Here are the slides I presented during my keynote at the API Platform Conference. I introduced a new API architecture inspired by Jamstack: Edge Side APIs (ESA).
My colleague Antoine Bluchet gave another talk giving more details about how API Platform started implementing ESA:
The talks have been recorded. They will be published in the next few weeks.
103 is a new experimental HTTP status code defined in RFC 8297. It’s an informational status that can be sent by a server before the main HTTP response. Used in conjunction with the Link HTTP header and the preload relation, 103 gives the client the opportunity to fetch resources (assets, images, related API documents…) related to the explicitly requested one, as early as possible, and while the server is preparing the main response. Early Hints look like that:
HTTP/1.1 103 Early Hints
Link: </style.css>; rel=preload; as=style
Link: </script.js>; rel=preload; as=script
HTTP/1.1 200 OK
Date: Fri, 26 May 2017 10:02:11 GMT
Content-Length: 1234
Content-Type: text/html; charset=utf-8
Link: </style.css>; rel=preload; as=style
Link: </script.js>; rel=preload; as=script
[… rest of the response body is omitted from the example …]The 103 Early Hints status code could be a good alternative to HTTP/2 Server Push, which will be removed from Chrome and discouraged in the spec. It adds 1 RTT compared to Server Push, but – among other advantages – it allows better caching and is (theoretically) easier to implement. Chrome and Fastly are running an experiment to measure the potential benefit of this new status code. But for this experiment to be successful, we need compatible servers… and servers are waiting for compatible browsers before implementing this new status code. We’re in a typical “the chicken or the egg” situation.
As you may know, I’m very interested in the topic of resource preloading applied to web APIs. I created the Vulcain protocol, which is an alternative to (some features of) GraphQL. It allows designing fast and idiomatic client-driven APIs, strictly following the REST architectural style. Vulcain (the protocol) supports Early Hints since day one, and has been designed with compatibility with this status code in mind. We will publish a new revision of Vulcain taking into account the twilight of Server Push soon, and I’ll present what this changes for the protocol in depth during AFUP Day 2021.
However, the Vulcain Gateway Server (the reference implementation), doesn’t support the new status code yet. So servers using this component cannot participate in the experiment.
As the Mercure.rocks hub, the Vulcain Gateway Server is now available as a module for the brilliant Caddy Web Server. This has been possible because both Caddy and the library implementing Vulcain are written in Go. Unfortunately, the standard library of Go doesn’t support the 103 status code yet. This prevents using Early Hints with Caddy and Vulcain.
To move forward, I submitted to the Go project patches implementing the RFC for HTTP/1.1 and for HTTP/2. They aren’t merged yet, but as Go 1.16 has been released yesterday, they may land soon in the development branch. In the meantime, it’s already possible to use this feature in your own Go programs, and it’s what we’ll see in the rest of this article!
The Go toolchain (especially the gc compiler) has an interesting characteristic: it creates statically-linked binaries by default. This means that once compiled with a development version of Go supporting the new feature, your standalone binaries can be deployed without requiring any change to your servers.
First be sure that the current stable version of Go is installed on your system. Because the Go toolchain itself is written in Go, we need Go to compile Go. It’s called the bootstrapping process (another instance of the “chicken or the egg” problem).
Then, clone my fork of Go and checkout the branch containing the required changes for HTTP/1.1:
git clone https://github.com/dunglas/go.git dunglas-go
cd dunglas-go
git checkout feat/http-103-status-codeThis branch contains the patch for HTTP/1.1 but not for HTTP/2. The implementation of HTTP/2 of Go is stored in a separated module: x/net/http2. Before creating our custom build of Go, we need to retrieve the patched version of x/net/http2 and to bundle it in the standard library.
Start by replacing the x/net package by my fork of it, and update the vendored dependencies:
export GOROOT=$(pwd)
cd src/
go mod edit -replace="golang.org/x/net=github.com/dunglas/[email protected]"
go mod vendor
unset GOROOTThen, install the bundle command, and use it to bundle the net/http module:
go get golang.org/x/tools/cmd/bundle
cd net/http/
$(go env GOPATH)/bin/bundle -o=h2_bundle.go -dst net/http -prefix=http2 -tags='!nethttpomithttp2' golang.org/x/net/http2The file h2_bundle.go has been replaced by a bundle containing our patch!
Finally, go back in the src/ directory and build our 103-enabled Go version:
cd ../../
./make.bashOur enhanced Go compiler is ready!
Implementing the example provided in the RFC is straightforward:
// main.go
package main
import (
"io"
"log"
"net/http"
)
func main() {
helloHandler := func(w http.ResponseWriter, req *http.Request) {
w.Header().Add("Link", "</style.css>; rel=preload; as=style")
w.Header().Add("Link", "</script.js>; rel=preload; as=script")
w.WriteHeader(103)
// do your heavy tasks such as DB or remote APIs calls here
w.WriteHeader(200)
io.WriteString(w, "<!doctype html>\n[... rest of the response body is omitted from the example ...]")
