Status, etc.) foreach ($result->headers as $name => $value) { header("{$name}: {$value}"); } if ($result instanceof BlockResult) { http_response_code($result->status); echo $result->body; exit; } // Token is valid — serve content ``` **Bot — obtain a license token:** ``` use Supertab\Connect\SupertabConnect; $token = SupertabConnect::obtainLicenseToken( clientId: 'your_client_id', clientSecret: 'your_client_secret', resourceUrl: 'https://example.com/article/my-slug', ); $ch = curl_init('https://example.com/article/my-slug'); curl_setopt_array($ch, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => ["Authorization: License {$token}"], ]); $response = curl_exec($ch); ``` Enforcement Modes ----------------- [](#enforcement-modes) The `EnforcementMode` enum controls how `handleRequest()` responds to detected bots when a token is absent or invalid. Non-bot requests without a token are always allowed regardless of mode. Requests with an invalid token are always blocked (except in DISABLED mode). ModeBehavior`STRICT`Bots without a valid token are blocked (401/403 with `WWW-Authenticate` header). Invalid tokens from any source are rejected.`SOFT`All requests allowed. Bots without a token receive `X-RSL-Status: token_required` and `Link` headers to signal that licensing is available. Invalid tokens are still rejected.`DISABLED`All requests allowed unconditionally — no bot detection, no token verification, even if a token is present.Default is `SOFT`. --- API Reference ------------- [](#api-reference) ### `new SupertabConnect()` [](#new-supertabconnect) Creates a singleton instance. Returns the existing instance if one already exists with the same `apiKey`. Throws if an instance with a different `apiKey` already exists. ParameterTypeRequiredDefaultDescription`apiKey``string`Yes—Your Supertab Connect API key (`stc_live_...` or `stc_sandbox_...`)`enforcement``EnforcementMode`No`SOFT`How to handle missing or invalid tokens`debug``bool`No`false`Emit debug logs via `error_log()``baseUrl``?string`No`null`Set the global default base URL (same as `setBaseUrl()`)`httpClient``?HttpClientInterface`No`null`Inject a custom HTTP client (defaults to built-in cURL client)`botDetector``?BotDetectorInterface`No`null`Inject a custom bot detector (defaults to `DefaultBotDetector`)### `handleRequest(?RequestContext $context): HandlerResult` [](#handlerequestrequestcontext-context-handlerresult) Handles an incoming request end-to-end: extracts the license token from the `Authorization` header, verifies it, runs bot detection, records analytics events, and applies the enforcement mode. When a token is present, it is verified (unless DISABLED mode). When no token is present, bot detection determines whether enforcement kicks in — non-bot requests are always allowed. Returns a result object — the caller is responsible for sending HTTP headers and status codes. ParameterTypeRequiredDefaultDescription`context``?RequestContext`No`null`Request info. Defaults to `RequestContext::fromGlobals()` which reads from `$_SERVER`.**Returns:** `HandlerResult` — either `AllowResult` (action: ALLOW) or `BlockResult` (action: BLOCK, with `status`, `body`, and `headers`). When integrating with a framework, pass a `RequestContext` instead of relying on `$_SERVER`: ``` use Supertab\Connect\Http\RequestContext; $ctx = new RequestContext( url: $request->getUri(), authorizationHeader: $request->header('Authorization'), userAgent: $request->header('User-Agent'), accept: $request->header('Accept'), // used by bot detection acceptLanguage: $request->header('Accept-Language'), // used by bot detection secChUa: $request->header('Sec-CH-UA'), // used by bot detection ); $result = $connect->handleRequest($ctx); ``` ### `SupertabConnect::verify()` (static) [](#supertabconnectverify-static) Pure token verification without creating an instance. Does not apply enforcement mode or set response headers. ParameterTypeRequiredDefaultDescription`token``string`Yes—Raw JWT token (without the `License ` prefix)`resourceUrl``string`Yes—The URL being accessed`baseUrl``?string`No`null`Per-call override (does not change the global default)`debug``bool`No`false`Emit debug logs`httpClient``?HttpClientInterface`No`null`Inject a custom HTTP client**Returns:** `VerificationResult` with `valid: bool` and `error: ?string`. ``` $result = SupertabConnect::verify( token: $token, resourceUrl: 'https://example.com/article/my-slug', ); if (! $result->valid) { http_response_code(401); echo $result->error; exit; } ``` ### `$connect->verifyAndRecord()` [](#connect-verifyandrecord) Verifies a license token and records an analytics event. Requires an instance (uses the instance's `apiKey` for event recording). ParameterTypeRequiredDefaultDescription`token``string`Yes—Raw JWT token (without the `License ` prefix)`resourceUrl``string`Yes—The URL being accessed`userAgent``?string`No`null`User-Agent string for analytics**Returns:** `VerificationResult` with `valid: bool` and `error: ?string`. ``` $connect = new SupertabConnect(apiKey: 'stc_live_your_api_key'); $result = $connect->verifyAndRecord( token: $token, resourceUrl: 'https://example.com/article/my-slug', userAgent: $_SERVER['HTTP_USER_AGENT'] ?? null, ); if (! $result->valid) { http_response_code(401); echo $result->error; exit; } ``` ### `SupertabConnect::fetchLicenseXml()` (static) [](#supertabconnectfetchlicensexml-static) Fetches the RSL license XML for a merchant system from the Supertab Connect API. ParameterTypeRequiredDefaultDescription`merchantSystemUrn``string`Yes—Your merchant system URN (`urn:supertab:system:...