├── .gitignore
├── .prettierrc
├── admin
    ├── images
    │   ├── admin-demo.gif
    │   ├── admin-demo.mp4
    │   ├── admin-menu.png
    │   ├── admin-sort.png
    │   ├── admin-demo.webm
    │   ├── admin-filter.png
    │   ├── admin-datagrid.png
    │   ├── required-field.png
    │   ├── AutocompleteInput.png
    │   ├── admin-custom-field.png
    │   ├── admin-custom-input.png
    │   ├── admin-default-list.png
    │   ├── admin-form-layout.png
    │   ├── admin-menu-icons.png
    │   ├── react-admin-theme.png
    │   ├── admin-undoable-mutation.png
    │   ├── basic-admin-greetings.png
    │   ├── related-record-with-iri.png
    │   ├── submission-error-field.png
    │   ├── admin-custom-edit-guesser.png
    │   ├── admin-custom-list-guesser.png
    │   ├── admin-custom-show-guesser.png
    │   ├── admin-tabbed-show-layout.png
    │   ├── api-platform-admin-theme.png
    │   ├── api-platform-welcome-page.png
    │   ├── related-record-with-name.png
    │   ├── admin-reference-record-count.png
    │   ├── admin-warnWhenUnsavedChanges.png
    │   ├── embedded-relation-dot-notation.png
    │   ├── embedded-relation-full-object.png
    │   ├── admin-custom-list-field-guesser.png
    │   ├── embedded-relation-ReferenceField.png
    │   ├── embedded-relation-ReferenceInput.png
    │   └── embedded-relation-useEmbedded-false.png
    ├── file-upload.md
    ├── performance.md
    ├── real-time-mercure.md
    ├── index.md
    ├── validation.md
    ├── getting-started.md
    └── schema.md
├── laravel
    ├── images
    │   ├── graphql.png
    │   ├── basic-rest.png
    │   ├── empty-docs.png
    │   ├── read-only.png
    │   ├── form-request.png
    │   ├── title-filter.png
    │   ├── books-collection.png
    │   ├── filters-documentation.png
    │   └── property-placeholder.png
    ├── validation.md
    ├── security.md
    └── jwt.md
├── symfony
    ├── images
    │   ├── swagger-ui-1.png
    │   ├── swagger-ui-2.png
    │   ├── NelmioApiDocBundle.png
    │   ├── api-platform-2.5-api.png
    │   ├── api-platform-2.6-api.png
    │   ├── symfonycasts-player.png
    │   ├── api-platform-2.5-admin.png
    │   ├── api-platform-2.6-admin.png
    │   ├── api-platform-2.5-graphql.png
    │   ├── api-platform-2.5-pwa-react.png
    │   ├── api-platform-2.5-welcome.png
    │   ├── api-platform-2.6-graphql.png
    │   ├── api-platform-2.6-pwa-react.png
    │   ├── api-platform-2.6-welcome.png
    │   ├── api-platform-3.0-welcome.png
    │   ├── api-platform-2.5-bookshop-api.png
    │   ├── api-platform-2.6-bookshop-api.png
    │   └── api-platform-2.6-bookshop-json-schemas.png
    ├── nelmio-api-doc.md
    ├── caddy.md
    ├── debugging.md
    ├── fosuser-bundle.md
    └── migrate-from-fosrestbundle.md
├── core
    ├── images
    │   ├── JWTAuthorizeButton.png
    │   ├── JWTConfigureApiKey.png
    │   ├── SerializerWorkflow.png
    │   ├── deprecated-graphiql.png
    │   ├── mercure-discovery.png
    │   ├── swagger-ui-modified.png
    │   ├── deprecated-swagger-ui.png
    │   ├── jwt-token-swagger-ui.png
    │   ├── mercure-subscriptions.png
    │   ├── open-api-documented-error.png
    │   └── diagrams
    │   │   ├── api-platform-get-i-o.dia
    │   │   ├── api-platform-get-i-o.png
    │   │   ├── api-platform-put-i-o.dia
    │   │   ├── api-platform-put-i-o.png
    │   │   ├── api-platform-post-i-o.dia
    │   │   └── api-platform-post-i-o.png
    ├── validation.md
    ├── security.md
    ├── testing.md
    ├── jwt.md
    ├── bootstrap.md
    ├── push-relations.md
    ├── index.md
    ├── url-generation-strategy.md
    ├── form-data.md
    ├── design.md
    ├── operation-path-naming.md
    ├── extending-jsonld-context.md
    ├── default-order.md
    ├── external-vocabularies.md
    ├── json-schema.md
    ├── upgrade-guide.md
    └── client-integration.md
├── deployment
    ├── images
    │   ├── deploy-result.png
    │   ├── digitalocean-dns.png
    │   ├── digitalocean-droplet.png
    │   ├── google-image-overview.png
    │   └── google-image-caddy-details.png
    ├── index.md
    ├── minikube.md
    └── heroku.md
├── schema-generator
    ├── images
    │   └── stoplight.png
    ├── index.md
    └── getting-started.md
├── .github
    ├── ISSUE_TEMPLATE
    │   ├── 2_Documentation_issue.md
    │   └── 1_Support_question.md
    ├── linters
    │   └── .textlintrc
    ├── PULL_REQUEST_TEMPLATE.md
    └── workflows
    │   ├── ci.yml
    │   └── cd.yml
├── create-client
    ├── images
    │   ├── create-client-demo.gif
    │   ├── nuxt
    │   │   ├── create-client-nuxt-edit.png
    │   │   └── create-client-nuxt-list.png
    │   ├── react
    │   │   ├── create-client-react-edit.png
    │   │   ├── create-client-react-list.png
    │   │   ├── create-client-react-show.png
    │   │   ├── create-client-react-delete.png
    │   │   └── create-client-react-list-pagination.png
    │   ├── nextjs
    │   │   ├── create-client-nextjs-list.png
    │   │   └── create-client-nextjs-show.png
    │   └── react-native
    │   │   ├── create-client-react-native-add.png
    │   │   ├── create-client-react-native-list.png
    │   │   ├── create-client-react-native-show.png
    │   │   └── create-client-react-native-delete.png
    ├── typescript.md
    ├── index.md
    ├── vuetify.md
    ├── vuejs.md
    ├── quasar.md
    ├── react.md
    ├── nuxt.md
    ├── troubleshooting.md
    ├── react-native.md
    ├── custom.md
    └── nextjs.md
├── .proselintrc.json
├── .markdownlint.yaml
├── README.md
├── .editorconfig
├── extra
    ├── contribution-guides.md
    ├── releases.md
    ├── conduct.md
    ├── philosophy.md
    ├── enterprise.md
    ├── troubleshooting.md
    └── security.md
├── CONTRIBUTING.md
└── outline.yaml


/.gitignore:
--------------------------------------------------------------------------------
1 | /website
2 | 


--------------------------------------------------------------------------------
/.prettierrc:
--------------------------------------------------------------------------------
1 | {
2 |   "printWidth": 100,
3 |   "proseWrap": "always"
4 | }
5 | 


--------------------------------------------------------------------------------
/admin/images/admin-demo.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/admin-demo.gif


--------------------------------------------------------------------------------
/admin/images/admin-demo.mp4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/admin-demo.mp4


--------------------------------------------------------------------------------
/admin/images/admin-menu.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/admin-menu.png


--------------------------------------------------------------------------------
/admin/images/admin-sort.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/admin-sort.png


--------------------------------------------------------------------------------
/laravel/images/graphql.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/laravel/images/graphql.png


--------------------------------------------------------------------------------
/admin/images/admin-demo.webm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/admin-demo.webm


--------------------------------------------------------------------------------
/admin/images/admin-filter.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/admin-filter.png


--------------------------------------------------------------------------------
/laravel/images/basic-rest.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/laravel/images/basic-rest.png


--------------------------------------------------------------------------------
/laravel/images/empty-docs.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/laravel/images/empty-docs.png


--------------------------------------------------------------------------------
/laravel/images/read-only.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/laravel/images/read-only.png


--------------------------------------------------------------------------------
/admin/images/admin-datagrid.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/admin-datagrid.png


--------------------------------------------------------------------------------
/admin/images/required-field.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/required-field.png


--------------------------------------------------------------------------------
/laravel/images/form-request.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/laravel/images/form-request.png


--------------------------------------------------------------------------------
/laravel/images/title-filter.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/laravel/images/title-filter.png


--------------------------------------------------------------------------------
/symfony/images/swagger-ui-1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/symfony/images/swagger-ui-1.png


--------------------------------------------------------------------------------
/symfony/images/swagger-ui-2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/symfony/images/swagger-ui-2.png


--------------------------------------------------------------------------------
/admin/images/AutocompleteInput.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/AutocompleteInput.png


--------------------------------------------------------------------------------
/admin/images/admin-custom-field.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/admin-custom-field.png


--------------------------------------------------------------------------------
/admin/images/admin-custom-input.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/admin-custom-input.png


--------------------------------------------------------------------------------
/admin/images/admin-default-list.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/admin-default-list.png


--------------------------------------------------------------------------------
/admin/images/admin-form-layout.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/admin-form-layout.png


--------------------------------------------------------------------------------
/admin/images/admin-menu-icons.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/admin-menu-icons.png


--------------------------------------------------------------------------------
/admin/images/react-admin-theme.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/react-admin-theme.png


--------------------------------------------------------------------------------
/core/images/JWTAuthorizeButton.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/core/images/JWTAuthorizeButton.png


--------------------------------------------------------------------------------
/core/images/JWTConfigureApiKey.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/core/images/JWTConfigureApiKey.png


--------------------------------------------------------------------------------
/core/images/SerializerWorkflow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/core/images/SerializerWorkflow.png


--------------------------------------------------------------------------------
/core/images/deprecated-graphiql.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/core/images/deprecated-graphiql.png


--------------------------------------------------------------------------------
/core/images/mercure-discovery.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/core/images/mercure-discovery.png


--------------------------------------------------------------------------------
/core/images/swagger-ui-modified.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/core/images/swagger-ui-modified.png


--------------------------------------------------------------------------------
/deployment/images/deploy-result.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/deployment/images/deploy-result.png


--------------------------------------------------------------------------------
/laravel/images/books-collection.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/laravel/images/books-collection.png


--------------------------------------------------------------------------------
/core/images/deprecated-swagger-ui.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/core/images/deprecated-swagger-ui.png


--------------------------------------------------------------------------------
/core/images/jwt-token-swagger-ui.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/core/images/jwt-token-swagger-ui.png


--------------------------------------------------------------------------------
/core/images/mercure-subscriptions.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/core/images/mercure-subscriptions.png


--------------------------------------------------------------------------------
/schema-generator/images/stoplight.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/schema-generator/images/stoplight.png


--------------------------------------------------------------------------------
/symfony/images/NelmioApiDocBundle.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/symfony/images/NelmioApiDocBundle.png


--------------------------------------------------------------------------------
/admin/images/admin-undoable-mutation.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/admin-undoable-mutation.png


--------------------------------------------------------------------------------
/admin/images/basic-admin-greetings.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/basic-admin-greetings.png


--------------------------------------------------------------------------------
/admin/images/related-record-with-iri.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/related-record-with-iri.png


--------------------------------------------------------------------------------
/admin/images/submission-error-field.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/submission-error-field.png


--------------------------------------------------------------------------------
/deployment/images/digitalocean-dns.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/deployment/images/digitalocean-dns.png


--------------------------------------------------------------------------------
/laravel/images/filters-documentation.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/laravel/images/filters-documentation.png


--------------------------------------------------------------------------------
/laravel/images/property-placeholder.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/laravel/images/property-placeholder.png


--------------------------------------------------------------------------------
/symfony/images/api-platform-2.5-api.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/symfony/images/api-platform-2.5-api.png


--------------------------------------------------------------------------------
/symfony/images/api-platform-2.6-api.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/symfony/images/api-platform-2.6-api.png


--------------------------------------------------------------------------------
/symfony/images/symfonycasts-player.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/symfony/images/symfonycasts-player.png


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/2_Documentation_issue.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: 📄 Documentation issue
3 | about: Report a documentation issue
4 | ---
5 | 


--------------------------------------------------------------------------------
/admin/images/admin-custom-edit-guesser.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/admin-custom-edit-guesser.png


--------------------------------------------------------------------------------
/admin/images/admin-custom-list-guesser.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/admin-custom-list-guesser.png


--------------------------------------------------------------------------------
/admin/images/admin-custom-show-guesser.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/admin-custom-show-guesser.png


--------------------------------------------------------------------------------
/admin/images/admin-tabbed-show-layout.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/admin-tabbed-show-layout.png


--------------------------------------------------------------------------------
/admin/images/api-platform-admin-theme.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/api-platform-admin-theme.png


--------------------------------------------------------------------------------
/admin/images/api-platform-welcome-page.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/api-platform-welcome-page.png


--------------------------------------------------------------------------------
/admin/images/related-record-with-name.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/related-record-with-name.png


--------------------------------------------------------------------------------
/core/images/open-api-documented-error.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/core/images/open-api-documented-error.png


--------------------------------------------------------------------------------
/deployment/images/digitalocean-droplet.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/deployment/images/digitalocean-droplet.png


--------------------------------------------------------------------------------
/symfony/images/api-platform-2.5-admin.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/symfony/images/api-platform-2.5-admin.png


--------------------------------------------------------------------------------
/symfony/images/api-platform-2.6-admin.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/symfony/images/api-platform-2.6-admin.png


--------------------------------------------------------------------------------
/admin/images/admin-reference-record-count.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/admin-reference-record-count.png


--------------------------------------------------------------------------------
/admin/images/admin-warnWhenUnsavedChanges.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/admin-warnWhenUnsavedChanges.png


--------------------------------------------------------------------------------
/core/images/diagrams/api-platform-get-i-o.dia:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/core/images/diagrams/api-platform-get-i-o.dia


--------------------------------------------------------------------------------
/core/images/diagrams/api-platform-get-i-o.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/core/images/diagrams/api-platform-get-i-o.png


--------------------------------------------------------------------------------
/core/images/diagrams/api-platform-put-i-o.dia:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/core/images/diagrams/api-platform-put-i-o.dia


--------------------------------------------------------------------------------
/core/images/diagrams/api-platform-put-i-o.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/core/images/diagrams/api-platform-put-i-o.png


--------------------------------------------------------------------------------
/create-client/images/create-client-demo.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/create-client/images/create-client-demo.gif


--------------------------------------------------------------------------------
/deployment/images/google-image-overview.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/deployment/images/google-image-overview.png


--------------------------------------------------------------------------------
/symfony/images/api-platform-2.5-graphql.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/symfony/images/api-platform-2.5-graphql.png


--------------------------------------------------------------------------------
/symfony/images/api-platform-2.5-pwa-react.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/symfony/images/api-platform-2.5-pwa-react.png


--------------------------------------------------------------------------------
/symfony/images/api-platform-2.5-welcome.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/symfony/images/api-platform-2.5-welcome.png


--------------------------------------------------------------------------------
/symfony/images/api-platform-2.6-graphql.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/symfony/images/api-platform-2.6-graphql.png


--------------------------------------------------------------------------------
/symfony/images/api-platform-2.6-pwa-react.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/symfony/images/api-platform-2.6-pwa-react.png


--------------------------------------------------------------------------------
/symfony/images/api-platform-2.6-welcome.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/symfony/images/api-platform-2.6-welcome.png


--------------------------------------------------------------------------------
/symfony/images/api-platform-3.0-welcome.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/symfony/images/api-platform-3.0-welcome.png


--------------------------------------------------------------------------------
/admin/images/embedded-relation-dot-notation.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/embedded-relation-dot-notation.png


--------------------------------------------------------------------------------
/admin/images/embedded-relation-full-object.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/embedded-relation-full-object.png


--------------------------------------------------------------------------------
/core/images/diagrams/api-platform-post-i-o.dia:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/core/images/diagrams/api-platform-post-i-o.dia


--------------------------------------------------------------------------------
/core/images/diagrams/api-platform-post-i-o.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/core/images/diagrams/api-platform-post-i-o.png


--------------------------------------------------------------------------------
/admin/images/admin-custom-list-field-guesser.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/admin-custom-list-field-guesser.png


--------------------------------------------------------------------------------
/admin/images/embedded-relation-ReferenceField.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/embedded-relation-ReferenceField.png


--------------------------------------------------------------------------------
/admin/images/embedded-relation-ReferenceInput.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/embedded-relation-ReferenceInput.png


--------------------------------------------------------------------------------
/deployment/images/google-image-caddy-details.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/deployment/images/google-image-caddy-details.png


--------------------------------------------------------------------------------
/symfony/images/api-platform-2.5-bookshop-api.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/symfony/images/api-platform-2.5-bookshop-api.png


--------------------------------------------------------------------------------
/symfony/images/api-platform-2.6-bookshop-api.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/symfony/images/api-platform-2.6-bookshop-api.png


--------------------------------------------------------------------------------
/admin/images/embedded-relation-useEmbedded-false.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/admin/images/embedded-relation-useEmbedded-false.png


--------------------------------------------------------------------------------
/create-client/images/nuxt/create-client-nuxt-edit.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/create-client/images/nuxt/create-client-nuxt-edit.png


--------------------------------------------------------------------------------
/create-client/images/nuxt/create-client-nuxt-list.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/create-client/images/nuxt/create-client-nuxt-list.png


--------------------------------------------------------------------------------
/create-client/images/react/create-client-react-edit.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/create-client/images/react/create-client-react-edit.png


--------------------------------------------------------------------------------
/create-client/images/react/create-client-react-list.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/create-client/images/react/create-client-react-list.png


--------------------------------------------------------------------------------
/create-client/images/react/create-client-react-show.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/create-client/images/react/create-client-react-show.png


--------------------------------------------------------------------------------
/create-client/images/nextjs/create-client-nextjs-list.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/create-client/images/nextjs/create-client-nextjs-list.png


--------------------------------------------------------------------------------
/create-client/images/nextjs/create-client-nextjs-show.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/create-client/images/nextjs/create-client-nextjs-show.png


--------------------------------------------------------------------------------
/create-client/images/react/create-client-react-delete.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/create-client/images/react/create-client-react-delete.png


--------------------------------------------------------------------------------
/symfony/images/api-platform-2.6-bookshop-json-schemas.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/symfony/images/api-platform-2.6-bookshop-json-schemas.png


--------------------------------------------------------------------------------
/create-client/images/react/create-client-react-list-pagination.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/create-client/images/react/create-client-react-list-pagination.png


--------------------------------------------------------------------------------
/create-client/images/react-native/create-client-react-native-add.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/create-client/images/react-native/create-client-react-native-add.png


--------------------------------------------------------------------------------
/create-client/images/react-native/create-client-react-native-list.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/create-client/images/react-native/create-client-react-native-list.png


--------------------------------------------------------------------------------
/create-client/images/react-native/create-client-react-native-show.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/create-client/images/react-native/create-client-react-native-show.png


--------------------------------------------------------------------------------
/create-client/images/react-native/create-client-react-native-delete.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/api-platform/docs/HEAD/create-client/images/react-native/create-client-react-native-delete.png


--------------------------------------------------------------------------------
/.github/linters/.textlintrc:
--------------------------------------------------------------------------------
 1 | {
 2 |   "rules": {
 3 |     "terminology": {
 4 |       "exclude": [
 5 |         "Node(?:js)?",
 6 |         "web[- ]?site(s)?"
 7 |       ]
 8 |     }
 9 |   }
10 | }
11 | 


--------------------------------------------------------------------------------
/.proselintrc.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "checks": {
 3 |     "typography.symbols": false,
 4 |     "typography.exclamation": false,
 5 |     "hyperbole.misc": false,
 6 |     "cliches.misc": false,
 7 |     "lexical_illusions.misc": false
 8 |   }
 9 | }
10 | 


--------------------------------------------------------------------------------
/.markdownlint.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | MD013:
 3 |   line_length: 1000
 4 |   code_blocks: false
 5 |   tables: false
 6 | no-inline-html:
 7 |   allowed_elements: [a, p, img, br, code-selector, video, source, iframe, h1]
 8 | MD046:
 9 |   style: fenced
10 | MD004:
11 |   style: dash
12 | MD007:
13 |   indent: 4
14 | 


--------------------------------------------------------------------------------
/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
 1 | <!--
 2 | 
 3 | If your pull request fixes a BUG, use the last stable branch that contains the bug.
 4 | 
 5 | If your pull request documents a NEW FEATURE, use the `main` branch.
 6 | 
 7 | Versions and branches are described there: https://api-platform.com/docs/extra/releases/
 8 | 
 9 | -->
10 | 


--------------------------------------------------------------------------------
/core/validation.md:
--------------------------------------------------------------------------------
1 | # Validation
2 | 
3 | API Platform takes care of validating the data sent to the API by the client (usually user data
4 | entered through forms).
5 | 
6 | - For Symfony users, refer to the [Validation with Symfony documentation](/symfony/validation.md).
7 | - For Laravel users, refer to the [Validation with Laravel documentation](/laravel/validation.md).
8 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/1_Support_question.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: ⛔ Support Question
 3 | about: See https://api-platform.com/support/ for questions about using API Platform
 4 | ---
 5 | 
 6 | # Support question
 7 | 
 8 | We use GitHub issues only to discuss bugs and new features. For this kind of questions about using
 9 | API Platform, please use any of the support alternatives shown in
10 | [API Platform support](https://api-platform.com/support/).
11 | 
12 | Thanks!
13 | 


--------------------------------------------------------------------------------
/laravel/validation.md:
--------------------------------------------------------------------------------
 1 | # Validation with Laravel
 2 | 
 3 | API Platform simplifies the validation of data sent by clients to the API, typically user inputs
 4 | submitted through forms.
 5 | 
 6 | You can add [validation rules](https://laravel.com/docs/validation) within the `rules` option:
 7 | 
 8 | ```php
 9 | // app/Models/Book.php
10 | 
11 | use ApiPlatform\Metadata\ApiResource;
12 | 
13 | #[ApiResource(
14 |     rules: [
15 |         'title' => 'required',
16 |     ]
17 | )]
18 | class Book extends Model
19 | {
20 | }
21 | ```
22 | 


--------------------------------------------------------------------------------
/core/security.md:
--------------------------------------------------------------------------------
 1 | # Security
 2 | 
 3 | API Platform provides advanced authentication and authorization features to secure your API.
 4 | 
 5 | When using API Platform for Symfony, API Platform leverages the
 6 | [Symfony Security component](https://symfony.com/doc/current/security.html) to help you secure your
 7 | API.
 8 | 
 9 | When using API Platform for Laravel, it provides an integration with popular authentication packages
10 | for Laravel, and with the built-in authorization features of the framework.
11 | 
12 | - For Symfony users, refer to the [Security with Symfony documentation](/symfony/security.md).
13 | - For Laravel users, refer to the [Security with Laravel documentation](/laravel/security.md).
14 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | <h1 align="center"><a href="https://api-platform.com"><img src="https://api-platform.com/images/logos/Logo_Circle%20webby%20text%20blue.png" alt="API Platform" width="250" height="250"></a></h1>
 2 | 
 3 | # API Platform Documentation
 4 | 
 5 | [![Lint](https://github.com/api-platform/docs/actions/workflows/ci.yml/badge.svg)](https://github.com/api-platform/docs/actions/workflows/ci.yml)
 6 | 
 7 | Welcome to the official documentation for [API Platform](https://api-platform.com), a powerful
 8 | framework for building APIs and web applications.
 9 | 
10 | This repository contains all the API Platform documentation resources.
11 | 
12 | ## Contributing
13 | 
14 | Please check our [CONTRIBUTING file](/CONTRIBUTING.md) to contribute.
15 | 


--------------------------------------------------------------------------------
/core/testing.md:
--------------------------------------------------------------------------------
 1 | # Testing the API
 2 | 
 3 | Once your API is up and running, it's crucial to write tests to ensure it is bug-free and to prevent
 4 | future regressions. A good practice is to follow a
 5 | [Test-Driven Development (TDD)](https://martinfowler.com/bliki/TestDrivenDevelopment.html) approach,
 6 | where tests are written before the production code.
 7 | 
 8 | API Platform provides a set of helpful testing utilities to write unit tests, functional tests, and
 9 | to create [test fixtures](https://en.wikipedia.org/wiki/Test_fixture#Software).
10 | 
11 | ## Testing Documentations
12 | 
13 | - If you are using API Platform with Symfony, refer to the
14 |   [Testing the API with Symfony](/symfony/testing.md) documentation.
15 | - If you are using API Platform with Laravel, refer to the
16 |   [Testing the API with Laravel](/laravel/testing.md) documentation.
17 | 


--------------------------------------------------------------------------------
/core/jwt.md:
--------------------------------------------------------------------------------
 1 | # JWT Authentication
 2 | 
 3 | > [JSON Web Token (JWT)](https://jwt.io/) is a JSON-based open standard
 4 | > ([RFC 7519](https://tools.ietf.org/html/rfc7519)) for creating access tokens that assert some
 5 | > number of claims. For example, a server could generate a token that has the claim "logged in as
 6 | > admin" and provide that to a client. The client could then use that token to prove that he/she is
 7 | > logged in as admin. The tokens are signed by the server's key, so the server is able to verify
 8 | > that the token is legitimate. The tokens are designed to be compact, URL-safe and usable
 9 | > especially in web browser single sign-on (SSO) context.
10 | >
11 | > ―[Wikipedia](https://en.wikipedia.org/wiki/JSON_Web_Token)
12 | 
13 | - For Symfony users, check out the [JWT Authentication with Symfony documentation](/symfony/jwt.md).
14 | - For Laravel users, explore the [JWT Authentication with Laravel documentation](/laravel/jwt.md).
15 | 


--------------------------------------------------------------------------------
/core/bootstrap.md:
--------------------------------------------------------------------------------
 1 | # Bootstrapping the Core Library
 2 | 
 3 | You may want to run a minimal version of API Platform. This one file runs API Platform (without
 4 | GraphQL, Eloquent, Doctrine MongoDB...). It requires the following Composer packages:
 5 | 
 6 | > [!NOTE] This documentation is a work in progress we're working on improving it, in the mean time
 7 | > we declare most of the services manually in the
 8 | > [ApiPlatformProvider](https://github.com/api-platform/core/blob/64768a6a5b480e1b8e33c639fb28b27883c69b79/src/Laravel/ApiPlatformProvider.php)
 9 | > it can be source of inspiration.
10 | 
11 | ## Components
12 | 
13 | API Platform is installable as a set of components, for example:
14 | 
15 | ```console
16 | composer require \
17 |     api-platform/serializer \
18 |     api-platform/metadata \
19 |     api-platform/state \
20 |     api-platform/jsonld \
21 |     phpdocumentor/reflection-docblock \
22 |     symfony/property-info \
23 |     symfony/routing \
24 |     symfony/validator
25 | ```
26 | 


--------------------------------------------------------------------------------
/.editorconfig:
--------------------------------------------------------------------------------
 1 | # EditorConfig helps developers define and maintain consistent
 2 | # coding styles between different editors and IDEs
 3 | # editorconfig.org
 4 | 
 5 | root = true
 6 | 
 7 | [*]
 8 | # Change these settings to your own preference
 9 | indent_style = space
10 | indent_size = 4
11 | 
12 | # We recommend you to keep these unchanged
13 | end_of_line = lf
14 | charset = utf-8
15 | trim_trailing_whitespace = true
16 | insert_final_newline = true
17 | 
18 | [*.json]
19 | indent_style = space
20 | indent_size = 2
21 | 
22 | [*.md]
23 | max_line_length = 100
24 | trim_trailing_whitespace = false
25 | indent_size = 4
26 | 
27 | [*.neon]
28 | indent_style = tab
29 | indent_size = 4
30 | 
31 | [*.xml]
32 | indent_size = 4
33 | 
34 | [*.{yaml,yml}]
35 | indent_size = 2
36 | trim_trailing_whitespace = false
37 | 
38 | [.circleci/config.yml]
39 | indent_size = 2
40 | 
41 | [.github/workflows/*.yml]
42 | indent_size = 2
43 | 
44 | [.gitmodules]
45 | indent_style = tab
46 | 
47 | [.proselintrc]
48 | indent_size = 2
49 | 


