Continuation of the 1st part

Click “Execute”. The effect is shown below.

Permissions [READ] [WRITE]

Our user has confidential fields as password, which we wouldn’t like to share. API Platform allows us to restrict selected data in a simple way. Let’s limit our user to display only two fields: name and e-mail. Add the configuration.

  • config/api_platform/user.api.yml
AppEntityUser:
 attributes:
   normalization_context:
     groups: ['read']
   denormalization_context:
     groups: ['write']

We have added two attributes: normalization_context and denormalization_context. Normalization is responsible for retrieving data, denormalization for sending and assigning data to the appropriate group. Then, add fields configuration.

  • config/serialization/User.yml
AppEntityUser:
 attributes:
   name:
     groups: ['read']
   email:
     groups: ['read']

We have assigned permissions for the fields “name” and “e-mail” as [“read”]. Now, we are going to test its functionality. Open the link 127.0.0.1:8000/api in the browser and choose the action to display users.

We have received a result of our user’s query only with those fields, which we declared above. ?

Validation

Let’s add a username validation to the project, as shown below.

  • src/Resources/config/validation/User.yml
AppEntityUser:
   properties:
       name:
           - NotBlank:
               message: "The value cannot be empty"
           - Length:
               max: 250
               maxMessage: "The value cannot be longer than 250 characters"

The user name can’t be blank or longer than 250 characters.

API Platform will do everything on our behalf. Basing on the standard validation, it will return the corresponding HTTP error code with the message.

JSON Web Token (JWT) Authorisation

Let’s add authorisation to the application. In our case, we will use JWT. In the beginning, let’s run the command to install bundle JWT.

composer req lexik/jwt-authentication-bundle

Next, generate certificates, private key, and public key. Let’s note the certificates’ generation place. Run a command in this terminal.

openssl genrsa -out config/jwt/private.pem -aes256 4096
openssl rsa -pubout -in config/jwt/private.pem -out config/jwt/public.pem

Then we add certificates in the env.local file.

###> lexik/jwt-authentication-bundle ###
JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
JWT_PASSPHRASE=xxxxxxx
###< lexik/jwt-authentication-bundle ###

JWT_PASSPHARE – it’s the password we have inserted during private key generation

Another step is to configure security.yaml file. Let’s add the encoders section to indicate the authorization entity. As a property field, we can choose any field, e.g. e-mail. We choose field “name” and next configure firewalls adding API. Then, restrict access in the access_control.

  • config/packages/security.yaml
security:
   encoders:
       AppEntityUser: bcrypt
   providers:
       database:
           entity:
               class: AppEntityUser
               property: name
   firewalls:
       dev:
           pattern: ^/(_(profiler|wdt)|css|images|js)/
           security: false
       api:
           pattern: ^/api
           stateless: true
           anonymous: true
           json_login:
               check_path: /api/login_check
               success_handler: lexik_jwt_authentication.handler.authentication_success
               failure_handler: lexik_jwt_authentication.handler.authentication_failure
           guard:
               authenticators:
                   - lexik_jwt_authentication.jwt_token_authenticator
       main:
           anonymous: true
   access_control:
       - { path: ^/api/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
       - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }

At the end, add new routes, which in accordance with the above config, will be responsible for generating a new token.

  • config/routes/jwt.yaml
api_login_check:
     path: /api/login_check

Let’s test its functionality. At this point, we will use the Postman tool, which we highly recommend. To generate a new token in Postman, insert an endpoint http://127.0.0.1:8000/api/login_check and

After the correct validation, we will receive a response with the generated token.

Let’s use it to download posts now. In the Postman, in a tab “Authorisation” choose type as Banner Token, in which we will insert our new token.

As a result, we have received a list of our posts. ?

Summary

To sum up – it’s worthwhile! API Platform is an excellent tool, which can boost your work. We come across basic functions from quick and simple entity implementation to validation and permission assignment. We recommend spending a while using this tool and getting to know its possibilities better.

Bonus

As a bonus – I share with you a project on a Github.