PHP API Reference
PHP API Reference
#Overview
The Magic admin PHP SDK is your entry-point to secure, passwordless authentication for your application. This guide will cover some important topics for getting started with the PHP SDK and to make the most of Magic's features.
#Getting Started
The Magic class is the entry-point to the Magic SDK. It must be instantiated with a Magic secret key.
#Installation
01composer require magiclabs/magic-admin-php
#Constructor
#new \MagicAdmin\Magic()
Parameter | Type | Definition |
| str | Your secret API Key retrieved from the Magic Dashboard. |
| num | Total number of retries to allow. |
| num | A period of time the request is going to wait for a response. |
| num | A backoff factor to apply between retry attempts. |
#Initialization
01$magic = new \MagicAdmin\Magic(
02 '<SECRET_API_KEY>',
03 5,
04 5,
05 0.01,
06);
#Token Resource
The token resource and its methods are accessible on the Magic instance by the token
attribute. It provides methods to interact with the DID Token.
The token resource does not make any API calls to the Magic server.
01$magic = new \MagicAdmin\Magic('<SECRET_API_KEY>');
02
03$magic->token
04$magic->token->get_issuer
05$magic->token->get_public_address
06$magic->token->decode
07$magic->token->validate
#get_issuer
Extracts the iss
from the DID Token.
01token.get_issuer(did_token);
#Arguments
did_token
(str): A DID Token generated by a Magic User on the client-side
#Raises
DIDTokenException
if the given DID Token is malformed
#Returns
- A Decentralized ID (
iss
) of the Magic user who generated the DID Token
#get_public_address
Gets the cryptographic public address of the Magic User who generated the supplied DID Token.
01token.get_public_address(did_token);
#Arguments
did_token
(str): A DID Token generated by a Magic user on the client-side
#Raises
DIDTokenException
if the given DID Token is malformed
#Returns
- A public address of the Magic User who generated the DID Token. Currently, this value is associated with the Ethereum blockchain.
#decode
Decodes a DID Token from a Base64 string into a tuple of its individual components: proof
and claim
. This method allows you decode the DID Token and inspect the token. You can apply your own rules and validations on top of the current token.validate method.
01token.decode(did_token);
#Arguments
did_token
(str): A DID Token generated by a Magic user on the client-side
#Raises
DIDTokenException
if the given DID Token is malformed
#Returns
proof
(str): A digital signature that proves the validity of the givenclaim
claim
(array): Unsigned data the user asserts. This should equal theproof
after Elliptic Curve recovery. See Decentralized Token Specification for fields inside theclaim
.
#validate
Validates a DID token.
01token.validate(did_token);
#Arguments
did_token
(str): A DID Token generated by a Magic user on the client-side
#Raises
DIDTokenException
if the given DID Token is invalid or malformed
#Returns
- None
#User Resource
The user resource and its methods are accessible on the Magic instance by the user
attribute. It provides methods to interact with the User.
01$magic = new \MagicAdmin\Magic('<SECRET_API_KEY>');
02
03$magic->user
04$magic->user->get_metadata_by_issuer
05$magic->user->get_metadata_by_public_address
06$magic->user->get_metadata_by_token
07$magic->user->logout_by_issuer
08$magic->user->logout_by_public_address
09$magic->user->logout_by_token
#get_metadata_by_issuer
Retrieves information about the user by the supplied iss
from the DID Token. This method is useful if you store the iss
with your user data, which is recommended.
01user.get_metadata_by_issuer(issuer);
#Arguments
issuer
(str): The user's Decentralized ID, which can be parsed using token.get_issuer
#Raises
RateLimitingException
: If you have sent too many requests within a given period of timeBadRequestException
: If the supplied parameters are invalidAuthenticationException
: If your API secret key cannot be authenticated with Magic API serverForbiddenException
: If your API secret key is not authorized to access the resourcesApiException
: For any other API errorApiConnectionException
: If your server cannot communicate with the Magic server. Normally this is a network communication error.
