RESTful APIs in the Real World Course 1


What you'll be learning

Making RESTful APIs is hard, really hard. There are a lot of concepts to know - resources, representations, HTTP methods, status codes, etc.

And putting this all to life in a sane way in PHP is no small task. In this course, we'll learn all the most fundamental concepts around REST and learn about the "rules" and the advantages and disadvantages of each. And we'll of course build a real API to show it all off. Topics include:

  • HTTP basics
  • Resources and Representations
  • Resource state, client state
  • Idemptotency and safe methods
  • Proper Status Codes, Location header and Content-Type
  • Testing your API
  • RFCs and where the "rules" come from
  • Advanced error and validation handling

If you want to know about Hypermedia, HATEOAS, Content-Type negotiation, pagination and more, these are not covered here, but are covered in Episode 2.

This tutorial uses Silex and we avoid talking about it as much as possible and instead focus on the core concepts of REST. Once you understand these, you can watch our Symfony REST series to learn how to leverage Symfony for your API.

Your Guides

Ryan Weaver Leanna Pelham

Buy Access

Questions? Conversation?

  • 2019-02-19 dianikol

    Thanks for the reply Diego Aguiar

  • 2019-02-18 Diego Aguiar

    Hey dianikol

    This course was made on Symfony2 but its content is still relevant speaking about REST API's, but of course, you will have to adjust some blocks of code in order to work with Symfony4


  • 2019-02-18 dianikol

    Hello Ryan,
    Is this course updated in order to meet symfony 4? Is it still relevant?


  • 2018-10-11 Diego Aguiar

    Hey daimmo

    Dang, that's our bad, that epidose doesn't exit yet and I can't tell if it will exist any time soon. Sorry about it

  • 2018-10-11 daimmo

    Hi I see a link to Episode 3 but redirects to home page.


    If you want to know about Hypermedia, HATEOAS, Documenting your API,
    Content-Type negotiation, pagination and more, these are not covered
    here, but will be covered in Episode 2 and Episode 3.

  • 2018-05-13 Matt Johnson

    Thanks for the course!

  • 2016-07-05 Mihail

    Oh, thanks again, I just didn't know that it was possible to update only chosen dependencies with composer.

  • 2016-07-05 weaverryan

    Cool! Glad it's working!

    I think you had the right idea - just maybe not in the right order. I think you needed to:

    A) Update dbal in composer.json
    B) Run `composer update doctrine/dbal` so that it *only* updates that library (and not everything else, including Symfony).


  • 2016-07-05 Mihail

    Thanks Ryan,

    Indeed, when running composer update - symfony3 security dependencies are being fetched. However on composer install, updating dbal just in composer.json doesn't help. I decided to add the same changes of source reference from composer.lock as in your repository and after composer install now it works! :)

  • 2016-07-04 weaverryan

    Hi Mihail!

    Hmm, this is interesting. I can see what's happening: I think when you upgraded Doctrine, you also upgraded Symfony - it appears that it's in some weird state where part of your code is on Symfony 3, and part of your code is on Symfony 2 still. The SecurityContextInterface is a Symfony *2* thing, while the AuthorizationChecker is a Symfony 3 thing. If you didn't intend to also upgrade Symfony, I would roll back. But if it's ok - try forcefully clearing your cache:

    rm -rf app/cache/*

    (or var/cache/* depending on where your cache dir lives).

    Let me know if that helps! Cheers!

  • 2016-07-01 Mihail

    Hi Ryan,

    After the update to 2.5.4 tests start passing as expected, but when I tried to access the app on the login page another error appeared: Fatal error: Uncaught TypeError: Argument 1 passed to Symfony\Bridge\Twig\Extension\SecurityExtension::__construct() must implement interface Symfony\Component\Security\Core\SecurityContextInterface, instance of Symfony\Component\Security\Core\Authorization\AuthorizationChecker given

    Could you advise on what should be done to resolve this issue?

