REST API for the Anno Domini mobile card game. Built with PHP 8.2+ and Slim 4.
- PHP 8.2+
- MySQL 5.7+
- Composer
# Install dependencies
composer install
# Configure environment (gitignored)
cp config/env.php.example config/env.php
# Edit config/env.php: database credentials, API key
# Or set API key via environment variable
export API_KEY="your-api-key"
# Start development server
composer start
# -> http://localhost:8080
| File |
Purpose |
config/defaults.php |
Default settings (timezone, logging, rate limits, CORS) |
config/env.php |
Database, API key, JWT keys (gitignored) |
config/local.dev.php |
Development overrides |
config/local.prod.php |
Production overrides |
config/local.test.php |
Test overrides |
All endpoints require Authorization: Bearer <api-key>.
| Method |
Path |
Description |
GET |
/v6/sync?since=YYYYMMDD |
Returns all updates and removals since given date |
GET |
/v6/sync?since=0&only=sets,cards |
Filtered sync (comma-separated types) |
Response:
{
"timestamp": 20260413,
"update_types": [{"type": "sets", "date": 20241114}],
"updates": {
"sets": [], "cards": [], "opponents": [], "skills": [],
"virtual_sets": [], "available_sets": [], "virtual_cards": []
},
"removals": {}
}
| Method |
Path |
Description |
POST |
/v6/game |
Create game ({"player_id": "..."}) -> game_id |
GET |
/v6/game/{game_id} |
Get game details |
GET |
/v6/game/expired |
List expired games |
DELETE |
/v6/game/{game_id}?player_id=... |
Delete game |
| Method |
Path |
Description |
POST |
/v6/review/cards |
Submit card review |
| Method |
Path |
Description |
GET |
/ping |
Health check |
- ExceptionMiddleware - JSON error responses, logging
- RateLimitMiddleware - 60 req/min per IP (configurable)
- CorsMiddleware - CORS headers, OPTIONS preflight
- SecurityHeadersMiddleware - HSTS, CSP, X-Frame-Options, X-Content-Type-Options
- ApiKeyMiddleware - timing-safe API key validation
composer test # PHPUnit tests
composer test:coverage # Tests with coverage report
composer cs:check # Code style check
composer cs:fix # Auto-fix code style
composer stan # PHPStan static analysis
composer test:all # All checks
src/
Action/ # Single-action HTTP controllers
Domain/ # Business logic and services
Middleware/ # PSR-15 middleware (auth, CORS, rate limit, security)
Renderer/ # JSON response renderer
Support/ # Auth utilities (ApiKey, JWT)
config/ # DI container, routes, settings
public/ # Web root (index.php, .htaccess)
tests/ # PHPUnit tests
database/ # SQL schema
MIT