Create and Secure Custom REST APIs in Joomla

Create custom REST API endpoints in Joomla with full control over data exposure and authentication. Secure both custom and core Joomla APIs using API keys, JWT, Bearer tokens, or Basic Authentication, without writing complex plugins or custom code.
Built for developers and integrators who need more flexibility, stronger authentication, and real control beyond Joomla’s default Web Services APIs.

Download Extension Pricing Documentation

Pricing Documentation

Schedule a call with expert

Our Trusted Customers

Build Secure Joomla REST APIs in Minutes

Step 01

Define Custom API Endpoints

Create REST API routes with your own paths and parameters. Each endpoint can fetch, update, or delete Joomla data using standard HTTP methods like GET, POST, PUT, and DELETE.

Step 02

Control Exactly What Data Is Exposed

Use SQL-based filters such as WHERE, ORDER BY, and LIMIT to control responses precisely. Fetch only the fields you need from users, articles, custom tables, or Joomla core data.

Step 03

Secure Each API with the Right Authentication

Protect every endpoint using API Key authentication, JWT, Bearer Tokens, Basic Auth, or external authentication providers. Each API can have its own security rules.

What You Can Build with the Joomla Custom API Extension

Unlimited Custom REST APIs

Create and manage unlimited REST API endpoints, each with its own path, logic, and security configuration.

Authenticate Joomla Core APIs

Apply JWT and API key authentication to Joomla’s built-in REST APIs, enabling secure, user-based and token-based access beyond Joomla’s default authentication methods.

External API Integrations

Connect Joomla with CRMs, ERPs, marketing tools, and third-party platforms. Trigger API calls from Joomla events for real-time synchronization.

Custom SQL Query Builder

Build custom SQL-based REST APIs for direct database interactions, offering maximum flexibility and performance.

Per-API Authentication Rules

Apply different authentication methods such as Basic Auth, JWT Authentication, API Keys, and access levels to each API endpoint independently.

Full CRUD Support

Use GET, POST, PUT, and DELETE methods to enable complete create, read, update, and delete operations.

PHP Script Generator

Auto-generate PHP scripts to call your APIs from forms, buttons, or backend events without manual coding.

Display External API Data in Joomla

Fetch data from any external API and display it on Joomla pages using shortcodes or custom modules.

Authentication methods for Rest APIs

Basic Authentication Method

Basic Authentication allows you to authenticate the Joomla REST API endpoints access using a basic token obtained in an encoded format using the user’s Joomla login credentials or client credentials provided by the plugin.

Setup Guides →

OAuth 2.0 Authentication

It involves the security token generated using the most secure OAuth 2.0 Authentication protocol. The plugin both as an OAuth/Identity Provider to provide a Bearer token (access token/JWT token) on successful validation and an API Authenticator for allowing API access accordingly based on the token validation.

Setup Guides →

JWT Authentication

JWT authentication allows you to authenticate the Joomla REST API endpoint access using a valid JWT token (JSON Web Token). The plugin provides an endpoint to generate a Bearer JWT using the valid user’s Joomla login credentials. The generated token can be used to authenticate the Joomla REST API endpoints.

Setup Guide →

API Key Authentication

API Key Authentication allows you to authenticate the Joomla REST API endpoint access using an API key provided by the plugin. This method eliminates the need for using the user’s Joomla login credentials for generating the Bearer API key (secret token).

Setup Guides →

Pricing Plans for Everyone

Transparent, Simple Pricing

Extension supports Joomla 3, Joomla 4, and Joomla 5.

Contact Us at

joomlasupport@xecurify.com

Free

$0/Year

Try out the features

Limited Custom API's (endpoints) can be made.
Fetch data from any table.
Fetch operation available with single WHERE condition.
Create limited Custom API endpoints with custom SQL Query
Support for limited External APIs Connection.

Premium

Our Customer Stories

Frequently Asked Questions

Module Inquiries

Does miniOrange store any user data?

miniOrange does not transfer any data out of your systems or store any Personal Identifiable Information (PII). All the extensions are completely on premise. All the data remains within your premises/server. Only for the Joomla 2FA extension - We need to store the user's email address. For Risk Based Authentication, information such as device type, location, IP address, and time are necessary to identify the user and give access based on the risk.

Does miniorange provide developer license for paid extensions?

For the terms and conditions for our Joomla extensions please refer to this page here.

Does miniOrange offer technical support?

Yes, we provide 24*7 support for all and any issues you might face while using the extension, which includes technical support from our developers. You can get prioritized support based on the Support Plan you have opted for. You can check out the different Support Plans here.

How to activate the Premium extension on my Joomla Site?

Once you complete the payment, go to the miniOrange Dashboard to download your premium extension.
To activate the paid extension, go to the Registration /Login tab and login with your miniOrange account for which you have purchased a license.
Once you are logged in, it will ask you to enter your license key. Go to miniOrange Dashboard → License → View License Key to get your license key.

How can I free up my license Key?

You can remove the license key from the extension by clicking on the Remove Account button from the Register/Login tab of the extension.

Legal Documents

GDPR Compliance

End User License Agreement

Privacy Policy

Security Practices

SOC Compliance

Want to Schedule a Demo?

Thank you for your response. We will get back to you soon.

Something went wrong. Please submit your query again