sg_apicore for TYPO3 v14: REST APIs, OpenAPI and MCP Tools straight from TYPO3

A TYPO3 v14 port of sgalinski's sg-apicore: attribute-based REST routing, automatic OpenAPI 3.0 generation, MCP tools over JSON-RPC/SSE, and workspace-aware Auto-CRUD for TCA tables.
Kurt Dirnbauer
Kurt Dirnbauer
CEO
Stable
TYPO3Web DevelopmentOpen Source

Auf einen Blick

  • A TYPO3 v14 port of sg_apicore for TYPO3 ^14.3 (PHP ^8.3, no v13): attribute-based #[ApiRoute] routing with FastRoute — no XML or YAML configuration.
  • Automatic OpenAPI 3.0 generation with Swagger UI at /api/{id}/v{version}/docs/ui — no manual schema maintenance.
  • MCP tools exposed over JSON-RPC and Streamable HTTP SSE, straight from TYPO3.
  • Auto-CRUD for TCA tables via the DataHandler with workspace awareness, plus a backend module for tokens, endpoints, and rate limits.

Exposing REST APIs directly from TYPO3 has long meant stitching together custom middleware, hand-maintained schemas, and bespoke auth. sg_apicore removes that overhead: attribute-based routing, automatic OpenAPI 3.0 generation, and a consistent token system turn TYPO3 into a fully-fledged API backend. The request lifecycle follows TYPO3's own conventions , so the extension slots into existing installations without any middleware changes.

This TYPO3 v14 port of sgalinski's sg-apicore package adds v14 compatibility and exposes MCP tools , letting TYPO3 instances act as tool providers in AI agent environments.

Table of Contents  

Overview

Background to the port and the target versions.

What we did

Porting steps and upstream integration.

Features in Detail

Routing, OpenAPI, MCP, Auth, and Auto-CRUD.

Installation

Composer setup and initial API configuration.

dirnbauer/sg_apicore

Open-source repository on GitHub. View source code, releases, issues, and project activity directly on GitHub.

View repository

Overview  

sg_apicore is a REST and API framework for TYPO3 that combines attribute-based routing (#[ApiRoute]) on top of FastRoute, multi-API and multi-version support via ApiRegistry, and automatic OpenAPI 3.0 schemas. The Swagger UI is available at /api/{id}/v{version}/docs/ui with no extra configuration. Token-based authentication covers Opaque Bearer and JWT across FE and BE contexts (Public, Token, User, Backend) with scope enforcement, all managed centrally from a backend module that handles APIs, tokens, endpoints, rate limits, and logs.

Auto-CRUD exposes any TCA table as a REST resource through the TYPO3 DataHandler, and it is workspace-aware: drafts and versions are resolved correctly. Especially relevant for AI agent scenarios are the exposed MCP tools , which surface TYPO3 APIs directly as tools in Model Context Protocol-compatible clients.

Only for TYPO3 v14

This port requires TYPO3 ^14.3 (including cms-workspaces ^14.3) and PHP ^8.3. TYPO3 v13 is deliberately unsupported in the 14.x line. The sgalinski upstream repository is hosted on GitLab and is not publicly accessible, so the exact boundary of any proprietary parts remains partly unclear.

What we did  

The bulk of the work over sgalinski's upstream sg-apicore was the TYPO3 14 port: Composer requirements were raised to ^14.3 and the CI matrix was updated to TYPO3 14. PHPStan errors in resource workspace overlays and broken auth entry points were fixed.

We also folded in a substantial upstream merge, which resolved numerous conflicts across the Router, TcaMapper, the tests, and the README. One caveat: because the upstream repo lives on sgalinski's GitLab and is not publicly accessible, the line between proprietary and public parts can only be traced so far.

Features in Detail  

FeatureBenefit
#[ApiRoute] Attribute RoutingDefine routes directly in PHP attributes — no XML, no YAML
Multi-API / Multi-Version via ApiRegistryOperate multiple APIs and versions in a single installation
OpenAPI 3.0 Generation + Swagger UISchema automatically generated from code, instantly accessible at /docs/ui
MCP Tool Exposition (JSON-RPC / SSE)Use TYPO3 as a tool provider in AI agent environments
Token Auth: Opaque Bearer, JWT, FE/BE ContextFlexible auth strategies with scope enforcement per endpoint
Auto-CRUD for TCA TablesExpose any TYPO3 tables as REST resources without custom controllers
Workspace AwarenessDataHandler operations respect drafts and workspace versions
Backend ModuleCentral management of APIs, tokens, endpoints, rate limits, and logs

Installation  

Installation via Composer (VCS source)
composer config repositories.sg_apicore vcs https://github.com/dirnbauer/sg_apicore.git
composer require sgalinski/sg-apicore:dev-main

Frequently Asked Questions  

Conclusion  

sg_apicore closes a real gap in the TYPO3 ecosystem: REST APIs, OpenAPI documentation, and MCP tools from a single extension, with no middleware glue to maintain. The v14 port makes it ready for current projects. The note about the upstream's limited transparency is deliberate: if you need certainty about licensing and origins, check this before you rely on the extension.

Acknowledgements

Our thanks go to sgalinski for the excellent sg_apicore extension. We have built on it for this TYPO3 v14 port, adding workspace fixes, MCP tool support, and v14 compatibility. The bulk of the work comes from sgalinski: the API registry, attribute-based routing, token handling, and OpenAPI documentation. The extension is licensed under GPL-2.0-or-later.

Zurück zur Liste

Weitere Artikel

Let's talk about your project

Get in touch

Locations

  • Mattersburg
    Johann Nepomuk Bergerstraße 7/2/14
    7210 Mattersburg, Austria
  • Vienna
    Ungargasse 64-66/3/404
    1030 Wien, Austria

Parts of this content were created with the assistance of AI.