Build Scalable APIs with Apiato (The one-stop Laravel REST API framework) [Part 1]

Build Scalable APIs with Apiato (The one-stop Laravel REST API framework) [Part 1]


Apiato is a Laravel-based PHP framework for building scalable, server-side RESTful APIs. The goal of the project is to make it easy for developers to create robust, scalable APIs using best practices and modern tools.

Apiato is built on top of the popular Laravel PHP framework and makes use of its robustness, flexibility and ease of use. It comes with a set of tools and conventions that make it easy to build APIs that are consistent, well-documented and easy to use.

Key Features

  • Authentication with OAuth2.0 for first/third-party clients (using Laravel Passport)
  • Role-Based Access Control (RBAC), seeded with a Super Admin, Roles and Permissions
  • Query Parameters support (orderBy, sortedBy and filter) with full-text search
  • Useful Endpoints for managing users, roles/permissions, tokens and more
  • API Documentations generator, to generate API docs from PHP Docblock using ApiDocJS (provided by Documentation Container)
  • Supports CORS (Cross-Origin Resource Sharing) and JSONP (JSON with padding)
  • Auto encoding/decoding of real ID's, to prevent exposing real ID's to the outer world
  • API Throttling (rate limiting to control the rate of traffic received and protect your server)
  • Support "include" request parameter to load nested relationships
  • Support Data Caching (with auto clearing on Create, Update and Delete)
  • API versioning in the URL or Header (versioning based on the route file name)
  • Exception handling with custom error responses
  • Support Shallow ETag HTTP Header, to reduce client bandwidth
  • Localization - easily switch between languages via request header field (provided by Localization Container)
  • Automatic Data Pagination (meta links to the next and previous data)
  • WEB and API Auth Middlewares. With Proxy endpoints for safer authentication of first-party Apps
  • Http Requests/Response Monitor and DB Query Debugger (provided by Debugger Container)
  • Profiler, to display profiling data in the response (using Laravel Debugbar)
  • Social Authentication supported out of the box "Facebook, Twitter, Google+" Using Laravel Socialite (provided by SocialAuth Container)
  • Type-Casting JSON responses and pagination results with Transformers (using Fractal)
  • Useful Tests Helpers for faster and more enjoyable automated testing (using PHPUnit)
  • Support multiple response payload formats (JSON API spec v1.0, Data Array & pure Data)
  • Automatic dates conversion to ISO format in responses, from the Transformers
  • Support Stripe payment gateway, extendable to support other payment gateways (provided by Payment Container)
  • System and user level settings out of the box (provided by Settings Container)
  • Easy Validation and Authorization (for User data, accessibility and ownership) with Requests objects
  • Maintainable and scalable Software Architectural Pattern (using the Porto SAP)
  • Code generator commands, for generating full CRUD operations, and other useful Commands
  • Separation of UI's (Web, API and CLI) components (routes, controllers, requests, tests...)
  • Fully detailed documentation, with code samples, principles, definitions and guidelines
  • 100% customizable and open code. Using greatest frameworks, tools, packages and standards

Getting Started


PHP 8.0.2 or higher. Composer PHP Extensions:

  • OpenSSL PHP Extension
  • PDO PHP Extension
  • Mbstring PHP Extension
  • Tokenizer PHP Extension
  • BCMath PHP Extension (required when the Hash ID feature is enabled)
  • Intl Extension (required when you use the Localization Container)


You can install Apiato via Composer:

composer require apiato/apiato


After installing Apiato, you will need to configure it for your environment. The easiest way to do this is to copy the .env.example file to .env and fill in the appropriate values.


Middlewares are the best solution to apply Authentication in your App.

In Apiato you can use these two Authentication Middlewares, to protect your endpoints:

API Authentication: auth:api Web Authentication: auth:web

Rate Limiting

Apiato comes with support for rate limiting out of the box. By default, Apiato comes with the following rate limiting middleware defined:

  • RateLimit: Used to limit the number of requests that can be made in a given period of time.


Apiato comes with tools for automatically generating API documentation.


ApiDocs is a tool for generating API documentation from source code. ApiDocs is installed as a dev dependency and can be run via the following command:

php artisan apidocs:generate

This will generate HTML documentation in the public/docs/ directory.

for more info check the other parts of this series, or you can check the official documentation at: Apiato Docs