[slides] APIDays: Creating hypermedia APIs in a few minutes using the API Platform framework

My talk at APIDays:

API Platform is new open source PHP framework dedicated to the creation of modern web APIs.

It allows to bootstrap a fully featured API (pagination, validation, filtering, sorting, automatically generated documentation, HTTP cache, OAuth and JWT auth…) in just a few minutes.

It exposes out of the box popular API formats including Swagger, JSON-LD, Hydra, HAL, JSONAPI and Schema.org.
It is extensible and can be specialized with ease. Because it is built on top of the industry-leading Symfony framework, it already counts hundreds of available extensions (bundles).

In this talk, I’ll show how to create a hypermedia API in just a few lines of codes, then take a look to the main features of the framework.

Download the PPT (“download” button) to see screencasts!

API Platform 2.0 released: creating powerful web APIs has never been so easy

api-platform-demo

After 1 year of development and more than 700 commits authored by a hundred contributors across the world, the new major release of API Platform is immediately available for download.

API Platform is a PHP 7 framework dedicated to the creation of modern and powerful web APIs. It is especially adapted to build API-centric information systems relying on hypermediaLinked Data; and consumed by Single-Page Applications (using Javascript libraries such as React or Angular) and mobile apps.

API Platform 2 has been built with 3 strong opinions in mind:

  • Creating an API must be an easy and quick process: any web developper should be able to create a REST API in just a few minutes including CRUD support, data validation, filtering and sorting, autogenerated documentation, OAuth and JWT authentication, CORS and other security HTTP headers, caching
  • Modern open formats must be supported out of the box, without requiring any extra work for the developper: Swagger/OpenAPI, JSON-LD, Hydra, HAL, API Problem (RFC 7807) and Schema.org are supported out of the box, the powerful abstraction layer of the framework easily allows adding support for other emerging API formats (JSONAPI and GraphQL support is in progress)
  • Every feature of the framework must be extensible, overridable and modular

API Platform v2 is a massive rewrite of the framework, with tons of new features and bug fixes. The whole design has been rethinked, but let’s take a tour of the major new features and changes:

Revamped Config and Metadata: Exposing an API is a Matter of Seconds

Thanks to the new configuration system and the new metadata component, to create a high grade hypermedia API you just have to modelize your data model as a set of PHP classes then to add some annotations. Example:

This single class is enough to get a working API with the following features:

  • basic CRUD operations
  • data validation and error serialization
  • JSON-LD, Swagger, Hydra support (a lot of other formats can easily be added, see below)
  • pagination
  • an awesome UI and an extensive human-readable documentation reusing PHPDoc’s data and PHP metadata like types (see below)

Checkout our demo to play with a more advanced example (source code, only 2 classes)!

Hypermedia relations are handled out of the box. Leveraging any other feature of API Platform is just a matter of adding a few lines of configuration. Learn more in our getting started guide.

If you don’t like annotations, you can use XML or YAML configuration files instead. If you don’t like the Doctrine ORM (or doesn’t want to tight the exposed data model to the internal model of the database); or if you don’t want to use the Symfony validator, you can create adapters to hook your custom code and use your preferred libraries. API Platform is designed to be fully extensible.

Docker Integration

API Platform’s official distribution is shipped with a Docker setup adapted to API devlopment. It includes a Apache + PHP 7 and a MySQL image. To get an API Platform app up and running on your computer, type the following commands in the main directory:

The app is up and running, browse http://localhost to get started.

API Platform’s images can be deployed easily in production using Docker Swarm (Amazon Web Services, Azure…) or Google Container Engine (with Kubernetes).

A Data Model Generator on Steroid

Instead of crafting your own data model, why not reusing an open vocabulary like the very popular Schema.org and feel the power of Linked Data and Semantic Web? Yes, just like Google but for free.

Since its first release, API Platform comes with a handy code generator allowing to bootstrap a whole PHP data model including classes, properties, getters and setters, full PHPDoc, Doctrine mappings, API Platform’s external vocabulary mappings and validation annotations.

This generator has been updated to match the new configuration format of API Platform 2 and to allow generating custom classes and properties.

The following config file contains a selection of Schema.org’s types and properties. When using the generator to create the corresponding data model, a working API is created without writing a single line of PHP:

Learn more about the generator in the docs and the demo application.

