Building RESTful APIs with Symfony Components

Building RESTful APIs
with Symfony Components
Victoria Quirante 16-17th Feb. 2017

View Slide

I work at Limenius
We build tailor-made projects with
Symfony and React
Most projects require the
implementation of an API
Symfony Components provide a
rock-solid foundation for building APIs
Victoria Quirante
@vicqr
[email protected]

View Slide

I. INTRODUCTION

View Slide

Why would I want my API
to be RESTful?

View Slide

Possible reasons AGAINST
Perhaps I can think of a better way to structure an API

View Slide

Possible reasons AGAINST
Perhaps I can think of a better way to structure an API
REST seems very controversial and confusing in some points

View Slide

Main reasons to go for REST
REST makes the most of HTTP

View Slide

It means to have a common language

View Slide

It means to have a common language
These are very powerful reasons

View Slide

What you already know about REST

View Slide

Sane way to approach REST

View Slide

1. Learn the stuff that is commonly accepted

View Slide

Use nouns for
the resources!

View Slide

Use nouns for
the resources!
Use HTTP verbs!

View Slide

Use HTTP verbs!
Use nouns for
the resources!
Return meaningful
status codes!

View Slide

2. Be aware of the grey areas / controversial points

View Slide

Do I have to return the
created/updated resource?

View Slide

Do I have to return the
created/updated resource?
Can I have /recipes.json and
/recipes.html?

View Slide

“Remember the "RE" in REST stands for "REpresentational" which means we are talking about representation of state.
Therefore a single URI should be used by resource as the unique identifier. Instead to get different representations we
should use media types.”
Lukas K. Smith (FOSRestBundle author)
http://pooteeweet.org/blog/2248
/recipes.html?

View Slide

“Remember the "RE" in REST stands for "REpresentational" which means we are talking about representation of state.
Therefore a single URI should be used by resource as the unique identifier. Instead to get different representations we
should use media types.”
Lukas K. Smith (FOSRestBundle author)
http://pooteeweet.org/blog/2248
“Section 6.2.1 does not say that content negotiation should be used all the time.”
Roy T. Fielding (author of REST thesis and REST concept itself)
https://groups.yahoo.com/neo/groups/rest-discuss/conversations/messages/5857
/recipes.html?

View Slide

3. Choose a side in those…

View Slide

3. Choose a side in those… … and stick to it

View Slide

3. Choose a side in those… … and stick to it
Be civilized and consistent

View Slide

View Slide

Why Symfony & REST?

View Slide

Why Symfony & REST?
REST is several things:
- A very strict definition -that not many people fully understand
- A battlefield
- A way to make the most of HTTP

View Slide

Why Symfony & REST?
REST is several things:
- A very strict definition -that not many people fully understand
- A battlefield
- A way to make the most of HTTP
“I don't like MVC because that's not how the web works. Symfony2 is an HTTP framework; it is
a Request/Response framework. That's the big deal. The fundamental principles of Symfony2
are centered around the HTTP specification.”
Fabien Potencier

View Slide

Why Symfony & REST?
REST ♥ HTTP
Symfony ♥ HTTP

View Slide

Why Symfony
Components?

View Slide

Symfony is two things
1. A full stack framework

View Slide

Symfony is two things
1. A full stack framework
2. A set of independent
components

View Slide

What are Symfony Components
Set of decoupled and reusable PHP libraries
You can use any in your own applications independently from the
Symfony Framework
Many popular PHP projects do so

View Slide

Components used in popular projects
http://symfony.com/projects

View Slide

Doctrine

View Slide

Propel

View Slide

Silex

View Slide

Drupal

View Slide

Laravel

View Slide

Components that we are going to see in detail
HttpFoundation
Serializer
Validator
Form
Guard

View Slide

Where/when can you apply this knowledge
- Working with the full Symfony framework

View Slide

- Using some of these components in some other framework

View Slide

- Writing your own framework

View Slide

- Writing your own framework
https://symfony.com/doc/current/create_framework/index.html

View Slide

See repository
https://github.com/VictoriaQ/rest-symfony-components

View Slide

II. SYMFONY COMPONENTS

View Slide

HttpFoundation
Moving to an Object-Oriented
approach
HttpFoundation
Serializer
Validator
Form
Guard

View Slide

HttpFoundation - The idea
Defines an object-oriented layer for the HTTP specification

View Slide

In PHP:
- Request represented by global variables
- Response generated by some functions

View Slide

In PHP:
- Request represented by global variables
- Response generated by some functions
HttpFoundation replaces global variables and functions by an object-oriented layer:
- $_GET, $_POST, $_FILES, $_COOKIE... ----> Request()
- echo(), header(), setcookie()... ----> Response()