See Error Handling for more examples.
#Returns
- A
MagicResponse
: Thedata
field contains all of the user meta information.issuer
(str): The user's Decentralized IDpublic_address
(str): The authenticated user's public address (a.k.a.: public key). Currently, this value is associated with the Ethereum blockchain.email
(str): The user's email addressphone_number
(str): The user's phone numberoauth_provider
(str): OAuth provider, if anywallets
(arr): Array of user's wallet addresses
#get_metadata_by_public_address
Retrieves information about the user by the supplied public_address
. This method is useful if you store the public_address
with your user data.
01user.get_metadata_by_public_address(public_address);
#Arguments
public_address
(str): The user's Ethereum public address, which can be parsed using token.get_public_address
#Raises
RateLimitingException
: If you have sent too many requests within a given period of timeBadRequestException
: If the supplied parameters are invalidAuthenticationException
: If your API secret key cannot be authenticated with Magic API serverForbiddenException
: If your API secret key is not authorized to access the resourcesApiException
: For any other API errorApiConnectionException
: If your server cannot communicate with the Magic server. Normally this is a network communication error.
See Error Handling for more examples.
#Returns
- A
MagicResponse
: Thedata
field contains all of the user meta information.issuer
(str): The user's Decentralized IDpublic_address
(str): The authenticated user's public address (a.k.a.: public key). Currently, this value is associated with the Ethereum blockchain.email
(str): The user's email addressphone_number
(str): The user's phone numberoauth_provider
(str): OAuth provider, if anywallets
(arr): Array of user's wallet addresses
#get_metadata_by_token
Retrieves information about the user by the supplied DID Token.
01user.get_metadata_by_token(did_token);
#Arguments
did_token
(str): A DID Token generated by a Magic User on the client-side
#Raises
RateLimitingException
: If you have sent too many requests within a given period of timeBadRequestException
: If the supplied parameters are invalidAuthenticationException
: If your API secret key cannot be authenticated with Magic API serverForbiddenException
: If your API secret key is not authorized to access the resourcesApiException
: For any other API errorApiConnectionException
: If your server cannot communicate with the Magic server. Normally this is a network communication error.
See Error Handling for more examples.
#Returns
- A
MagicResponse
: Thedata
field contains all of the user meta information.issuer
(str): The user's Decentralized IDpublic_address
(str): The authenticated user's public address (a.k.a.: public key). Currently, this value is associated with the Ethereum blockchain.email
(str): The user's email addressphone_number
(str): The user's phone numberoauth_provider
(str): OAuth provider, if anywallets
(arr): Array of user's wallet addresses
#logout_by_issuer
Logs a user out of all Magic SDK sessions given the user's Decentralized ID (iss
). This method is useful if you store the iss
with your user data, which is recommended.
01user.logout_by_issuer(issuer);
#Arguments
issuer
(str): The user's Decentralized ID, which can be parsed using token.get_issuer
#Raises
RateLimitingException
: If you have sent too many requests within a given period of timeBadRequestException
: If the supplied parameters are invalidAuthenticationException
: If your API secret key cannot be authenticated with Magic API serverForbiddenException
: If your API secret key is not authorized to access the resourcesApiException
: For any other API errorApiConnectionException
: If your server cannot communicate with the Magic server. Normally this is a network communication error.
See Error Handling for more examples.
#Returns
#logout_by_public_address
Logs a user out of all Magic SDK sessions given the user's public address. This method is useful if you store the public_address
.
01user.logout_by_public_address(public_address);
#Arguments
public_address
(str): The user's Ethereum public address
#Raises
RateLimitingException
: If you have sent too many requests within a given period of timeBadRequestException
: If the supplied parameters are invalidAuthenticationException
: If your API secret key cannot be authenticated with Magic API serverForbiddenException
: If your API secret key is not authorized to access the resourcesApiException
: For any other API errorApiConnectionException
: If your server cannot communicate with the Magic server. Normally this is a network communication error.
