Authentication, Authoring & Content, Development Tools, Mobile Apps

Turn your Joomla website into a webservice to manage SSO, integrate with enterprise infrastructure, power mobile apps and more!

  • Get this
  • Favourite
  • Report

Extend functionality with plugins

Take advantage of our growing library of API webservices plugins.

Save your application servers

Built-in API rate throttling can be configured globally or an a per-token basis. Provides intelligent feedback which API consumers can use to proactively throttle requests before hitting hard limits.

Control access without the hassle

Leverage Joomla's robust ACL to control access to any add-ons, routes or request-types. Expert users can leverage Joomla's pluggable authentication architecture to open up corporate middleware and SSO capabilities.

How does it work?

cAPI injects the Slim micro-framework into the Joomla application instance, allowing for service route plugins to be built at any level of the event stack. But that's only the beginning!

A Services Control Panel manages the creation of JSON REST API access tokens, Slim framework parameters and API rate limitation rules. This allows an administrator to create tokens mapped to specific Joomla users who in turn are assigned unique group permissions using Joomla ACL.

The service routes are built into Joomla plugins which can be enabled / disabled or assigned access permissions individually. This opens the door for development of feature expansions to the core cAPI services to expose 3rd party Joomla extensions, database querying or even remote LDAP (Microsoft Active Directory) as RESTful JSON APIs.

Additional Notes

After installation, make sure to enable the newly installed cAPI plugins. In the future we will enable all install plugins by default. Also, please make sure that you secure your public websites via HTTPS before enabling API functionality.

Change Log

cAPI v1.3.4.4 is a bug-fix release.

  • Increment to version
  • Update function createTokenServicesRestManage() to allow own-token creation by any registered user, while restriction token creation, on behalf of other users, for requesting accounts which have core.create privilege on com_services.
  • Update docblock for updateTokenServicesRestManage() to include @throws Exception
  • Configured createTokenServicesRestManage() to allow token creation for:

    • Self
    • Other users if core.admin or if core.manage
    • If not core.admin, requesting user must have access to all groups of target user ID (when userid is defined)

    • Affects methods:

    • POST /token/manage/userid/{userid}
    • POST /token/manage/

cAPI v1.3.4.3 is a bug-fix release.

  • Increment to version Change joomlaID to j38
  • Resolved errors caused by undeclared, nested class objects.
  • Change minimum permission for GET component/model and GET component/list/all to core.login.admin
  • TODO: Improve access control check compatibility with various security modes for core and 3rd party extensions.

cAPI v1.3.4.2 was a bug-fix release.

  • Update version to
  • Require "Super User" (core.admin) privileges to access complete components list.
  • Create method GET /component/model to allow retrieving Model class information only. Helps with introspecting third-party Models which may not have known/standard Model methods.
  • Include modelMethod and modelMethodArguments (json) request parameters to GET /component/model/data to accommodate different Model class getters.
  • For GET /component/model/data, use calluserfunc_array to call designated $modelMethod on $instance object with any number of arguments passed as JSON encoded array $modelMethodArguments.
  • Include HTML error codes for invalid requests.

cAPI v1.3.4.1 was a bug-fix release.

  • Remove unnecessary path debug in GET component/list/all response.
  • Update URL for "Find out more about cAPI" link.
  • Change $extension->name to $extension->element
  • Update to version

This release also includes the following:

  • Improve error trapping for GET component/model/data
  • Validate getInstance for getComponentModelData
  • Validate JTable::getInstance input for getComponentTableDataById
  • Build advanced filtering for getComponentModelData
  • Implement Joomla ACL per component and individual asset item.
  • New method getComponentModelData
  • Complete development on getComponentTableDataById.Include getclassmethods boolean check in URLparameter to allow class methods and associated parameters to be included in the response (requires core.edit for related component).
  • Update getComponentTableData to getComponentTableDataById.Method will return table data for single ID request.
  • Create method getComponentTableData
  • New method getComponentTableFields for returning component fields.
  • Initial work completed on getComponentListAll. Returns list of all components, along with table and model classes for "site" and "administrator" contexts.
  • Include Basic Authentication SecurityScheme definition.
  • Methods to allow Basic Authentication through Authorization header or force HTTP Apache Auth via URL variable basic_auth=true.
  • Create new class ServicesJoomlaHelpersComponent().
  • Increment to version 1.3.4.

Previous release:

  • Remove extraneous taglinkclass parameter
  • Increment cAPI version to 1.3.3
  • Resolve bug with successful updating of dlid in updatesites table, extraquery field when editing the Download ID parameter in com_services component options.

Excellent support

Posted on 11 July 2017

Allowed us to easily create a mobile application as an extension of the existing Joomla site that uses the same authentication details.

Ease of use

Very easy to use.


Great support from the developer, he personally helped to solve all my initial issues, caused by incorrect config of our Joomla site.

Value for money

Good value for money

I used this to: Mobile apps authentication


Last updated:
Jan 14 2018
Date added:
Sep 16 2016
GPLv2 or later
Paid download

Uses Joomla! Update System

Demo Support Documentation
  • Overall
  • Functionality

  • Ease of use

  • Documentation

    Not rated
  • Support

  • Value for money

// JED - Ads Joomla // JED - Ads Joomla