--------------------------------------------------------------------------------
/extra/contribution-guides.md:
--------------------------------------------------------------------------------
 1 | # Contribution Guides
 2 | 
 3 | ## API Platform Core
 4 | 
 5 | - [General Contribution Guide](https://github.com/api-platform/core/blob/main/CONTRIBUTING.md)
 6 | - [Laravel-Specific Contribution Guide](https://github.com/api-platform/core/blob/main/src/Laravel/CONTRIBUTING.md)
 7 | 
 8 | ## API Platform Documentation
 9 | 
10 | - [General Contribution Guide](https://github.com/api-platform/docs/blob/main/CONTRIBUTING.md)
11 | 
12 | ## API Platform Tools
13 | 
14 | - [Schema Generator Contribution Guide](https://github.com/api-platform/schema-generator/blob/main/CONTRIBUTING.md)
15 | - [Admin Contribution Guide](https://github.com/api-platform/admin/blob/master/CONTRIBUTING.md)
16 | - [CRUD Generator Contribution Guide](https://github.com/api-platform/create-client/blob/master/CONTRIBUTING.md)
17 | 
18 | **To report a security issue, please take a look at [the dedicated document](security.md).**
19 | 
20 | <p align="center" class="symfonycasts"><a href="https://symfonycasts.com/screencast/contributing?cid=apip"><img src="../symfony/images/symfonycasts-player.png" alt="JWT screencast"><br>Watch the Contributing back to Symfony screencast (free)</a></p>
21 | 


--------------------------------------------------------------------------------
/deployment/index.md:
--------------------------------------------------------------------------------
 1 | # Deploying API Platform Applications
 2 | 
 3 | API Platform apps are super easy to deploy in production thanks to the
 4 | [Docker Compose definition](docker-compose.md) and to the [Kubernetes chart](kubernetes.md) we
 5 | provide.
 6 | 
 7 | We strongly recommend using Kubernetes or Docker Compose to deploy your apps.
 8 | 
 9 | If you want to play with a local Kubernetes cluster, read
10 | [how to deploy an API Platform project on Minikube](minikube.md).
11 | 
12 | If you don't want to use Docker, keep in mind that the server application of API Platform is a
13 | standard Symfony project, while the Progressive Web Application is a standard Next.js project:
14 | 
15 | <p align="center" class="symfonycasts"><a href="https://symfonycasts.com/screencast/ansistrano?cid=apip"><img src="../symfony/images/symfonycasts-player.png" alt="JWT screencast"><br>Watch the Animated Deployment with Ansistrano screencast</a></p>
16 | 
17 | - [Deploying the Symfony application](https://symfony.com/doc/current/deployment.html)
18 | - [Deploying the Next.js application](https://nextjs.org/docs/deployment)
19 | 
20 | Alternatively, you may want to deploy API Platform on a PaaS (Platform as a Service):
21 | 
22 | - [Deploying the server application of API Platform on Heroku](heroku.md)
23 | - [Deploying API Platform on Platform.sh (outdated)](https://platform.sh/blog/deploy-api-platform-on-platformsh)
24 | 


--------------------------------------------------------------------------------
/symfony/nelmio-api-doc.md:
--------------------------------------------------------------------------------
 1 | # NelmioApiDocBundle Integration with Symfony
 2 | 
 3 | > [!WARNING] For new projects, prefer using the built-in Swagger support and/or NelmioApiDoc 3.
 4 | 
 5 | NelmioApiDoc provides an alternative to [the native Swagger/Open API support](../core/openapi.md)
 6 | provided by API Platform.
 7 | 
 8 | As NelmioApiDocBundle 3+ has built-in support for API Platform, this documentation is only relevant
 9 | for people using NelmioApiDocBundle between version 2.9 and 3.0.
10 | 
11 | ![Screenshot of API Platform integrated with NelmioApiDocBundle](images/NelmioApiDocBundle.png)
12 | 
13 | [NelmioApiDocBundle](https://github.com/nelmio/NelmioApiDocBundle) is supported by API Platform
14 | since version 2.9.
15 | 
16 | To enable the NelmioApiDoc integration, copy the following configuration:
17 | 
18 | ```yaml
19 | # api/config/packages/api_platform.yaml
20 | api_platform:
21 |     # ...
22 | 
23 |     enable_nelmio_api_doc: true
24 | 
25 | nelmio_api_doc:
26 |     sandbox:
27 |         accept_type: "application/json"
28 |         body_format:
29 |             formats: ["json"]
30 |             default_format: "json"
31 |         request_format:
32 |             formats:
33 |                 json: "application/json"
34 | ```
35 | 
36 | Please note that NelmioApiDocBundle has a sandbox limitation where you cannot pass a JSON array as
37 | parameter, so you cannot use it to deserialize nested objects.
38 | 


--------------------------------------------------------------------------------
/create-client/typescript.md:
--------------------------------------------------------------------------------
 1 | # TypeScript Interfaces
 2 | 
 3 | The TypeScript Generator allows you to create
 4 | [TypeScript interfaces](https://www.typescriptlang.org/docs/handbook/2/everyday-types.html#interfaces)
 5 | that you can embed in any TypeScript-enabled project (React, Vue.js, Angular..).
 6 | 
 7 | To do so, run the generator:
 8 | 
 9 | ```console
10 | npm init @api-platform/client https://demo.api-platform.com src/ -- --generator typescript --resource foo
11 | # Replace the URL with the entrypoint of your Hydra-enabled API.
12 | ```
13 | 
14 | `src/` is where the interfaces will be generated.
15 | 
16 | Omit the resource flag to generate files for all resource types exposed by the API. You can also use
17 | an OpenAPI documentation with `-f openapi3`.
18 | 
19 | This command parses the Hydra documentation and creates one `.ts` file for each API Resource you
20 | have defined in your application, in the `interfaces` subfolder.
21 | 
22 | **Note:** If you are not sure what the entrypoint is, see [Troubleshooting](troubleshooting.md).
23 | 
24 | ## Example
25 | 
26 | Assuming you have 2 resources in your application, `Foo` and `Bar`, when you run:
27 | 
28 | ```console
29 | npm init @api-platform/client https://demo.api-platform.com src/ -- --generator typescript
30 | ```
31 | 
32 | You will obtain 2 `.ts` files arranged as following:
33 | 
34 | - src/
35 |     - interfaces/
36 |         - foo.ts
37 |         - bar.ts
38 | 


--------------------------------------------------------------------------------
/admin/file-upload.md:
--------------------------------------------------------------------------------
 1 | # Handling File Upload
 2 | 
 3 | If you need to handle the file upload in the server part, please follow
 4 | [the related documentation](../symfony/file-upload.md).
 5 | 
 6 | This documentation assumes you have a `/media_objects` endpoint accepting
 7 | `multipart/form-data`-encoded data.
 8 | 
 9 | To manage the upload in the admin part, you need to
10 | [customize the guessed create or edit form](./customizing.md#from-inputguesser-to-react-admin-inputs).
11 | 
12 | Add a [`<FileInput>`](https://marmelab.com/react-admin/FileInput.html) as a child of the guesser.
13 | For example, for the create form:
14 | 
15 | ```js
16 | import { HydraAdmin, ResourceGuesser, CreateGuesser } from "@api-platform/admin";
17 | import { FileField, FileInput } from "react-admin";
18 | 
19 | const MediaObjectsCreate = () => (
20 |     <CreateGuesser>
21 |         <FileInput source="file">
22 |             <FileField source="src" title="title" />
23 |         </FileInput>
24 |     </CreateGuesser>
25 | );
26 | 
27 | export const App = () => (
28 |     <HydraAdmin entrypoint="https://demo.api-platform.com">
29 |         <ResourceGuesser name="media_objects" create={MediaObjectsCreate} />
30 |         {/* ... */}
31 |     </HydraAdmin>
32 | );
33 | ```
34 | 
35 | And that's it! The guessers are able to detect that you have used a `FileInput` and are passing this
36 | information to the data provider, through a `hasFileField` field in the `extraInformation` object,
37 | itself in the data. If you are using the Hydra data provider, it uses a `multipart/form-data`
38 | request instead of a JSON-LD one.
39 | 
40 | **Note:** In the case of the `EditGuesser`, the HTTP method used becomes a `POST` instead of a
41 | `PUT`, to prevent a [PHP bug](https://bugs.php.net/bug.php?id=55815).
42 | 


--------------------------------------------------------------------------------
/admin/performance.md:
--------------------------------------------------------------------------------
 1 | # Performance Tips
 2 | 
 3 | To make the admin faster and greener, you can make some changes to your API.
 4 | 
 5 | ## Retrieve All Relations in One Request
 6 | 
 7 | By default, if your relations are not embedded and if you decide to display some fields belonging to
 8 | relations in your resource list, the admin will fetch the relations one by one.
 9 | 
10 | In this case, it can be improved by doing only one request for all the related resources instead.
11 | 
12 | To do so, you need to make sure the [search filter](../core/doctrine-filters.md#search-filter) is
13 | enabled for the identifier of the related resource.
14 | 
15 | For instance, if you have a `book` resource having a relation to `author` resources and you display
16 | the author names on your book list, you can make sure the authors are retrieved in one go by
17 | writing:
18 | 
19 | ```php
20 | <?php
21 | // api/src/Entity/Author.php
22 | namespace App\Entity;
23 | 
24 | use ApiPlatform\Metadata\ApiFilter;
25 | use ApiPlatform\Doctrine\Orm\Filter\SearchFilter;
26 | use ApiPlatform\Metadata\ApiResource;
27 | use Doctrine\ORM\Mapping as ORM;
28 | 
29 | #[ORM\Entity]
30 | #[ApiResource]
31 | class Author
32 | {
33 |     #[ORM\Id, ORM\Column, ORM\GeneratedValue]
34 |     #[ApiFilter(SearchFilter::class, strategy: "exact")]
35 |     public ?int $id = null;
36 | 
37 |     #[ORM\Column]
38 |     public string $name;
39 | }
40 | ```
41 | 
42 | Instead of issuing a separate request for each author, the admin will now fetch all the authors in
43 | one go, with a request similar to the following:
44 | 
45 | ```txt
46 | https://localhost/authors?
47 |   page=1
48 |   &itemsPerPage=5
49 |   &id[0]=/authors/7
50 |   &id[1]=/authors/8
51 |   &id[2]=/authors/9
52 |   &id[3]=/authors/10
53 |   &id[4]=/authors/11
54 | ```
55 | 


--------------------------------------------------------------------------------
/create-client/index.md:
--------------------------------------------------------------------------------
 1 | # API Platform Create Client
 2 | 
 3 | Create Client is the fastest way to scaffold fully featured webapps and native mobile apps from APIs
 4 | supporting the [Hydra](https://www.hydra-cg.com/) or [OpenAPI](https://www.openapis.org/) format.
 5 | 
 6 | ![Screencast](images/create-client-demo.gif)
 7 | 
 8 | ## Generated React and React Native Apps, Updated in Real Time
 9 | 
10 | It is able to generate apps using the following frontend stacks:
11 | 
12 | - [Next.js](nextjs.md)
13 | - [Nuxt](nuxt.md)
14 | - [Quasar](quasar.md)
15 | - [Vuetify](vuetify.md)
16 | - [React](react.md)
17 | - [React Native](react-native.md)
18 | - [Vue.js](vuejs.md)
19 | - [Or bring your custom generator](custom.md)
20 | 
21 | Create Client works especially well with APIs built with the
22 | [API Platform](https://api-platform.com) framework.
23 | 
24 | ## Features
25 | 
26 | - Generates high-quality TypeScript:
27 |     - list view (with pagination)
28 |     - detail view
29 |     - creation form
30 |     - update form
31 |     - delete button
32 | - Supports to-one and to-many relations
33 | - Uses the appropriate input type (`number`, `date`...)
34 | - Client-side validation
35 | - Subscribes to data updates pushed by servers supporting
36 |   [the Mercure protocol](https://mercure.rocks)
37 | - Displays server-side validation errors under the related input (if using API Platform Core)
38 | - Integration with [Tailwind CSS](https://tailwindcss.com) (Next.js) or
39 |   [Bootstrap](https://getbootstrap.com/) and [Font Awesome](https://fontawesome.com/) (other
40 |   generators)
41 | - Integration with
42 |   [React Native Elements](https://react-native-training.github.io/react-native-elements/)
43 | - Accessible to people with disabilities ([ARIA](https://www.w3.org/WAI/intro/aria) support in
44 |   webapps)
45 | 


--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
 1 | # Contributing to the API Platform Documentation
 2 | 
 3 | First of all, thank you for contributing, you're awesome!
 4 | 
 5 | To have your code integrated in the API Platform documentation project, there are some rules to
 6 | follow, but don't panic, it's easy!
 7 | 
 8 | ## Reporting Bugs in the documentation
 9 | 
10 | Before submitting your issue:
11 | 
12 | - Check if the bug is not already reported!
13 | - A clear title to resume the issue
14 | - A description of the workflow needed to reproduce the bug
15 | 
16 | > [!NOTE] Don't hesitate giving as much information as you can.
17 | 
18 | ## Code of Conduct
19 | 
20 | By contributing to this project, you agree to abide by our
21 | [Code of Conduct](https://github.com/api-platform/docs#coc-ov-file). We expect all contributors to
22 | foster a welcoming and inclusive environment.
23 | 
24 | ## How to Contribute
25 | 
26 | 1. Fork this repository by clicking the "Fork" button at the top right of the `api-platform/docs`
27 |    repository page.
28 | 
29 | 2. Clone the forked repository to your local machine:
30 | 
31 |     ```console
32 |       git clone https://github.com/your-username/repository-name.git
33 |     ```
34 | 
35 | 3. Create a new branch for your contribution:
36 | 
37 |     ```console
38 |       git switch -c docs-your-branch-name
39 |     ```
40 | 
41 | 4. Commit and push your changes
42 | 5. Submit a Pull Request. You must decide on what branch your changes will be based depending of the
43 |    nature of the change. See
44 |    [the dedicated documentation entry](https://api-platform.com/docs/extra/releases/).
45 | 
46 | > [!TIP] You can also contribute to improving the documentation directly by clicking on the **"You
47 | > can also help us improve the documentation of this page."** link, located at the end of each
48 | > documentation page.
49 | 


--------------------------------------------------------------------------------
/create-client/vuetify.md:
--------------------------------------------------------------------------------
 1 | # Vuetify Generator
 2 | 
 3 | Bootstrap a Vuetify 3 application using `create-vuetify`:
 4 | 
 5 | ```console
 6 | npm init vuetify -- --typescript --preset essentials
 7 | cd my-app
 8 | ```
 9 | 
10 | Install the required dependencies:
11 | 
12 | ```console
13 | npm install dayjs qs @types/qs vue-i18n
14 | ```
15 | 
16 | To generate all the code you need for a given resource run the following command:
17 | 
18 | ```console
19 | npm init @api-platform/client https://demo.api-platform.com src/ -- --generator vuetify --resource book
20 | ```
21 | 
22 | Replace the URL with the entrypoint of your Hydra-enabled API. You can also use an OpenAPI
23 | documentation with `https://demo.api-platform.com/docs.jsonopenapi` and `-f openapi3`.
24 | 
25 | Omit the resource flag to generate files for all resource types exposed by the API.
26 | 
27 | **Note:** Make sure to follow the result indications of the command to register the routes and the
28 | translations.
29 | 
30 | Then add this import in `src/plugins/vuetify.ts`:
31 | 
32 | ```typescript
33 | // src/plugins/vuetify.ts
34 | import { VDataTableServer } from "vuetify/labs/VDataTable";
35 | ```
36 | 
37 | In the same file replace the export with:
38 | 
39 | ```typescript
40 | // src/plugins/vuetify.ts
41 | export default createVuetify({
42 |     components: {
43 |         VDataTableServer,
44 |     },
45 | });
46 | ```
47 | 
48 | In `src/plugins/index.ts` add this import:
49 | 
50 | ```typescript
51 | // src/plugins/index.ts
52 | import i18n from "@/plugins/i18n";
53 | ```
54 | 
55 | In the same file add `.use(i18n)` chained with the other `use()` functions.
56 | 
57 | You can launch the server with:
58 | 
59 | ```console
60 | npm run dev
61 | ```
62 | 
63 | Go to `http://localhost:3000/books/` to start using your app.
64 | 
65 | **Note:** In order to Mercure to work with the demo, you have to use the port 3000.
66 | 


--------------------------------------------------------------------------------
/admin/real-time-mercure.md:
--------------------------------------------------------------------------------
 1 | # Real-time Updates With Mercure
 2 | 
 3 | API Platform Admin support real-time updates by using the [Mercure protocol](https://mercure.rocks).
 4 | 
 5 | Updates are received by using the `useMercureSubscription` hook in the `ListGuesser`, `ShowGuesser`
 6 | and `EditGuesser` components.
 7 | 
 8 | To enable Mercure server-side, see the [related documentation](../core/mercure.md).
 9 | 
10 | Once enabled, API Platform Admin for Hydra will automatically detect that Mercure is enabled and
11 | will discover the Mercure hub URL by itself.
12 | 
13 | ## Advanced Configuration
14 | 
15 | If you want to customize the default Mercure configuration, you can either do it with a prop in the
16 | `<HydraAdmin>` or `<OpenApiAdmin>` component:
17 | 
18 | ```javascript
19 | import { OpenApiAdmin } from "@api-platform/admin";
20 | 
21 | export default () => (
22 |     <OpenApiAdmin
23 |         entrypoint="https://demo.api-platform.com"
24 |         docEntrypoint="https://demo.api-platform.com/docs.jsonopenapi"
25 |         mercure={{ hub: "https://mercure.rocks/hub" }}
26 |     />
27 | );
28 | ```
29 | 
30 | Or in the data provider factory:
31 | 
32 | ```javascript
33 | import { hydraDataProvider, fetchHydra } from "@api-platform/admin";
34 | import { parseHydraDocumentation } from "@api-platform/api-doc-parser";
35 | 
36 | const dataProvider = baseHydraDataProvider({
37 |     entrypoint,
38 |     httpClient: fetchHydra,
39 |     apiDocumentationParser: parseHydraDocumentation,
40 |     mercure: { hub: "https://mercure.rocks/hub" },
41 | });
42 | ```
43 | 
44 | The `mercure` object can take the following properties:
45 | 
46 | - `hub`: the URL to your Mercure hub (default value: null ; when null it will be discovered by using
47 |   API responses)
48 | - `jwt`: a subscriber JWT to access your Mercure hub (default value: null)
49 | - `topicUrl`: the topic URL of your resources (default value: entrypoint)
50 | 


--------------------------------------------------------------------------------
/.github/workflows/ci.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Lint
 3 | 
 4 | on:
 5 |   push:
 6 |   pull_request:
 7 | 
 8 | permissions:
 9 |   contents: read
10 | 
11 | jobs:
12 |   proselint:
13 |     name: Prose Lint
14 |     runs-on: ubuntu-latest
15 |     steps:
16 |       - name: Checkout code
17 |         uses: actions/checkout@v4
18 | 
19 |       - uses: actions/cache@v4
20 |         with:
21 |           path: ~/.cache/pip
22 |           key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
23 |           restore-keys: |
24 |             ${{ runner.os }}-pip-
25 | 
26 |       - name: Install Proselint
27 |         run: pip install --quiet --user proselint
28 | 
29 |       - name: Run Proselint
30 |         run: find . -name '*.md' -exec proselint {} \;
31 |   lint:
32 |     name: Lint
33 |     runs-on: ubuntu-latest
34 | 
35 |     steps:
36 |       - name: Checkout code
37 |         uses: actions/checkout@v4
38 | 
39 |       - uses: DavidAnson/markdownlint-cli2-action@v21
40 |         with:
41 |           globs: '**/*.md'
42 | 
43 |   prettier-format:
44 |     name: Prettier
45 |     runs-on: ubuntu-latest
46 |     steps:
47 |       - name: Checkout code
48 |         uses: actions/checkout@v4
49 | 
50 |       - name: Setup Node.js
51 |         uses: actions/setup-node@v4
52 |         with:
53 |           node-version: '20'
54 | 
55 |       - name: Prettier Dry Run
56 |         run: |
57 |           npx prettier --check "**/*.md" || {
58 |             echo "::error title=Formatting Failed::Some files are not formatted correctly."
59 |             echo "-------------------------------------------------------"
60 |             echo "❌ CHECK FAILED"
61 |             echo "To fix these issues, run the following command locally:"
62 |             echo ""
63 |             echo "    npx prettier --write \"**/*.md\" --prose-wrap always"
64 |             echo ""
65 |             echo "-------------------------------------------------------"
66 |             exit 1
67 |             }
68 | 


--------------------------------------------------------------------------------
/extra/releases.md:
--------------------------------------------------------------------------------
 1 | # The Release Process
 2 | 
 3 | API Platform follows the [Semantic Versioning](https://semver.org) strategy. A new minor version is
 4 | released every six months, and a new major version is released every two years, along with a last
 5 | minor version on the previous major one with the same features and an upgrade path.
 6 | 
 7 | For example:
 8 | 
 9 | - version 3.0 has been released on 15 September 2022;
10 | - version 3.1 has been released on 23 January 2023;
11 | - version 3.2 has been released on 12 October 2023;
12 | - version 3.3 has been released on 9 April 2024 (we were a little late, it should have been
13 |   published in March);
14 | - versions 3.4 has been released on 18 September 2024;
15 | - versions 4.0 has been released on 27 September 2024;
16 | - versions 4.1 has been released on 28 February 2025;
17 | - versions 4.2 has been released on 18 September 2025;
18 | 
19 | ## Maintenance
20 | 
21 | 3 versions are maintained at the same time:
22 | 
23 | - **stable** (currently the **4.2** branch): regular bugfixes are integrated in this version
24 | - **old-stable** (are the last branch: **4.1**): [security fixes](security.md) are integrated in
25 |   this version, regular bugfixes are **not** backported in it
26 | - **development** (**main** branch): new features target this branch
27 | 
28 | Older versions (1.x, 2.6..., 3.0..., 4.0) **are not maintained**. If you still use them, you must
29 | upgrade as soon as possible.
30 | 
31 | The **old-stable** branch is merged in the **stable** branch on a regular basis to propagate
32 | [security fixes](security.md). The **stable** branch is merged in the **development** branch on a
33 | regular basis to propagate [security](security.md) and regular bugfixes.
34 | 
35 | New major versions of API Platform are released every 2 years. New minor versions of API Platform
36 | are released every 6 months.
37 | 
38 | The latest minor version of a major branch contains all the new features introduced in the first
39 | version of the next major, but also contains deprecated features which are removed in the next major
40 | branch.
41 | 


--------------------------------------------------------------------------------
/create-client/vuejs.md:
--------------------------------------------------------------------------------
 1 | # Vue.js Generator
 2 | 
 3 | Bootstrap a Vue 3 application using create-vue:
 4 | 
 5 | ```console
 6 | npm init vue@latest -- --typescript --router --pinia --eslint-with-prettier my-app
 7 | cd my-app
 8 | ```
 9 | 
10 | Install the required dependencies:
11 | 
12 | ```console
13 | npm install dayjs qs @types/qs
14 | ```
15 | 
16 | To generate all the code you need for a given resource run the following command:
17 | 
18 | ```console
19 | npm init @api-platform/client https://demo.api-platform.com src/ -- --generator vue --resource book
20 | ```
21 | 
22 | Replace the URL with the entrypoint of your Hydra-enabled API. You can also use an OpenAPI
23 | documentation with `https://demo.api-platform.com/docs.jsonopenapi` and `-f openapi3`.
24 | 
25 | Omit the resource flag to generate files for all resource types exposed by the API.
26 | 
27 | **Note:** Make sure to follow the result indications of the command to register the routes.
28 | 
29 | Replace the content of `App.vue` with the following code:
30 | 
31 | ```html
32 | // src/App.vue
33 | <template>
34 |     <RouterView />
35 | </template>
36 | 
37 | <script setup lang="ts">
38 |     import { RouterView } from "vue-router";
39 | </script>
40 | ```
41 | 
42 | Optionally, install Tailwind to get an app that looks good:
43 | 
44 | ```console
45 | npm install -D tailwindcss postcss autoprefixer
46 | npx tailwindcss init -p
47 | ```
48 | 
49 | Replace the content of `tailwind.config.js` by:
50 | 
51 | ```js
52 | // tailwind.config.js
53 | /** @type {import('tailwindcss').Config} */
54 | module.exports = {
55 |     content: ["./index.html", "./src/**/*.{vue,js,ts,jsx,tsx}"],
56 |     theme: {
57 |         extend: {},
58 |     },
59 |     plugins: [],
60 | };
61 | ```
62 | 
63 | Replace the content of `src/assets/main.css` by:
64 | 
65 | ```css
66 | @tailwind base;
67 | @tailwind components;
68 | @tailwind utilities;
69 | ```
70 | 
71 | You can launch the server with:
72 | 
73 | ```console
74 | npm run dev
75 | ```
76 | 
77 | Go to `http://localhost:5173/books/` to start using your app.
78 | 
79 | **Note:** In order to Mercure to work with the demo, you have to use the port 3000.
80 | 


--------------------------------------------------------------------------------
/create-client/quasar.md:
--------------------------------------------------------------------------------
 1 | # Quasar Framework Generator
 2 | 
 3 | Create a Quasar Framework application using [Quasar CLI](https://quasar.dev/start/quasar-cli):
 4 | 
 5 | ```console
 6 | npm i -g @quasar/cli
 7 | npm init quasar
 8 | cd my-app
 9 | ```
10 | 
11 | It will ask you some questions, you can use these answers:
12 | 
13 | ```console
14 | What would you like to build ? App with Quasar CLI, let's go!
15 | Project folder: my-app
16 | Pick Quasar version: Quasar v2 (Vue 3 | latest and greatest)
17 | Pick script types: Typescript
18 | Pick Quasar App CLI variant: Quasar App CLI with Vite
19 | Package name: my-app
20 | Pick a Vue component style: Composition API with <script setup>
21 | Check the features needed for your project: ESLint / State Management (Pinia) / Vue-i18n
22 | Pick an ESLint Preset: Prettier
23 | ```
24 | 
25 | Install the required dependencies:
26 | 
27 | ```console
28 | npm install dayjs qs @types/qs
29 | ```
30 | 
31 | In the app directory, generate the files for the resource you want:
32 | 
33 | ```console
34 | npm init @api-platform/client https://demo.api-platform.com src/ -- --generator quasar --resource foo
35 | ```
36 | 
37 | Replace the URL by the entrypoint of your Hydra-enabled API. You can also use an OpenAPI
38 | documentation with `https://demo.api-platform.com/docs.jsonopenapi` and `-f openapi3`.
39 | 
40 | Omit the resource flag to generate files for all resource types exposed by the API.
41 | 
42 | **Note:** Make sure to follow the result indications of the command to register the routes and the
43 | translations.
44 | 
45 | Import common translations:
46 | 
47 | ```ts
48 | // src/i18n/en-US/index.ts
49 | import common from "./common";
50 | 
51 | export default {
52 |     // ...
53 |     ...common,
54 | };
55 | ```
56 | 
57 | Finally, make sure to update the config:
58 | 
59 | ```js
60 | // quasar.conf.js
61 | framework: {
62 |   plugins: ['Notify'],
63 |   config: {
64 |     // ...
65 |     notify: {
66 |       position: 'top',
67 |       multiLine: true,
68 |       timeout: 0,
69 |     },
70 |   },
71 | ```
72 | 
73 | You can launch the server with:
74 | 
75 | ```console
76 | quasar dev
77 | ```
78 | 
79 | Go to `http://localhost:9000/books/` to start using your app.
80 | 
81 | **Note:** In order to Mercure to work with the demo, you have to use the port 3000.
82 | 


--------------------------------------------------------------------------------
/symfony/caddy.md:
--------------------------------------------------------------------------------
 1 | # Configuring the Caddy Web Server with Symfony
 2 | 
 3 | [The API Platform distribution](index.md) is shipped with
 4 | [the Caddy web server](https://caddyserver.com). The build contains the
 5 | [Mercure](../core/mercure.md) and the [Vulcain](https://vulcain.rocks) Caddy modules.
 6 | 
 7 | Caddy is positioned in front of the web API and of the Progressive Web App. It routes requests to
 8 | either service depending on the value of the `Accept` HTTP header or the extension of the requested
 9 | file.
10 | 
11 | Using the same domain to serve the API and the PWA
12 | [improves performance by preventing unnecessary CORS preflight requests and encourages embracing the REST principles](https://dunglas.fr/2022/01/preventing-cors-preflight-requests-using-content-negotiation/).
13 | 
14 | By default, requests having an `Accept` request header containing the `text/html` media type are
15 | routed to the Next.js application, except for some paths known to be resources served by the API
16 | (e.g. the Swagger UI documentation, static files provided by bundles...). Other requests are routed
17 | to the API.
18 | 
19 | Sometimes, you may want to let the PHP application generate HTML responses. For instance, when you
20 | create your own Symfony controllers serving HTML pages, or when using bundles such as EasyAdmin or
21 | SonataAdmin.
22 | 
23 | To do so, you have to tweak the rules used to route the requests. Open
24 | `api-platform/api/frankenphp/Caddyfile` and modify the expression. You can use
25 | [any CEL (Common Expression Language) expression](https://caddyserver.com/docs/caddyfile/matchers#expression)
26 | supported by Caddy.
27 | 
28 | For instance, if you want to route all requests to a path starting with `/admin` to the API, modify
29 | the existing expression like this:
30 | 
31 | ```patch
32 | # Matches requests for HTML documents, for static files and for Next.js files,
33 | # except for known API paths and paths with extensions handled by API Platform
34 | @pwa expression `(
35 |         {header.Accept}.matches("\\btext/html\\b")
36 | -        && !{path}.matches("(?i)(?:^/docs|^/graphql|^/bundles/|^/_profiler|^/_wdt|\\.(?:json|html$|csv$|ya?ml$|xml$))")
37 | +        && !{path}.matches("(?i)(?:^/admin|^/docs|^/graphql|^/bundles/|^/_profiler|^/_wdt|\\.(?:json|html$|csv$|ya?ml$|xml$))")
38 |     )`
39 | ```
40 | 