View Slide

HttpFoundation - Request()
Holds information about the client request
use Symfony\Component\HttpFoundation\Request;
$request = Request::createFromGlobals();

View Slide

Creates Request object based on current PHP global variables

View Slide

Creates Request object based on current PHP global variables
$request = new Request(
$_GET,
$_POST,
array(),
$_COOKIE,
$_FILES,
$_SERVER
);

View Slide

HttpFoundation - Response()
Holds information of what needs to be sent back to the client
use Symfony\Component\HttpFoundation\Response;
$response = new Response(
'Content',
Response::HTTP_OK,
array('content-type' => 'text/html')
);

View Slide

Let’s create a POST endpoint
When I request "POST /recipes"
Then the response status code should be 201

View Slide

$content = json_decode($request->getContent(), true);

View Slide

// Here we would persist the data
$response = new Response(json_encode(array('data' => 'Hi!'), 201);
$response->headers->set('Content-Type', 'application/json');
$response->headers->set('Location', '/recipes/1');

View Slide

Shortcut: JsonResponse()
use Symfony\Component\HttpFoundation\JsonResponse;
// Here we would persist the data
$response = new JsonResponse(array('data' => 'Hi!'), 201);
$response->headers->set('Location', '/recipes/1');
Sets ContentType to application/json and encodes to JSON

View Slide

And what about PSR-7?

View Slide

Symfony PSR-7 Bridge
HttpFoundation has helped with homogenization across frameworks
The PSR-7 Standard has meant a step further towards standardization
Symfony 4 will likely embrace the PSR-7 Standard

View Slide

HttpFoundation has helped with homogenization across frameworks
The PSR-7 Standard has meant a step further towards standardization
Symfony 4 will likely embrace the PSR-7 Standard
Until then, the Symfony PSR-7 Bridge makes HttpFoundation
objects compatible with PSR-7

View Slide

use Symfony\Bridge\PsrHttpMessage\Factory\DiactorosFactory;
$psr7Factory = new DiactorosFactory();
// convert a Request
$symfonyRequest = Request::createFromGlobals();
$psrRequest = $psr7Factory->createRequest($symfonyRequest);
// convert a Response
$symfonyResponse = new Response('Content');
$psrResponse = $psr7Factory->createResponse($symfonyResponse);
This is how we can convert
HttpFoundation objects to objects
implementing HTTP message
interfaces defined by the PSR-7

View Slide

use Symfony\Bridge\PsrHttpMessage\Factory\DiactorosFactory;
$psr7Factory = new DiactorosFactory();
// convert a Request
$symfonyRequest = Request::createFromGlobals();
$psrRequest = $psr7Factory->createRequest($symfonyRequest);
// convert a Response
$symfonyResponse = new Response('Content');
$psrResponse = $psr7Factory->createResponse($symfonyResponse);
This is how we can convert
HttpFoundation objects to objects
implementing HTTP message
interfaces defined by the PSR-7
https://inviqa.com/blog/introduction-psr-7-symfony

View Slide

PSR-7 middlewares
AccessLog
AttributeMapper
AuraRouter
AuraSession
BasePath
BasicAuthentication
BlockSpam
Cache
ClientIp
Cors
Csp
Csrf
https://github.com/oscarotero/psr7-middlewares
DebugBar
Delay
DetectDevice
DigestAuthentication
EncodingNegotiator
ErrorHandler
Expires
FastRoute
FormTimestamp
Firewall
FormatNegotiator
Geolocate
GoogleAnalytics
Honeypot
Https
ImageTransformer
IncludeResponse
JsonSchema
LanguageNegotiation
LeagueRoute
MethodOverride
Minify
Payload
PhpSession
Piwik
ReadResponse
Recaptcha
Rename
ResponseTime
Robots
SaveResponse
Shutdown
TrailingSlash
Uuid
Whoops
Www
Following PSR-7
Standard allows you to
use middlewares

View Slide

Serializer
Getting representations of our
objects, back and forth
Serializer
HttpFoundation
Validator
Form
Guard

View Slide

Serializer - The idea
$recipe = new Recipe();
$recipe->setName($content['name']);
$recipe->setEnergy($content['energy']);
$recipe->setServings($content['servings']);
...
The request -> Our object
(manual deserialization)

View Slide

...
...
$responseData = [
'id' => $recipe->getId(),
'name' => $recipe->getName(),
'energy' => $recipe->getEnergy(),
'servings' => $recipe->getServings(),
];
$response = new JsonResponse($responseData, 201);
Our object -> The response
(manual serialization)

