EchoAPI is a minimalist microstack designed for developers who want to build RESTful APIs in PHP with speed, clean structure, and low coupling. Rather than being a full-stack framework, EchoAPI acts as a backend toolbox — delivering only the essential components needed for routing, validation, authentication, caching, logging, and external integrations.
Ideal for developers seeking a functional, lightweight, and maintainable API architecture without the overhead of complex frameworks.
-
PHP >= 8.1
-
Composer >= 2.x
-
MySQL 8+ or MariaDB
-
Redis (optional, for caching)
-
PHP Extensions:
- pdo_mysql
- mbstring
- openssl
- curl
- json
-
Routing with AltoRouter
-
Lightweight ORM using Medoo
-
Data validation with Respect\Validation
-
Structured logging via Monolog
-
Multiple authentication layers:
- API Key
- JWT (JSON Web Tokens)
- OAuth 2.0 (Google, Microsoft, LinkedIn, etc.)
-
Flexible caching via Symfony Cache (Filesystem, Redis, APCu)
-
Native email support with PHPMailer
-
Real-time error alerts through Telegram
- PHP 8.x
- Medoo (PDO wrapper)
- AltoRouter (Routing)
- Monolog (Logging)
- Respect\Validation (Validation)
- Symfony Console (CLI scripts)
- Symfony Cache (Multi-driver caching)
- Predis (Redis integration)
- PHPMailer (SMTP email)
- Firebase PHP-JWT (JWT support)
- TheNetworg OAuth2 Azure (Azure AD)
- League OAuth2 Client (Google, LinkedIn)
- vlucas/phpdotenv (Environment config)
project-root/
├── app/ # Swagger/OpenAPI docs
├── bootstrap/ # App bootstrap process
├── config/ # Configuration files
├── core/ # Kernel, helpers, services
├── storage/ # Cache & logs
├── middleware/ # HTTP middlewares
├── routes/ # Route definitions
├── src/ # App logic (MVC)
├── .env # Environment settings
├── composer.json # Dependencies & scripts
└── README.mdEchoAPI comes with a default database structure and initial data available in:
core/Migration/auth-migrations.sqlThis script creates the basic authentication tables: users, roles, user_tokens, and password_resets.
- Email:
master@echoapi.local - Password:
master!123@
⚠️ The password is hashed in the database. Use this user only for first login or local development.
If you're using Docker, set the following in your .env:
AUTO_MIGRATE=trueThis will automatically import the auth-migrations.sql during container startup.
🔐 After successful migration, it is strongly recommended to set
AUTO_MIGRATE=falseto prevent re-imports and protect data integrity.
To start a new project with EchoAPI, run:
composer create-project jandersongarcia/echoapi echoapi-exampleMore details: https://packagist.org/packages/jandersongarcia/echoapi
git clone https://github.com/jandersongarcia/EchoAPI.git
cd EchoAPI
composer install
cp .env.example .env
chmod -R 775 storageConfigure your .env with DB, Redis, email, and Telegram.
EchoAPI supports Docker for rapid onboarding.
docker compose up --build -d
docker compose exec app composer installAccess: http://localhost:8080
- Entry via
public/index.php - Middlewares (API key, CORS, Auth)
- Routes resolved via AltoRouter
- Controller invoked
- JSON response returned
- Set
API_KEY=your_tokenin.env - Send in header:
Authorization: Bearer YOUR_KEY
Generate:
composer generate:keyGenerate system:
composer make:authIncludes login, register, password reset, logout endpoints.
Supports Google, LinkedIn, Azure, Facebook, GitHub.
composer make:oauth google linkedinUses PHPMailer configured via config/php_mailer.php.
$mail = new MailHelper();
$mail->send('to@example.com', 'Subject', '<p>Body</p>');Configured via .env:
CACHE_DRIVER=redis
REDIS_HOST=redisFallbacks to filesystem if not available.
composer swagger:buildOutput: app/docs/openapi.json (for Swagger UI or Redoc).
⚠️ WhenAPP_ENV=production, access to/v1/docs/swagger.jsonis disabled for security reasons.
Access the interactive Swagger UI at the /docs/ endpoint of your deployed application. For example:
http://localhost:8080/docs/ (local development)
Enable in .env:
TELEGRAM_BOT_TOKEN=xxx
TELEGRAM_CHAT_ID=xxx
ERROR_NOTIFY_CATEGORIES=critical,error,alert- Logs in
storage/logs/ app.log: info+error.log: error+- Rotated daily
Test:
composer log:test| Command | Description |
|---|---|
| make:module | Create controller/service/model |
| delete:module | Remove a module |
| make:crud | CRUD generator |
| delete:crud | Delete CRUD set |
| list:crud | List registered CRUDs |
| make:auth | JWT authentication scaffold |
| delete:auth | Remove JWT files |
| make:oauth | OAuth provider integration |
| delete:oauth | Remove OAuth config |
| generate:key | Generate API Key |
| log:test | Generate sample logs |
| telegram:test | Test Telegram alert |
| swagger:build | Build OpenAPI spec |
APP_ENV=development
APP_DEBUG=true
API_KEY=your_api_key
DB_HOST=db
DB_PORT=3306
DB_NAME=echoapi
DB_USER=root
DB_PASS=root
CACHE_DRIVER=redis
REDIS_HOST=redis
TELEGRAM_BOT_TOKEN=xxx
TELEGRAM_CHAT_ID=xxx
ERROR_NOTIFY_CATEGORIES=critical,error,alert| Code | Description | Details |
|---|---|---|
| E001 | .env not found |
The .env file is missing. Rename .env.example to .env. |
| E002 | Missing environment variable | One or more required environment variables are missing or empty. |
{
"error": "Environment file not found",
"message": "The \".env\" file is required. Please rename \".env.example\" to \".env\" and configure your environment variables.",
"code": "E001"
}{
"error": "Missing environment variable",
"message": "The environment variable 'DB_HOST' is missing or empty in your .env file.",
"code": "E002"
}- PHP 8.3 support
- OAuth providers expanded
- Docker support enhanced
- Cache abstraction with fallback
- JWT authentication module
- Telegram alerts with full trace
- Restructure of CLI commands
MIT License Developed by Janderson Garcia