OpenSkillIndex← back to search
claude-codetoolchain

Research-mind phoenix-api-channels

Phoenix controllers, JSON APIs, Channels, and Presence on the BEAM

install
source · Clone the upstream repo
git clone https://github.com/MacPhobos/research-mind
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/MacPhobos/research-mind "$T" && mkdir -p ~/.claude/skills && cp -r "$T/.claude/skills/toolchains-elixir-frameworks-phoenix-api-channels" ~/.claude/skills/macphobos-research-mind-phoenix-api-channels && rm -rf "$T"
manifest: .claude/skills/toolchains-elixir-frameworks-phoenix-api-channels/SKILL.md
source content

Phoenix APIs, Channels, and Presence (Elixir/BEAM)

Phoenix excels at REST/JSON APIs and WebSocket Channels with minimal boilerplate, leveraging the BEAM for fault tolerance, lightweight processes, and supervised PubSub/Presence.

Core pillars

  • Controllers for JSON APIs with plugs, pipelines, and versioning.
  • Contexts own data (Ecto schemas + queries) and expose a narrow API to controllers/channels.
  • Channels + PubSub for fan-out real-time updates; Presence for tracking users/devices.
  • Auth via plugs (session/cookie for browser, token/Bearer for APIs), with signed params.

Project Setup

mix phx.new my_api --no-html --no-live
cd my_api
mix deps.get
mix ecto.create
mix phx.server

Key files:

  • lib/my_api_web/endpoint.ex
    — plugs, sockets, instrumentation
  • lib/my_api_web/router.ex
    — pipelines, scopes, versioning, sockets
  • lib/my_api_web/controllers/*
    — REST/JSON controllers
  • lib/my_api/*
    — contexts + Ecto schemas (ownership of data logic)
  • lib/my_api_web/channels/*
    — Channel modules

Routing and Pipelines

Separate browser vs API pipelines; version APIs with scopes.

defmodule MyApiWeb.Router do
  use MyApiWeb, :router

  pipeline :api do
    plug :accepts, ["json"]
    plug :fetch_session
    plug :protect_from_forgery
    plug MyApiWeb.Plugs.RequireAuth
  end

  scope "/api", MyApiWeb do
    pipe_through :api

    scope "/v1", V1, as: :v1 do
      resources "/users", UserController, except: [:new, :edit]
      post "/sessions", SessionController, :create
    end
  end

  socket "/socket", MyApiWeb.UserSocket,
    websocket: [connect_info: [:peer_data, :x_headers]],
    longpoll: false
end

Tips

  • Keep pipelines short; push auth/guards into plugs.
  • Expose 
    socket "/socket"
    for Channels; restrict transports as needed.

Controllers and Plugs

Controllers stay thin; contexts own the logic.

defmodule MyApiWeb.V1.UserController do
  use MyApiWeb, :controller
  alias MyApi.Accounts

  action_fallback MyApiWeb.FallbackController

  def index(conn, _params) do
    users = Accounts.list_users()
    render(conn, :index, users: users)
  end

  def create(conn, params) do
    with {:ok, user} <- Accounts.register_user(params) do
      conn
      |> put_status(:created)
      |> put_resp_header("location", ~p\"/api/v1/users/#{user.id}\")
      |> render(:show, user: user)
    end
  end
end

FallbackController centralizes error translation (

{:error, :not_found}
→ 404 JSON).

Plugs

  • RequireAuth
    verifies bearer/session tokens, sets 
    current_user
    .
  • Use 
    plug :scrub_params
    -style transforms in pipelines, not controllers.
  • Avoid heavy work in plugs; they run per-request.

Contexts and Data (Ecto)

Contexts expose only what controllers/channels need.

defmodule MyApi.Accounts do
  import Ecto.Query, warn: false
  alias MyApi.{Repo, Accounts.User}

  def list_users, do: Repo.all(User)
  def get_user!(id), do: Repo.get!(User, id)

  def register_user(attrs) do
    %User{}
    |> User.registration_changeset(attrs)
    |> Repo.insert()
  end
end

Guidelines

  • Keep schema modules free of controller knowledge.
  • Validate at the changeset; use 
    Ecto.Multi
    for multi-step operations.
  • Prefer pagination helpers (
    Scrivener
    , 
    Flop
    ) for large lists.

