GP247 - Free website solutions for businesses. [GP]247
Shop
Login

Create API (GP247)

This guide shows how to add new API endpoints in the GP247 ecosystem, including Front (customer) and Core (admin) APIs.

Conventions

  • Front API prefixGP247_API_FRONT_PREFIX
  • Core API prefixGP247_API_CORE_PREFIX
  • Auth middlewares:
    • Front (customer): auth:customer-api and ability:
      • Note: Available only when package gp247/shop is installed.
      • Default abilities: config('gp247-config.api.auth.api_scope_user')config('gp247-config.api.auth.api_scope_user_guest').
    • Core (admin): auth:admin-api and ability:
      • Default abilities: config('gp247-config.api.auth.api_scope_admin')config('gp247-config.api.auth.api_scope_admin_supper').

You can register routes in routes/web.php using the prefixes above. The packages will also auto-load their own routes; adding more with the same prefix is fine.

Public Front API (no auth)

use Illuminate\Support\Facades\Route;

Route::group([
    'prefix' => GP247_API_FRONT_PREFIX,
], function () {
    // Public endpoints under Front API prefix
    // Example: GET /{FRONT_PREFIX}/banner/list
    Route::get('banner/list', 'App\\GP247\\Front\\Api\\FrontController@getBannerList'); // Public list

    // Example: GET /{FRONT_PREFIX}/page/detail/{id}
    Route::get('page/detail/{id}', 'App\\GP247\\Front\\Api\\FrontController@getPageDetail'); // Public detail
});

Front Member API (requires gp247/shop)

use Illuminate\Support\Facades\Route;

$listAbility = [
    config('gp247-config.api.auth.api_scope_user'),
    config('gp247-config.api.auth.api_scope_user_guest'),
];

Route::group(['prefix' => GP247_API_FRONT_PREFIX], function () use ($listAbility) {
    // Login issues an access token for the customer API guard
    Route::post('login', 'App\\GP247\\Shop\\Api\\Front\\MemberAuthController@login'); // Customer login

    Route::group([
        'middleware' => [
            'auth:customer-api', // Require customer API guard
            'ability:'.implode(',', $listAbility), // Require token abilities
        ],
        'prefix' => 'member',
    ], function () {
        Route::get('order/list', 'App\\GP247\\Shop\\Api\\Front\\MemberAuthController@getOrderList'); // Secured list
        Route::get('order/detail/{id}', 'App\\GP247\\Shop\\Api\\Front\\MemberAuthController@getOrderDetail'); // Secured detail

        // Logout revokes the current token
        Route::get('logout', 'App\\GP247\\Shop\\Api\\Front\\MemberAuthController@logout'); // Customer logout
    });
});

Core Admin API

use Illuminate\Support\Facades\Route;

$listAbility = [
    config('gp247-config.api.auth.api_scope_admin'),
    config('gp247-config.api.auth.api_scope_admin_supper'),
];

Route::group([
    'prefix' => GP247_API_CORE_PREFIX,
], function () use ($listAbility) {
    // Admin login to obtain an access token
    Route::post('login', 'App\\GP247\\Core\\Api\\Controllers\\AdminAuthController@login'); // Admin login

    Route::group([
        'middleware' => [
            'auth:admin-api', // Require admin API guard
            'ability:'.implode(',', $listAbility), // Require token abilities
        ],
    ], function () {
        Route::get('logout', 'App\\GP247\\Core\\Api\\Controllers\\AdminAuthController@logout'); // Admin logout
        Route::get('info', 'App\\GP247\\Core\\Api\\Controllers\\AdminController@getInfo'); // Admin profile/info
    });
});

Notes

  • Keep guard names and middleware in the exact case shown (they are case-sensitive).
  • Make sure your token issuing logic assigns the required abilities so the ability: middleware passes.
  • If gp247/shop is not installed, customer endpoints requiring auth:customer-api will not work.