View Slide

...
...
$responseData = [
];
A lot of repetitive, boring work!
Our object -> The response
(manual serialization)

View Slide

Serializing
$responseData = [
];
Converting our object into a JSON response

View Slide

Serializing
$responseData = [
];
--------------
$response = new Response($serializer->serialize($recipe, 'json'), 201);
Converting our object into a JSON response

View Slide

Deserializing
Converting the JSON content request into an object

View Slide

Deserializing
------------------
$recipe = $serializer->deserialize($content, Recipe::class, 'json');
Converting the JSON content request into an object

View Slide

Turns objects into a specific format, and the other way around

View Slide

Setting up the Serializer
use Symfony\Component\Serializer\Serializer;
use Symfony\Component\Serializer\Encoder\XmlEncoder;
use Symfony\Component\Serializer\Encoder\JsonEncoder;
use Symfony\Component\Serializer\Normalizer\ObjectNormalizer;
$encoders = array(new XmlEncoder(), new JsonEncoder());
$normalizers = array(new ObjectNormalizer());
serializer = new Serializer($normalizers, $encoders);

View Slide

Setting up the Serializer
use Symfony\Component\Serializer\Serializer;
use Symfony\Component\Serializer\Encoder\XmlEncoder;
use Symfony\Component\Serializer\Encoder\JsonEncoder;
use Symfony\Component\Serializer\Normalizer\ObjectNormalizer;
$encoders = array(new XmlEncoder(), new JsonEncoder());
$normalizers = array(new ObjectNormalizer());
serializer = new Serializer($normalizers, $encoders);
http://symfony.com/doc/current/components/serializer.html

View Slide

Representation in API
!=
what we have in DB

View Slide

Representation in API != what we have in DB
{
id: 9,
name: "victoriaq",
password: "encryptedPassword",
email: "[email protected]",
avatar: "avatar.jpg",
twitter_handler: "vicqr",
profile: {
id: 19,
bio: "My bio."
}
}

View Slide

{
id: 9,
name: "victoriaq",
profile: {
id: 19,
bio: "My bio."
}
}
I may want to name this “username”

View Slide

{
id: 9,
name: "victoriaq",
profile: {
id: 19,
bio: "My bio."
}
}
Don’t what to expose it!

View Slide

{
id: 9,
name: "victoriaq",
profile: {
id: 19,
bio: "My bio."
}
}
Only in the profile, not in the list

View Slide

{
id: 9,
name: "victoriaq",
profile: {
id: 19,
bio: "My bio."
}
}
We want to add “thumb_”

View Slide

{
id: 9,
name: "victoriaq",
profile: {
id: 19,
bio: "My bio."
}
}
Only in version 2 of the API

View Slide

{
id: 9,
name: "victoriaq",
profile: {
id: 19,
bio: "My bio."
}
}
Only in version 2 of the API
I’d like to show it as any other field

View Slide

Annotations
MaxDepth
- Detect and limit the serialization depth
- Especially useful when serializing large trees

View Slide

Annotations
MaxDepth
- Detect and limit the serialization depth
- Especially useful when serializing large trees
Groups
- Sometimes, you want to serialize different sets of attributes from your entities
- Groups are a handy way to achieve this need

View Slide

Let’s create a GET endpoint
When I request "GET /recipes"
And only the following properties should exist:
“”
name
servings
“”

View Slide

class Recipe
{
/**
* @Groups({"detail", "overview"})
*/
public $name;
/**
* @Groups({"detail"})
*/
public $energy;
/**
* @Groups({"detail", "overview"})
*/
public $servings;
}

View Slide

$groups = ['groups' => ['overview']];
$response = new Response($serializer->serialize($recipes, 'json', $groups), 201);
return $response;
Now we can serialize only the group overview, if we want

View Slide

Creating your custom normalizers
For example, to serialize attributes with a different name

View Slide

Creating your custom normalizers
use Symfony\Component\Serializer\NameConverter\NameConverterInterface;
class OrgPrefixNameConverter implements NameConverterInterface
{
public function normalize($propertyName)
{
return 'prefix_'.$propertyName;
}
public function denormalize($propertyName)
{
// remove prefix_ prefix
return 'prefix_' === substr($propertyName, 0, 7) ? substr($propertyName, 7) : $propertyName;
}
}
For example, to serialize attributes with a different name

View Slide

Validator
Enforcing sanity
Validator
HttpFoundation
Serializer
Form
Guard

View Slide

Validator - The idea
The values sent to our DB must meet certain constraints
We can’t leave that work to the DB itself
We need a previous validation
Provides tools to validate the incoming data

View Slide

Simplest example
use Symfony\Component\Validator\Validation;
use Symfony\Component\Validator\Constraints\Length;
use Symfony\Component\Validator\Constraints\NotBlank;
$validator = Validation::createValidator();
$violations = $validator->validate('Spanish omelette', array(
new Length(array('min' => 2))
));

View Slide

Simplest example
));
Constraints...
(rule formulation)

View Slide

Simplest example
));
and validators
(logic there)

View Slide

Simplest example
));
What happens with more complex validations…
such as validating an object?