}
http.HandleFunc("/hello", helloHandler)
log.Fatal(http.ListenAndServeTLS(":443", "cert.pem", "key.pem", nil))
}To generate a locally-trusted certificate TLS certificate (necessary to use HTTP/2), I recommend the mkcert command:
mkcert -cert-file ./cert.pem -key-file ./key.pem localhostUse the custom build of Go we created to compile the program, and start it:
/path/to/dunglas-go/bin/go build main.go
./main mainAlternatively, execute go run main.go to compile and start the program with just one command. Use curl to check if it works properly.
With HTTP/1.1:
curl -v --http1.1 https://localhost/helloAnd with HTTP/2:
curl -v https://localhost/helloYou should see something like that:
[snip]
< HTTP/2 103
< link: </style.css>; rel=preload; as=style
< link: </script.js>; rel=preload; as=script
< HTTP/2 200
< link: </style.css>; rel=preload; as=style
< link: </script.js>; rel=preload; as=script
< content-type: text/html; charset=utf-8
< content-length: 79
< date: Sat, 13 Feb 2021 09:47:27 GMT
<
<!doctype html>
[snip]Calling http.ResponseWriter.WriteHeader() several times will cause an error with the vanilla Go runtime. To be able to compile the same program with the stable compiler and with the patched one, you can wrap the call to http.ResponseWriter.WriteHeader(103) in a condition:
package main
import (
"io"
"log"
"net/http"
"runtime"
"strings"
)
func main() {
helloHandler := func(w http.ResponseWriter, req *http.Request) {
w.Header().Add("Link", "</style.css>; rel=preload; as=style")
w.Header().Add("Link", "</script.js>; rel=preload; as=script")
if strings.HasPrefix(runtime.Version(), "devel") {
// skip if compiled with a stable version of Go
w.WriteHeader(103)
}
w.WriteHeader(200)
io.WriteString(w, "<!doctype html>\n[... rest of the response body is omitted from the example ...]")
}
http.HandleFunc("/hello", helloHandler)
log.Fatal(http.ListenAndServeTLS(":443", "cert.pem", "key.pem", nil))
}HTTP/3 is the upcoming version of the king of web protocols. It should become an RFC soon. HTTP/3 is already enabled by default in Safari and is available under a flag in Firefox and Chrome.
An experimental implementation of HTTP/3 for Go (which is used by Caddy and Vulcain) is available, but it doesn’t support the 103 status code either. So I also opened a Pull Request to add support for this status code to quic-go! To use the 103 status code with HTTP/3, try this patch.
And voilà! You’re ready to create programs supporting this new status code, and you can participate in this experiment to make the web faster and greener! If you do so, let me know on Twitter! The Vulcain Gateway Server will soon be updated to support the 103 status code using the approach we’ve seen in this article. And if you encounter any bug while playing with these patches, please report them!
If you liked this article, and want to contribute to my research work about web APIs, HTTP and Go, consider sponsoring me!
I just released API Platform Schema Generator version 3! It’s a command-line tool, part of the API Platform framework, that instantly generates a complete PHP data model (classes, enumerations, ORM mapping, validation rules, web API definitions, PHPDoc…) from RDF vocabularies and ontologies. RDF vocabularies are commonly used to define web-scale (Schema.org), industry-wide (The NASA Air Traffic Management Ontology, The Automotive Ontology, AddictO Vocab) or organization-wide (EU Vocabularies, Volkswagen Vehicles Ontology) concepts and relationships.
Vocabulary support in versions 1 and 2 of the tool was limited. Only Schema.org was 100% supported. Version 3 is now compatible with most existing vocabularies. To do so, we have implemented support for the Web Ontology Language (OWL) and for XML Schema types.
Also, the generated code now leverages the new features introduced in recent PHP versions, especially the improvements made to the type system: typed properties, nullable type declarations…
As you probably know, I’m very concerned about the centralization of the web:
The web is being weaponized by Tech Giants and governments. What used to be a free and autonomous space, an emancipation instrument where marginalized groups had a voice, is becoming a mass surveillance tool where censorship rules. We must act to redecentralize, just as the original was designed. Following Trump’s ban (which was entirely justified), even the creator of Twitter comes to this conclusion:
Among the various RDF vocabularies, one could be the foundation for this redecentralized web: ActivityStreams. It’s the vocabulary of ActivityPub, a W3C-backed social networking protocol used to build decentralized and federated social media. ActivityPub is already implemented by popular social media software including Mastodon, PeerTube, Mobilizon and WriteFreely. Servers implementing the ActivityPub protocol are interoperable and federated in what we call the Fediverse.
And here we’re back to API Platform Schema Generator v3: this new version has been created especially to bootstrap PHP applications using ActivityStreams! Generating a set of PHP classes implementing the vocabulary is as easy as cherry-picking the types and properties you want in a config file!
And that’s not all. I also created a new experimental component implementing the whole ActivityPub protocol: API Platform ActivityPub!
Thanks to this component, connecting a Symfony or an API Platform application (including existing ones) to the Fediverse is just a matter of installing a bundle! As all other API Platform components, API Platform ActivityPub can also be used as a standalone PHP library in projects not using Symfony.
