APIKit v0.2 — Lightweight PHP Framework

Dependencies

PHP 7.2.34

Running

MIT

License

v0.2

Version

Core Features

⚡

Convention-Based Routing

File path is your URL. Drop a controller in api/shop/ProductsController.php and /api/shop/products works instantly — zero configuration.

🔐

JWT Authentication

Stateless REST auth with Bearer tokens, session validation, and token revocation built in. Annotate any method with @Protected to secure it.

🛡️

ACL Bitmask Permissions

Fine-grained access control with @CheckPermission annotations. LIST, VIEW, ADD, UPDATE, DELETE, PERFORM, SPECIAL — all configurable per role.

🏢

Multi-Tenant Ready

Every query is scoped by tenant_id. Cross-tenant data leaks are impossible by design — the framework enforces ownership at the service layer.

🗄️

Single Store Abstraction

All database access through one static Store class. Convention-based helpers for common queries, raw SQL when you need it, and clean transaction support.

🧱

Clean Three-Layer Architecture

Controller → Service → Repository. Each layer has one job. Controllers read input, services own logic, repositories own data — no mixing.

📦

No Composer Required

Zero external dependencies. Clone, configure, run. Works on any shared hosting with PHP 7.4+ and MySQL. No vendor/ folder, no lockfiles.

🌐

Web + REST in One

Serve JSON APIs and HTML pages from the same codebase. api/ controllers return JSON automatically, web/ controllers serve HTML pages.

Routing Convention

Request	Maps to
GET /api/shop/products	api/shop/ProductsController.php → index()
GET /api/shop/products/find?id=1	api/shop/ProductsController.php → find()
POST /api/shop/products/save	api/shop/ProductsController.php → save() (@POST)
PUT /api/shop/products/update	api/shop/ProductsController.php → update() (@PUT)
DELETE /api/shop/products/delete	api/shop/ProductsController.php → delete() (@DELETE)
GET /web/admin/dashboard	web/admin/DashboardWebController.php → index()

Build APIs, not boilerplate.