dmstr/php-bc4-client

Modern PHP client for Basecamp 4 (BC3 API) — OAuth 2.0 with refresh-token rotation

Maintainers

👁 schmunk

Package info

github.com/dmstr/php-bc4-client

pkg:composer/dmstr/php-bc4-client

Statistics

Installs: 81

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

0.3.0 2026-06-26 21:53 UTC

Requires (Dev)

Suggests

None

Provides

None

Conflicts

None

Replaces

None

MIT 92506ed0a8cad0a930087e4fcd2eae0f42d63566

  • herzog kommunikation GmbH <info.woop@herzogkommunikation.de>

apiclientoauthbasecampbasecamp4bc3-api

This package is auto-updated.

Last update: 2026-06-26 22:07:20 UTC

README

php-bc4-client

Modern PHP 8.4 client for the Basecamp 4 API (which is hosted at https://3.basecampapi.com/{account_id}/... and follows the BC3 API specification).

Built on Symfony HttpClient, with a small surface area focused on what real applications need: Projects, Todolists, Todos, People, plus a complete OAuth 2.0 flow including transparent refresh-token rotation.

Features

  • OAuth 2.0 web-server flow with Launchpad (launchpad.37signals.com)
  • Refresh-token rotation: tokens are rotated on every refresh and persisted via a pluggable TokenStorageInterface — your application picks the storage backend (Doctrine, Redis, file, in-memory)
  • Transparent token lifecycle: proactive refresh when expires_at is near, reactive refresh on 401, automatic single retry of the original request
  • Rate-limit aware: exponential backoff on 429, configurable retry count
  • invalid_grant detection: throws InvalidGrantException when the refresh token is rejected, signalling that a fresh user-authorization is required
  • Pagination via Link: <…>; rel="next" headers, transparent for callers
  • Resource-oriented API: $client->projects()->all(), $client->todos()->getInProject($id, $todolistId) etc.

Installation

composer require dmstr/php-bc4-client

Minimum Usage

use Dmstr\Bc4Client\Authentication\OAuth2Authentication;
use Dmstr\Bc4Client\Client\Bc4Client;

$auth = new OAuth2Authentication(
 clientId: 'YOUR_CLIENT_ID',
 clientSecret: 'YOUR_CLIENT_SECRET',
 appName: 'My App',
 appContact: 'ops@example.com',
 storage: $myTokenStorage, // implements TokenStorageInterface
);

$client = new Bc4Client(accountId: '6164391', authentication: $auth);

foreach ($client->projects()->all() as $project) {
 echo $project['name'], "\n";
}

Architecture

Authentication/
 AuthenticationInterface — minimal request-decoration contract
 OAuth2Authentication — Bearer token, refresh lifecycle
 TokenStorageInterface — your app implements this
 AuthorizationFlow — initial code → tokens, account discovery
Client/
 Bc4Client — entrypoint, hands out resources
Exception/
 Bc4ApiException — base exception
 InvalidGrantException — refresh token rejected
 RequestException — wrapped HTTP error
Resource/
 AbstractResource — pagination + request helper
 ProjectsResource
 TodoSetsResource
 TodolistsResource
 TodosResource
 PeopleResource

Inspired by

License

MIT