PHP was the language of choice to build the original (at that time decentralized) web. Over the years, PHP dramatically improved, removing most footguns and becoming one of the fastest programming languages. But PHP is still easy to learn, and usable by hobbyists. I hope that it will become the language of choice to build the redecentralized web, and that API Platform will help to achieve this goal!
To allow me to work more on API Platform, my other free software projects and my experiments to redecentralize the web, consider sponsoring me! (Yes I know, GitHub is a proprietary service and belongs to a Big Tech, but we all have our contradictions, and I hope to be able to switch to radicle at some point.)
During my talk at SymfonyWorld, I announced the immediate availability of API Platform 2.6! Try it now!
Version 2.6 is the result of more than one year of work and hundreds of commits. It contains a huge list of new features, checkout the change logs (core library, distribution) for the full list. In this blog post, I’ll present the major new features! You can also take a look at the slide deck I presented (go on SpeakerDeck for the transcript):
See also the French translation of this article.
PHP 8 was released one week ago, and it comes with a huge list of new features. Among these features, attributes are a game changer for API Platform, as it relied a lot on annotations.
Starting with API Platform 2.6 you can use every annotation classes as PHP 8 attributes:
<?php
namespace App\Entity;
use ApiPlatform\Core\Annotation\ApiResource;
#[ApiResource]
class Book
{
public function __construct(
public string $id,
public string $title
) {}
}API Platform is now also fully compatible with PHP 8 (all deprecations have been fixed), and PHP 8 is now the default in the API Platform Distribution!
API Platform comes with a very practical tool to scaffold client applications: the client generator. This generator uses the Hydra or OpenAPI (experimental) documentation of the API to generate apps using various client-side technologies. It works with any API documented using these formats, not only with APIs using the server-side component of API Platform!
Generating TypeScript interfaces as well as of Progressive Web Apps built with React Native, React/Redux, Vue.js, Quasar and Vuetify was already supported. In API Platform 2.6, this tool gained support for Next.js!
Next.js is the reference framework in the React ecosystem. It is very easy to use, supports Server-Side Rendering out of the box, has a simple yet powerful page-based routing system and supports a wide range of features.
We also updated the API Platform distribution to use Next.js by default. A Docker container and a Docker Compose definition will start a skeleton of a Next.js app automatically and you will be able to scaffold your pages and forms by running a single command!
API Platform Admin is now also integrated in this Next.js app, on the /admin route.
You prefer using Vue instead of React? We’ve got you covered! In API Platform 2.6 we also introduced a Nuxt.js generator. Nuxt.js is similar to Next.js, but using Vue! And, as API Platform, it has been created by French folks!
In API Platform 2.6, the distribution has been totally revamped. API Platform supports many advanced features out of the box, including the Mercure and Vulcain protocols. To support these features, API Platform came with many Docker containers:
In API Platform 2.6, we simplified everything! First, we switched from NGINX to the awesome Caddy web server. Caddy is fast, fully-featured and extensible. For instance, it generates TLS certificates automatically both in production and on local development environment and natively supports PHP FPM. We also created Caddy modules for Mercure and for Vulcain! We’re also working with the Caddy team to create an HTTP cache module that will replace Varnish.
As explained in the previous section, we also replaced Create React App by Next.js and merged the containers for the client and the admin.
The result is a very simplified setup:
We also added support for a production mode to the Docker Compose definition included in the distribution.
Until now, it wasn’t possible to define global configuration defaults applied to all resources and all operations. You had to copy your configuration in all resource definitions. Starting with API Platform 2.6, you can define a global default configuration:
# config/packages/api_platform.yaml
api_platform:
defaults:
itemOperations: ["get"]
collectionOperations: ["get"]
mercure: trueWith the previous config, write routes are disabled for the whole API, and Mercure support (async API) is enabled for all resources!
API Platform supports resource-based access control. In 2.6, we introduced support for property-based access control:
<?php
namespace App\Entity;
use ApiPlatform\Core\Annotation\ApiResource;
use ApiPlatform\Core\Annotation\ApiProperty;
#[ApiResource]
class Book
{
#[ApiProperty(security: "is_granted('ROLE_ADMIN')"]
public $adminOnlyProperty;
}Thanks to this rule, the adminOnlyProperty will be serialized only for users having the admin role! Other users will not be able to see it.
Read the dedicated article about this new version of API Platform Schema Generator.
As you may know, I’m very worried by the current state of the web, and I think that we must fight to decentralize the web again.
ActivityPub is a specification edited by the W3C unlocking interoperability between social networking applications. It’s part of the solution to fight global censorship and to move out of the walled gardens of big tech companies. ActivityPub is already implemented by many software including Mastodon (Twitter-like), PeerTube (YouTube-like), PixelFed (Instagram-like), Mobilizon (Meetup-like)… This ecosystem is called the Fediverse.
In API Platform 2.6, we introduced a new experimental component allowing to add support for ActivityPub in any API Platform or Symfony application! It’s now way easier than before to build federated apps and to grow the Fediverse!
The biggest strength of API Platform is its community of users and contributors! To celebrate our vibrant community, we added new pages to the website dedicated to the community. Each contributor now has a dedicated page including a summary of their contributions. Discover our awesome community!
