sg_apicore is the modern API framework for TYPO3. This page shows the production-ready default workflow without legacy or sg_rest parts.

• Attribute-based routing
• OpenAPI/Swagger documentation
• Token-, user- and scope-based access control
• Pagination, caching, rate limiting and logging

1. Register your API in ext_localconf.php.
2. Tag your controller in Configuration/Services.php with sg_apicore.router.
3. Define endpoints via attributes (ApiRoute, ApiEndpoint, ApiQueryParam, ApiResponse).
4. Create responses through ResponseService.

curl "https://websitebase.ddev.site/api/health"
curl "https://websitebase.ddev.site/api/public/v1/docs/ui"

Each API can use different auth modes: public, token, user, backend. Protected endpoints enforce scopes and optionally a real user context.

# Public endpoint
curl "https://websitebase.ddev.site/api/health"

# Swagger docs for API consumers
curl "https://websitebase.ddev.site/api/public/v1/docs.json"

• Keep scopes per endpoint as strict as possible.
• Always validate query/path/body parameters via attributes.
• Enable cache with tags for read-heavy endpoints.
• Use OpenAPI as the single source of truth for integrations.
• Use request IDs and structured logs for support and operations.