API Platform 2.1: when Symfony meets ReactJS (Symfony Live 2017)

Slides and videos of my talk during the Symfony Live Paris 2017. Rate this talk on joind.in!

Learn how to use API Platform and Symfony to create super easily rich web and mobile applications relying on React (JS) for their presentational layer.

In just a few minutes, we will create a hypermedia API thanks to API Platform, Symfony and Doctrine. We will do it step by step, and the API will be 100% functional with support for pagination, validation, filters, resources embedding. The API will be automatically documented using Swagger and Hydra and beautiful user interface for developers will be available. HTTP cache, authorization and authentication can then be added in a breath.

Then, we will introduce all new client-side tools for API Platform:

  • A fully featured JavaScript (Single Page App) administration system with a modern user interface (Material Design) ; built on top of Admin On Rest (React and Redux). This admin is builded dynamically thanks to the API discoverability (Hydra).
  • A raw React, Redux and React Router code generator to bootstrap fully-featured Single Page Applications and native mobile apps thanks to the API documentation exposed by API Platform (client-side and server-side validation, on fields error, Twitter Bootstrap compatibility, a11y support…)

[slides] APIDays: Creating hypermedia APIs in a few minutes using the API Platform framework

My talk at APIDays:

API Platform is new open source PHP framework dedicated to the creation of modern web APIs.

It allows to bootstrap a fully featured API (pagination, validation, filtering, sorting, automatically generated documentation, HTTP cache, OAuth and JWT auth…) in just a few minutes.

It exposes out of the box popular API formats including Swagger, JSON-LD, Hydra, HAL, JSONAPI and Schema.org.
It is extensible and can be specialized with ease. Because it is built on top of the industry-leading Symfony framework, it already counts hundreds of available extensions (bundles).

In this talk, I’ll show how to create a hypermedia API in just a few lines of codes, then take a look to the main features of the framework.

Download the PPT (“download” button) to see screencasts!

API Platform 2.0 released: creating powerful web APIs has never been so easy

api-platform-demo

After 1 year of development and more than 700 commits authored by a hundred contributors across the world, the new major release of API Platform is immediately available for download.

API Platform is a PHP 7 framework dedicated to the creation of modern and powerful web APIs. It is especially adapted to build API-centric information systems relying on hypermediaLinked Data; and consumed by Single-Page Applications (using Javascript libraries such as React or Angular) and mobile apps.

API Platform 2 has been built with 3 strong opinions in mind:

  • Creating an API must be an easy and quick process: any web developper should be able to create a REST API in just a few minutes including CRUD support, data validation, filtering and sorting, autogenerated documentation, OAuth and JWT authentication, CORS and other security HTTP headers, caching
  • Modern open formats must be supported out of the box, without requiring any extra work for the developper: Swagger/OpenAPI, JSON-LD, Hydra, HAL, API Problem (RFC 7807) and Schema.org are supported out of the box, the powerful abstraction layer of the framework easily allows adding support for other emerging API formats (JSONAPI and GraphQL support is in progress)
  • Every feature of the framework must be extensible, overridable and modular

API Platform v2 is a massive rewrite of the framework, with tons of new features and bug fixes. The whole design has been rethinked, but let’s take a tour of the major new features and changes:

Revamped Config and Metadata: Exposing an API is a Matter of Seconds

Thanks to the new configuration system and the new metadata component, to create a high grade hypermedia API you just have to modelize your data model as a set of PHP classes then to add some annotations. Example:

This single class is enough to get a working API with the following features:

  • basic CRUD operations
  • data validation and error serialization
  • JSON-LD, Swagger, Hydra support (a lot of other formats can easily be added, see below)
  • pagination
  • an awesome UI and an extensive human-readable documentation reusing PHPDoc’s data and PHP metadata like types (see below)

Checkout our demo to play with a more advanced example (source code, only 2 classes)!

Hypermedia relations are handled out of the box. Leveraging any other feature of API Platform is just a matter of adding a few lines of configuration. Learn more in our getting started guide.

If you don’t like annotations, you can use XML or YAML configuration files instead. If you don’t like the Doctrine ORM (or doesn’t want to tight the exposed data model to the internal model of the database); or if you don’t want to use the Symfony validator, you can create adapters to hook your custom code and use your preferred libraries. API Platform is designed to be fully extensible.

Docker Integration

API Platform’s official distribution is shipped with a Docker setup adapted to API devlopment. It includes a Apache + PHP 7 and a MySQL image. To get an API Platform app up and running on your computer, type the following commands in the main directory:

The app is up and running, browse http://localhost to get started.