And to thank contributors, we’re also offering nice t-shirts to them as part of the Hacktoberfest initiative!
The next version of API Platform will be API Platform 3! We’ll release API Platform 2.7 at the same time. API Platform 3 will basically be API Platform 2.7 minus the backward compatibility layer with the deprecated code.
API Platform 3 will promote subresources as first-class citizens! They will support write operations. The overall configuration is also being revamped.
Also, to reduce the maintenance burden, API Platform 3 will only support PHP 8 and Symfony 5.2+! Be prepared.
They are also loads of new features in API Platform 2.6 not listed in this blog post: our GraphQL subsystem gained a lot of new features (including support for subscriptions and page-based pagination), the MongoDB bridge now supports the Mercure protocol, the OpenAPI builder has been totally rewritten, composed identifiers are easier to handle… Read the change logs (core library, distribution) to discover all of them!
I want to thank all contributors having contributed code and documentation for API Platform 2.6! Nothing would be possible without you.
Please try this new version and report any bugs!
If you have not yet given a GitHub star to the project, please do, it helps a lot to promote it.
If you like my work on the project, please also consider sponsoring me!
The web was designed to serve humanity, to enable knowledge sharing, for friendship among people.
But data and services centralization by the Tech Giants have completely perverted it. Centralization causes major threats to our societies: mass surveillance, censorship, vote rigging, opponents arrests , advertising tracking.
The situation is such that the founding fathers of the web, including its creator Tim Berners-Lee, multiply the calls to save it.
The solution: decentralize it again, give users control over their data, fight against GAFAM monopolies, rebuild an independent and non-commercial web based on free software.
Developers, journalists, lawyers, artists and activists are organizing to bring out the “Dweb”, the decentralized and distributed web (again). The Dweb is a corpus of standards (usually published by the W3C) such as ActivityPub, JSON-LD, RDF or HTTP as well as tools including Solid, Mastodon, PeerTube or Mobilizon which aim to put the Web at the service of common good.
As web developers, it is our responsibility to build and promote this new web.
The good news is that the PHP ecosystem now has the tools to easily create decentralized web applications based on these standards. During this conference, we will discover why the Dweb is a crucial issue for the future of our societies, how it works technically, and how we implement it with API Platform!
To do so, I just published a new API Platform component: API Platform ActivityPub! This new libraries component allows:
Recording of the talk (in French):
Slides (in English):
I’m very excited to announce the immediate availability of the version 6 of the Mercure Internet Draft as well as of the version 0.10 of the reference implementation!
Mercure is a real-time protocol built on top of Server-sent Events and leveraging HTTP/2+. It allows to push messages to JavaScript webapps, mobile apps or IoT devices with ease. Client-side, it relies on the native EventSource class and doesn’t require any JS dependency. Server-side, it allows to use a Hub to handle persistent connections and dispatch messages sent, for instance, from your REST or GraphQL APIs. An open source Hub designed for performance and high loads is developed in parallel to the specification. Get started with Mercure.
Since the initial release of Mercure, we gather feedback from the ever-growing community of users and contributors. This allowed us to identify the pain points, some limitations and new use cases. It took months of work to get there, but these new versions of the protocol and of the FOSS hub (written in Go) fix all the limitations and design issues we identified so far. They are by far the best and the fastest versions ever released! Let’s discover these changes and new features.
One of the key features of Mercure is its authorization mechanism. It allows to send private updates, which will be received only by subscribers having the appropriate credentials.
Until the last version of the protocol, this mechanism was using the concept of targets, and was hard to understand for newcomers.
In the 6th version of the protocol, the authorization mechanism has been dramatically simplified, while staying as powerful as before.
The authorization mechanism has been totally revamped and the concept of targets is gone. Now, to send a private update, the publisher must only mark it as private when sending the POST request to the hub using the new private parameter.
On the other hand, to receive a private update, a subscriber must present a JWT to the hub containing a list of topic selectors in the mercure.subscribe claim of the token.
A private update will be received by a subscriber only if:
*, which allows to receive all updates.More advanced use cases such as cherry-picking which updates will be received by a subscriber are also supported thanks to existing features such as alternate topics.
Also, the new concept of target selectors can also be used to subscribe to (public or private) updates, making the whole protocol more consistent.
Learn more about topic selectors and the authorization mechanism.
One of the most requested feature was the ability to retrieve the list of currently connected subscribers. This is now possible thanks to a new web API exposed by the hub! It’s also possible for a subscriber to receive Mercure updates when other subscribers connect or disconnect.
Hubs can now expose endpoints returning the list of connected users as JSON-LD documents:
/.well-known/subscriptions returns the list of all active subscriptions/.well-known/subscriptions/{topic} returns the list of active subscriptions for a specific topic/.well-known/subscriptions/{topic}/{subscriber} returns details for a single subscriptionAlso, after having fetched the initial list of connected users, clients can subscribe (using the standard subscription mechanism) to connection status updates by using these URIs as topics.
To access to this presence API, subscribers must be authenticated and have topic selectors matched by these URIs.