--------------------------------------------------------------------------------
/.github/workflows/cd.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Deploy Website
 3 | 
 4 | on:
 5 |   push:
 6 |     branches:
 7 |       - main
 8 |       - "*.*"
 9 | 
10 | permissions:
11 |   contents: read
12 |   actions: read
13 |   checks: write
14 |   deployments: write
15 |   pull-requests: read
16 | 
17 | jobs:
18 |   deploy:
19 |     runs-on: ubuntu-latest
20 |     steps:
21 |       - name: Checkout the website
22 |         uses: actions/checkout@v4
23 |         with:
24 |           repository: api-platform/website
25 |           ref: main
26 | 
27 |       - name: Get yarn cache directory path
28 |         id: yarn-cache-dir-path
29 |         run: echo "dir=$(yarn cache dir)" >> "$GITHUB_OUTPUT"
30 | 
31 |       - uses: actions/cache@v4
32 |         id: yarn-cache
33 |         with:
34 |           path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
35 |           key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
36 |           restore-keys: |
37 |             ${{ runner.os }}-yarn-
38 | 
39 |       - name: Setup Hugo
40 |         uses: peaceiris/actions-hugo@v3
41 |         with:
42 |           hugo-version: "0.134.2"
43 |           extended: true
44 | 
45 |       - name: Install php
46 |         uses: shivammathur/setup-php@v2
47 |         with:
48 |           php-version: "8.2"
49 |           tools: phive
50 | 
51 |       - name: Auth gcloud
52 |         uses: google-github-actions/auth@v2
53 |         with:
54 |           credentials_json: ${{ secrets.BUCKET_CREDS }}
55 | 
56 |       - name: Set up Cloud SDK
57 |         uses: google-github-actions/setup-gcloud@v2
58 | 
59 |       - name: Clone website
60 |         uses: actions/checkout@v4
61 |         with:
62 |           repository: api-platform/docs-website
63 |           path: docs-website
64 | 
65 |       - name: Install javascript packages
66 |         working-directory: docs-website
67 |         run: npm install
68 | 
69 |       - name: Fetch API Platform docs
70 |         working-directory: docs-website
71 |         run: tools/get-docs.sh
72 | 
73 |       - name: Fetch API Platform references and guides
74 |         working-directory: docs-website
75 |         run: tools/get-core-docs.sh
76 | 
77 |       - name: Build menu
78 |         working-directory: docs-website
79 |         run: node tools/menu.mjs
80 | 
81 |       - name: Hugo
82 |         working-directory: docs-website
83 |         run: hugo --minify
84 | 
85 |       - name: Deploy
86 |         working-directory: docs-website
87 |         run: gsutil -q -m rsync -d -r ./public gs://api-platform-website-v3/
88 | 


--------------------------------------------------------------------------------
/extra/conduct.md:
--------------------------------------------------------------------------------
 1 | # Contributor Code of Conduct
 2 | 
 3 | As contributors and maintainers of this project, and in the interest of fostering an open and
 4 | welcoming community, we pledge to respect all people who contribute through reporting issues,
 5 | posting feature requests, updating documentation, submitting pull requests or patches, and other
 6 | activities.
 7 | 
 8 | We are committed to making participation in this project a harassment-free experience for everyone,
 9 | regardless of level of experience, gender, gender identity and expression, sexual orientation,
10 | disability, personal appearance, body size, ethnic group, ethnicity, age, religion, or nationality.
11 | 
12 | Examples of unacceptable behavior by participants include:
13 | 
14 | - The use of sexualized language or imagery
15 | - Personal attacks
16 | - Trolling or insulting/derogatory comments
17 | - Public or private harassment
18 | - Publishing other's private information, such as physical or electronic addresses, without explicit
19 |   permission
20 | - Other unethical or unprofessional conduct
21 | 
22 | Project maintainers have the right and responsibility to remove, edit, or reject comments, commits,
23 | code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or
24 | to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate,
25 | threatening, offensive, or harmful.
26 | 
27 | By adopting this Code of Conduct, project maintainers commit themselves to fairly and consistently
28 | applying these principles to every aspect of managing this project. Project maintainers who do not
29 | follow or enforce the Code of Conduct may be permanently removed from the project team.
30 | 
31 | This Code of Conduct applies both within project spaces and in public spaces when an individual is
32 | representing the project or its community.
33 | 
34 | Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting a
35 | project maintainer at kevin+api-platform-coc [at] dunglas.fr. All complaints will be reviewed and
36 | investigated and will result in a response that is deemed necessary and appropriate to the
37 | circumstances. Maintainers are obligated to maintain confidentiality regarding the reporter of an
38 | incident.
39 | 
40 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.3.0, available
41 | at [http://contributor-covenant.org/version/1/3/0/][version]
42 | 
43 | [homepage]: http://contributor-covenant.org
44 | [version]: http://contributor-covenant.org/version/1/3/0/
45 | 


--------------------------------------------------------------------------------
/core/push-relations.md:
--------------------------------------------------------------------------------
 1 | # Pushing Related Resources Using HTTP/2
 2 | 
 3 | > HTTP/2 allows a server to pre-emptively send (or "push") responses (along with corresponding
 4 | > "promised" requests) to a client in association with a previous client-initiated request. This can
 5 | > be useful when the server knows the client will need to have those responses available in order to
 6 | > fully process the response to the original request.
 7 | >
 8 | > —[RFC 7540](https://tools.ietf.org/html/rfc7540#section-8.2)
 9 | 
10 | API Platform leverages this capability by pushing relations of a resource to clients.
11 | 
12 | > [!NOTE] We strongly recommend using [Vulcain](https://vulcain.rocks) instead of this feature.
13 | > Vulcain is faster, cleaner, more flexible, and is supported out of the box in
14 | > [the API Platform distribution](../symfony/index.md).
15 | 
16 | ```php
17 | <?php
18 | // api/src/ApiResource/Book.php with Symfony or app/ApiResource/Book.php with Laravel
19 | namespace App\ApiResource;
20 | 
21 | use ApiPlatform\Metadata\ApiProperty;
22 | use ApiPlatform\Metadata\ApiResource;
23 | 
24 | #[ApiResource]
25 | class Book
26 | {
27 |      #[ApiProperty(push: true)]
28 |     public Author $author;
29 | 
30 |     // ...
31 | }
32 | ```
33 | 
34 | By setting the `push` attribute to `true` on a property holding a relation, API Platform will
35 | automatically add a valid `Link` HTTP header with the `preload` relation. According to the
36 | [Preload W3C Candidate Recommendation](https://www.w3.org/TR/preload/#server-push-http-2), web
37 | servers and proxy servers can read this header, fetch the related resource and send it to the client
38 | using Server Push.
39 | 
40 | With the Caddy web server (the server shipped as part of the [distribution](../symfony/index.md)),
41 | you must add [the `push` directive](https://caddyserver.com/docs/caddyfile/directives/push) to your
42 | `Caddyfile` to be able to use this feature.
43 | 
44 | [NGINX](https://www.nginx.com/blog/nginx-1-13-9-http2-server-push/),
45 | [Apache](https://httpd.apache.org/docs/current/howto/http2.html#push),
46 | [Cloudflare](https://www.cloudflare.com/website-optimization/http2/serverpush/),
47 | [Fastly](https://docs.fastly.com/guides/performance-tuning/http2-server-push) and
48 | [Akamai](https://blogs.akamai.com/2017/03/http2-server-push-the-what-how-and-why.html) honor this
49 | header.
50 | 
51 | Using this feature maximises HTTP cache hits for your API resources. For best performance, this
52 | feature should be used in conjunction with
53 | [the built-in HTTP cache invalidation system (based on Varnish)](performance.md#enabling-the-built-in-http-cache-invalidation-system).
54 | 


--------------------------------------------------------------------------------
/create-client/react.md:
--------------------------------------------------------------------------------
 1 | # React Generator
 2 | 
 3 | ![List screenshot](images/react/create-client-react-list.png)
 4 | 
 5 | The React generator scaffolds a Single Page Application or a Progressive Web App built with
 6 | battle-tested libraries from the ecosystem:
 7 | 
 8 | - [React](https://reactjs.org/)
 9 | - [React Router](https://reactrouter.com/)
10 | - [React Hook Form](https://react-hook-form.com/)
11 | 
12 | ## Install
13 | 
14 | Bootstrap a React application:
15 | 
16 | ```console
17 | npm create vite@latest my-app -- --template react-ts
18 | cd my-app
19 | ```
20 | 
21 | Install the required dependencies:
22 | 
23 | ```console
24 | npm install react-router-dom react-hook-form
25 | ```
26 | 
27 | Optionally, install Bootstrap and Font Awesome to get an app that looks good:
28 | 
29 | ```console
30 | npm install bootstrap font-awesome
31 | ```
32 | 
33 | Finally, start the integrated web server:
34 | 
35 | ```console
36 | npm run dev
37 | ```
38 | 
39 | ## Generating a Web App
40 | 
41 | ```console
42 | npm init @api-platform/client https://demo.api-platform.com src/ -- --generator react --resource book
43 | ```
44 | 
45 | Replace the URL by the entrypoint of your Hydra-enabled API. You can also use an OpenAPI
46 | documentation with `-f openapi3`.
47 | 
48 | Omit the resource flag to generate files for all resource types exposed by the API.
49 | 
50 | The code has been generated, and is ready to be executed!
51 | 
52 | Register the reducers and the routes:
53 | 
54 | ```typescript
55 | // my-app/src/main.tsx
56 | import React from 'react';
57 | import ReactDOM from 'react-dom/client';
58 | import { BrowserRouter as Router, Route, Routes } from 'react-router-dom';
59 | import 'bootstrap/dist/css/bootstrap.css';
60 | import 'font-awesome/css/font-awesome.css';
61 | // Import your routes here
62 | import App from './App';
63 | 
64 | const NotFound = () => (
65 |   <h1>Not Found</h1>
66 | );
67 | 
68 | const root = ReactDOM.createRoot(
69 |   document.getElementById('root') as HTMLElement
70 | );
71 | root.render(
72 |   <React.StrictMode>
73 |     <Router>
74 |       <Routes>
75 |         <Route path="/" element={<App/>}/>
76 |         {/* Add your routes here */}
77 |         <Route path='*' element={<NotFound/>} />
78 |       </Routes>
79 |     </Router>
80 |   </React.StrictMode>
81 | );
82 | ```
83 | 
84 | Go to `https://localhost/books/` to start using your app.
85 | 
86 | ## Screenshots
87 | 
88 | ![List](images/react/create-client-react-list.png)
89 | ![Pagination](images/react/create-client-react-list-pagination.png)
90 | ![Show](images/react/create-client-react-show.png)
91 | ![Edit](images/react/create-client-react-edit.png)
92 | ![Delete](images/react/create-client-react-delete.png)
93 | 


--------------------------------------------------------------------------------
/create-client/nuxt.md:
--------------------------------------------------------------------------------
  1 | # Nuxt Generator
  2 | 
  3 | Bootstrap a [Nuxt 3](https://nuxt.com/) application:
  4 | 
  5 | ```console
  6 | npx nuxi init my-app
  7 | cd my-app
  8 | ```
  9 | 
 10 | Install the required dependencies:
 11 | 
 12 | ```console
 13 | yarn add dayjs @pinia/nuxt qs @types/qs
 14 | ```
 15 | 
 16 | To generate the code you need for a given resource, run the following command:
 17 | 
 18 | ```console
 19 | yarn create @api-platform/client https://demo.api-platform.com . --generator nuxt --resource foo
 20 | ```
 21 | 
 22 | Replace the URL with the entrypoint of your Hydra-enabled API. You can also use an OpenAPI
 23 | documentation with `https://demo.api-platform.com/docs.jsonopenapi` and `-f openapi3`.
 24 | 
 25 | Omit the resource flag to generate files for all resource types exposed by the API.
 26 | 
 27 | Add Pinia module in `nuxt.config.ts`:
 28 | 
 29 | ```typescript
 30 | // https://nuxt.com/docs/api/configuration/nuxt-config
 31 | export default defineNuxtConfig({
 32 |     // ...
 33 |     modules: ["@pinia/nuxt"],
 34 |     // ...
 35 | });
 36 | ```
 37 | 
 38 | Delete `app.vue` as it will prevent Nuxt router to work correctly.
 39 | 
 40 | Optionally, install Tailwind to get an app that looks good:
 41 | 
 42 | ```console
 43 | yarn add -D tailwindcss postcss autoprefixer
 44 | yarn tailwindcss init -p
 45 | ```
 46 | 
 47 | Add this code in `nuxt.config.ts`:
 48 | 
 49 | ```typescript
 50 | // https://nuxt.com/docs/api/configuration/nuxt-config
 51 | export default defineNuxtConfig({
 52 |     // ...
 53 |     css: ["~/assets/css/main.css"],
 54 |     postcss: {
 55 |         plugins: {
 56 |             tailwindcss: {},
 57 |             autoprefixer: {},
 58 |         },
 59 |     },
 60 |     // ...
 61 | });
 62 | ```
 63 | 
 64 | And this code in `tailwind.config.js`:
 65 | 
 66 | ```javascript
 67 | /** @type {import('tailwindcss').Config} */
 68 | module.exports = {
 69 |     content: [
 70 |         "./components/**/*.{js,vue,ts}",
 71 |         "./layouts/**/*.vue",
 72 |         "./pages/**/*.vue",
 73 |         "./plugins/**/*.{js,ts}",
 74 |         "./nuxt.config.{js,ts}",
 75 |         "./app.vue",
 76 |     ],
 77 |     theme: {
 78 |         extend: {},
 79 |     },
 80 |     plugins: [],
 81 | };
 82 | ```
 83 | 
 84 | Create the file `assets/css/main.css` and add this code in it:
 85 | 
 86 | ```css
 87 | @tailwind base;
 88 | @tailwind components;
 89 | @tailwind utilities;
 90 | ```
 91 | 
 92 | You can launch the server with:
 93 | 
 94 | ```console
 95 | yarn dev -o
 96 | ```
 97 | 
 98 | Go to `https://localhost:3000/books/` to start using your app.
 99 | 
100 | ## Screenshots
101 | 
102 | ![List](images/nuxt/create-client-nuxt-list.png) ![Edit](images/nuxt/create-client-nuxt-edit.png)
103 | 


--------------------------------------------------------------------------------
/outline.yaml:
--------------------------------------------------------------------------------
  1 | ---
  2 | chapters:
  3 |   - title: "API Platform for Symfony"
  4 |     path: symfony
  5 |     items:
  6 |       - index
  7 |       - validation
  8 |       - security
  9 |       - testing
 10 |       - debugging
 11 |       - caddy
 12 |       - jwt
 13 |       - messenger
 14 |       - user
 15 |       - file-upload
 16 |       - controllers
 17 |       - nelmio-api-doc
 18 |       - migrate-from-fosrestbundle
 19 |       - fosuser-bundle
 20 |   - title: "API Platform for Laravel"
 21 |     path: laravel
 22 |     items:
 23 |       - index
 24 |       - testing
 25 |       - filters
 26 |       - security
 27 |       - validation
 28 |       - jwt
 29 |   - title: Core
 30 |     path: core
 31 |     items:
 32 |       - index
 33 |       - getting-started
 34 |       - upgrade-guide
 35 |       - design
 36 |       - extending
 37 |       - testing
 38 |       - operations
 39 |       - graphql
 40 |       - state-providers
 41 |       - state-processors
 42 |       - filters
 43 |       - elasticsearch-filters
 44 |       - doctrine-filters
 45 |       - subresources
 46 |       - serialization
 47 |       - validation
 48 |       - security
 49 |       - content-negotiation
 50 |       - pagination
 51 |       - deprecations
 52 |       - default-order
 53 |       - performance
 54 |       - extensions
 55 |       - dto
 56 |       - openapi
 57 |       - json-schema
 58 |       - mercure
 59 |       - push-relations
 60 |       - errors
 61 |       - external-vocabularies
 62 |       - operation-path-naming
 63 |       - url-generation-strategy
 64 |       - extending-jsonld-context
 65 |       - identifiers
 66 |       - mongodb
 67 |       - elasticsearch
 68 |       - events
 69 |       - jwt
 70 |       - form-data
 71 |       - bootstrap
 72 |       - configuration
 73 |       - client-integration
 74 |   - title: Schema Generator
 75 |     path: schema-generator
 76 |     items:
 77 |       - index
 78 |       - getting-started
 79 |       - configuration
 80 |   - title: Admin
 81 |     path: admin
 82 |     items:
 83 |       - index
 84 |       - getting-started
 85 |       - schema
 86 |       - customizing
 87 |       - advanced-customization
 88 |       - handling-relations
 89 |       - validation
 90 |       - real-time-mercure
 91 |       - authentication-support
 92 |       - file-upload
 93 |       - performance
 94 |       - components
 95 |   - title: Create Client
 96 |     path: create-client
 97 |     items:
 98 |       - index
 99 |       - nextjs
100 |       - nuxt
101 |       - vuetify
102 |       - quasar
103 |       - react
104 |       - react-native
105 |       - vuejs
106 |       - typescript
107 |       - custom
108 |       - troubleshooting
109 |   - title: Deployment
110 |     path: deployment
111 |     items:
112 |       - index
113 |       - docker-compose
114 |       - kubernetes
115 |       - minikube
116 |       - heroku
117 |       - traefik
118 |   - title: General Information
119 |     path: extra
120 |     items:
121 |       - philosophy
122 |       - releases
123 |       - enterprise
124 |       - security
125 |       - troubleshooting
126 |       - contribution-guides
127 |       - conduct
128 | 


--------------------------------------------------------------------------------
/laravel/security.md:
--------------------------------------------------------------------------------
  1 | # Security with Laravel
  2 | 
  3 | ## Policies
  4 | 
  5 | API Platform is compatible with Laravel's [authorization](https://laravel.com/docs/authorization)
  6 | mechanism.
  7 | 
  8 | To utilize policies in API Platform, it is essential to have Laravel's authentication system
  9 | initialized. See the [Authentication section](#authentication) for more information.
 10 | 
 11 | Once a gate is defined, API Platform will automatically detect your policy.
 12 | 
 13 | ```php
 14 | // app/Models/Book.php
 15 | 
 16 | use ApiPlatform\Metadata\Patch;
 17 | 
 18 | #[Patch]
 19 | class Book extends Model
 20 | {
 21 | }
 22 | ```
 23 | 
 24 | API Platform will detect the operation and map it to a specific method in your policy according to
 25 | the rules defined in this table:
 26 | 
 27 | | Operation      | Policy                                                     |
 28 | | -------------- | ---------------------------------------------------------- |
 29 | | GET collection | `viewAny`                                                  |
 30 | | GET            | `view`                                                     |
 31 | | POST           | `create`                                                   |
 32 | | PATCH          | `update`                                                   |
 33 | | DELETE         | `delete`                                                   |
 34 | | PUT            | `update` or `create` if the resource doesn't already exist |
 35 | 
 36 | If your policy methods do not match Laravel's conventions, you can always use the `policy` property
 37 | on an operation attribute to enforce this policy:
 38 | 
 39 | ```php
 40 | // app/Models/Book.php
 41 | namespace App\Models;
 42 | 
 43 |  use ApiPlatform\Metadata\ApiResource;
 44 | +use ApiPlatform\Metadata\Patch;
 45 |  use Illuminate\Database\Eloquent\Model;
 46 | 
 47 | -#[ApiResource]
 48 |  #[ApiResource(
 49 |      paginationItemsPerPage: 10,
 50 | +    operations: [
 51 | +       new Patch(
 52 | +            policy: 'myCustomPolicy',
 53 | +       ),
 54 | +    ],
 55 | )]
 56 |  class Book extends Model
 57 |  {
 58 |  }
 59 | ```
 60 | 
 61 | You also can link a model to a policy:
 62 | 
 63 | ```php
 64 | use App\Models\Book;
 65 | use App\Tests\Book\BookPolicy;
 66 | use Illuminate\Support\Facades\Gate;
 67 | 
 68 | Gate::guessPolicyNamesUsing(function (string $modelClass): ?string {
 69 |     return Book::class === $modelClass ?
 70 |         BookPolicy::class :
 71 |         null;
 72 | });
 73 | ```
 74 | 
 75 | ## Authentication
 76 | 
 77 | Usually, you will use [Sanctum](https://laravel.com/docs/sanctum) and add a middleware on secured
 78 | routes:
 79 | 
 80 | ```php
 81 | // app/Models/Book.php
 82 | 
 83 | use ApiPlatform\Metadata\Patch;
 84 | 
 85 | #[Patch(middleware: 'auth:sanctum')]
 86 | class Book extends Model
 87 | {
 88 | }
 89 | ```
 90 | 
 91 | Or you can define it globally in the configuration by adding the following code:
 92 | 
 93 | ```php
 94 | <?php
 95 | // config/api-platform.php
 96 | return [
 97 |     // ....
 98 |     'defaults' => [
 99 |         // ....
100 |         'middleware' => 'auth:sanctum',
101 |     ],
102 | ];
103 | ```
104 | 


--------------------------------------------------------------------------------
/core/index.md:
--------------------------------------------------------------------------------
 1 | # The API Platform Core Library
 2 | 
 3 | API Platform Core is an easy-to-use and powerful library for creating
 4 | [hypermedia-driven REST APIs](https://en.wikipedia.org/wiki/HATEOAS). It is a component of the
 5 | [API Platform framework](https://api-platform.com).
 6 | 
 7 | It embraces [JSON for Linked Data (JSON-LD)](https://json-ld.org/) and
 8 | [Hydra Core Vocabulary](https://www.hydra-cg.com/) web standards but also supports
 9 | [OpenAPI (formerly known as Swagger)](https://www.openapis.org/), [JSON:API](https://jsonapi.org/),
10 | [HAL](https://stateless.co/hal_specification.html), XML, JSON, CSV and YAML.
11 | 
12 | Build a working and fully featured CRUD API in minutes. Leverage the awesome features of the tool to
13 | develop complex and high-performance API-first projects.
14 | 
15 | If you are starting a new project, the easiest way to get API Platform up is to install API Platform
16 | using [API Platform for Symfony](../symfony/index.md) or
17 | [API Platform for Laravel](../laravel/index.md).
18 | 
19 | Alternatively, it's possible to
20 | [bootstrap the API Platform core library manually](../core/bootstrap.md).
21 | 
22 | ![Screenshot](../symfony/images/swagger-ui-1.png)
23 | 
24 | ## Features
25 | 
26 | Here is the fully featured REST API you'll get in minutes:
27 | 
28 | - [Automatic CRUD](operations.md)
29 | - Hypermedia (JSON-LD and HAL)
30 | - Machine-readable documentation of the API in the Hydra and [Swagger/Open API](openapi.md) formats,
31 |   guessed from PHPDoc, Serializer, Validator, and Doctrine ORM / MongoDB ODM metadata
32 | - Nice human-readable documentation built with Swagger UI (including a sandbox) and/or ReDoc
33 | - [Pagination](pagination.md)
34 | - A bunch of [filters](filters.md)
35 | - [Ordering](default-order.md)
36 | - [Validation](validation.md) using the Symfony Validator Component (with group support)
37 | - Advanced [authentication and authorization](security.md) rules
38 | - Errors serialization (Hydra and the [RFC 7807](https://tools.ietf.org/html/rfc7807) are supported)
39 | - Advanced [serialization](serialization.md) thanks to the Symfony Serializer Component (groups
40 |   support, relation embedding, max depth...)
41 | - Automatic route registration
42 | - Automatic entry point generation giving access to all resources
43 | - [User Management using Symfony](../symfony/user.md)
44 | - [JWT](jwt.md) and [OAuth](https://oauth.net/) support
45 | - Files and `\DateTime` and serialization and deserialization
46 | 
47 | Everything is fully customizable through a powerful [event system](events.md) and strong OOP.
48 | 
49 | This bundle is extensively tested (unit and functional). The
50 | [`Fixtures/` directory](https://github.com/api-platform/core/tree/main/tests/Fixtures) contains a
51 | working app covering all library features.
52 | 
53 | ## Symfony Screencasts
54 | 
55 | <p align="center" class="symfonycasts"><a href="https://symfonycasts.com/tracks/rest?cid=apip#api-platform-3"><img src="../symfony/images/symfonycasts-player.png" alt="SymfonyCasts, API Platform screencasts"></a></p>
56 | 
57 | The easiest and funniest way to learn how to use API Platform for Symfony is to watch
58 | [the more than 60 screencasts available on SymfonyCasts](https://symfonycasts.com/tracks/rest?cid=apip#api-platform-3)!
59 | 


--------------------------------------------------------------------------------
/create-client/troubleshooting.md:
--------------------------------------------------------------------------------
 1 | # Troubleshooting
 2 | 
 3 | ## Self-Signed TLS Certificate
 4 | 
 5 | If you are running API Platform on development machine which does not have valid TLS certificate,
 6 | add `NODE_TLS_REJECT_UNAUTHORIZED=0` before running create-client:
 7 | 
 8 | ```console
 9 | NODE_TLS_REJECT_UNAUTHORIZED=0 npm init @api-platform/client --generator typescript https://127.0.0.1:8000/api src/
10 | ```
11 | 
12 | ## Authenticated API
13 | 
14 | The generator does not perform any authentication, so you must ensure that all referenced Hydra
15 | paths for your API are accessible anonymously. If you are using API Platform this will at least
16 | include:
17 | 
18 | ```console
19 | api_entrypoint                             ANY      ANY      ANY    /{index}.{_format}
20 | api_doc                                    ANY      ANY      ANY    /docs.{_format}
21 | api_jsonld_context                         ANY      ANY      ANY    /contexts/{shortName}.{_format}
22 | ```
23 | 
24 | ## ApiDocumentation doesn't exist
25 | 
26 | If you receive `Error: The class http://www.w3.org/ns/hydra/core#ApiDocumentation doesn't exist.`
27 | you may have specified the documentation URL instead of the entrypoint. For example if you are using
28 | API Platform and your documentation URL is at
29 | [https://demo.api-platform.com/docs](https://demo.api-platform.com/docs) the entry point is likely
30 | at [https://demo.api-platform.com](https://demo.api-platform.com). You can see an example of the
31 | expected response from an entrypoint in your browser by visiting
32 | [https://demo.api-platform.com/index.jsonld](https://demo.api-platform.com/index.jsonld).
33 | 
34 | ## Cannot read property '@type'
35 | 
36 | If you receive `TypeError: Cannot read property '@type' of undefined` or
37 | `TypeError: Cannot read property '0' of undefined` check that the URL you specified is accessible
38 | and returns jsonld. You can check from the command line you are using by running something like
39 | `curl https://demo.api-platform.com/`.
40 | 
41 | ## Dereferencing a URL did not result in a JSON object
42 | 
43 | If you receive a message like this:
44 | 
45 | ```console
46 | { Error
47 | at done (/usr/local/share/.config/yarn/global/node_modules/jsonld/js/jsonld.js:6851:19)
48 | at <anonymous>
49 | at process._tickCallback (internal/process/next_tick.js:188:7)
50 | name: 'jsonld.InvalidUrl',
51 | message: 'Dereferencing a URL did not result in a JSON object. The response was valid JSON, but it was not a JSON object.',
52 | details:
53 | { code: 'invalid remote context',
54 | url: 'https://demo.api-platform.com/contexts/Entrypoint',
55 | cause: null } }
56 | ```
57 | 
58 | Check access to the specified URL, in this case `https://demo.api-platform.com/contexts/Entrypoint`,
59 | use curl to check access and the response `curl https://demo.api-platform.com/contexts/Entrypoint`.
60 | In the above case an "Access Denied" message in JSON format was being returned.
61 | 
62 | ## Docker distribution on Windows and hot-reloading
63 | 
64 | Due to
65 | [a long-time known Docker for Windows issue](https://forums.docker.com/t/file-system-watch-does-not-work-with-mounted-volumes/12038),
66 | the file changes on the host are not notified on the `pwa` container. It causes the hot-reloading
67 | feature to not working properly for Windows users.
68 | 


