PHPackages                             retrochaos/trustpilot-authenticator - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [API Development](/categories/api)
4. /
5. retrochaos/trustpilot-authenticator

ActiveLibrary[API Development](/categories/api)

retrochaos/trustpilot-authenticator
===================================

A PHP library for obtaining Trustpilot API access tokens

2.0.0(5mo ago)0242MITPHPPHP &gt;= 8.2

Since Feb 20Pushed 5mo agoCompare

[ Source](https://github.com/RetroChaos/TrustpilotAuthenticator)[ Packagist](https://packagist.org/packages/retrochaos/trustpilot-authenticator)[ RSS](/packages/retrochaos-trustpilot-authenticator/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (4)Dependencies (2)Versions (7)Used By (2)

Trustpilot Authenticator
========================

[](#trustpilot-authenticator)

A PHP library for obtaining access tokens for the [Trustpilot Business User OAuth API](https://developers.trustpilot.com/authentication).

Originally developed and open-sourced by [moneymaxim](https://www.moneymaxim.co.uk).

Fully modernised to:

- Use **Symfony HTTP Client**
- Support **all current Trustpilot OAuth grant types**
- Provide **type-safe error handling**
- Provide **refresh &amp; revoke** support

Install
-------

[](#install)

Install via [Composer](https://getcomposer.org/):

```
composer require retrochaos/trustpilot-authenticator
```

The package has no external dependencies other than Symfony’s HTTP client (automatically installed).

Supported OAuth Flows
---------------------

[](#supported-oauth-flows)

This library supports all Trustpilot Business OAuth grant types:

FlowMethodPassword (legacy, deprecated but still works for old apps)`requestPasswordAccessToken()`Client Credentials (server-to-server)`requestClientCredentialsAccessToken()`Authorization Code (interactive user login)`requestAuthorizationCodeAccessToken()`Refresh Token`refreshAccessToken()`Revoke Refresh Token`revokeRefreshToken()`Build Authorization URL`buildAuthorizationUrl()`Usage
-----

[](#usage)

### Create the authenticator

[](#create-the-authenticator)

```
use Trustpilot\Api\Authenticator\Authenticator;

$authenticator = new Authenticator();
```

### 1. Password Grant (Deprecated by Trustpilot)

[](#1-password-grant-deprecated-by-trustpilot)

Useful only for older Trustpilot applications pre-February 2025.

```
$token = $authenticator->requestPasswordAccessToken(
    $apiKey,
    $apiSecret,
    $username,
    $password
);

$token->getToken();           // string
$token->getExpiry();          // DateTimeInterface
$token->getRefreshToken();    // ?string
```

The alias `getAccessToken()` still works for backwards compatibility.

### 2. Client Credentials Grant (Recommended)

[](#2-client-credentials-grant-recommended)

Best for server-to-server integrations.

```
$token = $authenticator->requestClientCredentialsAccessToken(
    $apiKey,
    $apiSecret
);
```

### 3. Authorization Code Grant (Interactive User Login)

[](#3-authorization-code-grant-interactive-user-login)

#### Step 1 — Redirect the user to login

[](#step-1--redirect-the-user-to-login)

```
$url = $authenticator->buildAuthorizationUrl(
    $apiKey,
    $redirectUri,
    $state = 'optional-state',
    ['business-user-access-read', 'another-scope']
);

// Redirect the browser:
header("Location: $url");
exit;
```

#### Step 2 — Exchange the returned `code` for a real access token

[](#step-2--exchange-the-returned-code-for-a-real-access-token)

```
$token = $authenticator->requestAuthorizationCodeAccessToken(
    $apiKey,
    $apiSecret,
    $_GET['code'],
    $redirectUri
);
```

### 4. Refresh an Access Token

[](#4-refresh-an-access-token)

```
$newToken = $authenticator->refreshAccessToken(
    $apiKey,
    $apiSecret,
    $oldToken->getRefreshToken()
);
```

### 5. Revoke a Refresh Token

[](#5-revoke-a-refresh-token)

```
$authenticator->revokeRefreshToken($refreshToken);
```

### 6. buildAuthorizationUrl()

[](#6-buildauthorizationurl)

`buildAuthorizationUrl()` constructs a Trustpilot-compatible login URL for the **Authorization Code** OAuth flow.