Finally, arbitrary data (such as the subscriber’s username or IP address) can be attached to a subscription and retrieved by other subscribers using the new mercure.payload JWT claim.
The debug UI shipped with the reference hub now supports this new feature:
Learn more about active Mercure subscriptions.
The native features of Mercure, including its built-in history and its state reconciliation mechanism make it a convenient solution to implement Event Sourcing.
The latest version of the protocol introduces changes making dedicated to this kind of usages.
First, it is now possible to set the value of the Last-Event-ID HTTP header (or of the query parameter with the same name) to earliest to retrieve the all past events. This allows to use the Mercure hub similarly to Apache Kafka, but directly from the browser (or any other kind of HTTP client).
Additionally, when a Last-Event-ID header or parameter is set, the hub will now always return a Last-Event-ID header in the HTTP response. If it matches the requested one, it means that all requested events have been returned, otherwise, it means that the requested event may have been deleted by the hub (if it stores a limited number of events for instance), or that this event ID doesn’t exist.
Learn more about Event Sourcing and state reconciliation capabilities of Mercure.
The protocol has been made more consistent by allowing to use IRIs (recommended) or plain strings (discouraged but sometimes practical) for every identifiers: topics, event IDs, subscriber IDs…
Event IDs starting by the # character (URI fragment) are now reserved for generation by the hub. This allows a hub to use offsets generated by systems such as Apache Kafka, Apache Pulsar or Redis Streams as update identifiers while keeping these identifiers globally unique (because they are relative to the Hub URI).
All the features described previously have already been implemented in the reference implementation (the open source hub written in Go). But that’s not all! The hub has also been dramatically improved during the past few months.
Until version 0.10, the reference hub was using an engine working like this: when a new update was posted by a publisher, a new light-weight process (goroutine) was started and the update was pushed to every active subscriber in a loop. If a Last-Event-ID header (or parameter) was passed by a subscriber to request past events, these past events were retrieved from the persistence layer and dispatched from another goroutine.
However, this approach had several drawbacks:
Last-Event-ID was passed, new events could be received before events coming from the history (for example, when a new event was sent from the main goroutine while another goroutine was still retrieving past events from the persistence layer). The order in which events were received wasn’t 100% guaranteed.Mercure 0.10 contains a brand new engine that fixes these issues! This new engine leverages thoroughly the iconic features of the Go programming language: channels and goroutines. Now, two buffers are assigned to each subscribers: the first one stores events coming from the history while the second one stores “live” events. When a new event is published, the main goroutine pushes this event in the “live” buffers without waiting for events to be dispatched. Then a dedicated goroutine per subscriber pops events from the buffers associated with it. So every subscriber can receive the events as its own pace, without impacting the rest of the system.
This buffer system also fixes the order issue: goroutines dedicated to specific subscribers wait for all updates coming from the history to be dispatched before starting to dispatch updates stored in the “live” buffer.
Last but not least, this new system allows to disconnect subscribers that are too slow to receive the updates. A new config option, dispatch_timeout, has been introduced to configure the maximum time that a subscriber can take to receive an update before being disconnected to free resources.
If you’re interested in the internals, take a look at this piece of Go code!
A big thanks to Dani Kaplan for his precious help testing and debugging this new engine under high loads!
Prometheus is a very popular monitoring system and time series database for Cloud Native applications. Jérémy Decool made a series of great contributions that add support for Prometheus to the Mercure hub. Metrics include (among other things) the number of currently connected subscribers, the number of dispatched updates, the number of served HTTP request segregated by status code, the memory usage, the current number of processes and the number of open file descriptors!
In addition, a new URL (/healthz) is now available to check if the hub is up and running without polluting the HTTP logs with useless entries. This particularly useful for Kubernetes’ liveness and readiness probes.
Jérémy Decool also contributed a new --version flag allowing to know what exact version of the Hub is being used. It looks obvious and priceless, but it was a missing feature. Thanks Jérémy for adding it!
We updated the documentation as well as all existing examples (in various programming languages) to be in sync with the latest version of the spec. I also added examples and demos illustrating new features, including a chat written in JavaScript and Python:
This demonstration chat is now available online, try it!
Mercure is becoming more and more popular! It recently reached 2k stars on GitHub and integrations with existing ecosystems are now plenty. For this new version, we worked with the community to keep libraries and other Mercure-related projects in sync with the latest changes in the spec. Most of them are already compatible including (but not limited to):
For some others (for instance, the Java library and the Python library), Pull Requests are open. Finally, some tools still need to be updated including the awesome alternative Hub written in Node created by Nicolas Coutin and the Yii framework integration. Any help is very welcome!
To keep up with Mercure news, you can now follow our brand new Twitter account.
Finally, I’m very happy to announce that Les-Tilleuls.coop now provides official training for Mercure, in English and in French!
One of the most powerful feature of Mercure is the ability to use URI templates to subscribe to topics matching patterns. Under the hood, the reference implementation of Mercure use the uritemplate Go library.
The performance of the Mercure hub highly depends of the performance of this library. So I worked with Kohei Yoshida (the author of this lib) to improve its performance, add benchmarks and fix some bugs! This also dramatically improved the performance of the hub (and of other projects using this library). Thank you Kohei for your quick reviews and releases!