View Slide

Validating objects
/**
* @ORM\Column(type="integer")
* @Assert\NotBlank()
* @Assert\GreaterThanOrEqual(
* value=0,
* message="This universe is not so lucky. This value must be at least zero"
* )
**/
private $energy;
/**
**/
private $servings;
Validator needs to know
which constraints apply to
the object properties

View Slide

Validating objects
/**
* @Assert\GreaterThanOrEqual(
* value=0,
* message="This universe is not so lucky. This value must be at least zero"
* )
**/
private $energy;
/**
**/
private $servings;
Annotations are handy, but it
can be done with yml, xml,
explicit PHP...

View Slide

Constraints
https://symfony.com/doc/current/reference/constraints.html
You have about 50 constraints defined in the Validator component
(from NotNull to ISBN…)

View Slide

Constraints
https://symfony.com/doc/current/reference/constraints.html
You have about 50 constraints defined in the Validator component
(from NotNull to ISBN…)
And you can create your own

View Slide

Returning errors in our API
if (0 !== count($violations)) {
$errors = [];
foreach ($violations as $violation) {
$errors[$violation->getPropertyPath()] = $violation->getMessage();
}
$response = new JsonResponse($errors, 400);
$response->send();
return;
}
Good validation and error handling are key in an API

View Slide

Form
Powering up validation and
deserialization
Form
HttpFoundation
Serializer
Validator
Guard

View Slide

Form - The idea
Not much difference between handling an HTML form and API data
Equivalent to deserializing + validating
A powerful deserializer
We can reuse work done in HTML forms
Provides powerful validation plus serialization

View Slide

Form - The idea
Not much difference between handling an HTML form and API data
Equivalent to deserializing + validating
A powerful deserializer
We can reuse work done in HTML forms
https://knpuniversity.com/screencast/symfony-rest/form-post

View Slide

Let’s create a PUT endpoint
When I request "PUT /recipes/1"

View Slide

$formFactory = Forms::createFormFactoryBuilder()
->addExtension(new ValidatorExtension($validator))
->getFormFactory();
$data = json_decode($request->getContent(), true);
$recipe = $this->getDoctrine()->getRepository('AppBundle:Recipe')->find($recipeId);
$form = $formFactory->create(RecipeType::class, $recipe);
$form->submit($data);
if (!$form->isValid()) {
$response = new Response($serializer->serialize($form, 'json'), 400);
return $response;
}

View Slide

$formFactory = Forms::createFormFactoryBuilder()
->addExtension(new ValidatorExtension($validator))
->getFormFactory();
$data = json_decode($request->getContent(), true);
$recipe = $this->getDoctrine()->getRepository('AppBundle:Recipe')->find($recipeId);
$form = $formFactory->create(RecipeType::class, $recipe);
$form->submit($data);
if (!$form->isValid()) {
$response = new Response($serializer->serialize($form, 'json'), 400);
return $response;
}
https://github.com/VictoriaQ/rest-symfony-components/commit/bd2e044d6a5269e4e415d8fadcf7710a9ede27de

View Slide

POST to create and PUT
to update?

View Slide

On PUT and POST
Common knowledge:
- POST to create resources
- PUT to update resources

View Slide

On PUT and POST
Common knowledge:
Not true

View Slide

On PUT and POST
Common knowledge:
Not true
(but somehow true)

View Slide

On PUT and POST
Common knowledge:
Not true
(but somehow true)
(some people get very angry with this)

View Slide

On PUT and POST
PUT if:
- The operation is idempotent
- URI = address of the resource
BOTH need to be true. Otherwise, POST.
This is the whole truth

View Slide

And do I have to return
the resource?