Content Negotiation and Built-in Support for JSON-LD, Hydra, HAL, YAML, CSV and XML

API Platform now natively supports content negotiation (only JSON-LD and Hydra was previously supported) as well as most popular API formats. To be able to retrieve or send resources in a specifc format, you enable them in the configuration file:

This config enable all built-in formats (Symfony 3.2, actually in RC stage, is required for YAML and CSV support). Then, you can request the format you want through the UI using the proper Accept HTTP header, or by adding the format name as extension of any URL of the API (example: https://demo.api-platform.com/books.jsonld).

Support for formats not supported by default can be added by writing custom adapters.

Learn more about content negotiation in API Platform.

A Powerful UI and Automatic Swagger 2 Docs

API Platform 2 generates an extensive Swagger 2/OpenAPI documentation. All URLs and types are automatically described thanks to our powerful metadata extraction system.

A web interface built on top of Swagger UI is also automatically available. Request any API’s URL using a web browser and (thanks to the Accept header sent by the browser), API Platform will display the request sent to the API and the received response in a nice web interface. It will also display a human-readable documentation of the current operation.

api-platform-ui

Browse the homepage to see the documentation of all available operations, including the description of resources and properties extracted from PHP metadata. Use the sandbox to play with your API.

New Filters and Extension Mechanism

Several new built-in filters have been added. In addition to the existing search, date and range filters, the following are now available:

  • boolean: filter by a boolean property
  • numeric: search numeric fields

The filters are now available directly from the UI and documented in both Swagger and Hydra formats.

Learn how to add filters to your API collections.

Filters are now implemented using the brand new extension system. This system allows to hook to the database query generation process and to customize them. It’s particularly useful to implement security features.

Learn how to leverage the extension mechanism to filter the result of an entrypoint depending of the role of the connected user in the documentation.

Secure by default, tested against OWASP’s recommendations for REST APIs

API Platform 2 follows OWASP’s security recommendations for all its built-in features. We created a test suite to ensure that all recommendations applying to API Platform are followed and documented.

Checkout what API Platform 2 do to secure your API.

Improved performance

We are continuously improving the performance of API Platform and Symfony components it uses (like the Serializer or the PropertyAccess component). This new version is faster than v1 and automatically optimizes SQL queries regarding current serialization groups.

API Platform 2 is also compatible with PHP PM. When using it, API response times are divided by 10.

Availability as Standalone Components, Decoupled from Symfony and Doctrine

API Platform is designed as a set of standalone PHP components: the metadata system; JSON-LD, Hydra, Swagger, HAL serializers, Doctrine and Symfony components bridges…

All those components can be used separately to create your own APIs. For now, the Core library must be downloaded, but a subtree split to allow specific component installation will be available for the 2.1 version. Specific classes can already be used separately of the standard distribution, and without Symfony.

We also moved the code generic enough directly to Symfony. For instance the new Symfony’s PropertyInfo component has been extracted from API Platform.  Some new bug fixes and new features and like the MaxDepth as well as YAML and CSV support for the Symfony Serializer has been done while working on API Platform.

Doctrine has never been mandatory to use API Platform, but the set of interfaces to implement to use another persistence system has been rethought and is now documented.

Quality and QA improvements

We dramatically improved the quality of the API Platform code base for this v2. API Platform v1 was already well tested through Behat. In v2 we added a lot of unit tests to prevent bugs and prove that every class respect SOLID principles. The code coverage is now of 96%. Our test suite is automatically run both on Linux (using Travis) and Windows (using AppVeyor).

We also used Scrutinizr and SensioLabs Insight to detect bad practices and improve the overall quality of our code base. API Platform is rated 8.7/10 on Scrutinizr and has the Platinum medal (best rating) on Insight.

Documentation Rewrite and New Website

The documentation has been improved, almost all new features documented and the Getting Started guide fully rewrote. A new website built with React and Redux has also been created. It supports universal rendering and provides a powerful search engine thanks to Algolia’s DocSearch.

A Growing Community

API Platform it’s more than 100 contributors, an awesome core team (Amrouche HamzaAntoine BluchetSamuel ROZETeoh Han HuiThéo FIDRYVincent CHALAMON and myself), workshops and conferences talks across the world (don’t miss the workshop at the Berlin’s Symfony Con next week).

API Platform has been in the top GitHub trending PHP repositories several times during past months (and 1st one time) beside great projects like Laravel, Symfony and WordPress and has now more than 1k stars.

