Corbado PHP SDK

The Corbado PHP SDK provides convenient access to the Corbado Backend API from applications written in the PHP language.

:warning: The Corbado PHP SDK is commonly referred to as a private client, specifically designed for usage within closed backend applications. This particular SDK should exclusively be utilized in such environments, as it is crucial to ensure that the API secret remains strictly confidential and is never shared.

:rocket: Getting started | :hammer_and_wrench: Services | :books: Advanced | :speech_balloon: Support & Feedback

:rocket: Getting started

Requirements

• PHP 7.2 or later
• Composer

Installation

Use the following command to install the Corbado PHP SDK:

composer require corbado/php-sdk

Usage

To create a Corbado PHP SDK instance you need to provide your Project ID and API secret which can be found at the Developer Panel.

$config = new Corbado\Config("<Project ID>", "<API secret>");
$sdk = new Corbado\SDK($config);

Examples

A list of examples can be found in the integration tests here.

:hammer_and_wrench: Services

The Corbado PHP SDK provides the following services:

• authTokens for managing authentication tokens needed for own session management (examples)
• emailMagicLinks for managing email magic links (examples)
• emailOTPs for managing email OTPs (examples)
• sessions for managing sessions
• smsOTPs for managing SMS OTPs (examples)
• users for managing users (examples)
• validations for validating email addresses and phone numbers (examples)

To use a specific service, such as sessions, invoke it as shown below:

$user = $sdk->sessions()->getCurrentUser();

:books: Advanced

Error handling

The Corbado PHP SDK throws exceptions for all errors. The following exceptions are thrown:

• AssertException for failed assertions (client side)
• ConfigException for configuration errors (client side)
• ServerException for server errors (server side)
• StandardException for everything else (client side)

If the Backend API returns a HTTP status code other than 200, the Corbado PHP SDK throws a ServerException. The ServerExceptionclass provides convenient methods to access all important data:

try {
    // Try to get non-existing user with ID 'usr-123456789'
    $user = $sdk->users()->get('usr-123456789');
} catch (ServerException $e) {
    // Show HTTP status code (404 in this case)
    echo $e->getHttpStatusCode() . PHP_EOL;
    
    // Show request ID (can be used in developer panel to look up the full request
    // and response, see https://app.corbado.com/app/logs/requests)
    echo $e->getRequestID() . PHP_EOL;
    
    // Show full request data
    var_dump($e->getRequestData());
    
    // Show runtime of request in seconds (server side)
    echo $e->getRuntime() . PHP_EOL;
    
    // Show validation error messages (server side validation in case of HTTP
    // status code 400 (Bad Request))
    var_dump($e->getValidationMessages());
    
    // Show full error data
    var_dump($e->getError());
}

:speech_balloon: Support & Feedback

Report an issue

If you encounter any bugs or have suggestions, please open an issue.

Slack channel

Join our Slack channel to discuss questions or ideas with the Corbado team and other developers.

Email

You can also reach out to us via email at [email protected].

Vulnerability reporting

Please report suspected security vulnerabilities in private to [email protected]. Please do NOT create publicly viewable issues for suspected security vulnerabilities.