View Slide

Do I have to return the resource?
Many say that we do not
Some clients assume that we will

View Slide

Do I have to return the resource?
Many say that we do not
Some clients assume that we will
As always, be consistent with your choices

View Slide

Guard
Authenticating
Guard
HttpFoundation
Serializer
Validator
Form

View Slide

Guard - The idea
Security Component allows to implement authentication
Very powerful and flexible… But complex too
Simplifies the authentication provided by the Security Component

View Slide

Just about one class with seven methods
We only need to implement GuardAuthenticationInterface

View Slide

Just about one class with seven methods
We only need to implement GuardAuthenticationInterface
With its seven methods:
class TokenAuthenticator extends AbstractGuardAuthenticator implements Guard\GuardAuthenticatorInterface {
public function getCredentials(Request $request)
public function getUser($credentials, UserProviderInterface $userProvider)
public function checkCredentials($credentials, UserInterface $user)
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
public function supportsRememberMe()
public function start(Request $request, AuthenticationException $authException = null)
}
http://symfony.com/blog/new-in-symfony-2-8-guard-authentication-component

View Slide

But at this point
You need EventDispatcher, HttpKernel, Routing...

View Slide

But at this point
You need EventDispatcher, HttpKernel, Routing...
Starts looking like a good idea to use a complete framework

View Slide

III. USING THE FULL FRAMEWORK

View Slide

Uses all these Components
http://symfony.com/projects/symfonyfs (actually a few more)

View Slide

Components and bundles
- Component -> decoupled and reusable library
- Bundle -> tied to the Symfony Framework

View Slide

Often you have:
Functionality
Library
Integration with SF
Configuration
Dependency injection
Bundle
+

View Slide

Often you have:
Functionality
Library
Integration with SF
Configuration
Dependency injection
Bundle
+
Let’s see a few Bundles that can be useful for our API

View Slide

JMSSerializerBundle

View Slide

JMSSerializerBundle
Another possibility for serialization / deserialization
- JMSSerializer has lots of useful annotations
- Perhaps easier to setup and start using than Sf Serializer
- Sf Serializer is more about writing your own normalizers

View Slide

JMSSerializerBundle
Some cool features:
- Three exclusion strategies (Exclude, Groups, Versions)
- Configurable properties (Virtual Props., Accessors)
- Events provide extra flexibility
- XML highly configurable
Good alternative to Serializer, up to you

View Slide

FOSRestBundle

View Slide

FOSRestBundle
Set of tools:
- View layer that deals with the different representations
- Body request decoder
- Listener that performs content negotiation
- Parameter validator and converter
- ALLOW header manager
- Exception decoder
- Unified REST routing system

View Slide

FOSRestBundle
Set of tools:
- View layer that deals with the different representations
- Body request decoder
- Listener that performs content negotiation
- Parameter validator and converter
- ALLOW header manager
- Exception decoder
- Unified REST routing system
You can live without it, but it is quite useful when you have it

View Slide

LexikJWTAuthenticationBundle

View Slide

JSON Web Token (JWT) is a compact URL-safe means of
representing claims to be transferred between two
parties. The claims in a JWT are encoded as a JSON
object that is digitally signed using JSON Web Signature
(JWS).

View Slide

JSON Web Token (JWT) is a compact URL-safe means of
representing claims to be transferred between two
parties. The claims in a JWT are encoded as a JSON
object that is digitally signed using JSON Web Signature
(JWS).
Two built-in token encoders, based on:
- namshi/jose
- lcobucci/jwt

View Slide

POST /login_check HTTP/1.1
Host: localhost:8000
Content-Type: application/json
Accept: application/json
Cache-Control: no-cache
{"_username": "user",
"_password": "userpass"}
endpoint configured
in security.yml
credentials

View Slide

{"token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXUyJ9.eyJleHAiOjE0MzIzODc2ODcsInVzZXJuYW1l
IjoidXNlciIsImlhdCI6IjE0MzIzMDEyODcifQ.QgtJ-C96gMDzl1syuRGdpIb02sGnC-oKyLFqiNMX9Lny
hYV__R7itxLPEepOqzkhOiL-O7EdFEdqFjK9vRgk67MRgfKCh5Yuir9aUkVYeZXpyVOGUgPGDpHtFi74_G9
EY4FGXzt7zhHoP_Y-6GwFSc_7HTeW7sm3ifGpYSlifyx3jmggkHoTc-1_kxXFdceoSCOoPf-uDaaQtLOwKF
qUJCYaAcGXaS0FI_GDnIyX4bDCcPi3_6AvLLuSmfCaZqRofPvasANfhxRmE6iZ9wZ9dcKX1siPu7F_lFpJe
3UgMy6hr3kDYPz5H4gOcu0A3JWV7lCIpThF8j-G1eN7PCIeLCQBpq08rkM9SrohWUiMcuqCQYjWIbB-jF0Z
Uv762Cvv2Y-
e9gqXsCYmg9NrLURLNJdce_Yl3QyWECYSKwaFkz8p8VTqrKtxrM0Gd-qNZ_uT4Hq8-BZ7ZDGCfQ0Dm4qC2P
qXtPFfvmi_RQ9S2xmx93At0gBtLRrQPSqxv7ZfqtDjAKsCgOsMPU1yS-4h8s3Wxb4_flwvBZJbnHgkmFFR8
-p_a8FwAHXoHXkPokTX-hZy-UjfV1x8N2F8u0_ndsHS0cZdFhX9grpBsRoR058YFTqFgAC-6s3d6AeAX7WX
VIKu-
x1qjcsrkNND2jxoEppZphT6ecC0JgT6ioGFuHYZWbA"}

