Please don't take advantage of type weirdness in PHP to do this (i.e., $myVar + 0). Use type casting like a grown-up.
$myInt = (int) "0";The https://github.com/Spomky-Labs/jose library is substantially faster than the one you posted. And yes, APIs are supposed to be stateless. Sessions are fine when you're working with a web browser. Even more secure, however, is a variant of the JOSE standard referred to as PASETO, which closes some security loopholes in the original spec. https://paseto.io
Lastly, please don't use this helper class. It's written for PHP 5 which is entirely EOL at this point. Reviewing the code, it looks like it was originally written for PHP 5.2, which came out around 10+ years ago. Not to be mean to the author; we've all written code for PHP 5 before, but its time has come and gone. The code referenced in this post needs to be modernized before it's useful for versions of PHP that are still supported (7.1+ at the time of this writing).
Achievements
80 Karma
12,075 Total ProTip Views
Raven
Velociraptor
Altruist
Nephila Komaci
Nephila Komaci 3
Walrus
Forked
If you're using the curl functions directly in PHP, you're doing it wrong. The curl functions are extremely low-level, and are very easy to configure in an insecure way. You are better off, 99.9% of the time, using a fortified, professional-grade package like Guzzle that does everything right (securely) by default.