  • 2016-05-23 Sergio Costa

    Thank you very much! You Guys Rock!

  • 2016-05-22 weaverryan

    Hi Sergio!

    The answer to this depends on several things, including the size of the files. In the simplest model, you can just send your data in the body of the request and read out the request content and save that to a file. In other words, treat your "upload" just the same as when your client sends JSON to your API. You an also use the multipart/form-data method and get more complex from there. Google Drive's API docs are actually very nice at explaining what they allow :)


  • 2016-05-19 Sergio Costa

    Folks, is there any example tha show how to send Files over REST API ?

  • 2016-04-05 Achilles Kaloeridis

    Everything seems to be working now, thanks :)

  • 2016-04-05 weaverryan

    Ah, thanks! Now I *know* we have a problem :) - and weird one! It looks like there's a old bug in Doctrine itself on HHVM and PHP 7: This was fixed in doctrine/dbal version 2.5.4 (the tutorial ships with version 2.4.4).

    I've just updated the code download to use 2.5.4. If using the new code - or upgrading your project - makes it better, let me know!


  • 2016-04-05 Achilles Kaloeridis

    I get the same error on login. I followed the installation process. I am using PHP7 too. On registration I get:

    An exception occurred while executing 'SELECT u.* FROM user u WHERE ()': SQLSTATE[HY000]: General error: 1 near ")": syntax error


    PDOException in Connection.php line 691:SQLSTATE[HY000]: General error: 1 near ")": syntax error.

  • 2016-03-18 weaverryan

    Hmm, that's enough to tell me what query is failing - the one that tries to load the username you just entered from the user table. But I can't repeat this locally (I downloaded the code from one of the tutorial pages, unzipped it, moved into the "start" directory and followed the README). And I can't seem to see anywhere in the code that *might* be causing this. What error do you get when you try registration?

    Btw, you might also be interested in the Symfony REST tutorial: We cover theory a little bit less (we cover things in more depth in this tutorial), but that tutorial uses the Symfony full stack framework.


  • 2016-03-17 weaverryan

    Ah, hmm - when exactly do you get this error? It's definitely weird/wrong that the WHERE is empty - if we know *where* this error happens (i.e. which query gives us this error) - we might be able to track it down.


  • 2016-03-16 weaverryan

    Hi Michal!

    Thanks for posting - that is SUCH a weird error for that problem - hopefully this will help anyone else who hits that.


  • 2015-07-14 weaverryan

    Hey again!

    I saw your other comment about the database error - obviously this is related :). The project uses sqlite and creates a data/code_battles.sqlite file. It does this automatically when you hit any page: if it doesn't see that file there, it initializes the database and creates it. You don't need to have any database credentials, you just need to make sure the data directory is writeable (you'll get an error if it isn't).

    Let me know if this helps!

  • 2015-07-14 Emberous

    Hello, i am following your tutorial, but i can't find database data and also can't find db configuration file.

  • 2015-04-23 weaverryan

    Hey Nick!

    Ok first - watch our OAuth tutorial: I'm saying this because I was once as confused as you were, and now things make a lot more sense.

    Next, if you want to allow people to be able to "login with Twitter" to your app, then you'll be acting as an OAuth client and interacting with those 3rd parties. In this scenario, your app would get a "Facebook access token", which you'll use to fetch some user data and then log them in. But this has nothing to do with how you'll setup auth for YOUR API. For example, once the user is logged in to your site - say, on your iPhone app - (via normal form login or Facebook - doesn't matter), they will somehow need to get an access token to YOUR site and send that along with the requests. So yes, you could be an "OAuth" client just to allow "Facebook login" and then have your own "token authentication" system where users simply login to your site (via whatever mechanism) and then create tokens.

    You would only need an OAuth server (like FOSOAuthServerBundle) if, for your API, you were using access tokens and wanted your users to obtain those through the OAuth flow (instead of logging in, generating them, then inputting those manually into your iPhone app).