View Slide

GET /recipes/1 HTTP/1.1
Authorization: Bearer
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXUyJ9.eyJleHAiOjE0MzIzNzk0MjQsInVzZXJuYW1lIjoidXNlci
IsImlhdCI6IjE0MzIyOTMwMjQifQ.Wb8NlbNNvCA5V7QxKoN_uYLmCRiqjt0ES5gIlvpyrBmVKMAXQ_cj6M
NqbXcHp28NXNGJidcV2qJ1-8zWGkbHBDMZCAOp_JX74EXdeQYa0c2bV7HzKyUCEX8bOii25Jmt8YpWUa5og
w58rWVhE-2CRn0fQS_gHn7d3Ke1w4NPjaLgnhSthZKfR2Ytd9U6A_3w6X2fS2R24DWWmb8KThMtSwXOtGVq
EQVEnsro91RPHARg-na1ww_BnE-3Xas_427g84bsUHNIIlDs7BYAEF323h3AZrPB4Tx1tNabEWIsBJzEAKE
LBDoCrqmspK0AFrGx-RIjiRMpMzDlTHMjt6hML7SO1y3AJbrD5AsxNLITtnaxfkFYl3n0XIH8Gd2ZRdFDsj
XGPPZ6VLFHfUIe1BoPmLtFt5CK4PeDb-_BsbdA3tGEkVgfTrh9bSMY9mXZ-KCg8F8cbK5A-CqURqRFpTts1
OBRUcOR1c6GtrPHpGsuoPGE90mTiOJPyajUK8lgdv1yBMt7WSEJNRXMLxetk57l53FLiLVObfV7D-LGC9R1
8gIedzxmTXXxteV83izNuzQChAiRBU73W-5kjGkmpvr05Q_rd33dTn9wxEe0I0nnEK_MeSvqz2nH23xj7RU
wGH
qsrWlfVZZqZcVP59njex0LWWgb7PGKmJwL8ze2MrBft-U
Provides a very simple way of authenticating

View Slide

BazingaHateoasBundle

View Slide

Allows you to reach REST level 3
Hypermedia As The Engine Of Application State

View Slide

{
"id":1,
"name":"Spanish omelette",
"energy":"500",
"servings":4
}

View Slide

{
"id":1,
"name":"Spanish omelette",
"energy":"500",
"servings":4,
"_links": {
"self": {
"href": "\/recipes\/1"
}
}
}
Level 3! :-)

View Slide

use Doctrine\ORM\Mapping as ORM;
use Hateoas\Configuration\Annotation as Hateoas;
use JMS\Serializer\Annotation as Serializer;
/**
* Recipe
*
* @ORM\Table()
* @ORM\Entity(repositoryClass="AppBundle\Entity\RecipeRepository")
* @Hateoas\Relation("self",
* href = @Hateoas\Route(
* "fosrest_api_get_recipe",
* parameters = { "id" = "expr(object.getId())" }))
*/
class Recipe
{
…
}

View Slide

use Doctrine\ORM\Mapping as ORM;
use Hateoas\Configuration\Annotation as Hateoas;
use JMS\Serializer\Annotation as Serializer;
/**
* Recipe
*
* @ORM\Table()
* @ORM\Entity(repositoryClass="AppBundle\Entity\RecipeRepository")
* @Hateoas\Relation("self",
* href = @Hateoas\Route(
* "fosrest_api_get_recipe",
* parameters = { "id" = "expr(object.getId())" }))
*/
class Recipe
{
…
}
Potentially, allows you to reach level 3

View Slide

And do I actually HAVE
TO reach level 3?

