REQ_CALL_PARAM = 'rex-api-call'
This is a base class for all functions which a component may provide for public use.
Those function will be called automatically by the core. Inside an api function you might check the preconditions which have to be met (permissions, etc.) and forward the call to an underlying service which does the actual job.
There can only be one rex_api_function called per request, but not every request must have an api function.
The classname of a possible implementation must start with "rex_api".
A api function may also be called by an ajax-request. In fact there might be ajax-requests which do nothing more than triggering an api function.
The api functions return meaningfull error messages which the caller may display to the end-user.
Calling a api function with the backend-frontcontroller (index.php) requires a valid page parameter and the current user needs permissions to access the given page.
$published : bool
Flag, indicating if this api function may be called from the frontend. False by default.
$result : \rex_api_result
The result of the function call.
execute() : \rex_api_result
This method have to be overriden by a subclass and does all logic which the api function represents.
In the first place this method may retrieve and validate parameters from the request. Afterwards the actual logic should be executed.
This function may also throw exceptions e.g. in case when permissions are missing or the provided parameters are invalid.
The result of the api-function
requiresCsrfProtection() : bool
Csrf validation is disabled by default for backwards compatiblity reasons. This default will change in a future version.
Prepare all your api functions to work with csrf token by using your-api-class::getUrlParams()/getHiddenFields(), otherwise they will stop work.