PHP SDK
The Zephr PHP SDK is available to view in the Zephr Bitbucket account. If you have trouble accessing this page, please email support@zephr.com.
Client-side SDK
Due to PHP’s nature as a largely server-side language, there is no client-side SDK for PHP.
For websites you should use the Browser SDK.
Server-side SDK
The Java and Node server-side SDKs are essentially REST clients which perform HMAC request signing for the API. The PHP SDK is similar but provides HTTP client functionality through php-http, to maintain standard interoperability. Therefore, the SDK consists of the following tools:
- HmacSigner.php : this class is used to sign Blaize API requests. This is typically the hardest part of using the Admin API directly so provides most of the value when using a Blaize Server-side SDK.
- BlaizeAuthPlugin.php : this class is a php-http plugin, it will call the HmacSigner class automatically upon each request, adding the Authorization header based upon the request itself.
- AdminApiClient.php : this is a lightweight implementation of php-http, using Guzzle6 (as a pooled client) with the BlaizeAuthPlugin.
- generateAuthorizationHeader.php : this is a script that can be called from the command line to generate a Blaize Authorization header – usually for testing.
In order to make requests to the Admin API you will need to first create a keypair, which you can do in the Blaize Admin Console. For more information on how to do this, read our Keypairs guide.
Using the HmacSigner
require_once('./HmacSigner.php');
// This must be the exact bytes sent over the wire
$body = $request->getBody()->getContents();
// This should be the path part of the URI plus fragments and query params but not the host and protocol - it must exactly match what the server receives
$path = preg_replace("|https?://[^/]+/|i", "/", $request->getRequestTarget());
// This is the HTTP method, for example GET or POST
$method = $request->getMethod();
// Milliseconds since the epoc. You clock must be accurate or the request will be disallowed
$timestamp = strval(round(microtime(true)*1000));
// Any random string - you cannot reuse nonces frequently, so ensure it is randomized
$nonce = uniqid();
// The access key from your API keypair
$accessKey= getAccessKeySecurely();
// The secret from your API keypair
$secretKey = getSecretKeySecurely();
// It is recommended that you always use "SHA256"
$signer = new HmacSigner("SHA256");
// Generate the signature usign the helper
$signature = $signer->signRequest($secretKey, $body, $path, $method, $timestamp, $nonce);
// To use the signature construct an authorization header as follows:
$authHeader = "BLAIZE-HMAC-SHA256 $accessKey:$timestamp:$nonce:$signature";
Using the BlaizeAuthPlugin with php-http
$client = new PluginClient(HttpClientDiscovery::find(), [new BlaizeAuthPlugin($accessKey, $secretKey)]); $client->sendRequest($request);
Using the AdminApiClient
require_once('AdminApiClient.php');
require_once('./vendor/autoload.php');
use Http\Discovery\MessageFactoryDiscovery;
$blaizeAdminClient = AdminApiClient::build("44501ace-c533-4b9e-b4ea-cfa24d18c179", "1a3eadb4-1f54-470f-a0aa-1cf233f65bdd");
// The AdminApiClient still uses php-http so use an appropriate message factory from there
$messageFactory = MessageFactoryDiscovery::find();
$registerRequestBody = array(
"identifiers" =>
array("email_address" => "bob@bobberson.bob"),
"validators" =>
array("password" => "sup3rS3cr3t!"),
"attributes" =>
array("job-title" => "dogsbody", "allow-marketing" => "true", "company" => "Test-co"));
$registerRequest = $messageFactory->createRequest('POST', 'https://demo.admin.blaize.io/v3/users', array("Content-Type" => "application/json"), json_encode($registerRequestBody));
// The public member "httpClientPool" exposes the php-http client pool interface
$registerResponse = $blaizeAdminClient->httpClientPool->sendRequest($registerRequest);
echo "Blaize responded with status: $registerResponse->getStatusCode() \n";
echo $registerResponse->getBody()->getContents();