Apigility by Zend Framework: No Better Way To Create High Quality APIs - Part 2
In the previous blog, I discussed some features of Zend Framework’s Apigility that I found attractive and beneficial while creating APIs. Remote Procedure Call (RPC), Representational State Transfer (REST) and error handling make it easier to maintain and monitor APIs. Here are a few more features that will help you inspect, filter and authenticate data more effectively with the use of Apigility when creating APIs.
- Content Negotiation
This is performed by an application:
ü To match the requested representation as specified by the client via the Accept header with a representation the application can deliver.
ü To determine the Content-Type of incoming data and deserialise it so the application can utilise it.
Essentially, content negotiation is the client telling the server what it is sending and what it wants in return; and the server determining if it can do what the client requests.
- Versioning (via URI and Accept Header)
Apigility uses two approaches to create new versions of APIs:
ü URL Versioning
One method for indicating versioning is via the URI, typically via a path prefix or query string parameters.
ü Media Type Versioning
It provides the ability to use the same URI for multiple versions of an API, by specifying the version as part of the Accept media type. The Accept header can provide versioning in two different ways as a part of media type name itself or as a parameter to the media type.
In addition to per-field configuration, each field can be assigned a set of validators and filters. Zend\InputFilter\InputFilter runs filters before validators, giving you the opportunity to "cleanup" and normalize data. The Zend\Filter component is used to accomplish the filtering phase of content validation. Filters are executed prior to validation, allowing you to perform normalization tasks.
Each field of a service can be assigned a set of validators. When an input filter is present, all validation must pass in order for the service to be executed. If an input filter does not validate, a 422 Unprocessable Entity status is returned with a message that the resource failed validation. In this case the service doesn’t get executed.
- Authentication (HTTP Basic/Digest, OAuth2)
HTTP Basic authentication provides the fewest setup requirements, requiring only one outside tool that you are likely already familiar with: the htpasswd utility.
HTTP Digest authentication provides similar setup requirements to HTTP Basic, and adds the benefit that passwords are not sent over the network in plain text. The tool used to create a proper digest file also comes with the Apache installation: htdigest.
The OAuth 2.0 authorisation framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by organizing an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.
- Interactive documentation (HTML, Swagger)
Apigility offers the ability to generate API documentation using the Admin UI. The documentation is generated in HTML format and, optionally, in Swagger format.
As part of the Zend certified Engineers team at Gaja Digital, I have listed out features of Apigility to use when creating APIs. To understand how it can complement your business, feel free to get in touch and our team will be happy to guide you.
Vivek Govindarajan | Zend PHP Certified Expert
Image Credits to: "http://www.freepik.com/free-photos-vectors/hand" Hand vector designed by Rosapuchalt - Freepik.com