--------------------------------------------------------------------------------
/extra/philosophy.md:
--------------------------------------------------------------------------------
 1 | # API Platform's Philosophy
 2 | 
 3 | In 25 years of PHP, the web changed dramatically and is now evolving faster than ever:
 4 | 
 5 | - Thanks to awesome frontend technologies such as [React](https://reactjs.org/) or
 6 |   [Vue.js](https://vuejs.org/),
 7 |   [full-JavaScript Progressive Web Apps](https://en.wikipedia.org/wiki/Progressive_web_application)
 8 |   **are becoming the standard**.
 9 | - [Internet users spend more time on their mobile devices than on desktops](https://www.broadbandsearch.net/blog/mobile-desktop-internet-usage-statistics):
10 |   having a mobile-first website is mandatory and **native mobile apps are a must have**.
11 | - [The semantic web](https://en.wikipedia.org/wiki/Semantic_Web) and **especially
12 |   [Linked Data](https://en.wikipedia.org/wiki/Linked_data) is a reality**: with the
13 |   [Schema.org](https://schema.org/) initiative and new open web standards such as
14 |   [JSON-LD](https://json-ld.org/), search engines (among a bunch of other services and software)
15 |   consume structured and machine-readable data at web scale. Not exposing such data decrease
16 |   interoperability and search engine ranking/efficiency (think rich snippets).
17 | - HTTP/2 and HTTP/3
18 |   [dramatically improve the performance of web applications](https://vulcain.rocks) thanks to
19 |   multiplexing, Server Push and their other new capabilities.
20 | 
21 | [PHP.net](https://www.php.net), [Symfony](https://symfony.com), [Facebook](https://hhvm.com/) and
22 | many others have worked hard to improve and professionalize the PHP ecosystem. The PHP world has
23 | closed the gap with most backend solutions and is often [more innovative](https://wiki.php.net/rfc)
24 | and [faster](https://benchmarksgame-team.pages.debian.net/benchmarksgame/fastest/php-python3.html)
25 | than them.
26 | 
27 | However in critical areas I've described previously, many things can be improved. Almost all
28 | existing solutions are still
29 | [designed and documented](https://symfony.com/doc/current/book/page_creation.html) to create
30 | websites the old way: a server generates then sends plain-old HTML documents to browsers.
31 | 
32 | [API Platform](https://api-platform.com) is a set of tools for building modern web projects. It is a
33 | framework for API-first projects built on top of
34 | [Symfony components](https://symfony.com/projects/apiplatform). Like other modern frameworks such as
35 | Laravel and Symfony, it's both a full-stack all-in-one framework and a set of independent PHP
36 | components and bundles that can be used separately.
37 | 
38 | API Platform makes modern development easy and fun again:
39 | 
40 | - [Start by **creating a web API**](../symfony/index.md) exposing structured data that can be
41 |   understood by any compliant client such as your apps but also search engines (JSON-LD with
42 |   Schema.org vocabulary). This API is the central and unique entry point to access and modify data.
43 |   It also encapsulates the whole business logic.
44 | - [Then **create as many clients as you want using frontend technologies you love**](../create-client/index.md):
45 |   a JavaScript webapp built with React or with Vue querying the API but also a native iOS or Android
46 |   app, or even a desktop application. Clients only display data and forms.
47 | 
48 | See also [the general design](../core/design.md) of the framework.
49 | 


--------------------------------------------------------------------------------
/core/url-generation-strategy.md:
--------------------------------------------------------------------------------
  1 | # URL Generation Strategy
  2 | 
  3 | By default, API Platform generates all URLs as absolute paths to the base URL.
  4 | 
  5 | For instance, in JSON-LD, you will get a collection like this:
  6 | 
  7 | ```json
  8 | {
  9 |     "@context": "/contexts/Book",
 10 |     "@id": "/books",
 11 |     "@type": "Collection",
 12 |     "member": [
 13 |         {
 14 |             "@id": "/books/1",
 15 |             "@type": "https://schema.org/Book",
 16 |             "name": "My awesome book"
 17 |         }
 18 |     ],
 19 |     "totalItems": 1
 20 | }
 21 | ```
 22 | 
 23 | You may want to use absolute URLs (for instance if resources are used in another API) or network
 24 | paths instead.
 25 | 
 26 | ## Configure URL Generation Globally
 27 | 
 28 | It can be configured globally using one of the configurations below:
 29 | 
 30 | ### Configure URL Generation Globally using Symfony
 31 | 
 32 | ```yaml
 33 | # api/config/packages/api_platform.yaml
 34 | api_platform:
 35 |     defaults:
 36 |         url_generation_strategy: !php/const ApiPlatform\Metadata\UrlGeneratorInterface::ABS_URL
 37 | ```
 38 | 
 39 | ### Configure URL Generation Globally using Laravel
 40 | 
 41 | ```php
 42 | <?php
 43 | // config/api-platform.php
 44 | return [
 45 |     // ....
 46 |     'defaults' => [
 47 |         'url_generation_strategy' => ApiPlatform\Metadata\UrlGeneratorInterface::ABS_URL
 48 |     ],
 49 | ];
 50 | ```
 51 | 
 52 | ## Configure URL Generation for a Specific Resource
 53 | 
 54 | It can also be configured only for a specific resource:
 55 | 
 56 | <code-selector>
 57 | 
 58 | ```php
 59 | <?php
 60 | // api/src/ApiResource/Book.php with Symfony or app/ApiResource/Book.php with Laravel
 61 | 
 62 | namespace App\ApiResource;
 63 | 
 64 | use ApiPlatform\Metadata\ApiResource;
 65 | use ApiPlatform\Metadata\UrlGeneratorInterface;
 66 | 
 67 | #[ApiResource(urlGenerationStrategy: UrlGeneratorInterface::ABS_URL)]
 68 | class Book
 69 | {
 70 |     // ...
 71 | }
 72 | ```
 73 | 
 74 | ```yaml
 75 | # api/config/api_platform/resources.yaml
 76 | # The YAML syntax is only supported for Symfony
 77 | resources:
 78 |     App\ApiResource\Book:
 79 |         urlGenerationStrategy: !php/const ApiPlatform\Api\UrlGeneratorInterface::ABS_URL
 80 | ```
 81 | 
 82 | ```xml
 83 | <?xml version="1.0" encoding="UTF-8" ?>
 84 | <!-- api/config/api_platform/resources.xml -->
 85 | <!-- The XML syntax is only supported for Symfony -->
 86 | 
 87 | <resources
 88 |         xmlns="https://api-platform.com/schema/metadata/resources-3.0"
 89 |         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 90 |         xsi:schemaLocation="https://api-platform.com/schema/metadata/resources-3.0
 91 |         https://api-platform.com/schema/metadata/resources-3.0.xsd">
 92 |     <resource class="App\ApiResource\Book" urlGenerationStrategy="0" />
 93 | </resources>
 94 | ```
 95 | 
 96 | </code-selector>
 97 | 
 98 | For the above configuration, the collection will be like this:
 99 | 
100 | ```json
101 | {
102 |     "@context": "http://example.com/contexts/Book",
103 |     "@id": "http://example.com/books",
104 |     "@type": "Collection",
105 |     "member": [
106 |         {
107 |             "@id": "http://example.com/books/1",
108 |             "@type": "https://schema.org/Book",
109 |             "name": "My awesome book"
110 |         }
111 |     ],
112 |     "totalItems": 1
113 | }
114 | ```
115 | 


--------------------------------------------------------------------------------
/deployment/minikube.md:
--------------------------------------------------------------------------------
 1 | # Deploying to minikube
 2 | 
 3 | ## Install minikube
 4 | 
 5 | If you have no existing installation of minikube on your computer,
 6 | [follow the official tutorial](https://minikube.sigs.k8s.io/docs/start/).
 7 | 
 8 | When Minikube is installed, start the cluster:
 9 | 
10 | ```console
11 | minikube start --addons registry --addons dashboard
12 | ```
13 | 
14 | The previous command starts minikube with a Docker registry (we'll use it in the next step) and with
15 | the Kubernetes dashboard.
16 | 
17 | Finally, [install Helm](https://helm.sh/docs/intro/install/). We'll use it to deploy the application
18 | in the cluster thanks to the chart provided in the API Platform distribution.
19 | 
20 | ## Building and Pushing Docker Images
21 | 
22 | On GNU/Linux and macOS, run the following command to point your terminal's docker-cli to the Docker
23 | Engine inside minikube:
24 | 
25 | ```console
26 | eval $(minikube docker-env)
27 | ```
28 | 
29 | Now any `docker` command you run in this current terminal will run against the Docker Engine inside
30 | the minikube cluster. For detailed explanation and instructions for Windows
31 | [visit official minikube documentation](https://minikube.sigs.k8s.io/docs/handbook/pushing/#1-pushing-directly-to-the-in-cluster-docker-daemon-docker-env).
32 | 
33 | Build the images in minikube:
34 | 
35 | ```console
36 | docker build -t localhost:5000/php api --target frankenphp_prod
37 | docker build -t localhost:5000/pwa pwa --target prod
38 | ```
39 | 
40 | Then push the images in the registry available in minikube:
41 | 
42 | ```console
43 | docker push localhost:5000/php
44 | docker push localhost:5000/pwa
45 | ```
46 | 
47 | ## Deploying
48 | 
49 | Fetch Helm chart dependencies:
50 | 
51 | ```console
52 | helm repo add bitnami https://charts.bitnami.com/bitnami/
53 | helm dependency build helm/api-platform
54 | ```
55 | 
56 | Finally, deploy the project using the Helm chart:
57 | 
58 | ```console
59 | helm upgrade --install my-project helm/api-platform \
60 |   --set php.image.repository=localhost:5000/php \
61 |   --set php.image.tag=latest \
62 |   --set pwa.image.repository=localhost:5000/pwa \
63 |   --set pwa.image.tag=latest
64 | ```
65 | 
66 | Copy and paste the commands displayed in the terminal to enable the port forwarding then go to
67 | `http://localhost:8080` to access your application!
68 | 
69 | Run `minikube dashboard` at any moment to see the state of your deployments.
70 | 
71 | ## Using Skaffold
72 | 
73 | Skaffold is a tool for Kubernetes development: [https://skaffold.dev/](https://skaffold.dev/).
74 | 
75 | It will build and deploy automatically your app in Kubernetes and apply every changes. The default
76 | configuration use minikube and helm. More configurations are available in Skaffold documentation.
77 | 
78 | First, install the [skaffold CLI](https://skaffold.dev/docs/install/#standalone-binary).
79 | 
80 | Then, run minikube:
81 | 
82 | ```console
83 | minikube start
84 | ```
85 | 
86 | Add Skaffold configuration in the file `./helm/skaffold.yaml`. You can find a
87 | [complete configuration file for minikube](https://github.com/api-platform/api-platform/blob/main/helm/skaffold.yaml)
88 | with its
89 | [Helm values override](https://github.com/api-platform/api-platform/blob/main/helm/skaffold-values.yaml).
90 | 
91 | Finally, go to the helm folder, and run skaffold in dev mode:
92 | 
93 | ```console
94 | cd ./helm
95 | skaffold dev
96 | ```
97 | 


--------------------------------------------------------------------------------
/symfony/debugging.md:
--------------------------------------------------------------------------------
 1 | # Debugging with Symfony
 2 | 
 3 | <p align="center" class="symfonycasts"><a href="https://symfonycasts.com/screencast/api-platform/profiler?cid=apip"><img src="images/symfonycasts-player.png" alt="API Platform debugging screencast"><br>Watch the Debugging API Platform screencast</a></p>
 4 | 
 5 | ## Xdebug
 6 | 
 7 | For development purposes such as debugging tests or remote API requests,
 8 | [Xdebug](https://xdebug.org/) is shipped by default with the API Platform distribution.
 9 | 
10 | To enable it, run:
11 | 
12 | ```console
13 | XDEBUG_MODE=debug XDEBUG_SESSION=1 docker compose up --wait
14 | ```
15 | 
16 | ## Using Xdebug with PhpStorm
17 | 
18 | First,
19 | [create a PHP debug remote server configuration](https://www.jetbrains.com/help/phpstorm/creating-a-php-debug-server-configuration.html):
20 | 
21 | 1. In the `Settings/Preferences` dialog, go to `PHP | Servers`
22 | 2. Create a new server:
23 |     - Name: `api` (or whatever you want to use for the variable `PHP_IDE_CONFIG`)
24 |     - Host: `localhost` (or the one defined using the `SERVER_NAME` environment variable)
25 |     - Port: `443`
26 |     - Debugger: `Xdebug`
27 |     - Check `Use path mappings`
28 |     - Map the local `api/` directory to the `/app` absolute path on the server
29 | 
30 | You can now use the debugger!
31 | 
32 | 1. In PhpStorm, open the `Run` menu and click on `Start Listening for PHP Debug Connections`
33 | 2. Add the `XDEBUG_SESSION=PHPSTORM` query parameter to the URL of the page you want to debug or use
34 |    [other available triggers](https://xdebug.org/docs/step_debug#activate_debugger). Alternatively,
35 |    you can use [the Xdebug extension](https://xdebug.org/docs/step_debug#browser-extensions) for
36 |    your preferred web browser.
37 | 
38 | 3. On the command-line, we might need to tell PhpStorm which
39 |    [path mapping configuration](https://www.jetbrains.com/help/phpstorm/zero-configuration-debugging-cli.html#configure-path-mappings)
40 |    should be used, set the value of the PHP_IDE_CONFIG environment variable to `serverName=api`,
41 |    where `api` is the name of the debug server configured higher.
42 | 
43 |     Example:
44 | 
45 |     ```console
46 |     XDEBUG_SESSION=1 PHP_IDE_CONFIG="serverName=api" php bin/console ...
47 |     ```
48 | 
49 | ## Using Xdebug With Visual Studio Code
50 | 
51 | If you are using Visual Studio Code, use the following `launch.json` to debug. Note that this
52 | configuration includes the path mappings for the Docker image.
53 | 
54 | ```json
55 | {
56 |     "version": "0.2.0",
57 |     "configurations": [
58 |         {
59 |             "name": "Listen for Xdebug",
60 |             "type": "php",
61 |             "request": "launch",
62 |             "port": 9003,
63 |             "log": true,
64 |             "pathMappings": {
65 |                 "/app": "${workspaceFolder}/api"
66 |             }
67 |         }
68 |     ]
69 | }
70 | ```
71 | 
72 | > [!NOTE]
73 | >
74 | > On Linux, the `client_host` setting of `host.docker.internal` may not work. In this case you will
75 | > need the actual local IP address of your computer.
76 | 
77 | ## Troubleshooting
78 | 
79 | Inspect the installation with the following command. The requested Xdebug version should be
80 | displayed in the output.
81 | 
82 | ```console
83 | $ docker compose exec php \
84 |     php --version
85 | 
86 | PHP …
87 |     with Xdebug v…, Copyright (c) 2002-2021, by Derick Rethans
88 |     …
89 | ```
90 | 


--------------------------------------------------------------------------------
/core/form-data.md:
--------------------------------------------------------------------------------
 1 | # Accept `application/x-www-form-urlencoded` Form Data
 2 | 
 3 | API Platform only supports raw documents as request input (encoded in JSON, XML, YAML...). This has
 4 | many advantages including support of types and the ability to send back to the API documents
 5 | originally retrieved through a `GET` request. However, sometimes - for instance, to support legacy
 6 | clients - it is necessary to accept inputs encoded in the traditional
 7 | [`application/x-www-form-urlencoded`](https://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1)
 8 | format (HTML form content type). This can easily be done using the powerful
 9 | [System providers and processors](extending.md#system-providers-and-processors) of the framework.
10 | 
11 | > [!WARNING]  
12 | > Adding support for `application/x-www-form-urlencoded` makes your API vulnerable to
13 | > [CSRF (Cross-Site Request Forgery)](<https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)>)
14 | > attacks.  
15 | > It's crucial to implement proper countermeasures to protect your application.
16 | >
17 | > If you're using Symfony, make sure you enable
18 | > [Stateless CSRF protection](https://symfony.com/blog/new-in-symfony-7-2-stateless-csrf).
19 | >
20 | > If you're working with Laravel, refer to the
21 | > [Laravel CSRF documentation](https://laravel.com/docs/csrf) to ensure adequate protection against
22 | > such attacks.
23 | 
24 | ## Configuration
25 | 
26 | First, you must register the form format and map it to the `application/x-www-form-urlencoded` MIME
27 | type in your API Platform configuration:
28 | 
29 | ```yaml
30 | # api\_platform.yaml
31 | api_platform:
32 |     formats:
33 |         jsonld: ["application/ld+json"]
34 |         form: ["application/x-www-form-urlencoded"]
35 | ```
36 | 
37 | ## Creating a Decoder
38 | 
39 | The Symfony Serializer (used by API Platform) does not decode `application/x-www-form-urlencoded` by
40 | default. You need to create a custom decoder that implements DecoderInterface to handle this format.
41 | 
42 | ```php
43 | <?php
44 | // src/Serializer/FormUrlEncodedDecoder.php
45 | 
46 | namespace App\Serializer;
47 | 
48 | use Symfony\Component\Serializer\Encoder\DecoderInterface;
49 | 
50 | class FormUrlEncodedDecoder implements DecoderInterface
51 | {
52 |     public function decode(string $data, string $format, array $context = []): mixed
53 |     {
54 |         if (\!is_string($data)) {
55 |             throw new \InvalidArgumentException('Data must be a string.');
56 |         }
57 | 
58 |         parse_str($data, $parsedData);
59 | 
60 |         return $parsedData;
61 |     }
62 | 
63 |     public function supportsDecoding(string $format): bool
64 |     {
65 |         return $format === 'form';
66 |     }
67 | }
68 | ```
69 | 
70 | ## **Usage in a Resource**
71 | 
72 | You can now configure your API Resource to accept the form input format. In this example, we define
73 | a FormData resource and restrict the inputFormats for the Post operation.
74 | 
75 | ```php
76 | <?php
77 | // src/ApiResource/FormData.php
78 | 
79 | namespace App\ApiResource;
80 | 
81 | use ApiPlatform\Metadata\Operation;
82 | use ApiPlatform\Metadata\Post;
83 | 
84 | #[Post(
85 |     inputFormats: ['form' => ['application/x-www-form-urlencoded']],
86 |     processor: [self::class, 'process']
87 | )]
88 | class FormData {
89 |     public string $name;
90 | 
91 |     public static function process(mixed $data, Operation $operation, array $uriVariables, array $context) {
92 |         return $data;
93 |     }
94 | }
95 | ```
96 | 


--------------------------------------------------------------------------------
/extra/enterprise.md:
--------------------------------------------------------------------------------
 1 | # API Platform for Enterprise
 2 | 
 3 | API Platform is available as part of
 4 | [the Tidelift Subscription](https://tidelift.com/subscription/pkg/packagist-api-platform-core?utm_source=packagist-api-platform-core&utm_medium=referral&utm_campaign=enterprise).
 5 | 
 6 | [Tidelift](https://tidelift.com/subscription/pkg/packagist-api-platform-core?utm_source=packagist-api-platform-core&utm_medium=referral&utm_campaign=enterprise)
 7 | is working with the maintainers of API Platform and thousands of other open source projects to
 8 | deliver commercial support and maintenance for the open source dependencies you use to build your
 9 | applications. Save time, reduce risk, and improve code health, while paying the maintainers of the
10 | exact dependencies you use.
11 | 
12 | - [Learn more](https://tidelift.com/subscription/pkg/packagist-api-platform-core?utm_source=packagist-api-platform-core&utm_medium=referral&utm_campaign=enterprise)
13 | - [Request a demo](https://tidelift.com/subscription/request-a-demo?utm_source=packagist-api-platform-core&utm_medium=referral&utm_campaign=enterprise)
14 | 
15 | ## Enterprise-ready open source software—managed for you
16 | 
17 | [The Tidelift Subscription](https://tidelift.com/subscription/pkg/packagist-api-platform-core?utm_source=packagist-api-platform-core&utm_medium=referral&utm_campaign=enterprise)
18 | is a managed open source subscription for application dependencies covering millions of open source
19 | projects across JavaScript, Python, Java, PHP, Ruby, .NET, and more.
20 | 
21 | Your subscription includes:
22 | 
23 | - **Security updates**: Tidelift’s security response team coordinates patches for new breaking
24 |   security vulnerabilities and alerts immediately through a private channel, so your software supply
25 |   chain is always secure.
26 | - **Licensing verification and indemnification**: Tidelift verifies license information to enable
27 |   easy policy enforcement and adds intellectual property indemnification to cover creators and users
28 |   in case something goes wrong. You always have a 100% up-to-date bill of materials for your
29 |   dependencies to share with your legal team, customers, or partners.
30 | - **Maintenance and code improvement**: Tidelift ensures the software you rely on keeps working as
31 |   long as you need it to work. Your managed dependencies are actively maintained and we recruit
32 |   additional maintainers where required.
33 | - **Package selection and version guidance**: We help you choose the best open source packages from
34 |   the start—and then guide you through updates to stay on the best releases as new issues arise.
35 | - **Roadmap input**: Take a seat at the table with the creators behind the software you use.
36 |   Tidelift’s participating maintainers earn more income as their software is used by more
37 |   subscribers, so they’re interested in knowing what you need.
38 | - **Tooling and cloud integration**: Tidelift works with GitHub, GitLab, BitBucket, and more. We
39 |   support every cloud platform (and other deployment targets, too).
40 | 
41 | The end result? All of the capabilities you expect from commercial-grade software, for the full
42 | breadth of open source you use. That means less time grappling with esoteric open source trivia, and
43 | more time building your own applications—and your business.
44 | 
45 | - [Learn more](https://tidelift.com/subscription/pkg/packagist-api-platform-core?utm_source=packagist-api-platform-core&utm_medium=referral&utm_campaign=enterprise)
46 | - [Request a demo](https://tidelift.com/subscription/request-a-demo?utm_source=packagist-api-platform-core&utm_medium=referral&utm_campaign=enterprise)
47 | 


--------------------------------------------------------------------------------
/admin/index.md:
--------------------------------------------------------------------------------
 1 | # The API Platform Admin
 2 | 
 3 | <video controls autoplay playsinline muted loop>
 4 |   <source src="./images/admin-demo.mp4" type="video/mp4"/>
 5 |   <source src="./images/admin-demo.webm" type="video/webm"/>
 6 |   Sorry, your browser doesn't support HTML5 video.
 7 | </video>
 8 | 
 9 | API Platform **Admin** is a tool to automatically create a beautiful (Material Design) and
10 | fully-featured administration interface for any API implementing specification formats supported by
11 | [`@api-platform/api-doc-parser`](https://github.com/api-platform/api-doc-parser).
12 | 
13 | In particular, that includes:
14 | 
15 | - APIs using [the Hydra Core Vocabulary](https://www.hydra-cg.com/)
16 | - APIs exposing an [OpenAPI documentation](https://www.openapis.org/)
17 | 
18 | Of course, API Platform Admin is the perfect companion of APIs created using
19 | [the API Platform framework](https://api-platform.com). But it also supports APIs written with any
20 | other programming language or framework as long as they expose a standard Hydra or OpenAPI
21 | documentation.
22 | 
23 | ## Based On React Admin
24 | 
25 | API Platform Admin is a Single Page Application (SPA), based on
26 | [React Admin](https://marmelab.com/react-admin/), a powerful frontend framework for building B2B
27 | applications on top of REST/GraphQL APIs, written in TypeScript and React.
28 | 
29 | Thanks to its built-in **guessers**, API Platform Admin parses the API documentation then uses React
30 | Admin to expose a nice, responsive management interface (Create-Retrieve-Update-Delete, i.e. CRUD)
31 | for all documented resource types.
32 | 
33 | Afterwards, you can **customize everything** by using the numerous components provided by
34 | [React Admin](https://marmelab.com/react-admin/documentation.html) and [MUI](https://mui.com/), or
35 | even writing your own [React](https://reactjs.org/) components.
36 | 
37 | <iframe src="https://www.youtube-nocookie.com/embed/UyAkN85wGNk" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen style="aspect-ratio: 16 / 9;width:100%;margin-bottom:1em;"></iframe>
38 | 
39 | <p align="center" class="symfonycasts"><a href="https://symfonycasts.com/screencast/api-platform/react-admin?cid=apip"><img src="../symfony/images/symfonycasts-player.png" alt="React Admin Screencast"><br>Watch the React Admin screencast</a></p>
40 | 
41 | ## Features
42 | 
43 | Simply by reading your API documentation, API Platform Admin provides the following features:
44 | 
45 | - Generate 'list', 'create', 'show', and 'edit' views for all resources
46 | - Automatically detect the type for inputs and fields
47 | - Client-side [validation](./validation.md) on required inputs
48 | - Pagination
49 | - Filtering and ordering
50 | - Easily view and edit [related records](./handling-relations.md)
51 | - Display the related resource’s name instead of its IRI
52 |   ([using the Schema.org vocabulary](./schema.md#displaying-related-resources-name-instead-of-its-iri))
53 | - Nicely displays server-side errors (e.g. advanced validation)
54 | - Real-time updates with [Mercure](https://mercure.rocks)
55 | 
56 | By [leveraging React Admin components](./advanced-customization.md), you can further customize the
57 | generated interface and get access to many more features:
58 | 
59 | - Powerful Datagrid components
60 | - Search and filtering
61 | - Advanced form validation
62 | - Undoable mutations
63 | - Authentication
64 | - Access Control
65 | - Internationalization
66 | - [And many more](https://marmelab.com/react-admin/Features.html)
67 | 
68 | ## Next Step
69 | 
70 | Get your Admin up and running by following the [Getting Started guide](./getting-started.md).
71 | 


--------------------------------------------------------------------------------
/symfony/fosuser-bundle.md:
--------------------------------------------------------------------------------
 1 | # FOSUserBundle Integration with Symfony
 2 | 
 3 | > [!WARNING] The use of FOSUserBundle is no longer recommended for better flexibility and security.
 4 | > It is advised to switch to the
 5 | > [Doctrine entity user provider](https://symfony.com/doc/current/security/user_provider.html#entity-user-provider)
 6 | > (recommended) or consider
 7 | > [creating a custom user provider](https://symfony.com/doc/current/security/user_provider.html#creating-a-custom-user-provider).
 8 | 
 9 | ## Installing the Bundle
10 | 
11 | The installation procedure of the FOSUserBundle is described
12 | [in the FOSUserBundle documentation](https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/docs/index.rst).
13 | 
14 | You can:
15 | 
16 | - Skip
17 |   [step 3 (Create your User class)](https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/docs/index.rst#step-3-create-your-user-class)
18 |   and use the class provided in the next paragraph to set up serialization groups the correct way
19 | - Skip
20 |   [step 4 (Configure your application's security.yml)](https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/docs/index.rst#step-4-configure-your-applications-securityyml)
21 |   if you are planning to
22 |   [use a JWT-based authentication using `LexikJWTAuthenticationBundle`](../core/jwt.md)
23 | 
24 | If you are using the API Platform Standard Edition, you will need to enable the form services in the
25 | symfony framework configuration options:
26 | 
27 | ```yaml
28 | # api/config/packages/framework.yaml
29 | framework:
30 |     form: { enabled: true }
31 | ```
32 | 
33 | ## Creating a `User` Entity with Serialization Groups
34 | 
35 | Here's an example of declaration of a
36 | [Doctrine ORM User class](https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/docs/index.rst#a-doctrine-orm-user-class).
37 | There's also an example for a
38 | [Doctrine MongoDB ODM](https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/docs/index.rst#b-mongodb-user-class).
39 | You need to use serialization groups to hide some properties like `plainPassword` (only in read) and
40 | `password`. The properties shown are handled with
41 | [`normalizationContext`](../core/serialization.md#normalization), while the properties you can
42 | modify are handled with [`denormalizationContext`](../core/serialization.md#denormalization).
43 | 
44 | Create your User entity with serialization groups:
45 | 
46 | ```php
47 | <?php
48 | // api/src/Entity/User.php
49 | namespace App\Entity;
50 | 
51 | use ApiPlatform\Metadata\ApiResource;
52 | use Doctrine\ORM\Mapping as ORM;
53 | use FOS\UserBundle\Model\User as BaseUser;
54 | use FOS\UserBundle\Model\UserInterface;
55 | use Symfony\Component\Serializer\Annotation\Groups;
56 | 
57 | #[ORM\Entity]
58 | #[ORM\Table(name: 'fos_user')]
59 | #[ApiResource(
60 |     normalizationContext: ['groups' => ['user']],
61 |     denormalizationContext: ['groups' => ['user', 'user:write']],
62 | )]
63 | class User extends BaseUser
64 | {
65 |     #[ORM\Id, ORM\Column, ORM\GeneratedValue]
66 |     protected ?int $id = null;
67 | 
68 |     #[Groups("user")]
69 |     protected string $email;
70 | 
71 |     #[ORM\Column(nullable: true)]
72 |     #[Groups("user")]
73 |     protected string $fullname;
74 | 
75 |     #[Groups("user:write")]
76 |     protected string $plainPassword;
77 | 
78 |     #[Groups("user")]
79 |     protected string $username;
80 | 
81 |     public function setFullname(?string $fullname): void
82 |     {
83 |         $this->fullname = $fullname;
84 |     }
85 | 
86 |     public function getFullname(): ?string
87 |     {
88 |         return $this->fullname;
89 |     }
90 | 
91 |     public function isUser(?UserInterface $user = null): bool
92 |     {
93 |         return $user instanceof self && $user->id === $this->id;
94 |     }
95 | }
96 | ```
97 | 


