CB User API Component for Joomla 5

A simple REST API component for Joomla 5 that retrieves Community Builder user profile data. This component allows you to fetch CB user fields from one Joomla site to another via a secure API endpoint.

Features

Installation

1. Create the component files in this structure:

com_cbuserapi/
├── cbuserapi.xml
├── site/
│ └── src/
│ └── Controller/
│ └── DisplayController.php
└── admin/
├── services/
│ └── provider.php
└── src/
└── Extension/
└── CbuserApiComponent.php

2. Zip the com_cbuserapi folder

3. Install via Joomla Administrator → System → Extensions → Install

4. The component will be installed and ready to use

Configuration

Set Your Authentication Token

IMPORTANT: Before using the API, you must set a secure authentication token.
  1. Open site/src/Controller/DisplayController.php
  2. Find this line in the validateToken() method: 
    $validToken = 'YOUR_SECRET_API_TOKEN_HERE'; // Change this!
  3. Replace YOUR_SECRET_API_TOKEN_HERE with a strong, random token
  4. Example: $validToken = 'k9mP2xL8vQ4wN7rT3jH6yU1zF5bS0aD9';
Tip: Generate a secure token using:

Customize Namespace (Optional)

If you want to use your own namespace instead of YourName:

  1. Edit all PHP files and replace YourName with your namespace (e.g., MyCompany)
  2. Update the namespace in cbuserapi.xml: 
    <namespace path="src">MyCompany\Component\Cbuserapi</namespace>

Usage

API Endpoint

GET https://yoursite.com/index.php?option=com_cbuserapi&task=getUser&user_id={USER_ID}&token={YOUR_TOKEN}

Parameters

Parameter Type Description
option string Component name (always com_cbuserapi)
task string Action to perform (currently only getUser)
user_id integer The Joomla user ID to retrieve
token string Your authentication token

Example Request

https://yoursite.com/index.php?option=com_cbuserapi&task=getUser&user_id=123&token=k9mP2xL8vQ4wN7rT3jH6yU1zF5bS0aD9

Response Format

Success (200):

{
  "success": true,
  "data": {
    "id": 123,
    "email": "john.doe@example.com",
    "firstname": "John",
    "lastname": "Doe",
    "avatar": "tn123_avatar.jpg",
    "avatar_url": "https://yoursite.com/images/comprofiler/tn123_avatar.jpg",
    "cb_address": "123 Main Street",
    "cb_city": "Dallas",
    "cb_state": "TX",
    "cb_country": "United States"
  }
}

Invalid Token (401):

{
  "success": false,
  "message": "Invalid or missing authentication token"
}

User Not Found (404):

{
  "success": false,
  "message": "User not found"
}

Calling from Another Joomla Site

Using PHP cURL

<?php
$userId = 123;
$token = 'k9mP2xL8vQ4wN7rT3jH6yU1zF5bS0aD9';
$apiUrl = 'https://yoursite.com/index.php?option=com_cbuserapi&task=getUser&user_id=' . $userId . '&token=' . $token;

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $apiUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);

$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

if ($httpCode === 200) {
    $data = json_decode($response, true);
    if ($data['success']) {
        $user = $data['data'];
        echo "Name: " . $user['firstname'] . " " . $user['lastname'];
        echo "Email: " . $user['email'];
    }
}
?>

Using JavaScript/AJAX

const userId = 123;
const token = 'k9mP2xL8vQ4wN7rT3jH6yU1zF5bS0aD9';
const apiUrl = `https://yoursite.com/index.php?option=com_cbuserapi&task=getUser&user_id=${userId}&token=${token}`;

fetch(apiUrl)
  .then(response => response.json())
  .then(data => {
    if (data.success) {
      console.log('User:', data.data);
      console.log('Name:', data.data.firstname, data.data.lastname);
    } else {
      console.error('Error:', data.message);
    }
  })
  .catch(error => console.error('Request failed:', error));

Security Best Practices

Required Security Measures

1. Always Use HTTPS
2. Strong Token
3. Keep Token Secret

Optional Enhanced Security

IP Whitelisting: Add allowed IP addresses to restrict access

Database Token Storage: Store tokens in a database table instead of hardcoding

Rate Limiting: Prevent abuse by limiting requests per time period

Troubleshooting

Issue Solution
"Invalid or missing authentication token" Verify the token in the URL matches the one in DisplayController.php. Check for extra spaces or special characters.
"User not found" Verify the user ID exists in the #__users table. Check that the user has a Community Builder profile.
"Database error" Verify Community Builder is installed. Check that CB tables exist (#__comprofiler).
Component won't install Check that all files are in the correct folder structure. Verify XML syntax in cbuserapi.xml.
Empty or null field values Some CB fields may be optional and empty. Check the CB field names match your installation.

Requirements

Extending the Component

Adding More CB Fields

To retrieve additional Community Builder fields, edit the SELECT query in DisplayController.php and add the desired field names.

Creating Additional Endpoints

To add new functionality (e.g., update user data), create a new method in DisplayController.php and call it with a different task parameter.

License

GNU General Public License version 2 or later

Changelog

Version 1.0.0 (2025-01)

Success! You now have a working API for retrieving Community Builder user data across Joomla sites.