It’s amazing! Thanks to everybody having worked on the code base, contributed to the documentation or evangelized about the solution, you rock!

Training, development, professional services and workshops are also provided worldwide by Les-Tilleuls.coop, API Platform’s creators.

What’s next

The release of API Platform v2 is just the first step! We’re already working on new features and some of them are already ready to be merged in the 2.1 branch including:

More to come! Stay tuned!

If you haven’t already done it, it’s time to give a try to API Platform!

[Slides] Take Off Conf 2016: Creating a hypermedia API in 5 minutes with API Platform

This morning I was speaking about the API Platform framework at the Take Off Conf in my hometown of Lille. Take a look at my slides, and learn how to create a fully featured hypermedia API in a few minutes!

Mes slides du Symfony Live 2015 : à la découverte de API Platform

Voici les slides concernant le développement d’API hypermerdia diffusés tout à l’heure lors du Symfony Live de Paris.

Les liens vers les différents outils présentés tout à l’heure :

Les slides en plein écran.

Symfony Live 2015 : Construire des applications API-centric avec Symfony

Symfony Live 2015

Je donnerai une conférence de 40 minutes au Symfony Live 2015 qui se déroulera le 9 avril à la Cité Internationale Universitaire de Paris.

J’y parlerai de la conception et du développement d’applications construites autour d’une API REST :

Au cours de ce talk, je présenterai une architecture moderne qui permet de construire des applications performantes, évolutives et interopérables :

Le talk sera didactique et accessible aux développeurs Symfony de tous niveaux. La construction d’une micro-application suivant cette architecture sera présentée pas à pas.

 17 autres conférences atuour de Symfony auront lieu lors du même évènement. Les billets sont en vente sur le site du Symfony Live.

 

Slides à propos des Linked Data et des API REST Hypermedia avec Symfony

Hier j’ai présenté certains de mes travaux autour des Linked Data et de Symfony au sfPot de Lille. Voici la présentation que j’ai projetée : voir les slides en plein écran.

CoopTilleulsOVHBundle: OVH SDK integration in Symfony

I’ve just released a new tiny open source bundle under the Les-Tilleuls.coop umbrella: CoopTilleulsOvhBundle.

That bundle integrates the official PHP SDK provided by OVH and exposes it as a Symfony service. It also provides a convenient way to store API credentials in parameters.yml.

The OVH API provides a lot of features including dynamic server management (elasticity) and monitoring, SMS sending, telephony configuration, billing… Almost all services provided by the first european internet hosting company (from Roubaix, France – our neighbors!) are exposed through their API, and can now be used from any Symfony application.

As usual, the source code and tests are freely available on our GitHub account. The bundle can be installed using Composer.

DunglasAngularCsrfBundle: protect your Symfony / AngularJS apps against CSRF attacks

I create and I see more and more web applications sharing the same powerful architecture:

 These components share the same philosophy (built on top of dependency injection and MVC-like patterns, designed to be intensively tested) and play very well together.

This stack allows to create awesome blazing-fast web applications. Better, the client part and the server part of the app are loosely coupled, can evolve separately and can even be maintained by different teams.

However, this kind of apps often suffer of security problems, and especially Cross-site Request Forgery (CSRF or XSRF) vulnerabilities.

Both Symfony and AngularJS provide their own CSRF protection mechanisms, but by default they are not interoperable and not enabled. Thanks to a recent refactoring of the Symfony’s security component, it’s now possible and clean to make both systems working together, and I’ve just released an open source bundle to do that: DunglasAngularCsrfBundle.

This bundle provides out of the box CSRF protection for AngularJS apps interacting with a Symfony-backed app.

Despite it’s name, it does not depend of AngularJS and can also be used with Chaplin.js / Backbone.js, jQuery or even raw JavaScript. To do so, install and configure the bundle, then just add to XHR requests a HTTP header called X-XSRF-TOKEN containing the value of the token set by a cookie on the first HTTP request. The bundle will automatically check the validity of the provided token. If it is not valid, an Access Denied error (HTTP 401) will be thrown.

The bundle is fully tested with phpspec and obtain a platinum medal on the brand new (awesome) SensioLabs Insight quality monitoring system.

Internals documentation and installation instructions are provided on the GitHub page of the bundle. Check it, test it, star it and tell me what you think of it!

Download DunglasAngularCsrfBundle on GitHub.