Due to PHP’s nature as a largely server-side language, there is no client-side SDK for PHP.
For websites you should use the Browser SDK.
The Java and Node server-side SDKs are essentially REST clients which perform HMAC request signing for the API. The PHP SDK is similar but provides HTTP client functionality through php-http, to maintain standard interoperability. Therefore, the SDK consists of the following tools:
- HmacSigner.php : this class is used to sign Blaize API requests. This is typically the hardest part of using the Admin API directly so provides most of the value when using a Blaize Server-side SDK.
- BlaizeAuthPlugin.php : this class is a php-http plugin, it will call the HmacSigner class automatically upon each request, adding the Authorization header based upon the request itself.
- AdminApiClient.php : this is a lightweight implementation of php-http, using Guzzle6 (as a pooled client) with the BlaizeAuthPlugin.
- generateAuthorizationHeader.php : this is a script that can be called from the command line to generate a Blaize Authorization header – usually for testing.
In order to make requests to the Admin API you will need to first create a keypair, which you can do in the Blaize Admin Console. For more information on how to do this, read our Keypairs guide.
Using the HmacSigner
require_once('./HmacSigner.php'); // This must be the exact bytes sent over the wire $body = $request->getBody()->getContents(); // This should be the path part of the URI plus fragments and query params but not the host and protocol - it must exactly match what the server receives $path = preg_replace("|https?://[^/]+/|i", "/", $request->getRequestTarget()); // This is the HTTP method, for example GET or POST $method = $request->getMethod(); // Milliseconds since the epoc. You clock must be accurate or the request will be disallowed $timestamp = strval(round(microtime(true)*1000)); // Any random string - you cannot reuse nonces frequently, so ensure it is randomized $nonce = uniqid(); // The access key from your API keypair $accessKey= getAccessKeySecurely(); // The secret from your API keypair $secretKey = getSecretKeySecurely(); // It is recommended that you always use "SHA256" $signer = new HmacSigner("SHA256"); // Generate the signature usign the helper $signature = $signer->signRequest($secretKey, $body, $path, $method, $timestamp, $nonce); // To use the signature construct an authorization header as follows: $authHeader = "BLAIZE-HMAC-SHA256 $accessKey:$timestamp:$nonce:$signature";
Using the BlaizeAuthPlugin with php-http
$client = new PluginClient(HttpClientDiscovery::find(), [new BlaizeAuthPlugin($accessKey, $secretKey)]); $client->sendRequest($request);
Using the AdminApiClient
require_once('AdminApiClient.php'); require_once('./vendor/autoload.php'); use Http\Discovery\MessageFactoryDiscovery; $blaizeAdminClient = AdminApiClient::build("44501ace-c533-4b9e-b4ea-cfa24d18c179", "1a3eadb4-1f54-470f-a0aa-1cf233f65bdd"); // The AdminApiClient still uses php-http so use an appropriate message factory from there $messageFactory = MessageFactoryDiscovery::find(); $registerRequestBody = array( "identifiers" => array("email_address" => "email@example.com"), "validators" => array("password" => "sup3rS3cr3t!"), "attributes" => array("job-title" => "dogsbody", "allow-marketing" => "true", "company" => "Test-co")); $registerRequest = $messageFactory->createRequest('POST', 'https://demo.admin.blaize.io/v3/users', array("Content-Type" => "application/json"), json_encode($registerRequestBody)); // The public member "httpClientPool" exposes the php-http client pool interface $registerResponse = $blaizeAdminClient->httpClientPool->sendRequest($registerRequest); echo "Blaize responded with status: $registerResponse->getStatusCode() \n"; echo $registerResponse->getBody()->getContents();