#### Signature

[](#signature)

```
public function buildAuthorizationUrl(
    string $clientId,
    string $redirectUri,
    ?string $state = null,
    array $scopes = []
): string
```

#### Parameters

[](#parameters)

ParameterDescription`clientId`Your Trustpilot API key`redirectUri`URL that Trustpilot redirects the user back to`state`Optional anti-CSRF or session identifier`scopes`Optional list of OAuth scopes as an array of strings#### Example

[](#example)

```
$url = $authenticator->buildAuthorizationUrl(
    $apiKey,
    'https://example.com/oauth/callback',
    'session-123',
    ['business-user-access-read']
);

echo $url;
```

Example output:

```
https://authenticate.trustpilot.com?client_id=YOUR_KEY&redirect_uri=https%3A%2F%2Fexample.com%2Foauth%2Fcallback&response_type=code&state=session-123&scope=business-user-access-read

```

#### What you do with it

[](#what-you-do-with-it)

- Redirect the user to the URL
- Trustpilot handles login
- Trustpilot redirects them back to your app with `?code=...`
- Exchange that code using `requestAuthorizationCodeAccessToken()`

Error Handling
--------------

[](#error-handling)

All errors throw a single exception type:

```
use Trustpilot\Api\Authenticator\AuthenticatorException;

try {
    $token = $authenticator->requestClientCredentialsAccessToken($apiKey, $apiSecret);
} catch (AuthenticatorException $e) {
    // Network errors
    // Invalid credentials
    // Invalid OAuth grant
    // HTTP 4xx/5xx
    // Malformed responses
    echo $e->getMessage();
}
```

### AccessToken Object

[](#accesstoken-object)

Every method returns an `AccessToken` instance:

```
$token->getToken();        // string
$token->getExpiry();       // DateTimeInterface
$token->getRefreshToken(); // ?string
$token->isExpired();       // bool
```

Tests
-----

[](#tests)

A full PHPUnit test harness is included and covers:

- Successful authentication flows
- Error codes (400/401/403/500)
- Network exceptions
- Refresh &amp; revoke
- Authorization URL generation

Run tests with:

```
vendor/bin/phpunit
```

License
-------

[](#license)

MIT License — feel free to use, modify, and contribute.

###  Health Score

40

—

FairBetter than 87% of packages

Maintenance74

Regular maintenance activity

Popularity8

Limited adoption so far

Community12

Small or concentrated contributor base

Maturity58

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 66.7% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~159 days

Total

5

Last Release

172d ago

Major Versions

1.0.3 → 2.0.02025-11-18

PHP version history (2 changes)1.0.0PHP ^7.4 | ^8.0

2.0.0PHP &gt;= 8.2

### Community

Maintainers

![](https://www.gravatar.com/avatar/205cfb375a050d5402c605535bfa86babb26fff77dd01ba8deb49a4aaa1bc888?d=identicon)[RetroChaos](/maintainers/RetroChaos)

---

Top Contributors

[![RetroChaos](https://avatars.githubusercontent.com/u/1346654?v=4)](https://github.com/RetroChaos "RetroChaos (2 commits)")[![AndrewCarterUK](https://avatars.githubusercontent.com/u/6486835?v=4)](https://github.com/AndrewCarterUK "AndrewCarterUK (1 commits)")

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/retrochaos-trustpilot-authenticator/health.svg)

```
[![Health](https://phpackages.com/badges/retrochaos-trustpilot-authenticator/health.svg)](https://phpackages.com/packages/retrochaos-trustpilot-authenticator)
```

###  Alternatives

[temporal/sdk

Temporal SDK

4002.2M18](/packages/temporal-sdk)[storyblok/php-content-api-client

PHP Client for Storyblok Content API

11136.8k4](/packages/storyblok-php-content-api-client)[storyblok/php-management-api-client

Storyblok PHP Client for Management API

1224.4k1](/packages/storyblok-php-management-api-client)[smnandre/pagespeed-api

PageSpeed Insight PHP Api Client 🚀 Analyse web pages for performances metrics, core web vitals...

1511.5k](/packages/smnandre-pagespeed-api)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)