The development of the new version of the hub also allowed me to find an issue in the Go standard library, and to open a Pull Request to fix it.
Managed and On Premise High Availability (cluster) versions of the Mercure hub are available for a while now. They are already compatible with Mercure 0.10 and are now out of beta!
I want to thank very much our first customers, who trusted us, helped us to battle-test our hosting platform and gave us incomparable feedback allowing us to improve both the open protocol, the Managed and On Premise versions and the Open Source hub! They also allow us to invest more in the protocol’s development and in the Open Source version! So thank you again.
I also want to thank very much my GitHub sponsors, who allow me to work always more on my free software projects, including Mercure but also Vulcain, API Platform and the Symfony components I maintain.
If you aren’t using Mercure yet, you can install a hub in a few seconds, or use the online demo, give it a try! If you like the project, show your support by starring it on GitHub!
Watch a longer video (English)!
Watch a French version.
Over the years, several formats have been created to fix performance bottlenecks of web APIs: the n+1 problem, over fetching, under fetching…
The current hipster solution for these problems is to replace the conceptual model of HTTP (resource-oriented), by the one of GraphQL.
It’s a smart network hack for HTTP/1… But a hack that comes with (too) many drawbacks when it comes to HTTP cache, logs, security…
Fortunately, thanks to the new features introduced in HTTP/2 and HTTP/3, it’s now possible to create REST APIs fixing these problems with ease and class.
Vulcain is a brand new Internet Draft allowing to create fast, idiomatic and client-driven REST APIs.
To do so, it relies on the Server Push feature introduced by HTTP/2+ and on the hypermedia capabilities of the HTTP protocol.
Better, Vulcain comes with an open-source reverse proxy that you can put on top of any existing web API to instantly turn it into a Vulcain-compatible one!
HATEOAS is back, and it’s for the best!
Yesterday at Forum PHP 2019 I presented how easy it is to create real-time apps using PHP (among other languages) and the Mercure protocol.
I also introduced the shiny and new Mercure website (designed by Laury S.)!
A special thanks to Eric Comellas who jumped on stage to explain how iGraal uses Mercure on a large scale to serve simultaneously more than 100,000 of their customers!
I’m very excited to announce the immediate availability of API Platform 2.5!
API Platform is a set of standalone server and client components for building and consuming REST (JSON-LD, Hydra, JSON:API…) and GraphQL APIs. The server components use PHP and Symfony while the client-side components (which support any Hydra-enabled web API, even the ones not built using API Platform) are written in JS. If you haven’t tried API Platform yet, it only takes a few minutes to create your first project!
API Platform 2.5 is the best version ever of the framework! Let’s discover its most interesting new features.
API Platform comes with a powerful component to create admin interfaces. It is built on top of React Admin and Material-UI.
Pass the URL of any Hydra-enabled API (including, of course, APIs built with API Platform itself) to the HydraAdmin component, and you instantly get a beautiful, fully-featured admin interface for resources exposed by the API including:
The admin interface is dynamically built client-side, by parsing the Hydra metadata of the API. To do so, only a single LLOC is necessary:
import React from "react";
import { HydraAdmin } from "@api-platform/admin";
export default () => <HydraAdmin entrypoint="https://demo.api-platform.com"/>And you get this (live demo):
In previous versions, customizing the UI wasn’t straightforward nor idiomatic: you had to post-process the JS object containing the parsed API documentation.
Luckily, the Marmelab (creator of React Admin) and Les-Tilleuls.coop (creator of API Platform) teams got together several times during the summer to create a new version which dramatically improves the DX. Thus API Platform Admin 1.0 was born! While keeping the simplicity of previous versions, it now allows to leverage the power of JSX to customize every part of the UI using React Admin components, Material-UI components, or your custom React components:
import React from "react";
import {
HydraAdmin,
ResourceGuesser,
CreateGuesser,
InputGuesser
} from "@api-platform/admin";
import { ReferenceInput, AutocompleteInput } from "react-admin";
const ReviewsCreate = props => (
<CreateGuesser {...props}>
<InputGuesser source="author" />
<ReferenceInput
source="book"
reference="books"
label="Books"
filterToQuery={searchText => ({ title: searchText })}
>
<AutocompleteInput optionText="title" />
</ReferenceInput>
<InputGuesser source="rating" />
<InputGuesser source="body" />
</CreateGuesser>
);
export default () => (
<HydraAdmin entrypoint="https://demo.api-platform.com">
<ResourceGuesser
name="reviews"
create={ReviewsCreate}
/>
</HydraAdmin>
);In the previous example, we add an autocomplete input for a relation by using the dedicated React Admin component while letting API Platform Admin guess which inputs to use for the other properties based on the API docs.
This feature has been contributed by Morgan Auchede, Florian Ferbach, Gildas Garcia, Alexis Janvier, Jean-François Thuillier, François Zaninotto and myself.
API Platform also provides an app generator supporting React, Vue and React Native. And in version 2.5, it is also able to generate high quality Next.js and Quasar apps!
