HyperAPI is a Quarkus extension for instant, zero-boilerplate, secured CRUD APIs.
It scans your JPA entities annotated with @HyperResource and β at compile-time β automatically generates full-featured:
- REST endpoints
- DTOs and mappers
- Service layers
- RFC 7807-compliant error handling
- Role-based access control (soon!)
- Event driven architecture
- Supports Panache
No controllers, services, or MapStruct classes to write by hand. Everything is type-safe, customizable, and ready to use.
Development Preview
HyperAPI is currently in active development and not yet ready for production use.
Core features are functional, but APIs may change until v1.0 release.β Recommended for: Evaluation, prototyping, and feedback gathering
β Not recommended for: Production workloads without thorough testing
β Important Legal Notice
This software is provided "as is" without warranties of any kind.
By using HyperAPI, you agree that:β The maintainers accept no liability for any damages
β You assume all risks associated with its use
β No guarantee is provided for security or reliabilityAlways evaluate thoroughly before production use.
| Capability | What it does |
|---|---|
| Generic CRUD endpoints | Exposes GET / POST / PUT / DELETE at /api/{Entity} or your custom path. |
| Generate DTO | Automatically fetches the JPA's fields and generated a DTO version of if, it's constumizable. |
| Generate at compile DTO mapping | Automatically generated a Mapper and on top of it MapStruct generates the implementation |
| Annotation-driven security (not implemented) | @HyperResource.security(requireAuth, rolesAllowed) β returns 401/403 via a name-bound JAX-RS filter. |
| Standard JSON error payload | Uniform ApiError body with timestamp, HTTP status, message, path, and WWW-Authenticate header on 401. |
| Quarkus-native extension packaging | Published as quarkus-hyperapi-extension (runtime) + quarkus-hyperapi-deployment (build-time). |
| Event mechanism | Offers customizable Event Pattern for events on create/update/delete |
<dependency>
<groupId>com.eorghe</groupId>
<artifactId>quarkus-hyperapi</artifactId>
<version>0.2.0</version>
</dependency># application.properties
hyperapi.scan-packages=com.example.domain
quarkus.log.console.json=false # pretty console logs in dev
package com.example.domain;
/// imports
@Getter
@Setter
@Entity
@HyperResource(
path = "/api/products", // customise base path
mapping = @Mapping(ignore = {"version"}), // hide optimistic-lock column
security = @Security(
requireAuth = true, // caller must be authenticated
rolesAllowed = {"PRODUCT_WRITE"} // and hold one of these roles
)
)
public class Product extends HyperEntity{
String name;
BigDecimal price;
@Version
Integer version;
}./mvnw quarkus:dev
Console shows:
Installed features: β¦, hyperapi, β¦
HyperAPI extension started successfully!
Detected API Entity: Product
# create
curl -X POST http://localhost:8080/api/products \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <jwt-with-PRODUCT_WRITE>" \
-d '{"name":"Pen","price":2.50}'
# list
curl -H "Authorization: Bearer <jwt>" \
http://localhost:8080/api/products
For full reference please see the @HyperResource
@HyperResource(
/** 1οΈβ£ Base API path (default: entity name) */
path = "/orders",
/** 2οΈβ£ Custom DTO class (default: auto-generated) */
dto = "com.example.CustomOrderDTO",
/** 3οΈβ£ CDI scope for generated service */
scope = Scope.REQUEST,
/** 4οΈβ£ Disabled HTTP methods */
disabledFor = {HttpMethod.PATCH, HttpMethod.DELETE},
/** 5οΈβ£ Field filtering */
mapping = @Mapping(
ignore = {"secret"}, // Top-level fields
ignoreNested = {"user.password"} // Nested object fields
),
/** 6οΈβ£ Pagination controls */
pageable = @Pageable(
limit = 50, // Default page size
maxLimit = 200 // Maximum allowed page size
),
/** 7οΈβ£ Event configuration */
events = @Events(
onCreate = true, // Fire on entity creation
onUpdate = true, // Fire on entity update
onDelete = false, // Disable delete events
emitter = CustomEmitter.class // Custom event emitter
),
/** 8οΈβ£ Caching behavior | NOT YET IMPLEMENTED */
cache = @Cache(
enabled = true, // Enable response caching
ttlSeconds = 300 // 5-minute cache duration
),
/** 9οΈβ£ Security controls | NOT YET IMPLEMENTED */
security = @Security(
requireAuth = true, // Authentication required
rolesAllowed = {"ORDER_ADMIN"} // Required roles
)
)Explore implementation guides for key HyperAPI features:
- Rest API definition - Generatin the CRUD endpoints, automatically!
- DTO Generation - Generating DTOs from JPAs, automatically!
- DTO Mapping - Ignoring unnecessary fields
- CDI Events Overview - Basic event observation patterns
- Advanced Event Processing - Multi-stage event pipelines
- Kafka Integration - Streaming events to Kafka
- MQTT Integration - IoT/edge computing scenarios
- API Gateway Patterns - Sync/async external API calls
- β Mapper generation (DTO β Entity)
- β Field ignore support via annotation
- β Service layer generation
- β CRUD REST endpoint generation
- β Pagination & sorting support
- β
PATCH support using
application/merge-patch+json - β CDI events on create / update / delete
- π Annotation-first security (e.g.
@PermitAll,@RolesAllowed) - π In-memory caching support
- π Auto-generated OpenAPI documentation
Contributions and feedback welcome β letβs make HyperAPI even more awesome!
HyperAPI is licensed under the MIT license. See the LICENSE file for details.
