28 May 2018
API Platform Q&A: 14 frequently asked questions
Recently, we’ve organized a webinar on API Platform. During the presentation, you had many questions about the framework. By popular demand, I’ve collected all the answers – from controllers to search engine integration – and made a blogpost out of them.
Firstly, here’s the full recording of the webinar. Question and answers can be found below.
Q: Can Schema component generate fluent methods automatically?
A: Yes, there’s an option to generate fluent setters.
Q: Could I use API Platform only for the gateway that won’t need any databases?
A: If you wish so, yes. API Platform has Data Providers which can be a proxy to a service that communicates with a DB.
Q: Can you compare FOSRestAPI and API Platform? When to use one or another?
A: This is a matter of taste and preferences. Many developers still prefer FOSRestBundle to API Platform because it uses rather a “code” approach instead than the “configure” one. API Platform is often seen as a magic blackbox which can be overwhelming to some developers. You need to check out both options and see which one suits you the most.
Q: What about controllers? How can you implement more complex business logic to retrieve data? Do you have any example covered this case?
A: It’s a Symfony framework. You can still use controllers and actions if you swing with ADR. Everything you know from vanilla Symfony apps can be applied here. An example is a /me endpoint or a file upload endpoint. We see it more pragmatic to use a WS endpoint for file uploads and profile information source.
Q: A Person is a common object, so it is defined on schema.org. What about custom objects (i.e. Planet)? What would be the approach related to schema.org?
A: It depends on what you are aiming at. If you want to be discoverable on the web, I would recommend to use something closely related to the object in schema.org or find another dictionary. You can create your own dictionary extension, but is not really recommended by the schema.org steering group for many reasons. Be sure to checkout „Hosted Extensions” as they might be objects responding to your needs.
Q: Is it hard to make custom treatments? Can we use Symfony forms?
A: Yes you can.
Q: Must an endpoint always be linked to an entity? I mean, can I create an endpoint without an entity?
A: Yes. You can create a traditional endpoint known from Symfony apps.
Q: Is it possible to customize the serialization process?
A: Of course. Serialization is supported by the Serialization component. Inject your encoders, decoders, normalizers, denormalizers and you’re ready to go.
Q: Can API Platform be integrated with search engines such as ElasticSearch?
A: Yes, it can. In fact, with any NoSQL or document repository. You can do that with Data Providers. Somebody has probably already done that.
Q: Has API Platform any auth support?
A: Depends on what do you expect. You can use the Security component and all the bundles found on the Internet to apply your security policies.
Q: How can already existing projects benefit from API Platform? Let’s assume there’s already a model and an existing REST API in Symfony.
A: If you have endpoints already defined in your application then there shouldn’t be many problems installing API Platform. You should be fine exposing API Platform’s endpoints along with the old ones. However, for sure it’d be safer to migrate your model and code to a vanilla API Platform instance.
Q: What about versioning support?
A: Versioning is a complex topic and how you want to version your endpoints is up to you. API Platform doesn’t imply any versioning strategy; however, it’s designed in such a way that any versioning strategy (like path, query param or custom header) is available for you to implement. Nevertheless, it won’t be an easy task.
Q: How about hiding sensitive data from being exposed to the API?
A: As mentioned above, API Platform uses Symfony’s serialization component to serialize data. You can use groups to hide parts of your model depending on certain conditions. For instance, it’s possible to apply dynamic serialization groups which can expose more data to an admin than to an ordinary user.
Q: When to use entity and when DTO?
A: In our experience, DTOs are fine when you have intentions instead of changes in the structure. For instance, password reset or sending a lead can be handled by DTOs.