View Slide

Do I have to reach level 3 of REST?
“If the engine of application state (and hence the
API) is not being driven by hypertext, then it
cannot be RESTful and cannot be a REST API.
Period.”
http://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven
Theoretically:

View Slide

Period.”
Theoretically: In the Real World:

View Slide

Period.”
Theoretically: In the Real World:
It is up to you, you have to evaluate

View Slide

NelmioAPIDocBundle

View Slide

NelmioAPIDocBundle
Documentation bundle
You create documentation while coding
Uses code introspection a lot

View Slide

NelmioAPIDocBundle
Documentation bundle
You create documentation while coding
Uses code introspection a lot
Easy to keep the documentation updated

View Slide

NelmioAPIDocBundle
/**
* Gets a Recipe
* @ApiDoc(
* resource=true,
* section="recipe",
* deprecated="true",
* tags={"hi", "anothertag" = "#34a523"},
* views = { "default", "v2" },
* statusCodes = {
* 200 = "Returned when successful",
* 404 = "Returned when the recipe is not found"
* })
* @QueryParam(name="page", requirements="\d+", default="1", description="Page of the overview.")
* @param ParamFetcher $paramFetcher
* @return array
*/
public function getPlatosAction(ParamFetcher $paramFetcher)
{

View Slide

NelmioAPIDocBundle

View Slide

IV. TESTING

View Slide

Testing, some tips
Invest some time in setting up a nice testing environment

View Slide

Testing, some tips
Postman, easy to set-up

View Slide

Postman

View Slide

Testing, some tips
Guzzle + PHPUnit, your bread and butter

View Slide

Guzzle
$data = array(
'name' => 'Spanish omelette',
'energy' => 500,
'servings' => 4
);
$request = $client->post('/recipes', null, json_encode($data));
$response = $request->send();
echo $response;

View Slide

Testing, some tips
Very important to handle errors properly

View Slide

Error handling - Nested errors
Create test “errors.children.servings.errors should exist”
{
"code": 400,
"message": "Validation Failed",
"errors": {
"children": {
"name": [ ],
"energy": [ ],
"servings": {
"errors": [
"This value should be greater than or equal to 0."
]
}
}
}

View Slide

Error handling - HTML errors
Not the type of error that we want to receive in our API

View Slide

Not the type of error that we want to receive in our API

No route found for "GET /recipes" (404 Not Found)

src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAALYAAAA+CAMAAACxzRGDAAAAUVBMVEX////Ly8yko6WLioxkYmVXVVkwLjLl5eWxsLJKSEzy8vJxcHLY
2Ni+vb89Oz9XVVh+fH+Yl5n///+xsbLY2Nlxb3KkpKWXlph+fX+LiYy+vr/IZP61AAAAAXRSTlMAQObYZgAABRBJREFUeNrVmtuWoyAQRS1FEEQSzQU7//+hYxUiXsKQZLJW
M+chsUloN+WhCuguYoKyYqzmvGasKqH4HyRKxndipcgcumH8qViTM7TkUclcwaHmf5XM0eWq4km1KjdqXfMXJHVe1J3hL8lk5fCGv6wmT+o0d87U+XNrk0Y9nfv+7LM6
ZJH5ZBL6LAbSxQ3Q5FDr22Skr8PQSy4n7isnsQxSX4r6pobhjCHHeDNOKrO3yGmCvZOjV9jmt8ulTdXFKdbKLNh+kOMvBzuVRa4Y7MUsdEUSWQe7xxCfZmcwjHU83LqzFv
SbJQOXQvptbPnEFoyZtUUGwTeKuLuTHyT1kaP0P6cR01OKvv448gtl61dqZfmJezQmU/t+1R2fJLtBwXV6uWGwB9SZPrn0fKO2WAvQN1PUhHjTom3xgXYTkvlSKHs19Ohsl
ETq6X3HrXbjt8XbGj9b4Gi+lUAnL6XxQj8Pyk9N4Bt1xUrsLVN/3isYMug8rODMdbgOvoHs8uAb2fcANIAzkKCLYy+AXRpSU8sr1r4P67xhLgPp7vM32zlqt7Bhq2fI1Hwp+VgA
Nxok59SsGV3oqdUL0YVDMRY7Yg8QLbVUU4NZNoOq5hJHuxEM28Sh/IyUZ8D3reR+yc58EGvOy2U0HQL6G9V+kWyEWHmzaMx6t4o9RhOm/riUiYrzqij4Ptqkn7AaCXqc+F
47m04ahfde7YIz8RHEBN6BdV

