Skip to content

PHP Class: x_class_api

The x_class_api class is designed to manage secure API keys within a MySQL database. Each key can be scoped to a specific section, assigned a reference, and managed through status flags (active, revoked, expired). The class supports key generation, validation, revocation, expiration, refreshing, and deletion. Time-based expiration and usage tracking are also supported.

Use the class by including /_framework/classes/x_class_api.php.

Dependencies

  • PHP 7.1–7.4
  • PHP 8.0–8.4
  • Requires a MySQL wrapper class (provided via the $mysql parameter) that supports select(), query(), table_exists(), and free_all().

PHP Modules

  • pdo_mysql or mysqli: Required for MySQL database interaction.
  • openssl or random_bytes: Required for secure API key generation.

Database Table Structure

When initialized, this class automatically creates the table (if it doesn't already exist). The structure is as follows:

Column Type Description
id INT UNSIGNED AUTO_INCREMENT Primary key (auto-increment).
api_key VARCHAR(128) Unique API key.
reference VARCHAR(128) (nullable) Optional external identifier or note.
section VARCHAR(128) Defines scope or logical group.
status ENUM('active','revoked','expired') Current status of the key.
created_at DATETIME Timestamp when the key was created.
expires_at DATETIME (nullable) Optional expiration date.
last_used_at DATETIME (nullable) Timestamp of last use.

Methods


__construct

Initializes the API key manager with a MySQL instance and table name. Creates the table if it does not exist.

Parameter Type Description Default
$mysql object An instance of a custom MySQL wrapper. None
$table string Name of the table to store API keys. None
$section string Logical scope of the key (optional). ""
Return Value When does this return value occur?
void Always. This is a constructor.

addKey

Adds a new API key with an optional expiration date.

Parameter Type Description Default
$expires_in_days int Number of days until the key expires (nullable). null
Return Value When does this return value occur?
string Always returns the generated API key.

validateKey

Checks whether an API key is active and not expired. Also updates the last_used_at timestamp.

Parameter Type Description Default
$api_key string The API key to validate. None
Return Value When does this return value occur?
true If the key exists, is active, and not expired.
false If the key is missing, revoked, expired, or invalid.

revokeKey

Marks an API key as "revoked" in the database.

Parameter Type Description Default
$api_key string The API key to revoke. None
Return Value When does this return value occur?
true Always returns true after update.

expireKey

Marks an API key as "expired" in the database.

Parameter Type Description Default
$api_key string The API key to expire. None
Return Value When does this return value occur?
true Always returns true after update.

deleteKey

Permanently removes an API key from the database.

Parameter Type Description Default
$api_key string The API key to delete. None
Return Value When does this return value occur?
true Always returns true after deletion.

refreshKey

Replaces an existing API key with a new one.

Parameter Type Description Default
$api_key string The old API key to be replaced. None
Return Value When does this return value occur?
string Returns the newly generated API key.

referenceKey

Associates a human-readable or system reference to an API key.

Parameter Type Description Default
$api_key string The API key to update. None
$reference string A reference value to attach. None
Return Value When does this return value occur?
true Always returns true after update.

Example

<?php
// Initialize MySQL wrapper and API manager
$mysql = new custom_mysql(); // assume this is your wrapper class
$api = new x_class_api($mysql, 'api_keys', 'internal-service');

// Add a new key (expires in 7 days)
$newKey = $api->addKey(7);
echo "Generated API Key: $newKey\n";

// Validate it
if ($api->validateKey($newKey)) {
    echo "API key is valid.\n";
} else {
    echo "API key is invalid or expired.\n";
}

// Revoke it
$api->revokeKey($newKey);

// Try validation again
echo $api->validateKey($newKey) ? "Still valid.\n" : "Now invalid.\n";
?>