README

Extend the function of core WNCMS API. Allow multiple API token per user.

This package does not replace the core WNCMS API.
Instead, it adds extra features on top of the existing API layer, mainly focused on token management and usage logging.

Features

• Multiple API tokens per user
• Backend UI to create, edit, test, and revoke tokens
• Per-token name, remark, and expiration support (depending on your implementation)
• API token validation middleware (ValidateApiToken)
• API usage logging to a dedicated table
• Async logging via LogApiUsageJob
• Backend API logs index with filters and pagination
• Dashboard widget to display recent API usage

Requirements

• WNCMS core installed and working
• Laravel version compatible with your WNCMS core (for example Laravel 11)
• Queue worker configured if you want to process LogApiUsageJob asynchronously

Installation

Install via Composer:

composer require secretwebmaster/wncms-api

In WNCMS, go to the backend package / module management and activate the wncms-api package. Migrations and basic setup will be handled by WNCMS according to your core design.

Configuration

The package uses config/wncms-api.php.

Typical options include:

• Global enable/disable of extended API features
• Whether to log all requests using ValidateApiToken
• Default log retention / cleanup strategy (if implemented)

You can adjust these options in your main project config/wncms-api.php as needed.

Usage

1. Multiple tokens per user

Go to:

Backend => API Tokens

From there you can:

• Create tokens for any user
• Set token name, remark, and optional expiration
• Copy token value for client usage
• Revoke tokens when no longer needed

Each user can hold multiple active tokens at the same time.

2. Protect routes with API token middleware

In your main application, you can attach the middleware to routes or groups (if not already done by WNCMS core):

Route::middleware(['api', 'wncms.api_token'])->group(function () {
    // Your protected API routes
});

ValidateApiToken will:

• Read token from Authorization: Bearer {token} or other sources you defined
• Validate against api_tokens table
• Optionally dispatch LogApiUsageJob to store logs

3. API usage logs

Go to:

Backend => API Logs

You can:

• View requests using each token
• Filter by user, token, method, or path (depending on implementation)
• Use this for debugging and basic security auditing

4. Dashboard widget

After installing and activating this package, the backend dashboard may show a widget named like:

API Usage

It can display:

• Recent request count
• Simple charts or stats (depending on your Blade implementation)

Development notes

This package is designed only to extend the existing WNCMS core API layer:

• Core API controllers and routes remain inside wncms-core

• wncms-api focuses on:

  • token management UI
  • middleware-level token validation
  • usage logging
  • dashboard / reports

You can safely customize views and translations in your project if you need a different UI or language.

License

This package follows the same license as the main WNCMS project (for example, MIT), unless specified otherwise in the repository.