    I hope that makes MORE sense - definitely back up and get deep in the purpose of OAuth, and it'll help clarify things.


  • 2015-04-23 Nick

    So is it possible to use Oath without use any external service like Google or Facebook but my token system but following oauth rules?

    For example I could use HWIOAuthBundle but this have tons of 3rd party providers. Tha means practically that someone cannot access my app without first has an account with at least one of these providers. Is that good? I could prefer a hybrid system where user can register via twitter or Facebook or Google or whatever provider OR via ordinary register. Then after persist in db he can login and create tokens in my app without use any 3rd party provider. I think that's the best for my case. I am a bit puzzled about token and oauth... They seem similar but i think oauth has some diffs and more strict pattern I should follow. Do I need FOSOAuthServerBundle to achieve oauth without the use of 3rd party provider?

    Thanks so much for the help!

  • 2015-04-23 weaverryan

    Hi Nick!

    Oh boy, I feel your pain :). The correct answer is: it depends. I'm kidding (sort of), I can at least give you some personal recommendations. Let's do it in bullets:

    1) If it were only a browser app, I'd just use normal sessions (since AJAX includes the session cookies). But since you need other things, probably not.

    2) OAuth is probably a good way to go. But first, realize that OAuth is really a pattern that helps your API clients to *retrieve* an access token. What i mean is, you can totally create a token authentication system without OAuth. For example, have a Token entity table, allow your users to login and generate a token, then set things up to look up the token in your database table on auth. That's what we do in REST ep2: OAuth has the advantage that it defines the whole flow of how a user gets redirected to your site, and the app eventually gets the token. There are also libraries to help manage an OAuth "server".

    4) HTTP Basic may also be enough (as long as your on https). I *think* (and I'm not an expert here) that the risk with an app is that since you're typing your username/password into the app, the user isn't guaranteed that your app isn't storing that somewhere (i.e. stealing it) before sending it across https to the site.

    5) (Sorry, getting long). If you *do* use a token-based system (OAuth or not), you could ALSO allow traditional form login with a session, and take advantage of this with OAuth. You'd then have the user login like normal, and then all the AJAX requests would be Auth'ed just because they contain the session cookie (i.e. you wouldn't need to worry about obtaining/sending a token from Angular).

    Phew! I hope that at least helps a little bit!

  • 2015-04-22 Nick


    If you create a simple application with Symfony2 in backend as a rest api and angularjs in frontend, which is the best Authorization pattern to use for your rest api?

    My goal is to create a rest api and have Angular for browser users and apps for android and ios which all of them will hit the symfony2 rest api backend. But what authorization to use? I am a bit complicated... Can I use oauth2 without use a third party site like Facebook or Google? Is HTTP basic secure enough? Is token the best practice for my needs or WSSE?

    I am completely puzzled :D

    Thanks a lot.

  • 2015-02-27 weaverryan

    Great, cheers! What an odd way for PHP 5.3 to cause a failure. But I'm super glad you figured it out :).

  • 2015-02-26 Jonz

    Hello Again, Looks like that worked. Looks like the minimal requirement for php is 5.4.x. Thanks again... can't wait until episode 3...

  • 2015-02-25 weaverryan

    Hey again!

    Hmm, yes I just followed the directions on that chapter, but I've got the same result (site shows up ok, I'm able to login, etc). So, even though I can't imagine why, it's *possible* it's your version of PHP, so upgrading that would be my next try.

    Sorry you're having issues!

  • 2015-02-25 Jonz

    Just to make sure I didn't make a newbie mistake. I re-downloaded the code a few more times and unfortunately the same result. I followed the same instructions as per the "Project Routing" segment. The difference I just realize is that I am not using the latest version of php. Looks like my version of PHP is 5.3.29. Do you think that would be the problem?

  • 2015-02-25 weaverryan

    Hi Jonz!

