Technical Blog about Joomla API
- Details
- Written by: Mr Alexandre J-S William ELISÉ
- Category: API Technical Blog
SuperUser is not mandatory since 2020. According to this pull request from George Wilson Pull request 29649
We could instead follow this procedure to give the least permissions possible:
1. Create custom Joomla Usergroup called Web Service.
2. Add a specific user to it, let's say for example api-read-only-001
3. Configure user token plugin and add Web Service Usergroup.
4. Configure Web Service Usergroup with Api Login permission.
5. And for additional permissions, to mimic a RBAC (Role Based Access Control) system with Joomla, you can provide each additional permissions associated with a single group added to each user for whom we want to add this permission.(This was extensively shown in Randy CAREY talk at JWC 16 Joomla World Conference 2016 which is still relevant today Joomla World Conference 2016 - Randy Carey talk - RBAC with Joomla)
In our example it would be user api-read-only in Web Service Usergroup and Registered Usergroup to be able to login in Frontend and get it's Joomla Api Token in their user profile.
As at the moment, as far as I know, there is no way to do it programmaticaly with for example POST /api/v2/auth/token API auth route or CLI Console command user:auth:token to ask for example for a time-bound fined-grained token.
VIDEO
- Details
- Written by: Mr Alexandre J-S William ELISÉ
- Category: API Technical Blog
- Also available:
Here is the screenshot of the result:
Read more: ANNOUNCEMENT - CSV...
- Details
- Written by: Mr Alexandre J-S William ELISÉ
- Category: API Technical Blog
- Also available:
Example of basic Joomla! 4 component implementing Web Services in Joomla! 4
Mainly for tech savvy people in your team, developers, or DIY afficionado whom wants to create their own component themselves.
Works with curl, Guzzle, Postman and other HTTP clients like joomla/http composer package
- Details
- Written by: Mr Alexandre J-S William ELISÉ
- Category: API Technical Blog
- Also available:
I more or less recently stumbled upon the "headless CMS" thing where the actual content is completely separated from the actions one can do to "manipulate" or "act on" the content using an API.