See Error Handling for more examples.
#Returns
#logout_by_token
Logs a user out of all Magic SDK sessions given the DID Token.
01user.logout_by_token(did_token);
#Arguments
did_token
(str): A DID Token generated by a Magic user on the client-side
#Raises
RateLimitingException
: If you have sent too many requests within a given period of timeBadRequestException
: If the supplied parameters are invalidAuthenticationException
: If your API secret key cannot be authenticated with Magic API serverForbiddenException
: If your API secret key is not authorized to access the resourcesApiException
: For any other API errorApiConnectionException
: If your server cannot communicate with the Magic server. Normally this is a network communication error.
See Error Handling for more examples.
#Returns
#Response and Error Handling
#Response
There is only one response object that will be returned from a successful API call.
#MagicResponse
This is the interface to interact Magic API responses. It will only be returned if the API request status code is between 200 (inclusive) and 300 (exclusive).
You will have access to the following attributes:
content
(Array): Raw content returned by the API responsestatus_code
(num): HTTP status code for the given requestdata
(Array): Parsed content
01MagicResponse->content
02MagicResponse->status_code
03MagicResponse->data
#Errors
The conventional HTTP response is adopted by the SDK. For the status code in:
2XX
- Indicates success4XX
- Indicates client errors. Information provided to the SDK is invalid.5XX
- Indicates server errors
Below is the error class inheritance which can help developers to programmatically handle the error cases.
01MagicException
02 |
03 |------- DIDTokenException
04 |
05 |------- RequestException
06 |
07 | ------- RateLimitingException
08 | ------- BadRequestException
09 | ------- AuthenticationException
10 | ------- ForbiddenException
11 | ------- ApiException
12 | ------- ApiConnectionException
#MagicException
This is the base class of all the Magic SDK errors.
01MagicException(message=null);
#DIDTokenException
Any DID Token related error. This can mean the given token is malformed or invalid.
#RequestException
This is the base class of all the Magic API request errors. This error class will provide details of unsuccessful API requests.
01RequestException(
02 $message=null,
03 $http_status=null,
04 $http_code=null,
05 $http_resp_data=null,
06 $http_message=null,
07 $http_error_code=null,
08 $http_request_params=null,
09 $http_request_data=null,
10 $http_method=null
11);
Code | Error | Description |
429 | RateLimitingException | Too many requests are submitted for a given period of time. |
400 | BadRequestException | The API requests might have missing required fields or bad inputs. |
401 | AuthenticationException | This means your API secret key is invalid. |
403 | ForbiddenException | This normally means the given API secret key doesn't have permission to perform the action on the given resources. |
– | ApiException | This is a generic API error that handlers other status codes that are not explicitly handled. Ex: 500 , 404 , etc. |
– | ApiConnectionException | Network connection error. This normally means the connection between your application and Magic API server cannot be established. |
#Error Handling
It is recommended to implement error handling for API responses.
01try{
02 // Make requests to Magic server.
03}
04catch (\MagicAdmin\Exception\DIDTokenException $e) {
05 // throw the exception
06}
07catch (\MagicAdmin\Exception\RateLimitingException $e) {
08 // throw the exception
09}
10catch (\MagicAdmin\Exception\BadRequestException $e) {
11 // throw the exception
12}
13catch (\MagicAdmin\Exception\AuthenticationException $e) {
14 // throw the exception
15}
16catch (\MagicAdmin\Exception\ForbiddenException $e) {
17 // throw the exception
18}
19catch (\MagicAdmin\Exception\ApiException $e) {
20 // throw the exception
21}
22catch (\MagicAdmin\Exception\ApiConnectionException $e) {
23 // throw the exception
24}
#Resources
#Versions
All changes to the SDK are covered in our latest release notes.