    Thanks for the nice words :). Unfortunately, I can't repeat your error with a fresh code download, and I also can't think of how this would be happening. I don't think it's Windows-related, but I can't quite explain it. That missing service is setup inside the Application class right here when the app boots:

    Did you download the code from the site? Are you using the "start" or "finish" directory. We'll see if we can get it working :).


  • 2015-02-25 Jonz

    Good work with the tutorial this is one of the better ones out there and there are many I have seen. But, when I tried to launch the sample code for this tutorial I get the following:


    Fatal error: Uncaught exception 'InvalidArgumentException' with message 'Identifier "security.entry_point.api.api_token" is not defined.' in C:\rest\vendor\pimple\pimple\lib\Pimple.php:78 Stack trace: #0 C:\rest\vendor\silex\silex\src\Silex\Provider\SecurityServiceProvider.php(355): Pimple->offsetGet('security.entry_...') #1 C:\rest\vendor\pimple\pimple\lib\Pimple.php(126): Silex\Provider\{closure}(Object(KnpU\CodeBattle\Application)) #2 C:\rest\vendor\pimple\pimple\lib\Pimple.php(83): {closure}(Object(KnpU\CodeBattle\Application)) #3 C:\rest\vendor\silex\silex\src\Silex\Provider\SecurityServiceProvider.php(266): Pimple->offsetGet('security.except...') #4 C:\rest\vendor\pimple\pimple\lib\Pimple.php(126): Silex\Provider\{closure}(Object(KnpU\CodeBattle\Application)) #5 C:\rest\vendor\pimple\pimple\lib\Pimple.php(83): {closure}(Object(KnpU\CodeBattle\Application)) #6 C:\rest\vendor\silex\silex\src\Silex\Provider\SecurityServiceProvider.php(114): Pimple->offsetGet('security.firewa...') #7 C:\rest\vendor\pimple\pimple\lib\Pim in C:\rest\vendor\pimple\pimple\lib\Pimple.php on line 78


    I tried to look around for some solutions on the web and on this discussion forum but was not able to get one. I am using a window machine with the latest versions of php/apache. Thanks in advance for the help.

  • 2015-02-02 weaverryan

    Hi Joan!

    No worries about the spam! And it looks like you're absolutely right! If you set the WWW-Authenticate header, then even though you're making the request with AJAX, it causes the popup. And you're also right that the fix is to override the BasicAuthenticationEntryPoint class, which is rather unfortunate (only because I always like when things are easy!).

    Let me know if you need any help with the issue beyond what you've discovered already.


  • 2015-02-02 Joan

    sorry for the spam, this is the question and my own answer on how I solved it:

  • 2015-01-31 Joan

    Apparently I'll need t overwrite Symfony's BasicAuthenticationEntryPoint.php

    which is setting the header/statusCode that takes the browsers to show that prompt...

    $response = new Response();
    $response->headers->set('WWW-Authenticate', sprintf('Basic realm="%s"', $this->realmName));

  • 2015-01-30 Joan

    SO question as I seem unable to find out what's wrong:

  • 2015-01-30 Joan

    Hey Ryan,
    I am making an API call using jquery $.ajax and it works. The API call in question is the one to retrieve a user's token given Basic Auth credentials. However, when the credentials introduced are (purposely) wrong the API returns a 401 Unauthorized causing a Network Error to appear in the browser console, and additionally, the browser will show the default Authorization Required form for the user to retry. I don't want this behaviour and at this point I am not sure of if this is the frontend's fault or the API's fault. I think the issue is that the API responds with this header: WWW-AuthenticateBasic realm="Secured" . If this is correct on the API side, then I'll need to find a way to prevent the default behaviour in the frontend but at this point I am not sure. If you got anything to say in this regard, I'd be glad to hear about it :p Thanks

  • 2015-01-15 ricky spires


    For some reason my virtual box conflicting. I destroyed my Vagrant and now it works :)

  • 2015-01-15 ricky spires

    I think it's in the code. If I comment it out and do echo"testing"; it returns testing

    // 'exceptions' => false,
    // )
    // ));

    // $request = $client->post('/api/programmers');
    // $response = $request->send();
    // echo $response;
    // echo "\n\n";


  • 2015-01-15 ricky spires

    Web Server will not run testing.php file ?