API Platform’s images can be deployed easily in production using Docker Swarm (Amazon Web Services, Azure…) or Google Container Engine (with Kubernetes).

A Data Model Generator on Steroid

Instead of crafting your own data model, why not reusing an open vocabulary like the very popular Schema.org and feel the power of Linked Data and Semantic Web? Yes, just like Google but for free.

Since its first release, API Platform comes with a handy code generator allowing to bootstrap a whole PHP data model including classes, properties, getters and setters, full PHPDoc, Doctrine mappings, API Platform’s external vocabulary mappings and validation annotations.

This generator has been updated to match the new configuration format of API Platform 2 and to allow generating custom classes and properties.

The following config file contains a selection of Schema.org’s types and properties. When using the generator to create the corresponding data model, a working API is created without writing a single line of PHP:

Learn more about the generator in the docs and the demo application.

Content Negotiation and Built-in Support for JSON-LD, Hydra, HAL, YAML, CSV and XML

API Platform now natively supports content negotiation (only JSON-LD and Hydra was previously supported) as well as most popular API formats. To be able to retrieve or send resources in a specifc format, you enable them in the configuration file:

This config enable all built-in formats (Symfony 3.2, actually in RC stage, is required for YAML and CSV support). Then, you can request the format you want through the UI using the proper Accept HTTP header, or by adding the format name as extension of any URL of the API (example: https://demo.api-platform.com/books.jsonld).

Support for formats not supported by default can be added by writing custom adapters.

Learn more about content negotiation in API Platform.

A Powerful UI and Automatic Swagger 2 Docs

API Platform 2 generates an extensive Swagger 2/OpenAPI documentation. All URLs and types are automatically described thanks to our powerful metadata extraction system.

A web interface built on top of Swagger UI is also automatically available. Request any API’s URL using a web browser and (thanks to the Accept header sent by the browser), API Platform will display the request sent to the API and the received response in a nice web interface. It will also display a human-readable documentation of the current operation.

api-platform-ui

Browse the homepage to see the documentation of all available operations, including the description of resources and properties extracted from PHP metadata. Use the sandbox to play with your API.

New Filters and Extension Mechanism

Several new built-in filters have been added. In addition to the existing search, date and range filters, the following are now available:

  • boolean: filter by a boolean property
  • numeric: search numeric fields

The filters are now available directly from the UI and documented in both Swagger and Hydra formats.

Learn how to add filters to your API collections.

Filters are now implemented using the brand new extension system. This system allows to hook to the database query generation process and to customize them. It’s particularly useful to implement security features.

Learn how to leverage the extension mechanism to filter the result of an entrypoint depending of the role of the connected user in the documentation.

Secure by default, tested against OWASP’s recommendations for REST APIs

API Platform 2 follows OWASP’s security recommendations for all its built-in features. We created a test suite to ensure that all recommendations applying to API Platform are followed and documented.

Checkout what API Platform 2 do to secure your API.

Improved performance

We are continuously improving the performance of API Platform and Symfony components it uses (like the Serializer or the PropertyAccess component). This new version is faster than v1 and automatically optimizes SQL queries regarding current serialization groups.

API Platform 2 is also compatible with PHP PM. When using it, API response times are divided by 10.

Availability as Standalone Components, Decoupled from Symfony and Doctrine

API Platform is designed as a set of standalone PHP components: the metadata system; JSON-LD, Hydra, Swagger, HAL serializers, Doctrine and Symfony components bridges…

All those components can be used separately to create your own APIs. For now, the Core library must be downloaded, but a subtree split to allow specific component installation will be available for the 2.1 version. Specific classes can already be used separately of the standard distribution, and without Symfony.

We also moved the code generic enough directly to Symfony. For instance the new Symfony’s PropertyInfo component has been extracted from API Platform.  Some new bug fixes and new features and like the MaxDepth as well as YAML and CSV support for the Symfony Serializer has been done while working on API Platform.

Doctrine has never been mandatory to use API Platform, but the set of interfaces to implement to use another persistence system has been rethought and is now documented.

Quality and QA improvements

We dramatically improved the quality of the API Platform code base for this v2. API Platform v1 was already well tested through Behat. In v2 we added a lot of unit tests to prevent bugs and prove that every class respect SOLID principles. The code coverage is now of 96%. Our test suite is automatically run both on Linux (using Travis) and Windows (using AppVeyor).

