Skip to content
Joomla REST API - Mobile App Use Case

Mobile App Use Case

Let's consider you are building a mobile app with Joomla as backend for APIs. You can use com_api, plg_api_users, and create your own API plugins as needed.


  • You have installed latest com_api and its latest user plugin
  • And, you have built a mobile application which interacts with your website

Steps for com_api as Rest API provider

Steps to get auth token

  • 1.1 From the mobile app, when user wants to login for very first time - user will enter username and password in the mobile application login form.
  • 1.2 Your mobile app will catch those credentials,
  • 1.3 and make an API call as below


Content-Type: application/x-www-form-urlencoded
username: user entered value
password: user entered value
curl --location --request POST 'http://{{host}}/index.php?app=users&resource=login&option=com_api&format=raw' \
--form '[email protected]' \
--form 'password=passwordGoesHere'

If credentials are correct, you will get a response, which looks like

    "err_msg": "",
    "err_code": "",
    "response_id": 214,
    "api": "users.login",
    "version": "",
    "data": {
      "auth": "c8b16517a0a21c446f1ee9980944cd7e",
        "code": "200",
        "id": "653",
        "jwt": "eyJ0eXAiOiJKV1QiLCJhreebGciOiJIUzI1NiJ9.eyJpZCI6IjY1MyJ9.rere-ZAhpXYXvCHuZbqqTmtwjUvlv8ZnA2t-PxzI"

Steps to use auth token for subsequent API calls

  • 2.1 Once you get the response to above, you get an auth key, which you can use for next API calls
  • 2.2 Your mobile app should store the auth key lets say local storage or whatever way you prefer "auth": "c8b16517a0a21c446f1ee9980944cd7e"
  • 3.0 Now, for subsequent API calls you can pass this auth key in the header and still access APIs without passing username and password.


Content-Type: application/x-www-form-urlencoded
Authorization: Bearer c8b16517a0a21c446f1ee9980944cd7e
curl --location --request GET 'http://{{host}}/index.php?app=users&resource=login&option=com_api&format=raw' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer c8b16517a0a21c446f1ee9980944cd7e'

You will get a response, which looks like

    "err_msg": "",
    "err_code": "",
    "response_id": 218,
    "api": "users.user",
    "version": "",
    "data": {
        "id": "619",
        "name": "asdasd adasda",
        "username": "asdadad",
        "email": "[email protected]",
        "block": "0",
        "sendEmail": "1",
        "registerDate": "2019-05-10 06:54:13",
        "lastvisitDate": "2019-08-27 12:44:44",
        "activation": "0",
        "params": "",
        "groups": {
            "8": "8"
        "guest": 0

As described in step 3.0, you can call the APIs you have built from the app and use those.


If you set up SEF, and have created menu for com_api (with api as alias), you can use SEF URLs like below instead of the one used in above example


Last update: June 3, 2020