    $ cd web
    $ php -S localhost:8000
    $ cd ../
    $ php testing.php

    And I get....

    POST /api/programmers HTTP/1.1
    Host: localhost:8000
    User-Agent: Guzzle/3.9.2 curl/7.37.1 PHP/5.5.19
    Content-Length: 0

    HTTP/1.1 500 Internal Server Error
    Host: localhost:8000
    Connection: close


    Any ideas anyone ?


  • 2014-12-18 weaverryan

    Hey Jake!

    In episode 2, we talk about embedded resources, but that chapter is *not* quite out yet (it will be out today or tomorrow, but the rough draft is up now: But short story is yes: you can absolutely choose to embed one resource into another one. How do you decide if you want to do this? It's totally subjective - if it's convenient for you, do it. And though it violates the norms of REST, I have seen people allow the client to control this with a query parameter (e.g. ?_embed=battle).

    About the update, I can't think of much information about this, but yes, you can do this, and I think you could even certainly make a case for it being RESTful. For example, if you're updating a programmer, but also sending data for the programmer, then you could argue that philosophically, all of that is just one big programmer+battle resource that's being updated :).

    So if you *need* to, do it. But I would probably make the API also be ok if the Battle data weren't included in the Programmer update, since that's a bit more of a "normal" situation. Oh, and one more thing that someone smarter than me said on this topic once: The job of the server is to do its best to understand the representation and update the resource. For me, this means that your server should not police the client and say "no, you cannot send battle fields in this request, it's no proper, get out!". It should instead try to be flexible and do its best to update the resource based on the data. Just don't go crazy breaking the rules - you might be better off sending 2 update requests (you could likely send them in parallel anyways).


  • 2014-12-18 Jake

    Suppose I have a page which shows the programmer and the list of battles he had. So basically there's two resources: Programmer and Battle that is utilized by this page.

    Is it possible to have your programmer endpoint in such a way that it includes the battles as part of the response?

    Furthermore, sometimes when you update a resource, you also need to update linked resources together with it.. Does it make sense to do this in one request?

  • 2014-12-05 Edison

    SILEX Of Course, I forgot !! Now it solved my "issue" 100% :)
    Oh my God, I Was thinking all the time in symfony (What a Shame..) Thank you Ryan!!

  • 2014-12-05 weaverryan

    Hey Edison!

    Bambi question, I like that :). The app/console server:run is strictly a Symfony-thing, which we don't have here since this app is in Silex (similar, but not the same). But that's ok, the server:run is just a short-cut for:

    cd web

    php -S localhost:8000

    Check out this section here: It sounds like it *was* running, so you might have already done this successfully before. And I think this answers your other questions too - this is Silex, not Symfony - so the directory structure is something I created - it's Symfony-esque, but simpler.

    Does that help?


  • 2014-12-05 Edison

    Hello Ryan and KNPU Guys!

    I have a Bambi question for you:

    I installed the project and I was playing and having fun for a while, suddenly I tried to refresh the page and the application gone!!

    I tried to use app/console server:run and guess what??? Command not found.

    Why the app directory only has bootstrap.php file inside? Where are other files and folders? What's the problem?

    Thanks =)

  • 2014-11-26 Roukmoute

    No, FOSRestBundle is a Bundle not an independent library.
    I must create an API which will run in Sf 1.4 and Sf 2.
    I inquire for this case.

    I "just" have to create an library and create a plugin for Sf 1.4 and a Bundle for Sf 2 who re-use correctly the library.

    I think that this could be the subject of a good tutorial.
    Propose the creation of a library that would be reusable by subsequently using the principle of adapter.

  • 2014-11-26 Nikos C.

