PHPackages                             verzth/tcx-client - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. verzth/tcx-client

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

verzth/tcx-client
=================

TCX Client - Add-on for Authentication Module for Client-Server Transaction (One Way - Two Way)

1.1.0(6y ago)015MITPHPPHP &gt;=7.0

Since Jan 31Pushed 6y ago1 watchersCompare

[ Source](https://github.com/verzth/tcx-client)[ Packagist](https://packagist.org/packages/verzth/tcx-client)[ RSS](/packages/verzth-tcx-client/feed)WikiDiscussions master Synced yesterday

READMEChangelogDependencies (6)Versions (3)Used By (0)

TCX Client compatibility TCX v3.0.0 - Authentication Module for Client-Server Transaction (One Way - Two Way).
==============================================================================================================

[](#tcx-client-compatibility-tcx-v300---authentication-module-for-client-server-transaction-one-way---two-way)

### TCX is authentication module to secure API Server.

[](#tcx-is-authentication-module-to-secure-api-server)

It's adapt OAuth2 scheme, but it use more simplify scheme which provide authentication for client-server without need to define scopes.

1. Authentication Type, TCX support three ways authentication type:

    - **One Way Transaction Code (OWTC)**: Client only need to use **app\_id** and **app\_public** to access Server APIs.
    - **Two Way Transaction Code (TWTC)**: Client has to use **app\_id** and **app\_public** to get access token, then it can be used to access APIs.
    - **Free Transaction Code (FTC)**: Client use master token to access APIs, without need to request token for every requests. You need to generate Master token manually.

    Client need to specify type by sending **X-TCX-TYPE** header in every APIs request.
2. How to generate credentials:

    - **app\_pass** or **X-TCX-APP-PASS**, it can be generate by hashing plain of joined token (param, time, or none), application public key, and client dynamic token with SHA1. Client need to append the given dynamic token to hash result by splitting with **colon (:)**symbol, then encrypt it with base64.
        - Param base

            Sample Parameter:

            ```
            abc=123
            _xyz=789
            foo=bar
            def=456
            bar=ghi

            ```

            Expected Token:

            ```
            _xyz=789&abc=123&bar=ghi&def=456&foo=bar

            ```
        - Time base

            ```
            tcx_datetime=YYYYMMDDHHmmss

            ```

            Sample

            ```
            tcx_datetime=20181230235959 // For 23:59:59, 30 December 2018

            ```
        - None, just using application password and client dynamic token.
    - **token** or **X-TCX-TOKEN**, it's provided when Client authorizing to server, but you need to encrypt it with base64.
3. Authentication Headers.

    - Type **OWTC**:
        - **'X-TCX-TYPE'**: **'OWTC'**.
        - **'X-TCX-APP-ID'**: Client ID.
        - **'X-TCX-APP-PASS'**: Client Password.
    - Type **TWTC**:
        - **'X-TCX-TYPE'**: **'TWTC'**.
        - **'X-TCX-APP-ID'**: Client ID.
        - **'X-TCX-APP-PASS'**: Client Password.
        - **'X-TCX-TOKEN'**: Access Token, obtained by doing authorization.
    - Type **FTC**:
        - **'X-TCX-TYPE'**: **'FTC'**.
        - **'X-TCX-APP-ID'**: Client ID.
        - **'X-TCX-APP-PASS'**: Client Password.
        - **'X-TCX-TOKEN'**: Master Access Token.
4. Available Function.

    - **getID()** - Get Application ID.
    - **getSecret()** - Get Application Secret Key.
    - **getPublic()** - Get Application Public Key.
    - **getTokenType()** - Get Token authorization type mode.
    - **isDebug()** - Check debugging status.
    - **getTCXPass(&amp;$params)** - Get Application Password.
    - **getTCXMasterKey($encrypt=false)** - Get Master Token key.
    - **getTCXAccess($pass, $datetime=false, $encrypt=false)** - Get Access Token key.
5. Response Status.

    StatusNumberCodeMessageNote0705000TCXREQTCX Authentication RequiredProvide Authentication Header0205001TCXRJCTCX Authentication RejectedX-TCX-Type not supported or disabled0405002TCXAFXTCX Authentication FailedX-TCX-App-ID not found, invalid, or inactive0505003TCXPFXTCX Pass did not matchX-TCX-App-Pass not passed, crosscheck point 20505004TCXMKFTCX Master Key did not validCheck the master access key (Only FTC)0505005TCXTFXTCX Token did not validCheck the access key (Only TWTC)Sample Response:

    ```
    {
        "status": 0,
        "status_code": "TCXREQ",
        "status_number": "705000",
        "status_message": "TCX Authentication Required"
    }

    ```

###  Health Score

25

—

LowBetter than 37% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity6

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity56

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~196 days

Total

2

Last Release

2462d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/b59199dc7b63a65035b5521fc93d4fcbf8f921d51869f48c2875932ec4ec44e0?d=identicon)[verzth](/maintainers/verzth)

---

Top Contributors

[![verzth](https://avatars.githubusercontent.com/u/9104511?v=4)](https://github.com/verzth "verzth (3 commits)")

---

Tags

laravelAuthenticationtcxowtctwtcftc

### Embed Badge

![Health badge](/badges/verzth-tcx-client/health.svg)

```
[![Health](https://phpackages.com/badges/verzth-tcx-client/health.svg)](https://phpackages.com/packages/verzth-tcx-client)
```

###  Alternatives

[tymon/jwt-auth

JSON Web Token Authentication for Laravel and Lumen

11.5k49.1M350](/packages/tymon-jwt-auth)[php-open-source-saver/jwt-auth

JSON Web Token Authentication for Laravel and Lumen

8359.8M53](/packages/php-open-source-saver-jwt-auth)[laragear/two-factor

On-premises 2FA Authentication for out-of-the-box.

339785.3k8](/packages/laragear-two-factor)[hasinhayder/tyro

Tyro - The ultimate Authentication, Authorization, and Role &amp; Privilege Management solution for Laravel 12 &amp; 13

6712.1k2](/packages/hasinhayder-tyro)[alajusticia/laravel-logins

Session management in Laravel apps, user notifications on new access, support for multiple separate remember tokens, IP geolocation, User-Agent parser

2011.0k](/packages/alajusticia-laravel-logins)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)