View Slide

We can use the Symfony Crawler to return something nicer

No route found for "GET /recipes" (404 Not Found)

src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAALYAAAA+CAMAAACxzRGDAAAAUVBMVEX////Ly8yko6WLioxkYmVXVVkwLjLl5eWxsLJKSEzy8vJxcHLY
2Ni+vb89Oz9XVVh+fH+Yl5n///+xsbLY2Nlxb3KkpKWXlph+fX+LiYy+vr/IZP61AAAAAXRSTlMAQObYZgAABRBJREFUeNrVmtuWoyAQRS1FEEQSzQU7//+hYxUiXsKQZLJW
M+chsUloN+WhCuguYoKyYqzmvGasKqH4HyRKxndipcgcumH8qViTM7TkUclcwaHmf5XM0eWq4km1KjdqXfMXJHVe1J3hL8lk5fCGv6wmT+o0d87U+XNrk0Y9nfv+7LM6
ZJH5ZBL6LAbSxQ3Q5FDr22Skr8PQSy4n7isnsQxSX4r6pobhjCHHeDNOKrO3yGmCvZOjV9jmt8ulTdXFKdbKLNh+kOMvBzuVRa4Y7MUsdEUSWQe7xxCfZmcwjHU83LqzFv
SbJQOXQvptbPnEFoyZtUUGwTeKuLuTHyT1kaP0P6cR01OKvv448gtl61dqZfmJezQmU/t+1R2fJLtBwXV6uWGwB9SZPrn0fKO2WAvQN1PUhHjTom3xgXYTkvlSKHs19Ohsl
ETq6X3HrXbjt8XbGj9b4Gi+lUAnL6XxQj8Pyk9N4Bt1xUrsLVN/3isYMug8rODMdbgOvoHs8uAb2fcANIAzkKCLYy+AXRpSU8sr1r4P67xhLgPp7vM32zlqt7Bhq2fI1Hwp+VgA
Nxok59SsGV3oqdUL0YVDMRY7Yg8QLbVUU4NZNoOq5hJHuxEM28Sh/IyUZ8D3reR+yc58EGvOy2U0HQL6G9V+kWyEWHmzaMx6t4o9RhOm/riUiYrzqij4Ptqkn7AaCXqc+F
47m04ahfde7YIz8RHEBN6BdV
This is what we want

View Slide

Testing, some tips
Isolated DB for testing (can use SQlite)

View Slide

Testing, some tips
Isolated DB for testing (can use SQlite)
Set up proper fixtures (Alice & Faker are nice tools)

View Slide

Fixtures with Alice & Faker
AppBundle\Entity\Recipe:
recipe1:
name: Spanish omelette
energy: 500
servings: 4
recipe{2..20}:
name:
energy:
servings:

View Slide

recipe1:
energy: 500
servings: 4
recipe{2..20}:
name:
energy:
servings:
Known values, that
we may want to use
in some test

View Slide

recipe1:
energy: 500
servings: 4
recipe{2..20}:
name:
energy:
servings:
https://github.com/hautelook/AliceBundle
https://github.com/fzaninotto/Faker
Known values, that
we may want to use
in some test
Values created with
generators
Many generators available:

View Slide

V. USES FOR YOUR API

View Slide

Uses for an API
Api serves content to Mobile/Rich web apps/…

View Slide

Uses for an API
Abstract parts of a monolith into isolated services

View Slide

Uses for an API
Abstract parts of a monolith into isolated services
Undertake a migration

View Slide

Migrations - Option 1

View Slide

We replace functionalities, one route at a time

View Slide


View Slide

https://speakerdeck.com/hhamon/bringing-symfony-components-into-your-legacy-code

View Slide

https://speakerdeck.com/hhamon/bringing-symfony-components-into-your-legacy-code
Good idea when the team
feels very comfortable
with the new framework

View Slide


View Slide

Old system replace its code with calls to new Symfony API

View Slide

Good idea when team knows legacy code very well

View Slide

VI. FINAL THOUGHTS

View Slide

Summarizing
Whatever the choices you make building your API:
- Be consistent
- Take profit of using a common language
REST and Symfony Components make that easy
- They fit well together, both built around HTTP
- A few Components provide a lot
- You can consider using the full framework if you want more
Make sure that you set up a proper test environment

View Slide

View Slide

https://github.com/VictoriaQ/sonatademo
@vicqr
[email protected]
Training, consulting and
development
https://github.com/VictoriaQ/rest-symfony-components
@vicqr
[email protected]
Thanks!

View Slide

Building RESTful APIs with Symfony Components

Building RESTful APIs with Symfony Components

Victoria Quirante

More Decks by Victoria Quirante

Other Decks in Programming

Featured

Transcript