Channels, PubSub, and Presence

Channel module example:

defmodule MyApiWeb.RoomChannel do
  use Phoenix.Channel
  alias Phoenix.Presence

  def join("room:" <> room_id, _payload, socket) do
    send(self(), :after_join)
    {:ok, assign(socket, :room_id, room_id)}
  end

  def handle_info(:after_join, socket) do
    Presence.track(socket, socket.assigns.user_id, %{online_at: System.system_time(:second)})
    push(socket, "presence_state", Presence.list(socket))
    {:noreply, socket}
  end

  def handle_in("message:new", %{"body" => body}, socket) do
    broadcast!(socket, "message:new", %{user_id: socket.assigns.user_id, body: body})
    {:noreply, socket}
  end
end

PubSub from contexts

def create_order(attrs) do
  with {:ok, order} <- %Order{} |> Order.changeset(attrs) |> Repo.insert() do
    Phoenix.PubSub.broadcast(MyApi.PubSub, "orders", {:order_created, order})
    {:ok, order}
  end
end

Best practices

  • Authorize in 
    UserSocket.connect/3
    before joining topics.
  • Limit payload sizes; validate incoming events.
  • Use topic partitioning for tenancy (
    "tenant:" <> tenant_id <> ":room:" <> room_id
    ).

Authentication Patterns

  • API tokens: Accept 
    authorization: Bearer <token>
    ; verify in plug, assign 
    current_user
    .
  • Signed params: 
    Phoenix.Token.sign/verify
    for short-lived join params.
  • Rate limiting: Use plugs + ETS/Cachex or reverse proxy (NGINX/Cloudflare).
  • CORS: Configure in 
    Endpoint
    with 
    cors_plug
    .

Testing

Use generated helpers:

defmodule MyApiWeb.UserControllerTest do
  use MyApiWeb.ConnCase, async: true

  test "lists users", %{conn: conn} do
    conn = get(conn, ~p\"/api/v1/users\")
    assert json_response(conn, 200)["data"] == []
  end
end

Channel tests:

defmodule MyApiWeb.RoomChannelTest do
  use MyApiWeb.ChannelCase, async: true

  test "broadcasts messages" do
    {:ok, _, socket} = connect(MyApiWeb.UserSocket, %{"token" => "abc"})
    {:ok, _, socket} = subscribe_and_join(socket, "room:123", %{})
    ref = push(socket, "message:new", %{"body" => "hi"})
    assert_reply ref, :ok
    assert_broadcast "message:new", %{body: "hi"}
  end
end

DataCase: isolates DB per test; use fixtures/factories for setup.

Telemetry, Observability, and Ops

  • :telemetry
    events from endpoint, controller, channel, and Ecto queries; export via 
    OpentelemetryPhoenix
    and 
    OpentelemetryEcto
    .
  • Use 
    Plug.Telemetry
    for request metrics; add logging metadata (request_id, user_id).
  • Releases: 
    MIX_ENV=prod mix release
    ; configure runtime in 
    config/runtime.exs
    .
  • Clustering: 
    libcluster
    + distributed PubSub for multi-node Presence.
  • Assetless APIs: disable unused watchers (esbuild/tailwind) for API-only apps.

Common Pitfalls

  • Controllers doing queries directly instead of delegating to contexts.
  • Not authorizing in 
    UserSocket.connect/3
    , leading to topic exposure.
  • Missing 
    action_fallback
    → inconsistent error shapes.
  • Forgetting to limit event payloads; large messages can overwhelm channels.
  • Leaving longpoll enabled when unused; disable to reduce surface area.

Phoenix API + Channels shine when contexts own data, controllers stay thin, and Channels use PubSub/Presence with strict authorization and telemetry. The BEAM handles concurrency and fault tolerance; focus on clear boundaries and real-time experiences.