--------------------------------------------------------------------------------
/create-client/react-native.md:
--------------------------------------------------------------------------------
  1 | # React Native generator
  2 | 
  3 | ![List](images/react-native/create-client-react-native-list.png)
  4 | 
  5 | ## Install
  6 | 
  7 | To use this generator you need [Node.js](https://nodejs.org/).
  8 | 
  9 | Create a React Native application using [Expo CLI](https://docs.expo.io/workflow/expo-cli/):
 10 | 
 11 | ```console
 12 | npm install -g expo-cli
 13 | npm init expo-app my-app
 14 | ```
 15 | 
 16 | When asked, choose to use the blank template, then move to the created directory:
 17 | 
 18 | ```console
 19 | cd my-app
 20 | ```
 21 | 
 22 | Install the required dependencies:
 23 | 
 24 | ```console
 25 | npm install redux react-redux redux-thunk redux-form react-native-elements react-native-router-flux react-native-vector-icons prop-types whatwg-url buffer react-native-event-source react-native-gesture-handler react-native-reanimated react-native-screens
 26 | ```
 27 | 
 28 | ## Generating a Native App
 29 | 
 30 | In the app directory, generate the files for the resource you want:
 31 | 
 32 | ```console
 33 | npm init @api-platform/client https://demo.api-platform.com . -- --generator react-native --resource book
 34 | ```
 35 | 
 36 | Replace the URL with the entrypoint of your Hydra-enabled API. You can also use an OpenAPI
 37 | documentation with `-f openapi3`.
 38 | 
 39 | Omit the resource flag to generate files for all resource types exposed by the API.
 40 | 
 41 | Create a `Router.js` file to import all routes:
 42 | 
 43 | ```javascript
 44 | // Router.js
 45 | import React from "react";
 46 | import { Router, Stack } from "react-native-router-flux";
 47 | // Replace "book" with the name of the resource type
 48 | import BookRoutes from "./routes/book";
 49 | 
 50 | const RouterComponent = () => (
 51 |     <Router>
 52 |         <Stack key="root">{BookRoutes}</Stack>
 53 |     </Router>
 54 | );
 55 | 
 56 | export default RouterComponent;
 57 | ```
 58 | 
 59 | Here is an example of an `App.js` file:
 60 | 
 61 | ```javascript
 62 | // App.js
 63 | import React, { Component } from "react";
 64 | import { Provider } from "react-redux";
 65 | import thunk from "redux-thunk";
 66 | import { createStore, applyMiddleware, combineReducers } from "redux";
 67 | import { View } from "react-native";
 68 | import { reducer as form } from "redux-form";
 69 | 
 70 | // see https://github.com/facebook/react-native/issues/14796
 71 | import { Buffer } from "buffer";
 72 | global.Buffer = Buffer;
 73 | 
 74 | // see https://github.com/facebook/react-native/issues/16434
 75 | import { URL, URLSearchParams } from "whatwg-url";
 76 | global.URL = URL;
 77 | global.URLSearchParams = URLSearchParams;
 78 | 
 79 | // see https://github.com/facebook/react-native/issues/12890
 80 | import RNEventSource from "react-native-event-source";
 81 | global.EventSource = RNEventSource;
 82 | 
 83 | // Replace "book" with the name of resource type
 84 | import book from "./reducers/book";
 85 | import Router from "./Router";
 86 | 
 87 | export default class App extends Component {
 88 |     render() {
 89 |         const store = createStore(
 90 |             combineReducers({
 91 |                 book,
 92 |                 form,
 93 |             }),
 94 |             {},
 95 |             applyMiddleware(thunk),
 96 |         );
 97 |         return (
 98 |             <Provider store={store}>
 99 |                 <View style={{ flex: 1 }}>
100 |                     <Router />
101 |                 </View>
102 |             </Provider>
103 |         );
104 |     }
105 | }
106 | ```
107 | 
108 | The code is ready to be executed!
109 | 
110 | ```console
111 | expo start
112 | ```
113 | 
114 | ## Screenshots in iOS Simulator
115 | 
116 | ![List](images/react-native/create-client-react-native-list.png)
117 | ![Show](images/react-native/create-client-react-native-show.png)
118 | ![Add](images/react-native/create-client-react-native-add.png)
119 | ![Delete](images/react-native/create-client-react-native-delete.png)
120 | 


--------------------------------------------------------------------------------
/core/design.md:
--------------------------------------------------------------------------------
 1 | # General Design Considerations
 2 | 
 3 | Since you only need to describe the structure of the data to expose, API Platform is both
 4 | [a "design-first" and "code-first"](https://swagger.io/blog/api-design/design-first-or-code-first-api-development/)
 5 | API framework. However, the "design-first" methodology is strongly recommended: first you design the
 6 | **public shape** of API endpoints.
 7 | 
 8 | To do so, you have to write a plain old PHP object (POPO) representing the input and output of your
 9 | endpoint. This is the class that is
10 | [marked with the `#[ApiResource]` attribute](../symfony/index.md). This class **doesn't have** to be
11 | mapped with Doctrine ORM, or any other persistence system. It must be simple (it's usually just a
12 | data structure with no or minimal behaviors) and will be automatically converted to
13 | [Hydra](extending-jsonld-context.md), [OpenAPI](openapi.md) and [GraphQL](graphql.md) documentations
14 | or schemas by API Platform (there is a 1-1 mapping between this class and those docs).
15 | 
16 | Then, it's up to the developer to feed API Platform with an hydrated instance of this API resource
17 | object by implementing the [`ProviderInterface`](state-providers.md). Basically, the state provider
18 | will query the persistence system (RDBMS, document or graph DB, external API...), and must hydrate
19 | and return the POPO that has been designed as mentioned above.
20 | 
21 | When updating a state (`POST`, `PUT`, `PATCH`, `DELETE` HTTP methods), it's up to the developer to
22 | properly persist the data provided by API Platform's resource object
23 | [hydrated by the serializer](serialization.md). To do so, there is another interface to implement:
24 | [`ProcessorInterface`](state-processors.md).
25 | 
26 | This class will read the API resource object (the one marked with `#[ApiResource]`) and:
27 | 
28 | - persist it directly in the database;
29 | - or hydrate a DTO then trigger a command;
30 | - or populate an event store;
31 | - or persist the data in any other useful way.
32 | 
33 | The logic of state processors is the responsibility of application developers, and is **out of the
34 | API Platform's scope**.
35 | 
36 | For [Rapid Application Development](https://en.wikipedia.org/wiki/Rapid_application_development),
37 | convenience and prototyping, **if and only if the class marked with `#[ApiResource]` is also a
38 | Doctrine entity**, the developer can use the Doctrine ORM's state provider and processor
39 | implementations shipped with API Platform.
40 | 
41 | In this case, the public (`#[ApiResource]`) and internal (Doctrine entity) data models are shared.
42 | Then, API Platform will be able to query, filter, paginate and persist data automatically. This
43 | approach is super-convenient and efficient, but is probably **not a good idea** for
44 | non-[CRUD](https://en.wikipedia.org/wiki/Create,_read,_update_and_delete) and/or large systems.
45 | Again, it's up to the developers to use, or to not use these built-in state providers/processors
46 | depending on the business logic they are dealing with. API Platform makes it easy to create custom
47 | state providers and processors. It also makes it easy to implement patterns such as
48 | [CQS](https://www.martinfowler.com/bliki/CommandQuerySeparation.html) or
49 | [CQRS](https://martinfowler.com/bliki/CQRS.html) thanks to
50 | [the Messenger Component integration](../symfony/messenger.md) and the [DTO support](dto.md).
51 | 
52 | Last but not least, to create
53 | [Event Sourcing](https://martinfowler.com/eaaDev/EventSourcing.html)-based systems, a convenient
54 | approach is:
55 | 
56 | - to persist data in an event store using a Messenger handler or a custom
57 |   [state processor](state-processors.md)
58 | - to create projections in standard RDBMS (PostgreSQL, MariaDB...) tables or views
59 | - to map those projections with read-only Doctrine entity classes **and** to mark those classes with
60 |   `#[ApiResource]`
61 | 
62 | You can then benefit from the built-in Doctrine filters, sorting, pagination, auto-joins and all of
63 | [the extension points](extending.md) provided by API Platform.
64 | 


--------------------------------------------------------------------------------
/core/operation-path-naming.md:
--------------------------------------------------------------------------------
  1 | # Operation Path Naming
  2 | 
  3 | With API Platform Core, you can configure the default resolver used to generate operation paths.
  4 | Pre-registered resolvers are available and can easily be overridden.
  5 | 
  6 | ## Configuration
  7 | 
  8 | There are two pre-registered operation path naming services:
  9 | 
 10 | | Service name                                                   | Entity name  | Path result     |
 11 | | -------------------------------------------------------------- | ------------ | --------------- |
 12 | | `api_platform.metadata.path_segment_name_generator.underscore` | `MyResource` | `/my_resources` |
 13 | | `api_platform.metadata.path_segment_name_generator.dash`       | `MyResource` | `/my-resources` |
 14 | 
 15 | The default resolver is `api_platform.metadata.path_segment_name_generator.underscore`.
 16 | 
 17 | ### Configuration using Symfony
 18 | 
 19 | To change it to the dash resolver, add the following lines to
 20 | `api/config/packages/api_platform.yaml`:
 21 | 
 22 | ```yaml
 23 | # api/config/packages/api_platform.yaml
 24 | api_platform:
 25 |     path_segment_name_generator: api_platform.metadata.path_segment_name_generator.dash
 26 | ```
 27 | 
 28 | ### Configuration using Laravel
 29 | 
 30 | To change it to the dash resolver, add the following lines to `config/api-platform.php`:
 31 | 
 32 | ```php
 33 | <?php
 34 | // config/api-platform.php
 35 | return [
 36 |     // ....
 37 |     'path_segment_name_generator' => 'api_platform.metadata.path_segment_name_generator.dash'
 38 | ];
 39 | ```
 40 | 
 41 | ## Create a Custom Operation Path Resolver
 42 | 
 43 | Let's assume we need URLs without separators (e.g. `api.tld/myresources`)
 44 | 
 45 | ### Defining the Operation Segment Name Generator
 46 | 
 47 | Make sure the custom segment generator implements
 48 | [`ApiPlatform\Metadata\Operation\PathSegmentNameGeneratorInterface`](https://github.com/api-platform/core/blob/main/src/Metadata/Operation/PathSegmentNameGeneratorInterface.php):
 49 | 
 50 | ```php
 51 | <?php
 52 | // api/src/Operation/SingularPathSegmentNameGenerator.php with Symfony or app/Operation/SingularPathSegmentNameGenerator.php with Laravel
 53 | namespace App\Operation;
 54 | 
 55 | use ApiPlatform\Metadata\Operation\PathSegmentNameGeneratorInterface;
 56 | 
 57 | class SingularPathSegmentNameGenerator implements PathSegmentNameGeneratorInterface
 58 | {
 59 |     /**
 60 |      * Transforms a given string to a valid path name which can be pluralized (eg. for collections).
 61 |      *
 62 |      * @param string $name usually a ResourceMetadata shortname
 63 |      *
 64 |      * @return string A string that is a part of the route name
 65 |      */
 66 |     public function getSegmentName(string $name, bool $collection = true): string
 67 |     {
 68 |         $name = $this->dashize($name);
 69 | 
 70 |         return $name;
 71 |     }
 72 | 
 73 |     private function dashize(string $string): string
 74 |     {
 75 |         return strtolower(preg_replace('~(?<=\\w)([A-Z])~', '-$1', $string));
 76 |     }
 77 | }
 78 | ```
 79 | 
 80 | Note that `$name` contains a camelCase string, by default the resource class name (e.g.
 81 | `MyResource`).
 82 | 
 83 | ### Registering the Service (for Symfony only)
 84 | 
 85 | If you haven't disabled the autowiring option, the service will be registered automatically and you
 86 | have nothing more to do. Otherwise, you must register this class as a service like in the following
 87 | example:
 88 | 
 89 | ```yaml
 90 | # api/config/services.yaml
 91 | services:
 92 |     # ...
 93 |     'App\Operation\SingularPathSegmentNameGenerator': ~
 94 | ```
 95 | 
 96 | ### Configuring the Service
 97 | 
 98 | #### Configuring It using Symfony
 99 | 
100 | ```yaml
101 | # api/config/packages/api_platform.yaml
102 | api_platform:
103 |     path_segment_name_generator: 'App\Operation\SingularPathSegmentNameGenerator'
104 | ```
105 | 
106 | #### Configuring It using Laravel
107 | 
108 | ```php
109 | <?php
110 | // config/api-platform.php
111 | return [
112 |     // ....
113 |     'path_segment_name_generator' => App\Operation\SingularPathSegmentNameGenerator::class
114 | ];
115 | ```
116 | 


--------------------------------------------------------------------------------
/create-client/custom.md:
--------------------------------------------------------------------------------
  1 | # Custom Generator
  2 | 
  3 | Create Client provides support for many of the popular JS frameworks, but you may be using another
  4 | framework or language and may need a solution adapted to your specific needs. For this scenario, you
  5 | can write your own generator and pass it to the CLI using a path as the `-g` argument.
  6 | 
  7 | You will probably want to extend or, at least, take a look at
  8 | [BaseGenerator.js](https://github.com/api-platform/create-client/blob/main/src/generators/BaseGenerator.js),
  9 | since the library expects some methods to be available, as well as one of the
 10 | [included generators](https://github.com/api-platform/create-client/blob/main/src/generators/BaseGenerator.js)
 11 | to make your own.
 12 | 
 13 | ## Usage
 14 | 
 15 | ```shell
 16 | npm init @api-platform/client -- --generator "$(pwd)/path/to/custom/generator.js" -t "$(pwd)/path/to/templates"
 17 | ```
 18 | 
 19 | The `-g` argument can point to any resolvable node module which means it can be a package dependency
 20 | of the current project as well as any js file.
 21 | 
 22 | ## Example
 23 | 
 24 | Create Client makes use of the [Handlebars](https://handlebarsjs.com/) template engine. You can use
 25 | any programming language or file type. Your generator can also pass data to your templates in any
 26 | shape you want.
 27 | 
 28 | In this example, we'll create a simple [Rust](https://www.rust-lang.org) file defining a new
 29 | `struct` and creating some instances of this `struct`.
 30 | 
 31 | ### Generator
 32 | 
 33 | ```js
 34 | // ./Generator.js
 35 | import BaseGenerator from "@api-platform/create-client/lib/generators/BaseGenerator";
 36 | 
 37 | export default class extends BaseGenerator {
 38 |     constructor(params) {
 39 |         super(params);
 40 | 
 41 |         this.registerTemplates("", ["main.rs"]);
 42 |     }
 43 | 
 44 |     help() {}
 45 | 
 46 |     generate(api, resource, dir) {
 47 |         const context = {
 48 |             type: "Tilia",
 49 |             structure: [
 50 |                 { name: "name", type: "String" },
 51 |                 { name: "min_size", type: "u8" },
 52 |                 { name: "max_size", type: "u8" },
 53 |             ],
 54 |             list: [
 55 |                 {
 56 |                     name: "Tilia cordata",
 57 |                     minSize: 50,
 58 |                     maxSize: 80,
 59 |                 },
 60 |                 {
 61 |                     name: "Tilia platyphyllos",
 62 |                     minSize: 50,
 63 |                     maxSize: 70,
 64 |                 },
 65 |                 {
 66 |                     name: "Tilia tomentosa",
 67 |                     minSize: 50,
 68 |                     maxSize: 70,
 69 |                 },
 70 |                 {
 71 |                     name: "Tilia intermedia",
 72 |                     minSize: 50,
 73 |                     maxSize: 165,
 74 |                 },
 75 |             ],
 76 |         };
 77 | 
 78 |         this.createDir(dir);
 79 | 
 80 |         this.createFile("main.rs", `${dir}/main.rs`, context, false);
 81 |     }
 82 | }
 83 | ```
 84 | 
 85 | ### Template
 86 | 
 87 | ```rs
 88 | // template/main.rs
 89 | struct {{{type}}} {
 90 |   {{#each structure}}
 91 |   {{{name}}}: {{{type}}}
 92 |   {{/each}}
 93 | }
 94 | 
 95 | fn main() {
 96 |   let tilias = [
 97 |   {{#each list}}
 98 |     Tilia { name: "{{{name}}}", min_size: {{{minSize}}}, max_size: {{{maxSize}}}, },
 99 |   {{/each}}
100 |   ];
101 | }
102 | ```
103 | 
104 | Then we can use our generator:
105 | 
106 | ```shell
107 | npm init @api-platform/client https://demo.api-platform.com out/ -g "$(pwd)/Generator.js" -t "$(pwd)/template"
108 | ```
109 | 
110 | which will produces:
111 | 
112 | ```ts
113 | struct Tilia {
114 |   name: String
115 |   min_size: u8
116 |   max_size: u8
117 | }
118 | 
119 | fn main() {
120 |   let tilias = [
121 |     Tilia { name: "Tilia cordata", min_size: 50, max_size: 80, },
122 |     Tilia { name: "Tilia platyphyllos", min_size: 50, max_size: 70, },
123 |     Tilia { name: "Tilia tomentosa", min_size: 50, max_size: 70, },
124 |     Tilia { name: "Tilia intermedia", min_size: 50, max_size: 165, },
125 |   ];
126 | }
127 | ```
128 | 


--------------------------------------------------------------------------------
/laravel/jwt.md:
--------------------------------------------------------------------------------
  1 | # JWT Authentication with Laravel
  2 | 
  3 | > [!NOTE] While solutions like `tymondesigns/jwt-auth` (Laravel) or `LexikJWTAuthenticationBundle`
  4 | > (Symfony) are popular, **we recommend adopting open standards such as
  5 | > [OpenID Connect (OIDC)](https://openid.net/connect/)** for robust, scalable, and interoperable
  6 | > authentication.
  7 | 
  8 | For comprehensive details on authentication, refer to our
  9 | [Laravel Authentication documentation](../laravel/index.md#authentication).
 10 | 
 11 | ## Setup Instructions
 12 | 
 13 | 1. **Install**  
 14 |    Follow the official installation guide of
 15 |    [Laravel Passport](https://laravel.com/docs/passport#installation) to implement OpenID Connect
 16 |    (OIDC) standards in your Laravel application. Alternatively, if you prefer an ad-hoc solution,
 17 |    you can use [tymondesigns/jwt-auth](https://github.com/tymondesigns/jwt-auth) to set up JWT
 18 |    authentication in your Laravel project.
 19 | 
 20 | 2. **Configure Authentication**  
 21 |    Refer to the [Authentication section](../laravel/index.md#authentication) of our documentation to
 22 |    properly configure and secure your API with JWT tokens.
 23 | 
 24 | > [!TIP] Use [Laravel middlewares with API Platform](../laravel/index.md#middlewares) such as
 25 | > `auth:api` to restrict access to certain endpoints, ensuring only authenticated users can access
 26 | > them.
 27 | 
 28 | By following these steps, you can set up a secure and scalable JWT-based authentication system in
 29 | your Laravel application.
 30 | 
 31 | ## Testing
 32 | 
 33 | To verify your authentication setup using `ApiTestCase`, you can write a test method tailored to
 34 | your preferred testing framework. Here's how you can approach it for both **Pest** and **PHPUnit**:
 35 | 
 36 | > [!NOTE] Ensure your routes (/api/auth) and authentication mechanisms are configured to match your
 37 | > application's implementation.
 38 | 
 39 | ### Test with Pest
 40 | 
 41 | ```php
 42 | <?php
 43 | 
 44 | use App\Models\User;
 45 | use Illuminate\Foundation\Testing\RefreshDatabase;
 46 | 
 47 | uses(RefreshDatabase::class);
 48 | 
 49 | it('authenticates a user and tests protected endpoints', function () {
 50 |     // Create a user
 51 |     $user = User::factory()->create([
 52 |         'email' => 'test@example.com',
 53 |         'password' => bcrypt('$3CR3T'), // Hash the password
 54 |     ]);
 55 | 
 56 |     // Retrieve a token
 57 |     $response = $this->postJson('/api/auth', [
 58 |         'email' => 'test@example.com',
 59 |         'password' => '$3CR3T',
 60 |     ]);
 61 | 
 62 |     $response->assertStatus(200)
 63 |         ->assertJsonStructure(['token']);
 64 | 
 65 |     $token = $response->json('token');
 66 | 
 67 |     // Test not authorized
 68 |     $this->getJson('/api/greetings')
 69 |         ->assertStatus(401);
 70 | 
 71 |     // Test authorized
 72 |     $this->withHeader('Authorization', "Bearer $token")
 73 |         ->getJson('/api/greetings')
 74 |         ->assertStatus(200);
 75 | });
 76 | ```
 77 | 
 78 | ### Test with PHPUnit
 79 | 
 80 | ```php
 81 | <?php
 82 | 
 83 | namespace Tests\Feature;
 84 | 
 85 | use App\Models\User;
 86 | use Illuminate\Foundation\Testing\RefreshDatabase;
 87 | use Tests\TestCase;
 88 | 
 89 | class AuthenticationTest extends TestCase
 90 | {
 91 |     use RefreshDatabase;
 92 | 
 93 |     public function testLogin(): void
 94 |     {
 95 |         $user = User::factory()->create([
 96 |             'email' => 'test@example.com',
 97 |             'password' => bcrypt('$3CR3T'), // Hash the password
 98 |         ]);
 99 | 
100 |         // Retrieve a token
101 |         $response = $this->postJson('/api/auth', [
102 |             'email' => 'test@example.com',
103 |             'password' => '$3CR3T',
104 |         ]);
105 | 
106 |         $response->assertStatus(200)
107 |             ->assertJsonStructure(['token']);
108 | 
109 |         $token = $response->json('token');
110 | 
111 |         // Test not authorized
112 |         $this->getJson('/api/greetings')
113 |             ->assertStatus(401);
114 | 
115 |         // Test authorized
116 |         $this->withHeader('Authorization', "Bearer $token")
117 |             ->getJson('/api/greetings')
118 |             ->assertStatus(200);
119 |     }
120 | }
121 | ```
122 | 


--------------------------------------------------------------------------------
/core/extending-jsonld-context.md:
--------------------------------------------------------------------------------
  1 | # Extending JSON-LD AND Hydra Contexts
  2 | 
  3 | ## JSON-LD
  4 | 
  5 | <p align="center" class="symfonycasts"><a href="https://symfonycasts.com/screencast/api-platform/json-ld?cid=apip"><img src="../symfony/images/symfonycasts-player.png" alt="JSON-LD screencast"><br>Watch the JSON-LD screencast</a></p>
  6 | 
  7 | API Platform provides the possibility to extend the JSON-LD context of properties. This allows you
  8 | to describe JSON-LD-typed values, inverse properties using the `@reverse` keyword, and you can even
  9 | overwrite the `@id` property this way. Everything you define within the following annotation will be
 10 | passed to the context. This provides a generic way to extend the context.
 11 | 
 12 | ```php
 13 | <?php
 14 | // api/src/ApiResource/Book.php with Symfony or app/ApiResource/Book.php with Laravel
 15 | namespace App\ApiResource;
 16 | 
 17 | use ApiPlatform\Metadata\ApiProperty;
 18 | use ApiPlatform\Metadata\ApiResource;
 19 | 
 20 | #[ApiResource(types: ['https://schema.org/Book'])]
 21 | class Book
 22 | {
 23 |     // ...
 24 | 
 25 |     #[ApiProperty(
 26 |         types: ['https://schema.org/name'],
 27 |         jsonldContext: [
 28 |             '@id' => 'http://yourcustomid.com',
 29 |             '@type' => 'http://www.w3.org/2001/XMLSchema#string',
 30 |             'someProperty' => [
 31 |                 'a' => 'textA',
 32 |                 'b' => 'textB'
 33 |             ]
 34 |         ]
 35 |     )]
 36 |     public $name;
 37 | 
 38 |     // ...
 39 | }
 40 | ```
 41 | 
 42 | The generated context will now have your custom attributes set:
 43 | 
 44 | `GET /contexts/Book`
 45 | 
 46 | ```json
 47 | {
 48 |     "@context": {
 49 |         "@vocab": "http://example.com/apidoc#",
 50 |         "hydra": "http://www.w3.org/ns/hydra/core#",
 51 |         "name": {
 52 |             "@id": "http://yourcustomid.com",
 53 |             "@type": "http://www.w3.org/2001/XMLSchema#string",
 54 |             "someProperty": {
 55 |                 "a": "textA",
 56 |                 "b": "textB"
 57 |             }
 58 |         }
 59 |     }
 60 | }
 61 | ```
 62 | 
 63 | Note that you do not have to provide the `@id` attribute. If you do not provide an `@id` attribute,
 64 | the value from `iri` will be used.
 65 | 
 66 | ## Hydra
 67 | 
 68 | <p align="center" class="symfonycasts"><a href="https://symfonycasts.com/screencast/api-platform/hydra?cid=apip"><img src="../symfony/images/symfonycasts-player.png" alt="Hydra screencast"><br>Watch the Hydra screencast</a></p>
 69 | 
 70 | It's also possible to replace the Hydra context used by the documentation generator:
 71 | 
 72 | <code-selector>
 73 | 
 74 | ```php
 75 | <?php
 76 | // api/src/ApiResource/Book.php with Symfony or app/ApiResource/Book.php with Laravel
 77 | namespace App\ApiResource;
 78 | 
 79 | use ApiPlatform\Metadata\ApiResource;
 80 | use ApiPlatform\Metadata\Get;
 81 | 
 82 | #[ApiResource(operations: [
 83 |   new Get(hydraContext: ['foo' => 'bar'])
 84 | ])]
 85 | class Book
 86 | {
 87 |     //...
 88 | }
 89 | ```
 90 | 
 91 | ```yaml
 92 | # api/config/api_platform/resources.yaml
 93 | # The YAML syntax is only supported for Symfony
 94 | resources:
 95 |     App\ApiResource\Book:
 96 |         operations:
 97 |             ApiPlatform\Metadata\Get:
 98 |                 hydraContext: { foo: "bar" }
 99 | ```
100 | 
101 | ```xml
102 | <?xml version="1.0" encoding="UTF-8" ?>
103 | <!-- api/config/api_platform/resources.xml -->
104 | <!-- The XML syntax is only supported for Symfony -->
105 | 
106 | <resources xmlns="https://api-platform.com/schema/metadata/resources-3.0"
107 |            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
108 |            xsi:schemaLocation="https://api-platform.com/schema/metadata/resources-3.0
109 |            https://api-platform.com/schema/metadata/resources-3.0.xsd">
110 |     <resource class="App\ApiResource\Book">
111 |         <operations>
112 |             <operation class="ApiPlatform\Metadata\Get">
113 |                 <hydraContext>
114 |                     <values>
115 |                         <value name="foo">bar</value>
116 |                     </values>
117 |                 </hydraContext>
118 |             </operation>
119 |         </operations>
120 |     </resource>
121 | </resources>
122 | ```
123 | 
124 | </code-selector>
125 | 


