PHPackages wassa/apikey-authenticator-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [API Development](/categories/api) 4. / 5. wassa/apikey-authenticator-bundle ActiveSymfony-bundle[API Development](/categories/api) wassa/apikey-authenticator-bundle ================================= Wassa ApiKeyAuthenticatorBundle 1.0.3(6y ago)0243MITPHPPHP ^5.5|^7.0 Since Nov 25Pushed 6y ago1 watchersCompare [ Source](https://github.com/wassafr/apikey-authenticator-bundle)[ Packagist](https://packagist.org/packages/wassa/apikey-authenticator-bundle)[ Docs](http://wassa.io)[ RSS](/packages/wassa-apikey-authenticator-bundle/feed)WikiDiscussions master Synced yesterday READMEChangelog (2)Dependencies (2)Versions (5)Used By (0) Wassa API Key Authenticor Bundle ================================ [](#wassa-api-key-authenticor-bundle) The Symfony website has a great tutorial on how to [create an API token authentication system](https://symfony.com/doc/current/security/guard_authentication.html). It's crystal clear and very easy to reproduce. From our point of view though, it has 2 main issues: 1. If you have a lot of projects (which is our case at Wassa), it can be quite time consuming to reproduce it for every single project 2. The tutorial is more targeted toward what we call "multi-users" environment, in which a single API is linked to a single user. This bundle aims to address these 2 issues. Requirements ------------ [](#requirements) - Symfony 2.8 Installation ------------ [](#installation) First run: ``` composer require wassa/apikey-authenticator-bundle ``` Then update `AppKernel.php`: ``` ... new Wassa\ApiKeyAuthenticatorBundle\WassaApiKeyAuthenticatorBundle(), ... ``` The API key must be stored in `var/private/api.key`. You can create the file yourself or use the built-in command to create a key: ``` mkdir -p var/private php bin/console apikey-authenticator:create-key [apiKey] [-s size] ``` If you don't provide an API key, the command will use the default generator (see "Creating your own generator") to create a random key. The default size for the random key is 32 chars but can be configured (see "Configuration") or manually set it with the `-s` switch. Remember to set correct permissions on the key file so that it is readable only by the webserver. Configuration ------------- [](#configuration) The bundle works without any special configuration. Add and edit the following block to `config.yml` if necessary: ``` wassa_api_key_authenticator: role: 'ROLE_API' # Role that will be assigned to authenticated requests name: 'x-api-key' # Name of the "field" that must contain the API key location: 'all' # Where to look for the API key in the request generator: 'wassa_api_key_authenticator.random_generator' # Generator to use to generate the API key key_size: 32 # Size of the generated API key ``` The `name` parameter specify the name of the "field" in the request containing the API key. The `location` parameter specifies which "field" to look for the API key in the request: - `headers`: look for an HTTP header - `query`: look for a query parameter - `body`: look for a POST data parameter - `all`: look for all above and returns the first found (in order above) `location` can be a combination of different values, for example `'headers&query'` to look in headers and query but not in the body. Then edit `security.yml`: ``` ... providers: api_key_provider: id: wassa_api_key_authenticator.user_provider ... firewalls: ... main: ... guard: authenticators: - wassa_api_key_authenticator.authenticator ... access_control: ... - { path: ^/api, roles: ROLE_API } ... ``` Be sure that `access_control` is configured with the same role as in `config.yml`. Creating your own API key generator ----------------------------------- [](#creating-your-own-api-key-generator) If you need your API key to be a bit more complex than a series of X chars, you can create your own generator. In order to do that, just create a service that implements `ApiKeyGeneratorInterface` and write your own logic in the `generate()` method. Then configure the bundle in `config.yml`: ``` wassa_api_key_authenticator: ... generator: 'app.my_generator' ``` Composer post-install script ---------------------------- [](#composer-post-install-script) You can automate the creation of the API key by including the built-in post-install script in your `composer.json`: ``` "scripts": { "post-install-cmd": [ ... "Wassa\\ApiKeyAuthenticatorBundle\\Composer\\ScriptHandler::generateApiKey" ] }, "extra": { ... "apikey-size": 128 } ``` `apikey-size` is optional, if you don't specify it, the key will be created with the configured key size. Also, if an API key already exists, it will not be overriden. Managing multiple API keys -------------------------- [](#managing-multiple-api-keys) For now our bundle handles only one API key, that's what it was made for in the first place so it's OK. If you want to handle multiple keys, then you can just follow these easy steps: - Create your own User class that implements our `ApiKeyUserInterface` and provide an implementation for `getApiKey()` - Create your own UserProvider class or use one that suits you (like FOSUserBundle). [This part](https://symfony.com/doc/current/security/guard_authentication.html#create-a-user-and-a-user-provider) of the tutorial can help you to do that. ### Health Score 28 — LowBetter than 54% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity11 Limited adoption so far Community7 Small or concentrated contributor base Maturity61 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~260 days Total 4 Last Release 2311d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/877eda4ea7a283f6586e4bb72bba182e3f0267dda97e7d42157b178cdc55d832?d=identicon)[wassafr](/maintainers/wassafr) --- Top Contributors [![wassafr](https://avatars.githubusercontent.com/u/10235180?v=4)](https://github.com/wassafr "wassafr (4 commits)") --- Tags api ### Embed Badge ![Health badge](/badges/wassa-apikey-authenticator-bundle/health.svg) ``` [![Health](https://phpackages.com/badges/wassa-apikey-authenticator-bundle/health.svg)](https://phpackages.com/packages/wassa-apikey-authenticator-bundle) ``` ### Alternatives [nanofelis/json-rpc-bundle This bundle provides a JSON RPC 2.0 implementation for Symfony 1176.1k](/packages/nanofelis-json-rpc-bundle)[stfalcon-studio/api-bundle Base classes and helper services to build API application via Symfony. 1032.1k](/packages/stfalcon-studio-api-bundle)[codag/predictionio-bundle Symfony2 Bundle for PredictionIO integration 104.6k1](/packages/codag-predictionio-bundle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)