API Platform Client Generator is very similar to Symfony’s MakerBundle and to Rails’ scaffolding, but instead of generating server-side code, it generates a client-side app which uses the API to fetch and persist data. To do so, like the admin component, the generator uses the Hydra specification exposed by the API (built with API Platform or otherwise; support for OpenAPI and GraphQL is in progress).
Next.js is the most popular framework for React, with automatic Server-Side Rendering support, routing, code splitting, CSS-in-JS, static exporting… The Next.js generator, created by Grégory Copin, leverages the 0-config TypeScript support introduced in Next 9: all generated code is written in TS!
To generate a Next app from any API exposing a Hydra specification, run the following commands:
$ npm install next --save # Install next
$ npx @api-platform/client-generator https://demo.api-platform.com src/ --generator next # Scaffold the appAnd you get high quality code you can customize to fit your needs:
Refer to the dedicated documentation to learn about all the capabilities of this generator.
Quasar is a framework built on top of Vue.js allowing to write SPAs with Server-Side Rendering support, mobile apps and Electron apps in one go. Its comes with a nice Material Design interface.
To use it, run the following commands:
$ npm install -g @quasar/cli
$ quasar create my-app
$ npx @api-platform/client-generator https://demo.api-platform.com src/ --generator quasar my-app/src # Scaffold the appA big thanks to Paul Apostol for contributing this generator!
Currently, there is a lack of satisfactory solutions to write functional tests for web APIs built in PHP (API Platform and Symfony included):
It’s time to say hi to ApiTestCase, Test\Client and a bunch of new assertions dedicated to API testing (matching a JSON document or a subset of it, checking the status code and headers of HTTP responses, validating against a JSON Schema…)! This new set of API testing utilities is built on top of Symfony’s KernelTestCase class, and the Test\Client implements the exact same interface as the brand new Symfony HttpClient component.
This new testing tool also plays very well with Alice (a test fixture generator having an official Symfony/API Platform recipe), which has also gained new powers in the process!
Let’s see how it looks:
namespace App\Tests;
use ApiPlatform\Core\Bridge\Symfony\Bundle\Test\ApiTestCase;
use App\Entity\Book;
use Hautelook\AliceBundle\PhpUnit\RefreshDatabaseTrait;
class BooksTest extends ApiTestCase
{
// This trait provided by HautelookAliceBundle will take care of refreshing the database content to a known state before each test
use RefreshDatabaseTrait;
public function testCreateBook(): void
{
$response = static::createClient()->request('POST', '/books', ['json' => [
'isbn' => '0099740915',
'title' => 'The Handmaid\'s Tale',
'description' => 'Brilliantly conceived and executed, this powerful evocation of twenty-first century America gives full rein to Margaret Atwood\'s devastating irony, wit and astute perception.',
'author' => 'Margaret Atwood',
'publicationDate' => '1985-07-31T00:00:00+00:00',
]]);
$this->assertResponseStatusCodeSame(201);
$this->assertResponseHeaderSame('content-type', 'application/ld+json; charset=utf-8');
$this->assertJsonContains([
'@context' => '/contexts/Book',
'@type' => 'Book',
'isbn' => '0099740915',
'title' => 'The Handmaid\'s Tale',
'description' => 'Brilliantly conceived and executed, this powerful evocation of twenty-first century America gives full rein to Margaret Atwood\'s devastating irony, wit and astute perception.',
'author' => 'Margaret Atwood',
'publicationDate' => '1985-07-31T00:00:00+00:00',
'reviews' => [],
]);
$this->assertRegExp('~^/books/\d+$~', $response->toArray()['@id']);
// This new assertions checks that the returned JSON document matches the JSON Schema generated by API Platform for this resource (also included in the OpenAPI file)
$this->assertMatchesResourceItemJsonSchema(Book::class);
}
public function testUpdateBook(): void
{
$client = static::createClient();
// findIriBy allows to retrieve the IRI of an item by searching for some of its properties.
// ISBN 9786644879585 has been generated by Alice when loading test fixtures.
// Because Alice use a seeded pseudo-random number generator, we're sure that this ISBN will always be generated.
$iri = static::findIriBy(Book::class, ['isbn' => '9781344037075']);
$client->request('PUT', $iri, ['json' => [
'title' => 'updated title',
]]);
$this->assertResponseIsSuccessful();
$this->assertJsonContains([
'@id' => $iri,
'isbn' => '9781344037075',
'title' => 'updated title',
]);
}
public function testDeleteBook(): void
{
$client = static::createClient();
$iri = static::findIriBy(Book::class, ['isbn' => '9781344037075']);
$client->request('DELETE', $iri);
$this->assertResponseStatusCodeSame(204);
$this->assertNull(
// Through the container, you can access all your services from the tests, including the ORM, the mailer, remote API clients...
static::$container->get('doctrine')->getRepository(Book::class)->findOneBy(['isbn' => '9781344037075'])
);
}
}Check out the full documentation, or the screencast which has been published on SymfonyCasts on this topic.
The GraphQL subsystem has been dramatically improved in version 2.5. Kudos to Alan Poulain who has done an awesome job maintaining and improving this part, and to Lukas Lücke and Mahmood Bazdar for their great contributions.
