Statamic Private Api is a Statamic addon that enables a private REST API.
The routes should be protected by Laravel Passport, Sanctum or similar.
Features
Add's private API seperated from the Public API build into statamic.
Uses Laravel's build in auth guards, so you may use Laravel Passport, Laravel Sanctum or something else.
Permissions will foloww the permissions assigned to the user inside of Statamic.
See https://statamic.com/addons/tv2reg/laravel-passport-ui for Laravel Passport integration into Statamic.
Limitations
The Private API uses the Statamic CP controllers.
Collection Entry revisions is not implemented.
How to Install
Run the following command from your project root:
composer require tv2regionerne/statamic-private-api
Make sure you have an 'api' guard in your config/auth.php configured.
Below example is using Laravel Passport for api authentication.
'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ], 'api' => [ 'driver' => 'passport', 'provider' => 'users', ],],
Publish the config file:
php artisan vendor:publish --tag=private-api-config
Then, in /config/private-api.php enable the routes you would like to use, for example:
'resources' => [ 'collections' => true, 'navs' => false, 'taxonomies' => false, 'assets' => false, 'globals' => false, 'forms' => false, 'users' => true,],
How to Use
Update the config or env to enable private API's.
Configure your .env with the following values to enable the private API with a prefix on "api/private".
PRIVATE_API_ENABLED=truePRIVATE_API_ROUTE="api/private"
Addon endpoints in private API
Other addons can register their private API endpoints in the private API.
Consider below example which checks if the Private API addon is installed and then adds the addon's private API endpoints.
The routes will be protected by the same auth guard as the other Private API endpoints.
Authorisation and policies should be handled inside of the addon's controllers.
use Illuminate\Support\Facades\Route;use Tv2regionerne\StatamicPrivateApi\Facades\PrivateApi;if (class_exists(PrivateApi::class)) { PrivateApi::addRoute(function () { Route::prefix('/statamic-events/handlers') ->group(function () { Route::get('/', [Controller::class, 'index']); Route::get('{id}', [Controller::class, 'show']); Route::post('/', [Controller::class, 'store']); Route::patch('{id}', [Controller::class, 'update']); Route::delete('{id}', [Controller::class, 'destroy']); }); });}