    What do you mean an API library? Like FOSRestBundle ( ?

  • 2014-11-26 Mathias Strasser

    I am disappointed because I didn't start with an already existing project.
    I would like to know how to create a library that would be reusable on several projects.
    I want to create an API library which could be implement in a Symfony 2 project, as in another framework.

    What is the best way to do so?

  • 2014-10-02 weaverryan

    Oh no! Sorry about that - I hope we'll start to release episode 2 over the next few weeks. I know that's no help to you right now, but I'll do my best!

  • 2014-09-26 Heikki

    Any news on episode 2? Any estimated date? Struggling with authentication and pagination!

  • 2014-09-19 Miriam Tocino

    Hi Ryan! thanks for the quick reply :-) I will look definitely into it. And yeap, I do use Symfony for it! Cheers!

  • 2014-09-19 weaverryan

    Hi Miriam!

    Hmm, I haven't gotten this far in the next tutorial, but we *do* have CORS on the menu for it, which indeed could be very helpful in your case. Instead of waiting for us, my advice would be to go ahead and check into this. If you happen to use Symfony, there is a bundle that helps with this: And if not, the bundle may still be instructive.


  • 2014-09-19 Miriam Tocino

    Hey Ryan!

    Just finished this episode, learned a lot about the idea behind REST, HTTP methods and status codes! :-)

    However I still have some open questions. I am now working on a web service which should accept PUT requests from other domains (in this case sent from an iOS app). Up until now we are building the request using an AJAX call and JSONP, which turns out not to be true REST and has well-known security issues (so I am not happy at all with it).

    I was just wondering if there is something related to this topic coming in episode 2 of these series, maybe related with Cross Domain Headers and so on... That would be very helpful!

    I look forward to it and keep up the nice work!

  • 2014-09-06 Sergio

    Hello Ryan! Really thanks for your good work, looking forward for the Symfony2 version also...

  • 2014-08-22 Joan

    damn, you are right, should pay more attention, thanks!

    about the windows note, same goes for behat "vendor\bin\behat" :)

  • 2014-08-22 weaverryan

    Hey Joan!

    Hmm, actually, the problem might be simple! In your code, you're using json_enode - it should be json_decode. Let me know if that helps!

    About Windows, I'll double check and make sure we have a note about the Windows command. I thought I had a note, but it's very possible I left it out!


  • 2014-08-22 Joan

    In the chapter "Testing your API with PHPUnit" I need to comment line 30 to get the tests passed. ($data = json_encode($response->getBody(true), true);)

    Otherwise I get the following error:

    1) KnpU\CodeBattle\Tests\ProgrammerControllerTest::testPOST
    PHPUnit_Framework_Exception: Argument #2 of PHPUnit_Framework_Assert::assertArra
    yHasKey() must be a array or ArrayAccess


    Any ideas of what might be wrong? what does that commented line exactly do?

    Also, for people trying this on windows you need to execute phpunit this way:

    C:\xampp\htdocs\rest>vendor\bin\phpunit src\KnpU\CodeBattle\Tests\ProgrammerControllerTest.php

    They are using a script that only works for unix on the tut!

  • 2014-08-13 weaverryan

    Hi Jasper!

    Yea, that's quite controversial - even William and I disagree on this :). William (who I admit is more knowledgeable than I am) recommends using a single controller for both the HTML and JSON (or XML) representations. The potential problem with this approach might be if your web interface doesn't really look like your API. For example, you might have a /products API endpoint. But perhaps there's really no "products list" web interface page - perhaps instead there is /dashboard only, which shows products and users you're connected to (just imagining some example).

    I would say, if you're comfortable with the idea of using one controller to return different representations, try that. But realize, that you may have some controllers that will only return JSON or will only return HTML, because there is only a JSON version of /products and an HTML version of /dashboard. And I think that's ok :). If you're overwhelmed by all of this, then don't feel bad using different controllers (but do your best to use services to avoid duplication).