We also used Scrutinizr and SensioLabs Insight to detect bad practices and improve the overall quality of our code base. API Platform is rated 8.7/10 on Scrutinizr and has the Platinum medal (best rating) on Insight.

Documentation Rewrite and New Website

The documentation has been improved, almost all new features documented and the Getting Started guide fully rewrote. A new website built with React and Redux has also been created. It supports universal rendering and provides a powerful search engine thanks to Algolia’s DocSearch.

A Growing Community

API Platform it’s more than 100 contributors, an awesome core team (Amrouche HamzaAntoine BluchetSamuel ROZETeoh Han HuiThéo FIDRYVincent CHALAMON and myself), workshops and conferences talks across the world (don’t miss the workshop at the Berlin’s Symfony Con next week).

API Platform has been in the top GitHub trending PHP repositories several times during past months (and 1st one time) beside great projects like Laravel, Symfony and WordPress and has now more than 1k stars.

It’s amazing! Thanks to everybody having worked on the code base, contributed to the documentation or evangelized about the solution, you rock!

Training, development, professional services and workshops are also provided worldwide by Les-Tilleuls.coop, API Platform’s creators.

What’s next

The release of API Platform v2 is just the first step! We’re already working on new features and some of them are already ready to be merged in the 2.1 branch including:

More to come! Stay tuned!

If you haven’t already done it, it’s time to give a try to API Platform!

[Slides] Take Off Conf 2016: Creating a hypermedia API in 5 minutes with API Platform

This morning I was speaking about the API Platform framework at the Take Off Conf in my hometown of Lille. Take a look at my slides, and learn how to create a fully featured hypermedia API in a few minutes!

ADR pattern, autowiring, DunglasActionBundle: Symfony controllers redesigned

Here are the slides of the talk I gave yesterday at the Symfony meetup (sfPot) of Lille. I was presenting DunglasActionBundle, a refinement of the the Symfony controller system and talking about services autowiring and the ADR pattern.

The first alpha of API Platform 2.0 is available!

The first alpha of API Platform 2.0 has been released!

Take a look to this presentation to discover changes and new features of this version:

These slides have been presented first in the sfPot conference of Paris (May 17, 2016).

Making the Symfony PropertyAccess Component 84% faster in 2.8… and counting

Update 12/06/15: I’ve opened a PR making the PropertyAccess Component 84% faster than before. It implements strategies explained at the end of this post.

This PropertyAccess component allows to access to a property of an object (or a to a key of an array) regardless of the access strategy that must be used. It is smart enough to access directly to  public  properties and to use getters, setters, issers, adders, removers, magic methods and so on for private  and protected ones. It is also allows to access a property trough an object graph using a straightforward notation:  $propertyAccessor->getValue($rootObject, 'foo.bar.baz'); .

As you may know, some components of the Symfony framework including Form and the Serializer (see the ObjectNormalizer) rely heavily on it. The JSON-LD normalizer of the API Platform framework also use it intensively. In fact, more than 250+ open source projects rely on the PropertyAccess component (and it has been installed more than 1M times).

It’s a convenient and popular piece of software. But this convenience has a cost: the PropertyAccess component is slow: internally, it uses the PHP Reflection API to guesses what’s the strategy needed to read or write a property.

When using this component in a loop (ex: to normalize a collection of objects to an associative array using the ObjectNormalizer), its slowness become a significant problem.

Here is a benchmark for the PropertyAccess component:

And here is the profile generated by the awesome Blackfire.io: with Symfony 2.7.6:

As you can see the logic to guess the access strategy is executed at each loop iteration. As the structure of a PHP class generally never changes at runtime, a possible optimisation path is to guess the strategy to use for the property of a given class during the first iteration then cache it in an array. This way, the cached access strategy can be reused without extra computations every other time during the current execution thread.

Let’s try that:

Symfony PropertyAccess performance improvement

(Click on the image to read the full Pull Request description and the related code).

Thanks to this new caching strategy, the PropertyAccessor Component included in Symfony 2.7.7 (and more recent versions) is now 54% faster according to the same benchmark:

But the component can be even more optimized.

For instance, the constructor of the Symfony\Component\PropertyAccess\PropertyPath  class uses a slow regular expression. This constructor is still called at each iteration in a loop. The result of the regular expression isn’t cached:

A similar cache mechanism should be used to avoid executing the same regular expression at each iteration. I’ve started to work on a patch doing that, but it still needs some work before being ready to be merged in Symfony. This patch improves the performance of the PropertyAccess of 20% more. Using both patches, the component is 70% faster than in 2.7.6.