`)`baseUrl``?string`No`null`Per-call override (does not change the global default)`httpClient``?HttpClientInterface`No`null`Inject a custom HTTP client**Returns:** `string` (the raw XML body). Throws `SupertabConnectException` on failure. ``` $xml = SupertabConnect::fetchLicenseXml( merchantSystemUrn: 'urn:supertab:system:your_system_id', ); header('Content-Type: application/rsl+xml'); echo $xml; ``` ### `SupertabConnect::obtainLicenseToken()` (static) [](#supertabconnectobtainlicensetoken-static) Obtains a license token for accessing a protected resource using the OAuth2 `client_credentials` flow. ParameterTypeRequiredDefaultDescription`clientId``string`Yes—OAuth2 client ID`clientSecret``string`Yes—OAuth2 client secret`resourceUrl``string`Yes—Full URL of the protected resource`debug``bool`No`false`Emit debug logs`httpClient``?HttpClientInterface`No`null`Inject a custom HTTP client**Returns:** `string` (the access token). Throws `SupertabConnectException` on failure. The SDK handles the full RSL flow automatically: 1. Fetches `{origin}/license.xml` from the resource URL 2. Parses content blocks and finds the best matching URL pattern (exact > path pattern > wildcard by specificity) 3. POSTs to the token endpoint using OAuth2 `client_credentials` 4. Caches the token in memory (keyed by `clientId:resourceUrl`, reused until 30s before expiry) ### `SupertabConnect::setBaseUrl()` (static) [](#supertabconnectsetbaseurl-static) Sets the global default base URL for all API requests. Useful for sandbox/testing environments. This affects all subsequent calls (both instance and static methods). ``` SupertabConnect::setBaseUrl('https://api-connect.sbx.supertab.co'); ``` ### `SupertabConnect::getBaseUrl()` (static) [](#supertabconnectgetbaseurl-static) Returns the current global default base URL. ### `SupertabConnect::resetInstance()` (static) [](#supertabconnectresetinstance-static) Clears the singleton instance, allowing a new one to be created with different configuration. --- Result Types ------------ [](#result-types) ### `HandlerResult` (returned by `handleRequest()`) [](#handlerresult-returned-by-handlerequest) PropertyTypeDescription`action``HandlerAction``ALLOW` or `BLOCK``headers``array`RSL response headers`BlockResult` adds `status: int` and `body: string`. ``` foreach ($result->headers as $name => $value) { header("{$name}: {$value}"); } if ($result instanceof BlockResult) { http_response_code($result->status); echo $result->body; exit; } // AllowResult — serve your content ``` ### `VerificationResult` (returned by `verify()`) [](#verificationresult-returned-by-verify) PropertyTypeDescription`valid``bool`Whether the token is valid`error``?string`Human-readable reason if invalid--- Debug Logging ------------- [](#debug-logging) Pass `debug: true` to the constructor or static methods to log internal steps via `error_log()`: ``` [SupertabConnect] Fetching license.xml from https://example.com/license.xml [SupertabConnect] Found 2 content block(s) [SupertabConnect] Best match: https://example.com/* (server: https://api-connect.supertab.co) [SupertabConnect] Token obtained and cached ``` ### Health Score 36 — LowBetter than 81% of packages Maintenance96 Actively maintained with recent releases Popularity8 Limited adoption so far Community6 Small or concentrated contributor base Maturity28 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 53d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/0baa8b56717561f7bf38e42ee5e6215e4f7f203808d14c52e36208ba280b72ad?d=identicon)[getsupertab](/maintainers/getsupertab) --- Top Contributors [![tomasstark](https://avatars.githubusercontent.com/u/983791?v=4)](https://github.com/tomasstark "tomasstark (29 commits)") --- Tags connectsdkjwtlicenseconnectsupertabrsl ### Code Quality TestsPHPUnit Code StylePHP\_CodeSniffer ### Embed Badge ![Health badge](/badges/getsupertab-connect-sdk-php/health.svg) ``` [![Health](https://phpackages.com/badges/getsupertab-connect-sdk-php/health.svg)](https://phpackages.com/packages/getsupertab-connect-sdk-php) ``` ### Alternatives [admad/cakephp-jwt-auth CakePHP plugin for authenticating using JSON Web Tokens 160680.3k8](/packages/admad-cakephp-jwt-auth)[generationtux/jwt-artisan JWT auth package for Laravel and Lumen 13953.1k](/packages/generationtux-jwt-artisan)[damirka/yii2-jwt Trait for easier JWT integration 6586.6k](/packages/damirka-yii2-jwt)[dmkit/phalcon-jwt-auth A simple JWT middleware for Phalcon Micro to handle stateless authentication 3541.5k](/packages/dmkit-phalcon-jwt-auth)[paulvl/jwt-guard JWT Guard for Laravel 5.\* 1518.0k1](/packages/paulvl-jwt-guard)[swoft/auth Auth component for swoft 127.2k1](/packages/swoft-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)