API Response Trait
Much of modern PHP development requires building API’s, whether simply to provide data for a javascript-heavy single page application, or as a standalone product. CodeIgniter provides an API Response trait that can be used with any controller to make common response types simple, with no need to remember which HTTP status code should be returned for which response types.
Example Usage
The following example shows a common usage pattern within your controllers.
<?php
namespace App\Controllers;
use CodeIgniter\API\ResponseTrait;
use CodeIgniter\Controller;
class Users extends Controller
{
use ResponseTrait;
public function createUser()
{
$model = new UserModel();
$user = $model->save($this->request->getPost());
// Respond with 201 status code
return $this->respondCreated();
}
}
In this example, an HTTP status code of 201 is returned, with the generic status message, ‘Created’. Methods exist for the most common use cases:
<?php
// Generic response method
$this->respond($data, 200);
// Generic failure response
$this->fail($errors, 400);
// Item created response
$this->respondCreated($data);
// Item successfully deleted
$this->respondDeleted($data);
// Command executed by no response required
$this->respondNoContent($message);
// Client isn't authorized
$this->failUnauthorized($description);
// Forbidden action
$this->failForbidden($description);
// Resource Not Found
$this->failNotFound($description);
// Data did not validate
$this->failValidationError($description);
// Resource already exists
$this->failResourceExists($description);
// Resource previously deleted
$this->failResourceGone($description);
// Client made too many requests
$this->failTooManyRequests($description);
Handling Response Types
When you pass your data in any of these methods, they will determine the data type to format the results as based on the following criteria:
If data is a string, it will be treated as HTML to send back to the client.
If data is an array, it will be formatted according to the controller’s
$this->formatvalue. If that is empty, it will try to negotiate the content type with what the client asked for, defaulting to JSON if nothing else has been specified within Config/Format.php, the$supportedResponseFormatsproperty.
To define the formatter that is used, edit Config/Format.php. The $supportedResponseFormats contains a list of
mime types that your application can automatically format the response for. By default, the system knows how to
format both XML and JSON responses:
<?php
namespace Config;
use CodeIgniter\Config\BaseConfig;
class Format extends BaseConfig
{
public $supportedResponseFormats = [
'application/json',
'application/xml',
];
// ...
}
This is the array that is used during Content Negotiation to determine which type of response to return. If no matches are found between what the client requested and what you support, the first format in this array is what will be returned.
Next, you need to define the class that is used to format the array of data. This must be a fully qualified class
name, and the class must implement CodeIgniter\Format\FormatterInterface. Formatters come out of the box that
support both JSON and XML:
<?php
namespace Config;
use CodeIgniter\Config\BaseConfig;
class Format extends BaseConfig
{
public $formatters = [
'application/json' => \CodeIgniter\Format\JSONFormatter::class,
'application/xml' => \CodeIgniter\Format\XMLFormatter::class,
];
// ...
}
So, if your request asks for JSON formatted data in an Accept header, the data array you pass any of the
respond* or fail* methods will be formatted by the CodeIgniter\Format\JSONFormatter class. The resulting
JSON data will be sent back to the client.
Class Reference
- setResponseFormat($format)
- Parameters
$format (
string) – The type of response to return, eitherjsonorxml
This defines the format to be used when formatting arrays in responses. If you provide a
nullvalue for$format, it will be automatically determined through content negotiation.
<?php
return $this->setResponseFormat('json')->respond(['error' => false]);
- respond($data[, $statusCode = 200[, $message = '']])
- Parameters
$data (
mixed) – The data to return to the client. Either string or array.$statusCode (
int) – The HTTP status code to return. Defaults to 200$message (
string) – A custom “reason” message to return.
This is the method used by all other methods in this trait to return a response to the client.
The
$dataelement can be either a string or an array. By default, a string will be returned as HTML, while an array will be run through json_encode and returned as JSON, unless Content Negotiation determines it should be returned in a different format.If a
$messagestring is passed, it will be used in place of the standard IANA reason codes for the response status. Not every client will respect the custom codes, though, and will use the IANA standards that match the status code.Note
Since it sets the status code and body on the active Response instance, this should always be the final method in the script execution.
- fail($messages[, int $status = 400[, string $code = null[, string $message = '']]])
- Parameters
$messages (
mixed) – A string or array of strings that contain error messages encountered.$status (
int) – The HTTP status code to return. Defaults to 400.$code (
string) – A custom, API-specific, error code.$message (
string) – A custom “reason” message to return.
- Returns
A multi-part response in the client’s preferred format.
The is the generic method used to represent a failed response, and is used by all of the other “fail” methods.
The
$messageselement can be either a string or an array of strings.The
$statusparameter is the HTTP status code that should be returned.Since many APIs are better served using custom error codes, a custom error code can be passed in the third parameter. If no value is present, it will be the same as
$status.If a
$messagestring is passed, it will be used in place of the standard IANA reason codes for the response status. Not every client will respect the custom codes, though, and will use the IANA standards that match the status code.The response is an array with two elements:
errorandmessages. Theerrorelement contains the status code of the error. Themessageselement contains an array of error messages. It would look something like:<?php $response = [ 'status' => 400, 'code' => '321a', 'messages' => [ 'Error message 1', 'Error message 2', ], ];
- respondCreated($data = null[, string $message = ''])
- Parameters
$data (
mixed) – The data to return to the client. Either string or array.$message (
string) – A custom “reason” message to return.
