How-To Guides

​

Setup

• Configure Apivalk — bootstrap the framework, register middlewares, and how to extend the configuration in larger apps.

​

Your first endpoints

• Build a public endpoint (GET /health) — the shortest possible controller + request + response.
• Build a protected CRUD surface with resources — an Animal resource across all five CRUD endpoints with ~100 lines of code.
• Build a full CRUD surface without resources — the four-controller / four-request / four-response variant when you need full control.

​

Shaping requests and responses

• Model complex objects with PropertyCollection — nested objects, arrays of objects, and reusable shapes.

​

Security

• Authenticate, authorize, and inspect identity — how authenticator, identity, route authorization, and middleware fit together.
• Authenticate with JWT (JWKS) — wire up JwtAuthenticator against an OAuth2 provider.
• Authenticate with a custom API key header — implement AuthenticatorInterface for X-Api-Key.

​

List endpoint features

• Add filtering — declare typed filters and consume them in a controller.
• Add sorting — declare sortable fields and read the resolved SortBag.
• Add pagination — page, offset, and cursor strategies, with response envelopes.
• Add rate limiting — per-IP limits and custom strategies.

​

Extending Apivalk

• Write a custom middleware — the MiddlewareInterface contract, ordering, and request/response mutation.
• Generate OpenAPI and request docblocks — a small PHP script you can drop in bin/ to render openapi.json and generate IDE autocomplete shapes.