The main features of this new version are the customization of queries, mutations and types.
Whenever you need to add your own logic in your schema, you can now add custom properties in your resource’s annotations to do it. For instance to add a custom query:
/**
* @ApiResource(graphql={
* "myShinyQuery"={
* "item_query"=MyQueryItemResolver::class,
* "args"={
* "id"={"type"="ID"},
* "isShiny"={"type"="Boolean!"}
* }
* }
* })
*/You only need to define the corresponding resolver and it’s done!
<?php
namespace App\Resolver;
use ApiPlatform\Core\GraphQl\Resolver\QueryItemResolverInterface;
final class MyQueryItemResolver implements QueryItemResolverInterface
{
public function __invoke($item, array $context)
{
// Do what you want!
return $item;
}
}Please refer to the documentation for customizing the mutations and the types.
The new version also comes with:
All these new features have been documented, check it out!
Until now, API Platform had only supported using the PUT HTTP method for replacing a resource. Supporting proper partial updates through the PATCH method is known to be hard.
In version 2.5, a large refactoring work has been done to properly support the PATCH method, and support for JSON Merge Patch (RFC 7386) has been added (to do so, we’ve contributed the required low-level brick to the Symfony Serializer component). The new infrastructure is designed to support other PATCH formats as well. In the future, other formats such as JSON Patch (RFC 6902) may be added.
The JSON:API PATCH format, which was already supported, is of course still working.
Read the dedicated documentation entry to learn more about API Platform’s PATCH support (including how to enable it for existing projects).
JSON Schema is a popular vocabulary to describe the shape of JSON documents. A variant of JSON Schema is also used in OpenAPI specifications. As of API Platform 2.5, JSON Schema is a first-class citizen. A new infrastructure has been created to be able to generate JSON Schemas for any resource, represented in any format (including JSON-LD). A command has also been added to export these schemas:
$ bin/console api:json-schema:generate 'App\Entity\Review'The generated schema can be used with libraries such as react-json-schema-form to build forms for the documented resources, or to be used for validation.
To generate JSON Schemas programmatically, use the new api_platform.json_schema.schema_factory service.
Thanks to the improvements made in the OpenAPI v3 specification, and to the new JSON Schema infrastructure in API Platform, the generated OpenAPI documentation is now better. It generates a specific JSON Schema per supported format:
Grégoire Hebert added the ability to configure the versions of OpenAPI to support, while also allowing to specify the default version being used:
api_platform:
swagger:
versions: [3, 2] # OpenAPI v3 is now the defaultFrédéric Barthelet and Ryan Weaver improved the OpenAPI documentation of the built-in order and property filters. Thank you!
We are very proud to announce an official partnership between API Platform and SymfonyCasts! SymfonyCasts has published more than 7 hours of high quality and funny video tutorials on API Platform (and counting!). The screencasts are now available directly from the main menu of the website, and referenced in the appropriate documentation entries.
Also, for version 2.5, API Platform’s docs have been dramatically improved. All new features presented in this post (and more) are now documented; many parts of the docs have been fixed, improved and modernized; sections have been reordered to provide a better learning experience; and a new “extending API Platform” entry has been added to centralize how to hook your custom logic in a way which is compatible with both the REST and GraphQL subsystems. But there is still a lot to do, and your help is very welcome!
The main strength of API Platform is its vibrant and diverse community! Recently, the project reached great milestones thanks to the many contributors, evangelists and users improving and promoting the framework: the Slack channel reached 2 000 users a few days ago; the core package of the framework has been downloaded more than 2 000 000 times; and workshops, meetups and talks about the project are being organized all over the world (next big events with API Platform talks: Forum PHP Paris and SymfonyCon Amsterdam)!
The framework is close to reaching 5 000 stars on GitHub! It will be the next big milestone, and we’ll organize a big party to celebrate! If you have not starred API Platform yet, please do! It will help us reach a wider audience. If you love the project, tell your friends about it!
Speaking about community, free software and contribution, Hacktoberfest is about to begin! Hacktoberfest is an event helping free software projects by encouraging contributions (code but also docs and marketing materials). As thanks for your contribution, Digital Ocean offers a limited-edition t-shirt, and nice stickers. This year, Les-Tilleuls.coop will also send you some surprise gifts if you contribute at least 3 Pull Requests on the API Platform repositories. Thanks Les-Tilleuls!
Hacktoberfest is a very good opportunity to start contributing to free software, and to API Platform in particular. To help you get started, we’ve marked some code and docs issues with a specific “Hacktoberfest” label:
If you need help working on this, don’t hesitate to ask us directly on GitHub, or in the API Platform Slack channel!
Here is the slide deck I presented during API Days SF 2019:
Mercure is a protocol allowing to push data updates to web browsers and other HTTP clients in a convenient, fast, reliable and battery-efficient way. It is especially useful to publish real-time updates of resources served through web APIs, to reactive web and mobile apps. The protocol is designed for serverless, HTTP/2+, hypermedia and GraphQL, and is fully-featured: auto-discoverable, authorization, re-connection, state reconciliation…