This document discusses API Platform, an open-source framework for building web APIs in PHP and Symfony. It provides out-of-the-box features like CRUD operations, validation, pagination and filtering. The document outlines how to customize API Platform through additional classes like data persisters, transformers and DTOs. It also discusses design choices around routing conventions and whether to extend core classes or create separate controllers. While API Platform is good for REST APIs with some custom logic, it may not be ideal for highly customized APIs due to multiple approaches for the same tasks.

1. Evgeny Smirnov
and how to use (
fi
rst look)

2. +
Why?

3. +

4. +

5. +
What’s inside?

6. +
Out of the box
“CRUD, data validation, pagination,
fi
ltering, sorting, json/hydra, GraphQL,
swagger, CORS, OWASP inside…”

7. +
Follow best practice because
you can’t do otherwise

8. +
Getting started
1. Official “Getting started” guide
2. SymfonyCast: RESTful APIs and
API Platform guides
3. StackOverflow

9. +
Installation
Dockerised distribution
(check symfony version)
or through symfony

10. +
Why?

11. +

12. +
Custom business logic for
any writing action — DataPersisters*
* use decorator pattern

13. +
final class UserQuizDataPersister implements ContextAwareDataPersisterInterface
{
private $decorated;
private $security;
…
public function persist($data, array $context = [])
{
if (is_null($data->getUser())) {
$user = $this->security->getUser();
$data->setUser($user);
}
$result = $this->decorated->persist($data, $context);
return $result;
}
public function remove($data, array $context = [])
{
return $this->decorated->remove($data, $context);
}
}
Data Persisters

14. +
Data Providers
Here should be an example
but I have not used providers…

15. +
Custom action for an action
of a resource — Action Controller

16. +
#[AsController]
class SkipUserQuestion extends AbstractController
{
public function __invoke(UserQuestion $data): UserQuestion
{
$data->setStatus(UserQuestion::STATUS_SKIPPED);
return $data;
}
}
Pseudo Controllers

17. +
Various input and output data
for the same model —
DataTransformer and DTO

18. +
public function transform($data, string $to, array $context = [])
{
$resetPasswordRequest = new ResetPasswordRequest();
$user = $this->userRepository->findOneByEmail($data->getEmail());
$resetPasswordRequest->setUser($user);
$now = new DateTimeImmutable();
$expiredAt = new DateTimeImmutable('+1 hour');
$resetPasswordRequest->setRequestedAt($now);
$resetPasswordRequest->setExpiresAt($expiredAt);
return $resetPasswordRequest;
}
Data Transformers

19. +
final class ResetPasswordRequestInput
{
#[Groups(['resetPasswordRequest:create', 'resetPasswordRequest:read'])]
#[AssertNotBlank(groups: ['validation:create'])]
#[AssertEmail()]
private $email;
public function getEmail(): ?string
{
return $this->email;
}
public function setEmail(string $email): self
{
$this->email = $email;
return $this;
}
}
DTOs

20. +
… and much more:
EventListeners, Subscribers,
Filters, async …

21. +
Useful add ons
✅ JWT through LexikJWTAuthenticationBundle
✅ JWT refresh tokens GesdinetJWTRefreshTokenBundle
❌ Complete sign up / sign in
❌ Role based API versions

22. +
Disambiguous?

23. +
PATCH /entity/{id} or
PUT /entity/{id}/{custom-action}

24. +
GET /entity/{id}/?{subentity}=% or
GET /entity/{id}/{subentity}

25. +
Action-Controller or DataPersister
for custom writing logic?

26. +
4-5 extra classes (DTOs, Transformers, etc.) or
Custom controller outside of API Platform*
* and extra classes for OpenAPI docs…

27. +
Too many ways
how to perform a regular action

28. +
Good for RESTful APIs with regular customisations
Bad for custom APIs

29. +

30. +

31. +