--------------------------------------------------------------------------------
/core/default-order.md:
--------------------------------------------------------------------------------
  1 | # Overriding Default Order
  2 | 
  3 | API Platform provides an easy way to override the default order of items in your collection.
  4 | 
  5 | By default, items in the collection are ordered in ascending (ASC) order by their resource
  6 | identifier(s). If you want to customize this order, you must add an `order` attribute on your
  7 | ApiResource annotation:
  8 | 
  9 | <code-selector>
 10 | 
 11 | ```php
 12 | <?php
 13 | // api/src/ApiResource/Book.php with Symfony or app/ApiResource/Book.php with Laravel
 14 | namespace App\ApiResource;
 15 | 
 16 | use ApiPlatform\Metadata\ApiResource;
 17 | 
 18 | #[ApiResource(order: ['foo' => 'ASC'])]
 19 | class Book
 20 | {
 21 |     // ...
 22 | 
 23 |     /**
 24 |      * ...
 25 |      */
 26 |     public $foo;
 27 | 
 28 |     // ...
 29 | }
 30 | ```
 31 | 
 32 | ```yaml
 33 | # api/config/api_platform/resources/Book.yaml
 34 | # The YAML syntax is only supported for Symfony
 35 | App\ApiResource\Book:
 36 |     order:
 37 |         foo: ASC
 38 | ```
 39 | 
 40 | </code-selector>
 41 | 
 42 | This `order` attribute is used as an array: the key defines the order field, the values defines the
 43 | direction. If you only specify the key, `ASC` direction will be used as default. For example, to
 44 | order by `foo` & `bar`:
 45 | 
 46 | <code-selector>
 47 | 
 48 | ```php
 49 | <?php
 50 | // api/src/ApiResource/Book.php with Symfony or app/ApiResource/Book.php with Laravel
 51 | namespace App\ApiResource;
 52 | 
 53 | use ApiPlatform\Metadata\ApiResource;
 54 | 
 55 | #[ApiResource(order: ['foo', 'bar'])]
 56 | class Book
 57 | {
 58 |     // ...
 59 | 
 60 |     /**
 61 |      * ...
 62 |      */
 63 |     public $foo;
 64 | 
 65 |     /**
 66 |      * ...
 67 |      */
 68 |     public $bar;
 69 | 
 70 |     // ...
 71 | }
 72 | ```
 73 | 
 74 | ```yaml
 75 | # api/config/api_platform/resources/Book.yaml
 76 | # The YAML syntax is only supported for Symfony
 77 | App\ApiResource\Book:
 78 |     order: ["foo", "bar"]
 79 | ```
 80 | 
 81 | </code-selector>
 82 | 
 83 | It's also possible to configure the default order on an association property:
 84 | 
 85 | <code-selector>
 86 | 
 87 | ```php
 88 | <?php
 89 | // api/src/ApiResource/Book.php with Symfony or app/ApiResource/Book.php with Laravel
 90 | namespace App\ApiResource;
 91 | 
 92 | use ApiPlatform\Metadata\ApiResource;
 93 | 
 94 | #[ApiResource(order: ['author.username'])]
 95 | class Book
 96 | {
 97 |     // ...
 98 | 
 99 |     /**
100 |      * @var User
101 |      */
102 |     public $author;
103 | 
104 |     // ...
105 | }
106 | ```
107 | 
108 | ```yaml
109 | # api/config/api_platform/resources/Book.yaml
110 | # The YAML syntax is only supported for Symfony
111 | App\ApiResource\Book:
112 |     order: ["author.username"]
113 | ```
114 | 
115 | </code-selector>
116 | 
117 | Another possibility is to apply the default order for a specific collection operation, which will
118 | override the global default order configuration.
119 | 
120 | <code-selector>
121 | 
122 | ```php
123 | <?php
124 | // api/src/ApiResource/Book.php with Symfony or app/ApiResource/Book.php with Laravel
125 | namespace App\ApiResource;
126 | 
127 | use ApiPlatform\Metadata\GetCollection;
128 | use ApiPlatform\Metadata\ApiResource;
129 | 
130 | #[ApiResource(operations: [
131 |     new GetCollection(),
132 |     new GetCollection(name: 'get_desc_custom', uriTemplate: 'custom_collection_desc_foos', order: ['name' => 'DESC'])],
133 |     new GetCollection(name: 'get_asc_custom', uriTemplate: 'custom_collection_asc_foos', order: ['name' => 'ASC'])]
134 | ])]
135 | class Book
136 | {
137 |     // ...
138 | 
139 |     /**
140 |      * @var string
141 |      */
142 |     public $name;
143 | 
144 |     // ...
145 | }
146 | ```
147 | 
148 | ```yaml
149 | # api/config/api_platform/resources/Book.yaml
150 | # The YAML syntax is only supported for Symfony
151 | App\ApiResource\Book:
152 |     ApiPlatform\Metadata\GetCollection: ~
153 |     get_desc_custom:
154 |         class: ApiPlatform\Metadata\GetCollection
155 |         uriTemplate: custom_collection_desc_foos
156 |         order:
157 |             name: DESC
158 |     get_asc_custom:
159 |         class: ApiPlatform\Metadata\GetCollection
160 |         uriTemplate: custom_collection_asc_foos
161 |         order:
162 |             name: ASC
163 | ```
164 | 
165 | </code-selector>
166 | 


--------------------------------------------------------------------------------
/create-client/nextjs.md:
--------------------------------------------------------------------------------
  1 | # Next.js Generator
  2 | 
  3 | ![List screenshot](images/nextjs/create-client-nextjs-list.png)
  4 | 
  5 | The Next.js generator scaffolds components for server-side rendered (SSR) applications using
  6 | [Next.js](https://nextjs.org/).
  7 | 
  8 | ## Install
  9 | 
 10 | The easiest way to get started is to install
 11 | [the API Platform Symfony variant](../symfony/index.md). It contains a Next.js skeleton generated
 12 | with Create Next App, a development Docker container to serve the webapp, and all the API Platform
 13 | components you may need, including an API server supporting Hydra and OpenAPI.
 14 | 
 15 | If you use API Platform, jump to the next section!
 16 | 
 17 | Alternatively, create a Next.js application by executing:
 18 | 
 19 | - Pnpm (recommended)
 20 | 
 21 |     ```console
 22 |     pnpm create next-app --typescript
 23 |     ```
 24 | 
 25 | - Npm
 26 | 
 27 |     ```console
 28 |     npm init next-app --typescript
 29 |     ```
 30 | 
 31 | - Yarn
 32 | 
 33 |     ```console
 34 |     yarn reate next-app --typescript
 35 |     ```
 36 | 
 37 | Install the required dependencies:
 38 | 
 39 | - Pnpm (recommended)
 40 | 
 41 |     ```console
 42 |     pnpm install isomorphic-unfetch formik react-query
 43 |     ```
 44 | 
 45 | - Npm
 46 | 
 47 |     ```console
 48 |     npm install isomorphic-unfetch formik react-query
 49 |     ```
 50 | 
 51 | - Yarn
 52 | 
 53 |     ```console
 54 |     yarn add isomorphic-unfetch formik react-query
 55 |     ```
 56 | 
 57 | The generated HTML will contain [Tailwind CSS](https://tailwindcss.com) classes. Optionally,
 58 | [follow the Tailwind installation guide for Next.js projects](https://tailwindcss.com/docs/guides/nextjs)
 59 | (Tailwind is preinstalled in [the API Platform Symfony variant](../symfony/index.md))
 60 | 
 61 | ## Generating Routes
 62 | 
 63 | If you are using the [API Platform Distribution with Symfony](../symfony/index.md) generating all
 64 | the code you need for a given resource is as simple as running the following command:
 65 | 
 66 | ```console
 67 | docker compose exec pwa \
 68 |     pnpm create @api-platform/client --resource book -g next
 69 | ```
 70 | 
 71 | Omit the resource flag to generate files for all resource types exposed by the API.
 72 | 
 73 | Or if you don't use the standalone installation, run the following command instead:
 74 | 
 75 | - Pnpm (recommended)
 76 | 
 77 |     ```console
 78 |     pnpm create @api-platform/client https://demo.api-platform.com . --generator next --resource book
 79 |     ```
 80 | 
 81 | - Npm
 82 | 
 83 |     ```console
 84 |     npm init @api-platform/client https://demo.api-platform.com . -- --generator next --resource book
 85 |     ```
 86 | 
 87 | - Yarn
 88 | 
 89 |     ```console
 90 |     yarn create @api-platform/client https://demo.api-platform.com . --generator next --resource book
 91 |     ```
 92 | 
 93 | Replace the URL by the entrypoint of your Hydra-enabled API. You can also use an OpenAPI
 94 | documentation with `-f openapi3`.
 95 | 
 96 | The code has been generated, and is ready to be executed!
 97 | 
 98 | Add the layout to the app:
 99 | 
100 | ```typescript
101 | import type { AppProps } from "next/app";
102 | import type { DehydratedState } from "react-query";
103 | 
104 | import Layout from "../components/common/Layout";
105 | 
106 | const App = ({ Component, pageProps }: AppProps<{dehydratedState: DehydratedState}>) => (
107 |   <Layout dehydratedState={pageProps.dehydratedState}>
108 |     <Component {...pageProps} />
109 |   </Layout>
110 | );
111 | 
112 | export default App;
113 | ```
114 | 
115 | ## Starting the Project
116 | 
117 | You can launch the server with:
118 | 
119 | - Pnpm (recommended)
120 | 
121 |     ```console
122 |     pnpm dev
123 |     ```
124 | 
125 | - Npm
126 | 
127 |     ```console
128 |     npm run dev
129 |     ```
130 | 
131 | - Yarn
132 | 
133 |     ```console
134 |     yarn dev
135 |     ```
136 | 
137 | Go to `http://localhost:3000/books/` to start using your app.
138 | 
139 | ## Generating a production build locally with docker compose
140 | 
141 | If you want to generate a production build locally with docker compose, follow
142 | [these instructions](../deployment/docker-compose.md).
143 | 
144 | ## Screenshots
145 | 
146 | ![List](images/nextjs/create-client-nextjs-list.png)
147 | ![Show](images/nextjs/create-client-nextjs-show.png)
148 | 


--------------------------------------------------------------------------------
/core/external-vocabularies.md:
--------------------------------------------------------------------------------
 1 | # Using External Vocabularies
 2 | 
 3 | JSON-LD allows to define classes and properties of your API with open vocabularies such as
 4 | [Schema.org](https://schema.org) and
 5 | [Good Relations](https://www.heppnetz.de/projects/goodrelations/).
 6 | 
 7 | API Platform provides attributes usable on PHP classes and properties for specifying a related
 8 | external [IRI](https://en.wikipedia.org/wiki/Internationalized_resource_identifier).
 9 | 
10 | ```php
11 | <?php
12 | // api/src/ApiResource/Book.php with Symfony or app/ApiResource/Book.php with Laravel
13 | namespace App\ApiResource;
14 | 
15 | use ApiPlatform\Metadata\ApiProperty;
16 | use ApiPlatform\Metadata\ApiResource;
17 | 
18 | #[ApiResource(types: ['https://schema.org/Book'])]
19 | class Book
20 | {
21 |     // ...
22 | 
23 |     #[ApiProperty(types: ['https://schema.org/name'])]
24 |     public $name;
25 | 
26 |     // ...
27 | }
28 | ```
29 | 
30 | The generated JSON for products and the related context document will now use external IRIs
31 | according to the specified attributes:
32 | 
33 | `GET /books/22`
34 | 
35 | ```json
36 | {
37 |     "@context": "/contexts/Book",
38 |     "@id": "/books/22",
39 |     "@type": "https://schema.org/Book",
40 |     "name": "My awesome book"
41 | }
42 | ```
43 | 
44 | `GET /contexts/Book`
45 | 
46 | ```json
47 | {
48 |     "@context": {
49 |         "@vocab": "http://example.com/apidoc#",
50 |         "hydra": "http://www.w3.org/ns/hydra/core#",
51 |         "name": "https://schema.org/name"
52 |     }
53 | }
54 | ```
55 | 
56 | An extended list of existing open vocabularies is available on
57 | [the Linked Open Vocabularies (LOV) database](https://lov.linkeddata.es/dataset/lov/).
58 | 
59 | By default, when using [validations](validation.md) API Platform will try to define known
60 | [Schema.org](https://schema.org) types as IRIs for your properties if you did not provide any in
61 | your `#[ApiProperty]` attributes.
62 | 
63 | - Symfony built-in mapping is:
64 | 
65 |     | Constraints                                          | Schema.org type                    |
66 |     | ---------------------------------------------------- | ---------------------------------- |
67 |     | `Symfony\Component\Validator\Constraints\Url`        | `https://schema.org/url`           |
68 |     | `Symfony\Component\Validator\Constraints\Email`      | `https://schema.org/email`         |
69 |     | `Symfony\Component\Validator\Constraints\Uuid`       | `https://schema.org/identifier`    |
70 |     | `Symfony\Component\Validator\Constraints\CardScheme` | `https://schema.org/identifier`    |
71 |     | `Symfony\Component\Validator\Constraints\Bic`        | `https://schema.org/identifier`    |
72 |     | `Symfony\Component\Validator\Constraints\Iban`       | `https://schema.org/identifier`    |
73 |     | `Symfony\Component\Validator\Constraints\Date`       | `https://schema.org/Date`          |
74 |     | `Symfony\Component\Validator\Constraints\DateTime`   | `https://schema.org/DateTime`      |
75 |     | `Symfony\Component\Validator\Constraints\Time`       | `https://schema.org/Time`          |
76 |     | `Symfony\Component\Validator\Constraints\Image`      | `https://schema.org/image`         |
77 |     | `Symfony\Component\Validator\Constraints\File`       | `https://schema.org/MediaObject`   |
78 |     | `Symfony\Component\Validator\Constraints\Currency`   | `https://schema.org/priceCurrency` |
79 |     | `Symfony\Component\Validator\Constraints\Isbn`       | `https://schema.org/isbn`          |
80 |     | `Symfony\Component\Validator\Constraints\Issn`       | `https://schema.org/issn`          |
81 | 
82 | - Laravel built-in mapping is:
83 | 
84 |     | Laravel Validation Rule   | Schema.org Type                  |
85 |     | ------------------------- | -------------------------------- |
86 |     | `url`                     | `https://schema.org/url`         |
87 |     | `email`                   | `https://schema.org/email`       |
88 |     | `uuid`                    | `https://schema.org/identifier`  |
89 |     | `date`                    | `https://schema.org/Date`        |
90 |     | `date_format:Y-m-d H:i:s` | `https://schema.org/DateTime`    |
91 |     | `date_format:H:i`         | `https://schema.org/Time`        |
92 |     | `image`                   | `https://schema.org/image`       |
93 |     | `mimes` or `mimetypes`    | `https://schema.org/MediaObject` |
94 | 


--------------------------------------------------------------------------------
/admin/validation.md:
--------------------------------------------------------------------------------
  1 | # Validation
  2 | 
  3 | API Platform Admin manages automatically two types of validation: client-side validation and
  4 | server-side (or submission) validation.
  5 | 
  6 | ## Client-side Validation
  7 | 
  8 | If the API documentation indicates that a field is mandatory, API Platform Admin will automatically
  9 | add a
 10 | [required client-side validation](https://marmelab.com/react-admin/Validation.html#per-input-validation-built-in-field-validators).
 11 | 
 12 | For instance, with API Platform as backend, if you write the following:
 13 | 
 14 | ```php
 15 | <?php
 16 | // api/src/Entity/Book.php
 17 | namespace App\Entity;
 18 | 
 19 | use ApiPlatform\Metadata\ApiResource;
 20 | use Symfony\Component\Validator\Constraints as Assert;
 21 | 
 22 | #[ApiResource]
 23 | class Book
 24 | {
 25 |     #[Assert\NotBlank]
 26 |     public ?string $title = null;
 27 | }
 28 | ```
 29 | 
 30 | If you create a new book and try to submit without filling the "Title" field, you will see:
 31 | 
 32 | ![Required title field](images/required-field.png)
 33 | 
 34 | ## Server-side Validation
 35 | 
 36 | When the form is submitted and if submission errors are received, API Platform Admin will
 37 | automatically show the errors for the corresponding fields.
 38 | 
 39 | To do so, it uses the
 40 | [Server-Side Validation](https://marmelab.com/react-admin/Validation.html#server-side-validation)
 41 | feature of React Admin, and the mapping between the response and the fields is done by the
 42 | [schema analyzer](components.md#hydra-schema-analyzer) with its method `getSubmissionErrors`.
 43 | 
 44 | API Platform is supported by default, but if you use another backend, you will need to override the
 45 | `getSubmissionErrors` method.
 46 | 
 47 | For example if you have this code:
 48 | 
 49 | ```php
 50 | <?php
 51 | // api/src/Entity/Book.php
 52 | namespace App\Entity;
 53 | 
 54 | use ApiPlatform\Metadata\ApiResource;
 55 | use Symfony\Component\Validator\Constraints as Assert;
 56 | 
 57 | #[ApiResource]
 58 | class Book
 59 | {
 60 |     #[Assert\Isbn]
 61 |     public ?string $isbn = null;
 62 | }
 63 | ```
 64 | 
 65 | If you submit the form with an invalid ISBN, you will see:
 66 | 
 67 | ![Submission error field](images/submission-error-field.png)
 68 | 
 69 | ## Validation With React Admin Inputs
 70 | 
 71 | If you replace an `<InputGuesser>` with a React Admin
 72 | [input component](https://marmelab.com/react-admin/Inputs.html), such as
 73 | [`<TextInput>`](https://marmelab.com/react-admin/TextInput.html),
 74 | [`<DateInput>`](https://marmelab.com/react-admin/DateInput.html) or
 75 | [`<ReferenceInput>`](https://marmelab.com/react-admin/ReferenceInput.html), you will need to
 76 | **manually add the validation rules back**.
 77 | 
 78 | Fortunately, this is very easy to do, thanks to the
 79 | [`validate`](https://marmelab.com/react-admin/Inputs.html#validate) prop of the input components.
 80 | 
 81 | For instance, here is how to replace the input for the required `title` field:
 82 | 
 83 | ```diff
 84 | import { EditGuesser, InputGuesser } from '@api-platform/admin';
 85 | +import { TextInput, required } from 'react-admin';
 86 | 
 87 | export const BookEdit = () => (
 88 |     <EditGuesser>
 89 | -       <InputGuesser source="title" />
 90 | +       <TextInput source="title" validate={required()} />
 91 |     </EditGuesser>
 92 | );
 93 | ```
 94 | 
 95 | React Admin already comes with several
 96 | [built-in validators](https://marmelab.com/react-admin/Validation.html#per-input-validation-built-in-field-validators),
 97 | such as:
 98 | 
 99 | - `required(message)` if the field is mandatory,
100 | - `minValue(min, message)` to specify a minimum value for integers,
101 | - `maxValue(max, message)` to specify a maximum value for integers,
102 | - `minLength(min, message)` to specify a minimum length for strings,
103 | - `maxLength(max, message)` to specify a maximum length for strings,
104 | - `number(message)` to check that the input is a valid number,
105 | - `email(message)` to check that the input is a valid email address,
106 | - `regex(pattern, message)` to validate that the input matches a regular expression,
107 | - `choices(list, message)` to validate that the input is within a given list
108 | 
109 | React Admin also supports
110 | [Global Validation](https://marmelab.com/react-admin/Validation.html#global-validation) (at the form
111 | level).
112 | 
113 | Check out the [Form Validation](https://marmelab.com/react-admin/Validation.html) documentation to
114 | learn more.
115 | 


--------------------------------------------------------------------------------
/deployment/heroku.md:
--------------------------------------------------------------------------------
  1 | # Deploying an API Platform App on Heroku
  2 | 
  3 | [Heroku](https://www.heroku.com) is a popular, fast, scalable and reliable _Platform As A Service_
  4 | (PaaS). As Heroku offers a free plan including database support through
  5 | [Heroku Postgres](https://www.heroku.com/postgres), it's a convenient way to experiment with API
  6 | Platform.
  7 | 
  8 | The API Platform Heroku integration also supports MySQL databases provided by
  9 | [the ClearDB add-on](https://addons.heroku.com/cleardb).
 10 | 
 11 | Deploying API Platform applications on Heroku is straightforward and you will learn how to do it in
 12 | this tutorial.
 13 | 
 14 | _Note: this tutorial works perfectly well with API Platform but also with any Symfony application
 15 | based on the Symfony Standard Edition._
 16 | 
 17 | If you don't already have one, [create an account on Heroku](https://signup.heroku.com/signup/dc).
 18 | Then install
 19 | [the Heroku toolbelt](https://devcenter.heroku.com/articles/getting-started-with-php#set-up). We're
 20 | guessing you already have a working install of [Composer](https://getcomposer.org/). Perfect, we
 21 | will need it.
 22 | 
 23 | Create a new [API Platform Symfony project](symfony/index.md) which will be used in the rest of this
 24 | example.
 25 | 
 26 | Heroku relies on [environment variables](https://devcenter.heroku.com/articles/config-vars) for its
 27 | configuration. Regardless of what provider you choose for hosting your application, using
 28 | environment variables to configure your production environment is a best practice promoted by API
 29 | Platform.
 30 | 
 31 | Create a Heroku `app.json` file at the root of the `api/` directory to configure the deployment:
 32 | 
 33 | ```json
 34 | {
 35 |     "success_url": "/",
 36 |     "env": {
 37 |         "APP_ENV": "prod",
 38 |         "APP_SECRET": { "generator": "secret" },
 39 |         "CORS_ALLOW_ORIGIN": "https://your-client-url.com"
 40 |     },
 41 |     "addons": ["heroku-postgresql"],
 42 |     "buildpacks": [
 43 |         {
 44 |             "url": "https://github.com/heroku/heroku-buildpack-php"
 45 |         }
 46 |     ],
 47 |     "scripts": {
 48 |         "postdeploy": "php bin/console doctrine:schema:create"
 49 |     }
 50 | }
 51 | ```
 52 | 
 53 | The file also tells the Heroku deployment system to build a PHP container and to add the Postgres
 54 | add-on.
 55 | 
 56 | We are almost done, but API Platform (and Symfony) has a particular directory structure which
 57 | requires further configuration. We must tell Heroku that the document root is `public/`, and that
 58 | all other directories must be private.
 59 | 
 60 | Create a new file named `Procfile` in the `api/` directory with the following content:
 61 | 
 62 | ```yaml
 63 | web: vendor/bin/heroku-php-apache2 public/
 64 | ```
 65 | 
 66 | Be sure to add the Apache Pack to your dependencies:
 67 | 
 68 | ```console
 69 | composer require symfony/apache-pack
 70 | ```
 71 | 
 72 | As Heroku doesn't support Varnish out of the box, let's disable its integration:
 73 | 
 74 | ```diff
 75 | # api/config/packages/api_platform.yaml
 76 | -    http_cache:
 77 | -        invalidation:
 78 | -            enabled: true
 79 | -            varnish_urls: ['%env(VARNISH_URL)%']
 80 | -        max_age: 0
 81 | -        shared_max_age: 3600
 82 | -        vary: ['Content-Type', 'Authorization', 'Origin']
 83 | -        public: true
 84 | ```
 85 | 
 86 | Heroku provides another free service, [Logplex](https://devcenter.heroku.com/articles/logplex),
 87 | which allows us to centralize and persist application logs. Because API Platform writes logs on
 88 | `STDERR`, it will work seamlessly.
 89 | 
 90 | However, if you use Monolog instead of the default logger, you'll need to configure it to output to
 91 | `STDERR` instead of in a file.
 92 | 
 93 | Open `api/config/packages/prod/monolog.yaml` and apply the following patch:
 94 | 
 95 | ```diff
 96 |      handlers:
 97 |          nested:
 98 |              type: stream
 99 | -            path: "%kernel.logs_dir%/%kernel.environment%.log"
100 | +            path: php://stderr
101 |              level: debug
102 | ```
103 | 
104 | We are now ready to deploy our app!
105 | 
106 | Go to the `api/` directory, then
107 | 
108 | 1. Initialize a Git repository:
109 | 
110 | ```console
111 | git init
112 | ```
113 | 
114 | 1. Add all existing files:
115 | 
116 | ```console
117 | git add --all
118 | ```
119 | 
120 | 1. Commit:
121 | 
122 | ```console
123 | git commit -a -m "My first API Platform app running on Heroku!"
124 | ```
125 | 
126 | 1. Create the Heroku application:
127 | 
128 | ```console
129 | heroku create
130 | ```
131 | 
132 | 1. And deploy for the first time:
133 | 
134 | ```console
135 | git push heroku master
136 | ```
137 | 
138 | **We're done.** You can play with the demo API provided with API Platform. It is ready for
139 | production and you can scale it in one click from the Heroku interface.
140 | 
141 | To see your logs, run `heroku logs --tail`.
142 | 


--------------------------------------------------------------------------------
/extra/troubleshooting.md:
--------------------------------------------------------------------------------
  1 | # Troubleshooting
  2 | 
  3 | This is a list of common pitfalls while using API Platform, and how to avoid them.
  4 | 
  5 | ## Using Docker
  6 | 
  7 | ### With Docker Toolbox on Windows
  8 | 
  9 | Docker Toolbox is not supported anymore by API Platform. Please upgrade to
 10 | [Docker for Windows](https://www.docker.com/docker-windows).
 11 | 
 12 | ### Error Starting The Web Server
 13 | 
 14 | If the `php` container cannot start and display this
 15 | `Error starting userland proxy: Bind for 0.0.0.0:80`, it means that port 80 is already in use. You
 16 | can check to see which processes are currently listening on certain ports.
 17 | 
 18 | Find out if any service listens on port 80. You can use this command on UNIX-based OSes like macOS
 19 | and Linux:
 20 | 
 21 | ```console
 22 | sudo lsof -n -i :80 | grep LISTEN
 23 | ```
 24 | 
 25 | On Windows, you can use `netstat`. This will give you all TCP/IP network connections and not just
 26 | processes listening to port 80.
 27 | 
 28 | ```console
 29 | netstat -a -b
 30 | ```
 31 | 
 32 | The same problem may occur for port 443. In this case, follow the same steps but replace 80 by 443.
 33 | 
 34 | You can change the port to be used in the `compose.yaml` file (default ports are 443 and 80).
 35 | 
 36 | ## Using API Platform and JMS Serializer in the same project
 37 | 
 38 | For the latest versions of [JMSSerializerBundle](https://jmsyst.com/bundles/JMSSerializerBundle),
 39 | there is no conflict so everything should work out of the box.
 40 | 
 41 | If you are still using the old, unmaintained v1 of JMSSerializerBundle, the best way would be to
 42 | [upgrade to v2](https://github.com/schmittjoh/JMSSerializerBundle/blob/2.4.2/UPGRADING.md#upgrading-from-1x-to-20)
 43 | of JMSSerializerBundle.
 44 | 
 45 | In v1 of JMSSerializerBundle, the `serializer` alias is registered for the JMS Serializer service by
 46 | default. However, API Platform requires the Symfony Serializer (and not the JMS one) to work
 47 | properly. If you cannot upgrade for some reason, this behavior can be deactivated using the
 48 | following configuration:
 49 | 
 50 | ```yaml
 51 | # api/config/packages/jms_serializer.yaml
 52 | jms_serializer:
 53 |     enable_short_alias: false
 54 | ```
 55 | 
 56 | The JMS Serializer service is available as `jms_serializer`.
 57 | 
 58 | **Note:** if you are using JMSSerializerBundle along with FOSRestBundle and considering migrating to
 59 | API Platform, you might want to take a look at [this guide](migrate-from-fosrestbundle.md) too.
 60 | 
 61 | ## "upstream sent too big header while reading response header from upstream" NGINX 502 Error
 62 | 
 63 | Some of your API calls fail with a 502 error and the logs for the API container shows the following
 64 | error message `upstream sent too big header while reading response header from upstream`.
 65 | 
 66 | This can be due to the cache invalidation headers that are too big for NGINX. When you query the
 67 | API, API Platform adds the IDs of all returned entities and their dependencies in the headers like
 68 | so : `Cache-Tags: /entity/1,/dependent_entity/1,/entity/2`. This can overflow the default header
 69 | size (4k) when your API gets larger and more complex.
 70 | 
 71 | You can modify the PHP FPM configuration file and set values to `fastcgi_buffer_size` and
 72 | `fastcgi_buffers` that suit your needs, like so:
 73 | 
 74 | ```nginx
 75 | server {
 76 |     root /app/public;
 77 | 
 78 |     location / {
 79 |         # try to serve file directly, fallback to index.php
 80 |         try_files $uri /index.php$is_args$args;
 81 |     }
 82 | 
 83 |     location ~ ^/index\.php(/|$) {
 84 |         # Comment the next line and uncomment the next to enable dynamic resolution (incompatible with Kubernetes)
 85 |         fastcgi_pass php:9000;
 86 |         #resolver 127.0.0.11;
 87 |         #set $upstream_host php;
 88 |         #fastcgi_pass $upstream_host:9000;
 89 | 
 90 |         # Bigger buffer size to handle cache invalidation headers expansion
 91 |         fastcgi_buffer_size 32k;
 92 |         fastcgi_buffers 8 16k;
 93 | 
 94 |         fastcgi_split_path_info ^(.+\.php)(/.*)$;
 95 |         include fastcgi_params;
 96 |         # When you are using symlinks to link the document root to the
 97 |         # current version of your application, you should pass the real
 98 |         # application path instead of the path to the symlink to PHP
 99 |         # FPM.
100 |         # Otherwise, PHP's OPcache may not properly detect changes to
101 |         # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
102 |         # for more information).
103 |         fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
104 |         fastcgi_param DOCUMENT_ROOT $realpath_root;
105 |         # Prevents URIs that include the front controller. This will 404:
106 |         # http://domain.tld/index.php/some-path
107 |         # Remove the internal directive to allow URIs like this
108 |         internal;
109 |     }
110 | 
111 |     # return 404 for all other php files not matching the front controller
112 |     # this prevents access to other php files you don't want to be accessible.
113 |     location ~ \.php$ {
114 |       return 404;
115 |     }
116 | }
117 | ```
118 | 