There is another promising way to improve the performance of this component: for now the access strategy is always guessed the first time a property is accessed during an execution thread (e.g. when handling an HTTP request). Using a permanent cache system (such as APC or Redis trough the Doctrine Cache library) in complement of the in-memory array would allow to guess the strategy only one time, (e.g. during the first HTTP request), then reuse it for each next executions. Symfony 3.1 will have this feature.

By the way, a similar optimization has been done on the ObjectNormalizer. It needs to know the list of properties of an object to normalize it. This list wasn’t cached either. In Symfony 2.8, it’s done:

Capture d’écran 2015-12-01 à 22.55.40

Thanks to this patch and to the optimization of the PropertyAccess component, the ObjectNormalizer is 40% faster in Symfony 2.8/3.0 than in Symfony 2.7.6!

My slides about API Platform from AFUP’s Forum PHP 2015

My slides from this morning at Forum PHP Paris about API Platform:

Open the slides in full screen

See you at these upcoming PHP conferences

I’ll speak about API Platform and Symfony at some PHP conferences until the end of 2015:

Symfony Live, San Francisco (October 29th)

Leveraging a cloud computing infrastructure to build high performance Symfony webapps

I’ll present how to tune Symfony webapps to be as efficient and as robust as possible thanks to cloud computing platforms.

I’ll detail how to design the webapp from the start to be very efficient on such platforms: we we’ll learn advantages of splitting the backend code (PHP/Symfony) from the frontend code (HTML/JS/CSS) communicating trough a REST API, how to build stateless apps (including auth) that play well with horizontal scalability, and what kind of services can help us to setup in hours a rock solid infrastructure without an army of sysadmins.

Then we will discover how to run a Sf webapp on Heroku + AWS without pain thanks to some tricks and a lot of useful Symfony bundles and PHP libraries.

In the end we will get a Symfony webapp with all assets stored on a CDN, running on Heroku with HHVM behind a reverse-proxy, in full HTTPS, able to survive under very high traffic.

Forum PHP, Paris (November 24th) – in French

API Platform : un framework dédié aux applications API-first

API Platform est un tout nouveau framework PHP qui permet de construire des applications performantes, évolutives et interopérables. Il est basé sur les nouveaux standards du web: JSON-LD, Hydra, Schema.org et JSON Web Token (JWT). Il est 100% compatible avec Symfony et ses milliers de bundles. Au cours de ce talk je présenterai les concepts sur lesquels il repose à savoir une API REST centrale consommée par différents types de clients tel que des applis web et mobiles (API-first), le pattern Action-Domain-Responder, un système d’évènements puissant et flexible et des composants “standalones”. Je m’attarderai ensuite à montrer comme les fonctionnalités de API Platform rendent la création d’applications web et mobiles modernes, performantes et intéropérables et à la portée de tous grâce à ses multiples fonctionnalités : – Générateur de modèle de données dérivé du vocabulaire Schema.org (PHPDoc complète, support de l’ORM Doctrine et de la validation Symfony) – Création automatique d’une API REST de niveau 3 (hypermédia) complètement fonctionnelle (CRUD, validation, listes, paginations, filtres, négociation de contenu…) et 100% extensible – Authentification stateless (cookie-less) – Intégration aisée avec de nombreux clients tel que AngularJS, Guzzle, et les applis mobiles – Behavior Driven Development et web acceptance testing avec la distribution adaptée à API Platform de Behat – Découverte et utilisation d’une interface d’administration générique via Hydra Console La présentation sera didactique et accessible aux développeurs PHP de tous niveaux. La construction d’une micro-application suivant cette architecture sera présentée pas à pas.

SymfonyCon, Paris (December 3rd) – with Fabien Gasser

Building high profile webapps with Symfony and API Platform

In a first part we will introduce semantic and linked data technologies supported by Symfony and API Platform: JSON-LD, Hydra and Schema.org, their contributions to interoperability and a web of data and how to use them, technologies until there the restricted domain of Java such as RDF, SPARQL, triple stores, ontology engines.

In a second part we will give a feedback on the strategy we employed to build a high traffic CMS platform using Symfony, API Platform and AngularJS as technical stack. We will see how an API-first strategy helped us to deliver fluently content on several channels (desktop, mobile apps, connected devices, partners…) and how that strategy helped us to make large teams working together on the same project. We will also see how to leverage Varnish and AWS to absorb gigantic traffic peaks, how pure-JS fit well with that architecture and effects on SEO

In a third part we will give you some tips in order to build an e-commerce platform based on that approach.