    Great question!

  • 2014-08-11 Jasper

    Hi, I'm excited for the second part of the RESTful API tutorial.

    If possible I want to know which is the more efficient or preferred way of implementing the api and web interface.. separate controllers or only one but be able to handle different representations?

  • 2014-08-01 weaverryan

    Not *too* soon unfortunately - probably a couple of months, but could be sooner. If you're on the mailing list, we'll bother you when it happens :).

  • 2014-07-31 MeDevPHP Dev

    Ahh ok, how soon.. :) ? Looking forward to it.

  • 2014-07-30 weaverryan

    No worries - I want to do that in the future! Using Silex gets us much *closer* to learning about API's and REST (without the framework getting in the way). So later, when we *do* have a tutorial about API's in Symfony, we can just get our job done quickly, since we'll have laid all the ground-work in these tutorials :).


  • 2014-07-29 MeDevPHP Dev

    arrrgghh! I quit at the mention of Silex, why not straight SF2 ( or will NelmioBundle or something).... :(

  • 2014-06-16 weaverryan

    Thanks so much! I've also read about half of Phil's book (just been short on time) and very much enjoyed it as well.

    We'll keep pushing forward with the 2nd episode - I'm excited too!


  • 2014-06-16 Guest

    Just finished it up - really can't wait for the next course. Great job everyone! :)

    If anyone wants more reading on this, Phil Sturgeon's "Build APIs You Won't Hate" (available via Leanpub) is a great resource to learn more. It covers topics that will be in the second course, but it's available now.

    I'll be back to watch the second course when it comes out :D

  • 2014-06-14 weaverryan

    You're right! I've just updated the code download - it *does* contain a few more things than the original beta code download.

    Thanks for pointing that out!

  • 2014-06-14 Di-SiDE

    Hi Ryan,
    the source code is missing the ApiFeatureContext::thePropertyShouldContain method (that was not defined in the previous beta code).

  • 2014-06-13 weaverryan

    Hey Aliaksandr Harbunou!

    Obviously, it depends on what you need, but I'm a fan of using a token system: it's simple to implement and very understandable by your clients. That's what we're using in episode 2, modeled roughly off of GitHub. If you're curious, you can see the low-level setup here:

    Hope that helps!

  • 2014-06-12 Aliaksandr Harbunou

    Where part with authorization via REST? I already did REST before this tutorial has been published, however authorization part still didn't chosen. WSSE, Token or your ideas?

  • 2014-05-29 weaverryan

    Hey Davor!

    It means that part of the tutorial is available, but part of it still needs to be released. Right now, if you look at the table of contents on the left, you'll see the last few chapters are grey - we're still working on those and will release them soon. So, you can start going through the tutorial now, and if you own it, we'll email you when the rest of the chapters come out.


  • 2014-05-29 Davor B.

    what does mean early access? I'm new member here

  • 2014-05-27 weaverryan

    Thanks buddy - I've made an issue ( to get rid of the share array syntax They're cute, but not necessary.


  • 2014-05-23 Thomas G. Bennett, Inc.

    I had a little trouble initially setting up, but a few things that may help others, in case you are as n00b as me:

    sql lite requires ownership for me so i did: $ sudo chgrp _www -R data

    also, I'm on php 5.3 to match my work servers, so I had to make adjustment to line 70 from [] to array()

    return $this->render('user\register.twig', array('errors' => $errors, 'user' => $user));

  • 2014-04-30 weaverryan

    Yes, that's not an easy problem to solve! We'll definitely cover that, using an approach that you'll recognize from FOSRestController. There are still a lot of tough details to cover in episode 2!

    Really happy you've enjoyed it!

  • 2014-04-30 Pablo María Martelletti

    Excellent so far! I've purchased and already seen it all, so great job! Waiting to see the rest of it. It would be great if you cover how to handle different formats for same url endpoints, just like FOSRestController do, and not to have the code duplicate in API Controllers and so on.