--------------------------------------------------------------------------------
/schema-generator/index.md:
--------------------------------------------------------------------------------
 1 | # The Schema Generator
 2 | 
 3 | `schema` is a command-line tool part of [the API Platform framework](https://api-platform.com) that
 4 | instantly generates a set of PHP classes from
 5 | [RDF](https://en.wikipedia.org/wiki/Resource_Description_Framework) vocabularies such as (but not
 6 | limited to) [Schema.org](https://schema.org) or
 7 | [ActivityStreams](https://www.w3.org/TR/activitystreams-core/). Alternatively, it can generate PHP
 8 | classes from an [OpenAPI](https://www.openapis.org/) documentation.
 9 | 
10 | [Find and browse](https://lov.linkeddata.es/) (or create) a vocabulary that fits your needs, choose
11 | the types and properties you need, run our code generator and you're done! Alternatively, design
12 | your API with tools like [Stoplight](https://stoplight.io/), export the OpenAPI documentation, run
13 | our code generator and your API is ready!
14 | 
15 | ![Stoplight](images/stoplight.png)
16 | 
17 | You get a fully featured PHP data model including:
18 | 
19 | - A set of PHP entities with properties, constants (enum values), getters, setters, adders and
20 |   removers. The class hierarchy provided by the vocabulary will be translated to a PHP class
21 |   hierarchy with parents as `abstract` classes. The generated code complies with
22 |   [PSR](https://www.php-fig.org/) coding standards;
23 | - Full, high-quality PHPDoc and type declarations for classes, properties, constants and methods
24 |   extracted from the vocabulary;
25 | - Doctrine ORM or MongoDB ODM attributes mapping including database columns / fields with type
26 |   guessing, relations with cardinality guessing, smart class inheritance (through the
27 |   `#[MappedSuperclass]` or `#[InheritanceType]` attributes depending on if the resource is used in a
28 |   relation);
29 | - Data validation through [Symfony Validator](https://symfony.com/doc/current/book/validation.html)
30 |   attributes including enum support (choices) and check for required properties;
31 | - API Platform attributes;
32 | - Interfaces and
33 |   [Doctrine `ResolveTargetEntityListener`](https://www.doctrine-project.org/projects/doctrine-orm/en/current/cookbook/resolve-target-entity-listener.html)
34 |   support;
35 | - Custom PHP namespace support;
36 | - List of values provided the vocabulary with [PHP Enum](https://github.com/myclabs/php-enum)
37 |   classes.
38 | 
39 | Bonus:
40 | 
41 | - The code generator is fully configurable and extendable. All features can be deactivated (e.g.,
42 |   the Doctrine mapping generator) and a custom generator can be added;
43 | - The code generator can load previously generated files and add new changes while keeping the
44 |   user-added ones;
45 | - The generated code can be used as is in a [Symfony](https://symfony.com) app (but it will work too
46 |   in a raw PHP project or any other framework including [Laravel](https://laravel.com) and
47 |   [Zend Framework](https://framework.zend.com/)).
48 | 
49 | ## What Is Schema.org?
50 | 
51 | Schema.org is a vocabulary representing common data structures and their relations. Schema.org can
52 | be exposed as [JSON-LD](https://en.wikipedia.org/wiki/JSON-LD),
53 | [microdata](<https://en.wikipedia.org/wiki/Microdata_(HTML)>) and
54 | [RDF](https://en.wikipedia.org/wiki/Resource_Description_Framework). Extracting semantical data
55 | exposed in the Schema.org vocabulary is supported by a growing number of companies including Google
56 | (Search, Gmail), Yahoo!, Bing and Yandex.
57 | 
58 | ## Why Use Schema.org Data to Generate a PHP Model?
59 | 
60 | ### Don't Reinvent the Wheel
61 | 
62 | Data models provided by Schema.org are popular and were proven efficient. They cover a broad
63 | spectrum of topics including creative works, e-commerce, events, medicine, social networking,
64 | people, postal addresses, organization data, places or reviews. Schema.org has its root in a ton of
65 | preexisting well-designed vocabularies and is successfully used by more and more websites and
66 | applications.
67 | 
68 | Pick schemas applicable to your application, generate your PHP model, then customize and specialize
69 | it to fit your needs.
70 | 
71 | ### Improve SEO and User Experience
72 | 
73 | Adding Schema.org markup to websites and apps increases their ranking in search engines results and
74 | enables awesome features such as
75 | [Google Rich Snippets](https://support.google.com/webmasters/answer/99170?hl=en) and
76 | [Gmail markup](https://developers.google.com/gmail/markup/overview).
77 | 
78 | Mapping your app data model to Schema.org structures can be tedious. When using the generator, your
79 | data model will be derived from Schema.org. Adding microdata markup to your templates or serializing
80 | your data as JSON-LD will not require specific mapping nor adaptation. It's a matter of minutes.
81 | 
82 | ### Be Ready for The Future
83 | 
84 | Schema.org improves the interoperability of your applications. Used with hypermedia technologies
85 | such as [Hydra](https://www.hydra-cg.com/) it's a big step towards the semantic and machine-readable
86 | web. It opens the way to generic web API clients able to extract and process data from any website
87 | or app using such technologies.
88 | 
89 | ## Documentation
90 | 
91 | - [Getting Started](getting-started.md)
92 | - [Configuration](configuration.md)
93 | 


--------------------------------------------------------------------------------
/core/json-schema.md:
--------------------------------------------------------------------------------
  1 | # JSON Schema Support
  2 | 
  3 | [JSON Schema](https://json-schema.org/) is a popular vocabulary to describe the shape of JSON
  4 | documents. A variant of JSON Schema is also used [in OpenAPI specifications](openapi.md).
  5 | 
  6 | API Platform provides an infrastructure to generate JSON Schemas for any resource, represented in
  7 | any format (including JSON-LD). The generated schema can be used with libraries such as
  8 | [react-json-schema-form](https://github.com/rjsf-team/react-jsonschema-form) to build forms for the
  9 | documented resources, or to
 10 | [be used for validation](https://json-schema.org/implementations.html#validators).
 11 | 
 12 | ## Generating a JSON Schema
 13 | 
 14 | > [!WARNING] These commands are not yet available with Laravel, you're welcome to contribute
 15 | > [on GitHub](https://github.com/api-platform/core)
 16 | 
 17 | To export the schema corresponding to an API Resource, run the following command:
 18 | 
 19 | ```console
 20 | bin/console api:json-schema:generate 'App\ApiResource\Book'
 21 | ```
 22 | 
 23 | To see all options available, try:
 24 | 
 25 | ```console
 26 | bin/console help api:json-schema:generate
 27 | ```
 28 | 
 29 | ## Overriding the JSON Schema Specification
 30 | 
 31 | In a unit testing context, API Platform does not use the same schema version as the schema used when
 32 | generating the API documentation. The version used by the documentation is the OpenAPI Schema
 33 | version and the version used by unit testing is the JSON Schema version.
 34 | 
 35 | > [!NOTE] For assertions about JSON schemas in Laravel, refer to the
 36 | > [API Test Assertions in Laravel documentation](../laravel/testing.md#api-test-assertions-with-laravel).
 37 | 
 38 | When [Testing the API](../core/testing.md), JSON Schemas are useful to generate and automate unit
 39 | testing. API Platform provides specific unit testing functionalities like
 40 | [`assertMatchesResourceCollectionJsonSchema()`](../symfony/testing.md#writing-functional-tests) or
 41 | [`assertMatchesResourceItemJsonSchema()`](../symfony/testing.md#writing-functional-tests) methods.
 42 | These methods generate a JSON Schema then do unit testing based on the generated schema
 43 | automatically.
 44 | 
 45 | Usually, the fact that API Platform uses a different schema version for unit testing is not a
 46 | problem, but sometimes you may need to use the
 47 | [`ApiProperty`](openapi.md#using-the-openapi-and-swagger-contexts) attribute to specify a
 48 | [calculated field](serialization.md#calculated-field) type by overriding the OpenAPI Schema for the
 49 | calculated field to be correctly documented.
 50 | 
 51 | When you will use
 52 | [`assertMatchesResourceCollectionJsonSchema()`](../symfony/testing.md#writing-functional-tests) or
 53 | [`assertMatchesResourceItemJsonSchema()`](../symfony/testing.md#writing-functional-tests) functions
 54 | the unit test will fail on this [calculated field](serialization.md#calculated-field) as the unit
 55 | testing process doesn't use the `openapi_context`you specified because API Platform is using the
 56 | JSON Schema version instead at this moment.
 57 | 
 58 | So there is a way to override JSON Schema specification for a specific property in the JSON Schema
 59 | used by the unit testing process.
 60 | 
 61 | You will need to add the `json_schema_context` property in the
 62 | [`ApiProperty`](openapi.md#using-the-openapi-and-swagger-contexts) attribute to do this, example:
 63 | 
 64 | ```php
 65 | <?php
 66 | 
 67 | namespace App\ApiResource;
 68 | 
 69 | use ApiPlatform\Metadata\ApiResource;
 70 | 
 71 | #[ApiResource]
 72 | class Greeting
 73 | {
 74 |     #[ApiProperty(
 75 |         identifier: true,
 76 |         openapiContext: [
 77 |             'type' => 'integer',
 78 |             'example' => 1
 79 |         ]
 80 |     )]
 81 |     private ?int $id = null;
 82 | 
 83 |     // [...]
 84 | 
 85 |     public function getId(): ?int
 86 |     {
 87 |         return $this->id;
 88 |     }
 89 | 
 90 |     #[ApiProperty(
 91 |         openapiContext: [
 92 |             'type' => 'array',
 93 |             'items' => ['type' => 'integer']
 94 |         ],
 95 |         jsonSchemaContext: [
 96 |             'type' => 'array',
 97 |             'items' => ['type' => 'integer']
 98 |         ]
 99 |     )]
100 |     public function getSomeNumbers(): array {
101 |         return [1, 2, 3, 4];
102 |     }
103 | }
104 | ```
105 | 
106 | You can obtain more information about the available
107 | [JSON Schema Types and format here](https://json-schema.org/understanding-json-schema/reference/type.html).
108 | 
109 | ## Generating a JSON Schema Programmatically
110 | 
111 | To generate JSON Schemas programmatically, use the `api_platform.json_schema.schema_factory`.
112 | 
113 | For further information, please consult the following documentations:
114 | 
115 | - [Symfony: Fetching and Using Services](https://symfony.com/doc/current/service_container.html#fetching-and-using-services)
116 | - [Laravel: Resolving Services](https://laravel.com/docs/container#resolving)
117 | 
118 | ## Testing
119 | 
120 | API Platform provides a PHPUnit assertion to test if a response is valid according to a given
121 | Schema: `assertMatchesJsonSchema()`. Refer to [the testing documentation](../core/testing.md) for
122 | more details.
123 | 


--------------------------------------------------------------------------------
/extra/security.md:
--------------------------------------------------------------------------------
  1 | # Security Policy
  2 | 
  3 | This document explains how API Platform security issues are handled by the API Platform core team
  4 | (API Platform being the code hosted in
  5 | [the `api-platform` GitHub organization](https://github.com/api-platform)).
  6 | 
  7 | ## Reporting a Security Issue
  8 | 
  9 | If you think that you have found a security issue in API Platform, don't use the bug tracker and
 10 | don't publish it publicly. Instead, all security issues must be sent to kevin+api-platform-security
 11 | [at] dunglas.fr.
 12 | 
 13 | ## Resolving Process
 14 | 
 15 | For each report, we first try to confirm the vulnerability. When it is confirmed, the core team
 16 | works on a solution following these steps:
 17 | 
 18 | 1. Send an acknowledgment to the reporter;
 19 | 2. Work on a patch;
 20 | 3. Get a CVE identifier from [mitre.org](https://cveform.mitre.org);
 21 | 4. Send the patch to the reporter for review;
 22 | 5. Apply the patch to all [maintained versions](releases.md) of API Platform;
 23 | 6. Package new versions for all affected versions;
 24 | 7. If the affected package is written in PHP, update the public
 25 |    [security advisories database](https://github.com/FriendsOfPHP/security-advisories) maintained by
 26 |    the FriendsOfPHP organization and which is used by the `check:security` command.
 27 | 
 28 | While we are working on a patch, please do not reveal the issue publicly.
 29 | 
 30 | The resolution takes anywhere between a couple of days to some months depending on its complexity
 31 | and the coordination with the downstream projects (see next paragraph).
 32 | 
 33 | ## Security Updates With Tidelift
 34 | 
 35 | API Platform Core is part of
 36 | [the Tidelift subscription](https://tidelift.com/subscription/pkg/packagist-api-platform-core?utm_source=packagist-api-platform-core&utm_medium=referral&utm_campaign=enterprise):
 37 | verified updates for zero-day vulnerabilities, coordinated security responses, and immediate
 38 | notifications of which of your applications are impacted, with the fix prepared for you!
 39 | 
 40 | - [Learn more](https://tidelift.com/subscription/pkg/packagist-api-platform-core?utm_source=packagist-api-platform-core&utm_medium=referral&utm_campaign=enterprise)
 41 | - [Request a demo](https://tidelift.com/subscription/request-a-demo?utm_source=packagist-api-platform-core&utm_medium=referral&utm_campaign=enterprise)
 42 | 
 43 | ## Issue Severity
 44 | 
 45 | In order to determine the severity of a security issue we take into account the complexity of any
 46 | potential attack, the impact of the vulnerability and also how many projects it is likely to affect.
 47 | This score out of 15 is then converted into a level of: Low, Medium, High, Critical, or Exceptional.
 48 | 
 49 | ### Attack Complexity
 50 | 
 51 | Score of between 1 and 5 depending on how complex it is to exploit the vulnerability
 52 | 
 53 | - 4 - 5 Basic: attacker must follow a set of simple steps
 54 | - 2 - 3 Complex: attacker must follow non-intuitive steps with a high level of dependencies
 55 | - 1 - 2 High: A successful attack depends on conditions beyond the attacker's control. That is, a
 56 |   successful attack cannot be accomplished at will, but requires the attacker to invest in some
 57 |   measurable amount of effort in preparation or execution against the vulnerable component before a
 58 |   successful attack can be expected.
 59 | 
 60 | ### Impact
 61 | 
 62 | Scores from the following areas are added together to produce a score. The score for Impact is
 63 | capped at 6. Each area is scored between 0 and 4.
 64 | 
 65 | - Integrity: Does this vulnerability cause non-public data to be accessible? If so, does the
 66 |   attacker have control over the data disclosed? (0-4)
 67 | - Disclosure: Can this exploit allow system data (or data handled by the system) to be compromised?
 68 |   If so, does the attacker have control over modification? (0-4)
 69 | - Code Execution: Does the vulnerability allow arbitrary code to be executed on an end users system,
 70 |   or the server that it runs on? (0-4)
 71 | - Availability: Is the availability of a service or application affected? Is it reduced availability
 72 |   or total loss of availability of a service / application? Availability includes networked services
 73 |   (e.g., databases) or resources such as consumption of network bandwidth, processor cycles, or disk
 74 |   space. (0-4)
 75 | 
 76 | ### Affected Projects
 77 | 
 78 | Scores from the following areas are added together to produce a score. The score for Affected
 79 | Projects is capped at 4.
 80 | 
 81 | - Will it affect some or all projects using a component? (1-2)
 82 | - Is the usage of the component that would cause such a thing already considered bad practice? (0-1)
 83 | - How common/popular is the component (e.g. Core vs Distribution vs Schema Generator)? (0-2)
 84 | - Are a number of well-known FOSS projects using API Platform affected that requires coordinated
 85 |   releases? (0-1)
 86 | 
 87 | ### Score Totals
 88 | 
 89 | - Attack Complexity: 1 - 5
 90 | - Impact: 1 - 6
 91 | - Affected Projects: 1 - 4
 92 | 
 93 | ### Severity levels
 94 | 
 95 | - Low: 1 - 5
 96 | - Medium: 6 - 10
 97 | - High: 11 - 12
 98 | - Critical: 13 - 14
 99 | - Exceptional: 15
100 | 
101 | ## Credits
102 | 
103 | This document has been adapted from the
104 | [Symfony's security policy](https://symfony.com/doc/current/contributing/code/security.html).
105 | 


--------------------------------------------------------------------------------
/schema-generator/getting-started.md:
--------------------------------------------------------------------------------
  1 | # Getting Started
  2 | 
  3 | ## Installation
  4 | 
  5 | If you use [the API Platform Distribution with Symfony](../symfony/index.md), the Schema Generator
  6 | is already installed as a development dependency of your project and can be invoked with:
  7 | 
  8 | ```console
  9 | vendor/bin/schema
 10 | ```
 11 | 
 12 | The Schema Generator can also
 13 | [be downloaded independently as a PHAR](https://github.com/api-platform/schema-generator/releases)
 14 | or installed in an existing project using [Composer](https://getcomposer.org):
 15 | 
 16 | ```console
 17 | composer require --dev api-platform/schema-generator
 18 | ```
 19 | 
 20 | ## Configuration
 21 | 
 22 | The Schema Generator can either be used with Schema.org types (see
 23 | [model scaffolding](#model-scaffolding)) or with an OpenAPI documentation (see
 24 | [OpenAPI generation](#openapi-generation)).
 25 | 
 26 | Choose your preferred way of designing your API, and [run the generator](#usage)!
 27 | 
 28 | ### Model Scaffolding
 29 | 
 30 | Start by browsing [Schema.org](https://schema.org) (or any other RDF vocabulary) and pick types
 31 | applicable to your application. Schema.org provides tons of schemas including (but not limited to)
 32 | representations of people, organizations, events, postal addresses, creative work and e-commerce
 33 | structures. Many other open vocabularies can be found on
 34 | [the LOV website](https://lov.linkeddata.es/).
 35 | 
 36 | Then, write a simple YAML config file similar to the following.
 37 | 
 38 | Here we will generate a data model for an address book with the following data:
 39 | 
 40 | - a [`Person`](https://schema.org/Person) which inherits from [`Thing`](https://schema.org/Thing);
 41 | - a [`PostalAddress`](https://schema.org/PostalAddress) (without its class hierarchy).
 42 | 
 43 | ```yaml
 44 | # api/config/schema.yaml
 45 | # The list of types and properties we want to use
 46 | types:
 47 |     # Parent class of Person
 48 |     Thing:
 49 |         properties:
 50 |             name: ~
 51 |     Person:
 52 |         # Enable the generation of the class hierarchy (not enabled by default)
 53 |         parent: ~
 54 |         properties:
 55 |             familyName: ~
 56 |             givenName: ~
 57 |             additionalName: ~
 58 |             address: ~
 59 |     PostalAddress:
 60 |         properties:
 61 |             # Force the type of the addressCountry property to text
 62 |             addressCountry: { range: "Text" }
 63 |             addressLocality: ~
 64 |             addressRegion: ~
 65 |             postOfficeBoxNumber: ~
 66 |             postalCode: ~
 67 |             streetAddress: ~
 68 | ```
 69 | 
 70 | **Note:** If no properties are specified for a given type, all its properties will be generated.
 71 | 
 72 | The generator also supports enumeration generation. For subclasses of
 73 | [`Enumeration`](https://schema.org/Enumeration), the generator will automatically create a class
 74 | extending the Enum type provided by [myclabs/php-enum](https://github.com/myclabs/php-enum). Don't
 75 | forget to install this library in your project. Refer you to PHP Enum documentation to see how to
 76 | use it. The Symfony validation annotation generator automatically takes care of enumerations to
 77 | validate choices values.
 78 | 
 79 | A config file generating an enum class:
 80 | 
 81 | ```yaml
 82 | types:
 83 |     OfferItemCondition: # The generator will automatically guess that OfferItemCondition is subclass of Enum
 84 |         properties: {} # Remove all properties of the parent class
 85 | ```
 86 | 
 87 | ### OpenAPI Generation
 88 | 
 89 | Design your API with tools like [Stoplight](https://stoplight.io/).
 90 | 
 91 | Export your OpenAPI documentation to a JSON or to a YAML file and place it somewhere in your project
 92 | (for instance in `api/openapi.yaml`).
 93 | 
 94 | Write the following config file:
 95 | 
 96 | ```yaml
 97 | # api/config/schema.yaml
 98 | openApi:
 99 |     file: "../openapi.yaml"
100 | ```
101 | 
102 | ## Usage
103 | 
104 | Run the generator with the config file as parameter:
105 | 
106 | ```console
107 | vendor/bin/schema generate api/src/ api/config/schema.yaml -vv
108 | ```
109 | 
110 | Using [the API Platform Symfony variant](../symfony/index.md):
111 | 
112 | ```console
113 | vendor/bin/schema generate src/ config/schema.yaml -vv
114 | ```
115 | 
116 | The corresponding PHP classes will be automatically generated in the `src/` directory! Note that the
117 | generator takes care of creating directories corresponding to the namespace structure.
118 | 
119 | Without configuration file, the tool will build the entire Schema.org vocabulary.
120 | 
121 | ## Load Previously Generated Files
122 | 
123 | If you launch the schema generator again, the previously generated files will be loaded.
124 | 
125 | It will try to keep as much user-added changes as possible while adding the new changes from the
126 | configuration file.
127 | 
128 | You can also choose to overwrite the file instead.
129 | 
130 | ## Going Further
131 | 
132 | Browse [the configuration documentation](configuration.md).
133 | 
134 | ### Cardinality Extraction
135 | 
136 | The Cardinality Extractor is a standalone tool (also used internally by the generator) extracting a
137 | property's cardinality. It extracts cardinality described with the
138 | [Web Ontology Language (OWL)](https://en.wikipedia.org/wiki/Web_Ontology_Language) vocabulary or in
139 | [GoodRelations](https://www.heppnetz.de/projects/goodrelations/). When cardinality cannot be
140 | automatically extracted, its value is set to `unknown`.
141 | 
142 | Usage:
143 | 
144 | ```console
145 | vendor/bin/schema extract-cardinalities
146 | ```
147 | 


--------------------------------------------------------------------------------
/core/upgrade-guide.md:
--------------------------------------------------------------------------------
  1 | # Upgrade Guide
  2 | 
  3 | ## API Platform 3.4
  4 | 
  5 | Remove the `keep_legacy_inflector`, the `event_listeners_backward_compatibility_layer` and the
  6 | `rfc_7807_compliant_errors` flag:
  7 | 
  8 | ```diff
  9 | api_platform:
 10 | -        event_listeners_backward_compatibility_layer: false
 11 | -        keep_legacy_inflector: false
 12 |         extra_properties:
 13 | -            standard_put: true
 14 | -            rfc_7807_compliant_errors: true
 15 | ```
 16 | 
 17 | If you use a custom normalizer for validation exception use:
 18 | 
 19 | ```yaml
 20 | api_platform:
 21 |     validator:
 22 |         legacy_validation_exception: true
 23 | ```
 24 | 
 25 | Indeed, we will throw another validation class in API Platform 4 we will throw
 26 | `ApiPlatform\Validator\Exception\ValidationException` instead of
 27 | `ApiPlatform\Symfony\Validator\Exception\ValidationException`
 28 | 
 29 | It's really important to add the `use_symfony_listeners` flag, set to `true` if you use Symfony
 30 | listeners or controllers:
 31 | 
 32 | ```yaml
 33 | api_platform:
 34 |     use_symfony_listeners: false
 35 | ```
 36 | 
 37 | The `keep_legacy_inflector` flag will be removed from API Platform 4, you need to fix your issues
 38 | first. In API Platform 3.4, the Inflector is available as a service that you can configure through:
 39 | 
 40 | ```yaml
 41 | api_platform:
 42 |     inflector: api_platform.metadata.inflector
 43 | ```
 44 | 
 45 | Implement the `ApiPlatform\Metadata\InflectorInterface` if you need to tweak its behavior.
 46 | 
 47 | We added an `hydra_prefix` configuration as the `hydra:` prefix will be removed by default in API
 48 | Platform 4:
 49 | 
 50 | ```yaml
 51 | api_platform:
 52 |     serializer:
 53 |         hydra_prefix: false
 54 | ```
 55 | 
 56 | Standard PUT is now `true` by default, you can change its value using:
 57 | 
 58 | ```yaml
 59 | api_platform:
 60 |     defaults:
 61 |         extra_properties:
 62 |             standard_put: true
 63 | ```
 64 | 
 65 | We recommend using the standalone API Platform packages instead of the Core monolithic repository.
 66 | 
 67 | Update your `composer.json` like that:
 68 | 
 69 | ```patch
 70 |  {
 71 |      "require": {
 72 | -        "api-platform/core": "^3",
 73 | +        "api-platform/symfony": "^3 || ^4"
 74 | +        // also add the extra packages you need, like "api-platform/doctrine-orm"
 75 |      }
 76 |  }
 77 | ```
 78 | 
 79 | ## API Platform 3.1/3.2
 80 | 
 81 | This is the recommended configuration for API Platform 3.2. We review each of these changes in this
 82 | document.
 83 | 
 84 | ```yaml
 85 | api_platform:
 86 |     title: Hello API Platform
 87 |     version: 1.0.0
 88 |     formats:
 89 |         jsonld: ["application/ld+json"]
 90 |     docs_formats:
 91 |         jsonld: ["application/ld+json"]
 92 |         jsonopenapi: ["application/vnd.openapi+json"]
 93 |         html: ["text/html"]
 94 |     defaults:
 95 |         stateless: true
 96 |         cache_headers:
 97 |             vary: ["Content-Type", "Authorization", "Origin"]
 98 |         extra_properties:
 99 |             standard_put: true
100 |             rfc_7807_compliant_errors: true
101 |     event_listeners_backward_compatibility_layer: false
102 |     keep_legacy_inflector: false
103 | ```
104 | 
105 | ### Formats
106 | 
107 | We noticed that API Platform was enabling `json` by default because of our OpenAPI support. We
108 | introduced the new `application/vnd.openapi+json`. Therefore if you want `json` you need to
109 | explicitly handle it:
110 | 
111 | ```yaml
112 | formats:
113 |     json: ["application/json"]
114 | ```
115 | 
116 | You can also remove documentations you're not using via the new `docs_formats`.
117 | 
118 | A new option `error_formats` is also used for content negotiation.
119 | 
120 | ### Event listeners
121 | 
122 | For new users we recommend to use
123 | 
124 | ```yaml
125 | event_listeners_backward_compatibility_layer: false
126 | ```
127 | 
128 | This allows API Platform to not use http kernel event listeners. It also allows you to force options
129 | like `read: true` or `validate: true`. This simplifies use cases like
130 | [validating a delete operation](https://api-platform.com/docs/v3.2/guides/delete-operation-with-validation/)
131 | Event listeners will not get removed and are not deprecated, they'll use our providers and
132 | processors in a future version.
133 | 
134 | ### Inflector
135 | 
136 | We're switching to `symfony/string`
137 | [inflector](https://symfony.com/doc/current/components/string.html#inflector), to keep using
138 | `doctrine/inflector` use:
139 | 
140 | ```yaml
141 | keep_legacy_inflector: true
142 | ```
143 | 
144 | We strongly recommend that you use your own inflector anyways with a
145 | [PathSegmentNameGenerator](https://github.com/api-platform/core/blob/f776f11fd23e5397a65c1355a9ebcbb20afac9c2/src/Metadata/Operation/UnderscorePathSegmentNameGenerator.php).
146 | 
147 | ### Errors
148 | 
149 | ```yaml
150 | defaults:
151 |     extra_properties:
152 |         rfc_7807_compliant_errors: true
153 | ```
154 | 
155 | As this is an `extraProperties` it's configurable per resource/operation. This is improving the
156 | compatibility of Hydra errors with JSON problem. It also enables new extension points on
157 | [Errors](https://api-platform.com/docs/v3.2/core/errors/) such as
158 | [Error provider](https://api-platform.com/docs/v3.2/guides/error-provider/) and
159 | [Error Resource](https://api-platform.com/docs/v3.2/guides/error-resource/).
160 | 
161 | ### OpenApi context
162 | 
163 | You may want to convert your openApiContext to openapi, doing so is quite fastidious, @lyrixx
164 | created a rector script to help if needed:
165 | 
166 | [https://github.com/lyrixx/rector-apip-openapi](https://github.com/lyrixx/rector-apip-openapi)
167 | 


