Middleware either does configuration work or blocks the request when certain conditions aren't met. Requests are blocked by exceptions. By using exceptions we catch all unintended requests and handle them in a consistent way. Read more on exceptions.


Throws a new Exception(ErrorCodes::GEN_NOTFOUND) when an endpoint does not exist (on Phalcon's beforeNotFound event).

use PhalconRest\Middleware\NotFoundMiddleware;

$api->attach(new NotFoundMiddleware());


Authenticates a session token that either has been passed as a query parameter ?token or as an Authorization header with prefixed by Bearer Throws a new Exception(ErrorCodes::AUTH_BADTOKEN) when an invalid token has been passed. Throws a new UserException(ErrorCodes::AUTH_EXPIRED) when an expired token has been passed.

use PhalconRest\Middleware\AuthenticationMiddleware;

$api->attach(new AuthenticationMiddleware());


Throws a new Exception(ErrorCodes::AUTH_FORBIDDEN) when the endpoint is not authorized (ex. excluded for this particular user). Throws a new Exception(ErrorCodes::AUTH_UNAUTHORIZED) when the request is not authorized.

use PhalconRest\Middleware\AuthorizationMiddleware;

$api->attach(new AuthorizationMiddleware());


Configures which includes need to be included in responses managed by the Fractal Manager service.

use PhalconRest\Middleware\FractalMiddleware;

$api->attach(new FractalMiddleware());



Source: https://en.wikipedia.org/wiki/Cross-origin_resource_sharing


Allows all origins provided to make CORS (Cross-origin resource sharing) requests.

use PhalconRest\Middleware\CorsMiddleware;

$api->attach(new CorsMiddleware([

Wildcard can also be used

use PhalconRest\Middleware\CorsMiddleware;

$api->attach(new CorsMiddleware(['*']);


Responds to all OPTION (preflight) requests with a 200 OK response.

use PhalconRest\Middleware\OptionsResponseMiddleware;

$api->attach(new OptionsResponseMiddleware());


Updates the global query by parsing url query syntax. Read more on URL Query Syntax

use PhalconRest\Middleware\UrlQueryMiddleware;

$api->attach(new UrlQueryMiddleware());