See you there!

New in Symfony 2.8/3.0: services autowiring

Symfony 10 years

Symfony 3.0, the next major version of our preferred PHP framework, will be released in a few weeks. Basically, it shares the same code base as Symfony 2.8 but all deprecated features coming from older versions have been removed to simplify the framework and its maintenance:

Symfony 2.8 and 3.0 also come with a lot of new features including (but not limited to) the (awesome) Guard authentication system, LDAP support or a component to guess types of PHP properties. In this post we’ll discover another interesting feature proudly sponsored by Les-Tilleuls.coop I’ve added to the Dependency Injection Component: autowiring.

Introduction

Autowiring allows to register services in the container with minimal configuration. It is practical in the field of rapid application development, when designing prototypes and in early stages of large projects. It makes it easy to bootstrap an app service graph and eases refactoring:

A demo containing all code snippets shown in this article is available in a dedicated GitHub repository.

Let’s see how it works. To do so we will build a fake API publishing statutes on a Twitter feed obfuscated with ROT13 (a special case of the Caesar cipher).

Start by creating a ROT13 transformer class:

And now a Twitter client using this transformer:

The Dependency Injection Component is now able to automatically register the dependencies of this  TwitterClient class. The twitter_client service definition just need to be marked as autowired:

The autowiring subsystem will parse the constructor of the TwitterClient class and detects its dependencies that way. Here it will find and fill the need for an instance of a  Rot13Transformer.

If an existing service definition (and only one – see below) is of the needed type, it will inject it. Here it’s not the case, but the subsystem is smart enough to automatically register a private service for the Rot13Transformer class and set it as first argument of the twitter_client  service. Again, it can work only if there is one class of the given type. If there are several classes of the same type, you must fallback to the explicit service definition or register a default implementation (I’ll present this feature in a few line).

As you can see, the autowiring feature drastically reduces the amount of configuration required to define a service. No more arguments section! It also makes it easy to change the dependencies of the  TwitterClient class: just add or remove typehinted arguments in the constructor and you’re done. There is no need anymore to search and edit related service definitions.

Here is a typical controller using the twitter_client services:

You can give a try to the API with  curl:

curl -d "user=kevin&key=ABCD&status=Salut" http://localhost:8000/tweet

It should return  OK.

Working with interfaces

This is nice but when the application grows, it’s recommended to code against abstractions instead of implementations: it allows to easily replace some dependencies without modifying the class depending of them.

To follow this best practice, constructor arguments must be typehinted with interfaces and not concrete classes. It allows to replace easily the current implementation if necessary.

Let’s introduce a Rot13TransformerInterface:

Then edit Rot13Transformer to make it implementing the new interface:

And update TwitterClient  to depend of this new interface:

Finally the service definition must be updated because, obviously, the autowiring subsystem isn’t able to find itself the interface implementation to register:

The autowiring subsystem detects that the rot13_transformer service implements the Rot13TransformerInterface and injects it automatically. Even when using interfaces (and you should), building the service graph and refactoring the project is easier than with standard definitions.

Dealing with multiple implementations of the same type

Last but not least, the autowiring feature allows to specify the default implementation of a given type. Let’s introduce a new implementation of the Rot13TransformerInterface returning the result of the ROT13 transformation uppercased:

This class is intended to decorate the standard ROT13 transformer (or any other implementation) and return it uppercased.

We can now refactor the controller to add another endpoint leveraging this new transformer:

The last step is to update service definitions to register this new implementation and a Twitter client using it:

It deserves some explanations. We now have 2 services implementing the  Rot13TransformerInterface. The autowiring subsystem cannot guess the which one to use, this leads to errors like:

Fortunately, the autowiring_types key is here to specify which implementation to use by default. This key can take a list of types if necessary (using a YAML array).

Thanks to this setting, the  rot13_transformer service is automatically injected as argument of the uppercase_rot13_transformer and twitter_client services. For the  uppercase_twitter_client, we use a standard service definition to inject the specific uppercase_rot13_transformer  service.

You now know everything you need to use the new autowiring feature! As this feature is directly available in the Dependency Injection Component, you can leverage it in any project using it, including Drupal 8, API Platform or BackBee once the component have been upgraded to 2.8+.

As for other RAD features such as the FrameworkBundle controller or annotations, keep in mind to not use autowiring in public bundles nor in large projects with complex maintenance needs.