- Returns
The value of the Response object’s send() method.
Sets the appropriate status code to use when a new resource was created, typically 201:
<?php $user = $userModel->insert($data); return $this->respondCreated($user);
- respondDeleted($data = null[, string $message = ''])
- Parameters
$data (
mixed) – The data to return to the client. Either string or array.$message (
string) – A custom “reason” message to return.
- Returns
The value of the Response object’s send() method.
Sets the appropriate status code to use when a new resource was deleted as the result of this API call, typically 200.
<?php $user = $userModel->delete($id); return $this->respondDeleted(['id' => $id]);
- respondNoContent(string $message = 'No Content')
- Parameters
$message (
string) – A custom “reason” message to return.
- Returns
The value of the Response object’s send() method.
Sets the appropriate status code to use when a command was successfully executed by the server but there is no meaningful reply to send back to the client, typically 204.
<?php sleep(1); return $this->respondNoContent();
- failUnauthorized(string $description = 'Unauthorized'[, string $code = null[, string $message = '']])
- Parameters
$description (
string) – The error message to show the user.$code (
string) – A custom, API-specific, error code.$message (
string) – A custom “reason” message to return.
- Returns
The value of the Response object’s send() method.
Sets the appropriate status code to use when the user either has not been authorized, or has incorrect authorization. Status code is 401.
<?php return $this->failUnauthorized('Invalid Auth token');
- failForbidden(string $description = 'Forbidden'[, string $code=null[, string $message = '']])
- Parameters
$description (
string) – The error message to show the user.$code (
string) – A custom, API-specific, error code.$message (
string) – A custom “reason” message to return.
- Returns
The value of the Response object’s send() method.
Unlike
failUnauthorized(), this method should be used when the requested API endpoint is never allowed. Unauthorized implies the client is encouraged to try again with different credentials. Forbidden means the client should not try again because it won’t help. Status code is 403.<?php return $this->failForbidden('Invalid API endpoint.');
- failNotFound(string $description = 'Not Found'[, string $code=null[, string $message = '']])
- Parameters
$description (
string) – The error message to show the user.$code (
string) – A custom, API-specific, error code.$message (
string) – A custom “reason” message to return.
- Returns
The value of the Response object’s send() method.
Sets the appropriate status code to use when the requested resource cannot be found. Status code is 404.
<?php return $this->failNotFound('User 13 cannot be found.');
- failValidationErrors($errors[, string $code=null[, string $message = '']])
- Parameters
$errors (
mixed) – The error message or array of messages to show the user.$code (
string) – A custom, API-specific, error code.$message (
string) – A custom “reason” message to return.
- Returns
The value of the Response object’s send() method.
Sets the appropriate status code to use when data the client sent did not pass validation rules. Status code is typically 400.
<?php return $this->failValidationErrors($validation->getErrors());
- failResourceExists(string $description = 'Conflict'[, string $code=null[, string $message = '']])
- Parameters
$description (
string) – The error message to show the user.$code (
string) – A custom, API-specific, error code.$message (
string) – A custom “reason” message to return.
- Returns
The value of the Response object’s send() method.
Sets the appropriate status code to use when the resource the client is trying to create already exists. Status code is typically 409.
<?php return $this->failResourceExists('A user already exists with that email.');
- failResourceGone(string $description = 'Gone'[, string $code=null[, string $message = '']])
- Parameters
$description (
string) – The error message to show the user.$code (
string) – A custom, API-specific, error code.$message (
string) – A custom “reason” message to return.
- Returns
The value of the Response object’s send() method.
Sets the appropriate status code to use when the requested resource was previously deleted and is no longer available. Status code is typically 410.
<?php return $this->failResourceGone('That user has been previously deleted.');
- failTooManyRequests(string $description = 'Too Many Requests'[, string $code=null[, string $message = '']])
- Parameters
$description (
string) – The error message to show the user.$code (
string) – A custom, API-specific, error code.$message (
string) – A custom “reason” message to return.
- Returns
The value of the Response object’s send() method.
Sets the appropriate status code to use when the client has called an API endpoint too many times. This might be due to some form of throttling or rate limiting. Status code is typically 400.
<?php return $this->failTooManyRequests('You must wait 15 seconds before making another request.');
- failServerError(string $description = 'Internal Server Error'[, string $code = null[, string $message = '']])
- Parameters
$description (
string) – The error message to show the user.$code (
string) – A custom, API-specific, error code.$message (
string) – A custom “reason” message to return.
- Returns
The value of the Response object’s send() method.
Sets the appropriate status code to use when there is a server error.
<?php return $this->failServerError('Server error.');