--------------------------------------------------------------------------------
/admin/getting-started.md:
--------------------------------------------------------------------------------
  1 | # Getting Started
  2 | 
  3 | ## API Platform Symfony variant
  4 | 
  5 | If you use the [API Platform Symfony variant](../symfony/), good news, API Platform Admin is already
  6 | installed! 🎉
  7 | 
  8 | You can access it by visiting `/admin` on your API Platform application.
  9 | 
 10 | When running locally, you can also click on the "Admin" button of the welcome page at
 11 | [https://localhost](https://localhost).
 12 | 
 13 | ![API Platform welcome page](./images/api-platform-welcome-page.png)
 14 | 
 15 | Here is what it looks like with a simple API exposing a `Greetings` resource:
 16 | 
 17 | ![Basic admin with the Greetings resource](./images/basic-admin-greetings.png)
 18 | 
 19 | ## Manual Installation
 20 | 
 21 | If you did not use the Symfony variant of API Platform and need to install API Platform Admin
 22 | manually, follow this guide.
 23 | 
 24 | First, let's scaffold a React Admin Application by using the
 25 | [Create React Admin](https://marmelab.com/react-admin/CreateReactAdmin.html) tool:
 26 | 
 27 | ```bash
 28 | npx create-react-admin@latest my-admin
 29 | cd my-admin
 30 | ```
 31 | 
 32 | Then, install the `@api-platform/admin` library:
 33 | 
 34 | ```bash
 35 | npm install @api-platform/admin
 36 | ```
 37 | 
 38 | Now you can use either:
 39 | 
 40 | - [`<HydraAdmin>`](./getting-started.md#using-hydraadmin) to connect your app to an API exposing a
 41 |   Hydra documentation
 42 | - [`<OpenApiAdmin>`](./getting-started.md#using-openapiadmin) to connect your app to an API exposing
 43 |   an OpenAPI documentation
 44 | 
 45 | ## Using `HydraAdmin`
 46 | 
 47 | You can use the [`<HydraAdmin>`](./components.md#hydraadmin) component exported by
 48 | `@api-platform/admin` to connect your app to an API exposing a Hydra documentation.
 49 | 
 50 | If you used Create React Admin, you can replace the content of `src/App.tsx` by:
 51 | 
 52 | ```tsx
 53 | import { HydraAdmin } from "@api-platform/admin";
 54 | 
 55 | // Replace with your own API entrypoint
 56 | // For instance if https://example.com/api/books is the path to the collection of book resources, then the entrypoint is https://example.com/api
 57 | export const App = () => <HydraAdmin entrypoint="https://localhost" />;
 58 | ```
 59 | 
 60 | **Tip:** if you don't want to hardcode the API URL, you can
 61 | [use an environment variable](https://vite.dev/guide/env-and-mode).
 62 | 
 63 | Your new administration interface is ready! `HydraAdmin` will automatically fetch the Hydra
 64 | documentation of your API and generate CRUD pages for all the resources it exposes.
 65 | 
 66 | Type `npm run dev` to try it!
 67 | 
 68 | ![Basic admin with the Greetings resource](./images/basic-admin-greetings.png)
 69 | 
 70 | **Tip:** There are more props you can pass to the `HydraAdmin` component to customize the
 71 | dataProvider or the connection to Mercure. Check the [API documentation](./components.md#hydraadmin)
 72 | for more information.
 73 | 
 74 | **Tip:** You may also need to configure your API to set the correct CORS headers. Refer to the
 75 | [Configuring CORS](./getting-started.md#configuring-cors) section below to learn more.
 76 | 
 77 | ## Using `OpenApiAdmin`
 78 | 
 79 | You can use the [`<OpenApiAdmin>`](./components.md#openapiadmin) component exported by
 80 | `@api-platform/admin` to connect your app to an API exposing an OpenAPI documentation.
 81 | 
 82 | If you used Create React Admin, you can replace the content of `src/App.tsx` by:
 83 | 
 84 | ```tsx
 85 | import { OpenApiAdmin } from "@api-platform/admin";
 86 | 
 87 | // Replace with your own API entrypoint
 88 | export const App = () => (
 89 |     <OpenApiAdmin
 90 |         entrypoint="https://localhost"
 91 |         docEntrypoint="https://localhost/docs.jsonopenapi"
 92 |     />
 93 | );
 94 | ```
 95 | 
 96 | **Tip:** If you don't want to hardcode the API URL, you can use an environment variable (see
 97 | [Vite.js](https://vite.dev/guide/env-and-mode) or
 98 | [Next.js](https://nextjs.org/docs/pages/building-your-application/configuring/environment-variables)
 99 | docs).
100 | 
101 | Your new administration interface is ready! `OpenApiAdmin` will automatically fetch the Hydra
102 | documentation of your API and generate CRUD pages for all the resources it exposes.
103 | 
104 | Type `npm run dev` to try it!
105 | 
106 | ![Basic admin with the Greetings resource](./images/basic-admin-greetings.png)
107 | 
108 | **Tip:** There are more props you can pass to the `OpenApiAdmin` component to customize the
109 | dataProvider or the connection to Mercure. Check the
110 | [API documentation](./components.md#openapiadmin) for more information.
111 | 
112 | **Tip:** You may also need to configure your API to set the correct CORS headers. Refer to the
113 | [Configuring CORS](./getting-started.md#configuring-cors) section below to learn more.
114 | 
115 | ## Configuring CORS
116 | 
117 | Be sure to make your API send proper
118 | [CORS HTTP headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) to allow the admin's
119 | domain to access it.
120 | 
121 | To do so, if you use the API Platform Symfony variant, update the value of the `CORS_ALLOW_ORIGIN`
122 | parameter in `api/.env` (it will be set to `^https?://localhost:?[0-9]*$` by default).
123 | 
124 | If you use a custom installation of Symfony and [API Platform Core](../core/), you will need to
125 | adjust the
126 | [NelmioCorsBundle configuration](https://github.com/nelmio/NelmioCorsBundle#configuration) to expose
127 | the `Link` HTTP header and to send proper CORS headers on the route under which the API will be
128 | served (`/api` by default). Here is a sample configuration:
129 | 
130 | ```yaml
131 | # config/packages/nelmio_cors.yaml
132 | 
133 | nelmio_cors:
134 |     paths:
135 |         "^/api/":
136 |             origin_regex: true
137 |             allow_origin: ["^http://localhost:[0-9]+"] # You probably want to change this regex to match your real domain
138 |             allow_methods: ["GET", "OPTIONS", "POST", "PUT", "PATCH", "DELETE"]
139 |             allow_headers: ["Content-Type", "Authorization"]
140 |             expose_headers: ["Link"]
141 |             max_age: 3600
142 | ```
143 | 
144 | Clear the cache to apply this change:
145 | 
146 | ```console
147 | bin/console cache:clear --env=prod
148 | ```
149 | 
150 | ## Next Step
151 | 
152 | Learn how to add more features to your generated Admin by [Customizing the Schema](./schema.md).
153 | 


--------------------------------------------------------------------------------
/core/client-integration.md:
--------------------------------------------------------------------------------
  1 | # Client Integrations
  2 | 
  3 | ## Edge Side API (ESA)
  4 | 
  5 | > [Edge Side APIs (ESA)](https://edge-side-api.rocks/) is an architectural pattern that allows the
  6 | > creation of more reliable, efficient, and less resource-intensive APIs. It revives the core
  7 | > REST/HATEOAS principles while taking full advantage of the new capabilities provided by the web
  8 | > platform.
  9 | >
 10 | > ESA promotes a mixed approach (synchronous and asynchronous), offering simplicity in development
 11 | > and use, exceptional performance, and the ability for clients to receive real-time updates of the
 12 | > resources they fetched. ESA also leverages existing standards to expose API documentation,
 13 | > enabling the creation of generic clients capable of discovering the API’s capabilities at runtime.
 14 | >
 15 | > — _From [ESA White Paper](https://edge-side-api.rocks/white-paper)_
 16 | 
 17 | ## JavaScript Client Integrations
 18 | 
 19 | API Platform offers a suite of tools and libraries that streamline the integration of JavaScript
 20 | clients with APIs. These tools simplify development by automating tasks such as data fetching,
 21 | administration panel creation, and real-time updates. Below is a detailed overview of the available
 22 | clients, libraries, and their usage.
 23 | 
 24 | ### Clients and Tools Overview
 25 | 
 26 | #### Admin
 27 | 
 28 | API Platform Admin is a dynamic administration panel generator built with
 29 | [React-Admin](https://marmelab.com/react-admin/). It automatically adapts to your API schema and
 30 | provides extensive customization options. It can read an [OpenAPI](https://www.openapis.org/)
 31 | specification or a [Hydra](https://www.hydra-cg.com/) specification. API Platform supports both
 32 | [OpenAPI](openapi.md) and [Hydra](extending-jsonld-context.md#hydra) from scratch!
 33 | 
 34 | [Learn more about API Platform Admin](../admin/index.md).
 35 | 
 36 | #### Create Client
 37 | 
 38 | The Client Generator creates JavaScript/TypeScript clients based on your API documentation. It
 39 | generates code that integrates seamlessly with your API endpoints, reducing development time and
 40 | errors.
 41 | 
 42 | [Learn more about the Create Client](../create-client/index.md)
 43 | 
 44 | ### JavaScript Libraries
 45 | 
 46 | #### api-platform/ld
 47 | 
 48 | The [api-platform/ld](https://edge-side-api.rocks/linked-data) JavaScript library simplifies working
 49 | with Linked Data. It helps parse and serialize data in formats such as
 50 | [JSON-LD](extending-jsonld-context.md#json-ld), making it easier to handle complex relationships in
 51 | your applications.
 52 | 
 53 | For example, let's load authors when required with a Linked Data approach. Given an API referencing
 54 | books and their authors, where `GET /books/1` returns:
 55 | 
 56 | ```json
 57 | {
 58 |     "@id": "/books/1",
 59 |     "@type": ["https://schema.org/Book"],
 60 |     "title": "Hyperion",
 61 |     "author": "https://localhost/authors/1"
 62 | }
 63 | ```
 64 | 
 65 | Use an [URLPattern](https://urlpattern.spec.whatwg.org/) to load authors automatically when fetching
 66 | an author property such as `books.author?.name`:
 67 | 
 68 | ```javascript
 69 | import ld from "@api-platform/ld";
 70 | 
 71 | const pattern = new URLPattern("/authors/:id", "https://localhost");
 72 | const books = await ld("/books", {
 73 |     urlPattern: pattern,
 74 |     onUpdate: (newBooks) => {
 75 |         log();
 76 |     },
 77 | });
 78 | 
 79 | function log() {
 80 |     console.log(books.author?.name);
 81 | }
 82 | 
 83 | log();
 84 | ```
 85 | 
 86 | With [api-platform/ld](https://edge-side-api.rocks/linked-data), authors are automatically loaded
 87 | when needed.
 88 | 
 89 | [Read the full documentation](https://edge-side-api.rocks/linked-data).
 90 | 
 91 | #### api-platform/mercure
 92 | 
 93 | [Mercure](https://mercure.rocks/spec) is a real-time communication protocol. The
 94 | [api-platform/mercure](https://edge-side-api.rocks/mercure) library enables you to subscribe to
 95 | updates and deliver real-time data seamlessly.
 96 | 
 97 | Our frontend library allows you to subscribe to updates with efficiency, re-using the hub connection
 98 | and adding topics automatically as they get requested. API Platform [supports Mercure](mercure.md)
 99 | and automatically sets the [Link header](https://mercure.rocks/spec#content-negotiation) making
100 | auto-discovery a breeze. For example:
101 | 
102 | ```javascript
103 | import mercure, { close } from "@api-platform/mercure";
104 | 
105 | const res = await mercure("https://localhost/authors/1", {
106 |     onUpdate: (author) => console.log(author),
107 | });
108 | 
109 | const author = res.then((res) => res.json());
110 | 
111 | // Close if you need to
112 | history.onpushstate = function (e) {
113 |     close("https://localhost/authors/1");
114 | };
115 | ```
116 | 
117 | Assuming `/authors/1` returned the following:
118 | 
119 | ```http
120 | Link: <https://localhost/authors/1>; rel="self"
121 | Link: <https://localhost/.well-known/mercure>; rel="mercure"
122 | ```
123 | 
124 | An `EventSource` subscribes to the topic `https://localhost/authors/1` on the hub
125 | `https://localhost/.well-known/mercure`.
126 | 
127 | [Read the full documentation](https://edge-side-api.rocks/mercure).
128 | 
129 | #### api-platform/api-doc-parser
130 | 
131 | The [api-platform/api-doc-parser](https://github.com/api-platform/api-doc-parser) that parses Hydra,
132 | Swagger, OpenAPI, and GraphQL documentation into an intermediate format for generating API clients
133 | and scaffolding code. It integrates well with API Platform and supports auto-detecting resource
134 | relationships.
135 | 
136 | Key Features:
137 | 
138 | - Multi-format support: Parses Hydra, Swagger (OpenAPI v2), OpenAPI v3, and GraphQL.
139 | - Intermediate representation: Converts API docs into a usable format for generating clients,
140 |   scaffolding code, or building admin interfaces.
141 | - API Platform integration: Works seamlessly with API Platform.
142 | - Auto-detection of resource relationships: Automatically detects relationships between resources
143 |   based on documentation.
144 | 
145 | Example: Parsing [Hydra](http://hydra-cg.com/) API Documentation:
146 | 
147 | ```javascript
148 | import { parseHydraDocumentation } from "@api-platform/api-doc-parser";
149 | 
150 | parseHydraDocumentation("https://demo.api-platform.com").then(({ api }) => console.log(api));
151 | ```
152 | 
153 | This example fetches Hydra documentation from `https://demo.api-platform.com`, parses it, and logs
154 | the resulting API structure. The `parseHydraDocumentation` method is particularly useful for
155 | building metadata-driven clients or handling advanced API interactions.
156 | 
157 | [Read the full documentation](https://github.com/api-platform/api-doc-parser).
158 | 


--------------------------------------------------------------------------------
/admin/schema.md:
--------------------------------------------------------------------------------
  1 | # Customizing the Schema
  2 | 
  3 | Both [`HydraAdmin`](./components.md#hydraadmin) and [`OpenApiAdmin`](./components.md#openapiadmin)
  4 | leverage introspection of the API schema to discover its capabilities, like **filtering** and
  5 | **sorting**.
  6 | 
  7 | They also detect wether the API has real-time capabilities using [Mercure](./real-time-mercure.md),
  8 | and automatically enable it if it does.
  9 | 
 10 | Lastly, API Platform Admin has native support for the popular
 11 | [Schema.org](./schema.md#about-schemaorg) vocabulary, which enables it to automatically use the
 12 | field type matching your data, or display a related resource's name instead of its IRI.
 13 | 
 14 | ## Adding Filtering Capabilities
 15 | 
 16 | You can add the [`ApiFilter` attribute](../core/filters.md#apifilter-attribute) to an API Platform
 17 | resource to configure a filter on a property.
 18 | 
 19 | For instance, here is how configure filtering on the `id`, `title` and `author` properties of a
 20 | `Book` resource:
 21 | 
 22 | ```php
 23 | <?php
 24 | // api/src/Entity/Book.php
 25 | namespace App\Entity;
 26 | 
 27 | use ApiPlatform\Metadata\ApiFilter;
 28 | use ApiPlatform\Metadata\ApiResource;
 29 | use ApiPlatform\Doctrine\Orm\Filter\SearchFilter;
 30 | use Doctrine\ORM\Mapping as ORM;
 31 | 
 32 | #[ApiResource]
 33 | #[ORM\Entity]
 34 | #[ApiFilter(SearchFilter::class, properties: [
 35 |     'id' => 'exact',
 36 |     'title' => 'ipartial',
 37 |     'author' => 'ipartial'
 38 | ])]
 39 | class Book
 40 | {
 41 |     // ...
 42 | }
 43 | ```
 44 | 
 45 | If you are using the guessers, the Admin will automatically update the Book list view to include a
 46 | filter on the selected properties.
 47 | 
 48 | ![Filtering on the title property](./images/admin-filter.png)
 49 | 
 50 | **Tip:** Learn more about the [`ApiFilter` attribute](../core/filters.md#apifilter-attribute) in the
 51 | core documentation.
 52 | 
 53 | ## Adding Sorting Capabilities
 54 | 
 55 | You can also use the [`ApiFilter` attribute](../core/filters.md#apifilter-attribute) on an API
 56 | Plaform resource to configure sorting.
 57 | 
 58 | For instance, here is how to configure sorting on the `id`, `isbn`, `title`, `author` and
 59 | `publicationDate` properties of a `Book` resource:
 60 | 
 61 | ```php
 62 | <?php
 63 | // api/src/Entity/Book.php
 64 | namespace App\Entity;
 65 | 
 66 | use ApiPlatform\Metadata\ApiFilter;
 67 | use ApiPlatform\Metadata\ApiResource;
 68 | use ApiPlatform\Doctrine\Orm\Filter\SearchFilter;
 69 | use Doctrine\ORM\Mapping as ORM;
 70 | 
 71 | #[ApiResource]
 72 | #[ORM\Entity]
 73 | #[ApiFilter(OrderFilter::class, properties: [
 74 |     'id' => 'ASC',
 75 |     'isbn' => 'ASC',
 76 |     'title' => 'ASC',
 77 |     'author' => 'ASC',
 78 |     'publicationDate' => 'DESC'
 79 | ])]
 80 | class Book
 81 | {
 82 |     // ...
 83 | }
 84 | ```
 85 | 
 86 | If you are using the guessers, the Admin will automatically update the Book list view to make the
 87 | selected columns sortable.
 88 | 
 89 | ![Sorting by the title property](./images/admin-sort.png)
 90 | 
 91 | **Tip:** Learn more about the [`ApiFilter` attribute](../core/filters.md#apifilter-attribute) in the
 92 | core documentation.
 93 | 
 94 | ## Enabling Real-Time Updates
 95 | 
 96 | You can use the `mercure` attribute to hint API Platform that it must dispatch the updates regarding
 97 | the given resources to the Mercure hub:
 98 | 
 99 | ```php
100 | <?php
101 | // api/src/ApiResource/Book.php with Symfony or app/ApiResource/Book.php with Laravel
102 | namespace App\ApiResource;
103 | 
104 | use ApiPlatform\Metadata\ApiResource;
105 | 
106 | #[ApiResource(mercure: true)]
107 | class Book
108 | {
109 |     // ...
110 | }
111 | ```
112 | 
113 | Make sure you have [configured your dataProvider to support Mercure](./real-time-mercure.md).
114 | 
115 | **Tip:** Learn more about how to use the Mercure Protocol in the
116 | [API Platform Core documentation](../core/mercure.md).
117 | 
118 | ## About Schema.org
119 | 
120 | API Platform Admin has native support for the popular [Schema.org](https://schema.org) vocabulary.
121 | 
122 | > Schema.org is a collaborative, community activity with a mission to create, maintain, and promote
123 | > schemas for structured data on the Internet, on web pages, in email messages, and beyond.
124 | 
125 | To leverage this capability, your API must use the JSON-LD format and the appropriate Schema.org
126 | types. The following examples will use [API Platform Core](../core/) to create such API, but keep in
127 | mind that this feature will work with any JSON-LD API using the Schema.org vocabulary, regardless of
128 | the used web framework or programming language.
129 | 
130 | ## Displaying Related Resource's Name Instead of its IRI
131 | 
132 | By default, IRIs of related objects are displayed in lists and forms. However, it is often more
133 | user-friendly to display a string representation of the resource (such as its name) instead of its
134 | ID.
135 | 
136 | To configure which property should be shown to represent your entity, map the property containing
137 | the name of the object with the `https://schema.org/name` type:
138 | 
139 | ```php
140 | // api/src/Entity/Person.php
141 | ...
142 | 
143 | #[ApiProperty(iris: ["https://schema.org/name"])]
144 | private $name;
145 | 
146 | ...
147 | ```
148 | 
149 | | With IRI                                                         | With Resource Name                                                           |
150 | | ---------------------------------------------------------------- | ---------------------------------------------------------------------------- |
151 | | ![Related Record With IRI](./images/related-record-with-iri.png) | ![Related Record  With Resource Name](./images/related-record-with-name.png) |
152 | 
153 | ## Emails, URLs and Identifiers
154 | 
155 | Besides, it is also possible to use the documentation to customize some fields automatically while
156 | configuring the semantics of your data.
157 | 
158 | The following Schema.org types are currently supported by API Platform Admin:
159 | 
160 | - `https://schema.org/email`: the field will be rendered using the
161 |   [`<EmailField>`](https://marmelab.com/react-admin/EmailField.html) React Admin component
162 | - `https://schema.org/url`: the field will be rendered using the
163 |   [`<UrlField>`](https://marmelab.com/react-admin/UrlField.html) React Admin component
164 | - `https://schema.org/identifier`: the field will be formatted properly in inputs
165 | 
166 | Note: if you already use validation on your properties, the semantics are already configured
167 | correctly (see
168 | [the correspondence table](../core/validation.md#open-vocabulary-generated-from-validation-metadata))!
169 | 
170 | ## Next Step
171 | 
172 | Learn how to tweak the generated Admin by [Customizing the Guessers](./customizing.md).
173 | 


--------------------------------------------------------------------------------
/symfony/migrate-from-fosrestbundle.md:
--------------------------------------------------------------------------------
  1 | # Migrate From FOSRestBundle with Symfony
  2 | 
  3 | [FOSRestBundle](https://github.com/FriendsOfSymfony/FOSRestBundle) is a popular bundle to rapidly
  4 | develop RESTful APIs with Symfony. This page provides a guide to help developers migrate from
  5 | FOSRestBundle to API Platform.
  6 | 
  7 | > [!IMPORTANT]  
  8 | > Since [2021](https://x.com/lsmith/status/1440216817876627459), the creators of FOSRestBundle have
  9 | > recommended transitioning to **API Platform** as the preferred solution **for building modern
 10 | > APIs**.
 11 | 
 12 | ## Features Comparison
 13 | 
 14 | The table below provides a list of the main features you can find in FOSRestBundle 3.1, and their
 15 | equivalents in API Platform.
 16 | 
 17 | ### Make CRUD endpoints
 18 | 
 19 | #### In FOSRestBundle (CRUD endpoints)
 20 | 
 21 | Create a controller extending the `AbstractFOSRestController` abstract class, make your magic
 22 | manually in your methods, and return responses through the `handleView()` provided by FOSRest's
 23 | `ControllerTrait`.
 24 | 
 25 | See
 26 | [The view layer](https://github.com/FriendsOfSymfony/FOSRestBundle/blob/3.x/Resources/doc/2-the-view-layer.rst).
 27 | 
 28 | #### In API Platform (CRUD endpoints)
 29 | 
 30 | Add the `ApiResource` attribute to your entities, and enable the operations you desire inside. By
 31 | default, every operation is activated.
 32 | 
 33 | See [Operations](../core/operations.md).
 34 | 
 35 | ### Make custom controllers
 36 | 
 37 | #### In FOSRestBundle (Custom controllers)
 38 | 
 39 | Same as above.
 40 | 
 41 | #### In API Platform (Custom controllers)
 42 | 
 43 | Even though this is not recommended, API Platform allows you to
 44 | [create custom controllers](controllers.md) and declare them in your entity's `ApiResource`
 45 | attribute.
 46 | 
 47 | You can use them as you migrate from FOSRestBundle, but you should consider
 48 | [switching to Symfony Messenger](messenger.md) as it will give you more benefits, such as
 49 | compatibility with both REST and GraphQL and better performances of your API on big tasks.
 50 | 
 51 | See [General Design Considerations](../core/design.md).
 52 | 
 53 | ### Routing system (with native documentation support)
 54 | 
 55 | #### In FOSRestBundle (Routing)
 56 | 
 57 | Annotate your controllers with FOSRest's route annotations that are the most suitable to your needs.
 58 | 
 59 | See
 60 | [Full default annotations](https://github.com/FriendsOfSymfony/FOSRestBundle/blob/3.x/Resources/doc/annotations-reference.rst).
 61 | 
 62 | #### In API Platform (Routing)
 63 | 
 64 | Use the `ApiResource` attribute to activate the HTTP methods you need for your entity. By default,
 65 | all the methods are enabled.
 66 | 
 67 | See [Operations](../core/operations.md).
 68 | 
 69 | ### Hook into the handling of the requests
 70 | 
 71 | #### In FOSRestBundle (Request handling)
 72 | 
 73 | Listen to FOSRest's events to modify the requests before they come into your controllers and the
 74 | responses after they come out of them.
 75 | 
 76 | See
 77 | [Listener support](https://github.com/FriendsOfSymfony/FOSRestBundle/blob/3.x/Resources/doc/3-listener-support.rst).
 78 | 
 79 | #### In API Platform (Request handling)
 80 | 
 81 | API Platform provides a lot of ways to customize the behavior of your API, depending on what you
 82 | exactly want to do.
 83 | 
 84 | See [Extending API Platform](../core/extending.md) for more details.
 85 | 
 86 | ### Customize the formats of the requests and the responses
 87 | 
 88 | #### In FOSRestBundle (Formats)
 89 | 
 90 | Only the request body's format can be customized.
 91 | 
 92 | Use body listeners to use either FOSRest's own decoders or your own ones. FOSRestBundle provides
 93 | native support for JSON and XML.
 94 | 
 95 | See
 96 | [Body Listener](https://github.com/FriendsOfSymfony/FOSRestBundle/blob/3.x/Resources/doc/body_listener.rst).
 97 | 
 98 | #### In API Platform (Formats)
 99 | 
100 | Both the request and the response body's format can be customized.
101 | 
102 | You can configure the formats of the API either globally or in specific resources or operations. API
103 | Platform provides native support for multiple formats including JSON, XML, CSV, YAML, etc.
104 | 
105 | See [Content negotiation](../core/content-negotiation.md).
106 | 
107 | ### Name conversion
108 | 
109 | #### In FOSRestBundle (Name conversion)
110 | 
111 | Only request bodies can be converted before entering into your controller.
112 | 
113 | FOSRest provides two native normalizers for converting the names of your JSON keys to camelCase. You
114 | can create your own ones by implementing the `ArrayNormalizerInterface`.
115 | 
116 | See
117 | [Body Listeners](https://github.com/FriendsOfSymfony/FOSRestBundle/blob/3.x/Resources/doc/body_listener.rst).
118 | 
119 | #### In API Platform (Name conversion)
120 | 
121 | Both request and response bodies can be converted.
122 | 
123 | API Platform uses
124 | [name converters](https://symfony.com/doc/current/components/serializer.html#component-serializer-converting-property-names-when-serializing-and-deserializing)
125 | included in the Serializer component of Symfony. You can create your own by implementing the
126 | `NameConverterInterface` provided by Symfony.
127 | 
128 | See
129 | [_Name Conversion_ in The Serialization Process](../core/serialization.md#name-conversion-for-symfony).
130 | 
131 | ### Handle errors
132 | 
133 | #### In FOSRestBundle (Error handling)
134 | 
135 | Map the exceptions to HTTP statuses in the `fos_rest.exception` parameter.
136 | 
137 | See
138 | [ExceptionController support](https://github.com/FriendsOfSymfony/FOSRestBundle/blob/3.x/Resources/doc/4-exception-controller-support.rst).
139 | 
140 | #### In API Platform (Error handling)
141 | 
142 | Map the exceptions to HTTP statuses in the `api_platform.exception_to_status` parameter.
143 | 
144 | See [Errors Handling](../core/errors.md).
145 | 
146 | ### Security
147 | 
148 | #### In FOSRestBundle (Security)
149 | 
150 | Use [Symfony's Security component](https://symfony.com/doc/current/security) to control your API
151 | access.
152 | 
153 | #### In API Platform (Security)
154 | 
155 | Use the `security` attribute in the `ApiResource` and `ApiProperty` attributes. It is an
156 | [Expression language](https://symfony.com/doc/current/components/expression_language.md) string
157 | describing who can access your resources or who can see the properties of your resources. By
158 | default, everything is accessible without authentication.
159 | 
160 | Note you can also use the `security.yml` file if you only need to limit access to specific roles.
161 | 
162 | See [Security](../core/security.md).
163 | 
164 | ### API versioning
165 | 
166 | #### In FOSRestBundle (API versioning)
167 | 
168 | FOSRestBundle provides a way to provide versions to your APIs in a way users have to specify which
169 | one they want to use.
170 | 
171 | See
172 | [API versioning](https://github.com/FriendsOfSymfony/FOSRestBundle/blob/3.x/Resources/doc/versioning.rst).
173 | 
174 | #### In API Platform (API versioning)
175 | 
176 | API Platform has no native support for API versioning, but instead provides an approach consisting
177 | of deprecating resources when needed. It allows a smoother upgrade for clients, as they need to
178 | change their code only when it is necessary.
179 | 
180 | See [Deprecating Resources and Properties](../core/deprecations.md).
181 | 


--------------------------------------------------------------------------------