  • 2014-04-30 Heiko Krebs


  • 2014-04-30 weaverryan

    Hey Chris!

    We just released the first chapters this morning and a full chapter list. Hope you enjoy it!


  • 2014-04-29 Chris

    Hey Ryan - any chance of an update on the timings on this one? keen to see it.

  • 2014-04-28 weaverryan

    Most of the chapters are recorded and edited, so it should be very soon now! We're passed due on getting this out and we know it - so we're working our butts off this week on it to not delay further :).


  • 2014-04-23 Thomas

    Any news?

  • 2014-03-24 Jlsefksfesse

    Ok, thanks for letting me know, and for working on the tutorials. I'm looking very much forward to seeing them released!

  • 2014-03-24 weaverryan

    Hey Tor!

    A few chapters should come out next week (good REST background, building up the basic endpoints, testing them, etc) with more of the meat coming a few weeks later. We'll email you with updates when the first chapters come out.


  • 2014-03-22 Jlsefksfesse

    What's the current estimate for when this will be out?

  • 2014-03-15 Jlsefksfesse

    Thanks for making these. I'm looking forward to this one a lot! I'll need it for two projects, and the sooner it's available the better ;)

  • 2014-03-12 weaverryan

    Hey! No hard ETA yet - but we're aiming to start releasing chapters in the next couple of weeks (I'm working on stuff right now).


  • 2014-03-12 Guest

    Any ETA? :) Too late for me to take advantage (I think i have a pretty good grasp now anyway) but I am looking forward to these anyway.

  • 2014-03-04 weaverryan

    We didn't hit Feb, but I just updated the release date information (above in the summary) - I'm working hard on this - we'll post things as soon as we can :) Cheers!

  • 2014-03-04 weaverryan

    FYI - I've just updated the release date information, so not by Feb obviously, but soon! Thanks!

  • 2014-02-01 weaverryan

    I think that's an important topic. We should cover how a client might look quite a bit just by playing with the API we build and writing some tests. I don't have the details yet, but I'll keep your suggestion here in mind - it's good :).


  • 2014-01-31 Evert

    Should there also be a topic related to a client that can consume the api in the right way?

  • 2014-01-22 Lukas Lukac

    Hmmm i think it should be everything with Sf2 for Sf2 devs! :D Almost exactly one year before i started with Sf2 and i was like :O and it was the KNP course that had introduced me for the first time the world of frameworks and the beauty of this framework. Now i desperately crave for some great Sf2 REST course that will learn me a lot and will show practical tricks :) So once again, can't wait! Very excited :)

  • 2014-01-22 weaverryan

    This will be a Feb release! Sorry it can't be sooner - but if you click "Notify Me" - we'll ping you as soon as the first chapters are published.


  • 2014-01-22 weaverryan

    Almost definitely :). Though I haven't decided if we should do something more generic first to introduce the concepts directly (like in Silex) and *then* something in Symfony2 using our extra tools. I'd love to have something useful for Sf2 and non-Sf2 devs.

  • 2014-01-22 Lukas Lukac

    Hi, sounds very intresting! Can't wait! Will be this REST API course connected with SF2 ?

  • 2014-01-21 weaverryan

    Definitely will be covering Hypermedia, that's where things get interesting :). I'll have at least some details in there on authentication as well - I understand very well why you're asking!

    Thanks for the extra details!

  • 2014-01-20 Guest

    I am also extremely curious when this is going to be done. I could use this information ASAP :)

  • 2014-01-18 Wojtek

    I'd like to see HTTP basic, HTTP digest and OAuth2.
    Also are you planning to show how to implement HATEOAS (Hypermedia)?

  • 2014-01-18 weaverryan

    Hey Wojtek!

    I'm not sure yet. We have an OAuth tutorial coming out very shortly (, which might address some of this. Which parts of authorization with a REST API would be helpful to you?


  • 2014-01-14 Wojtek

    Will you also provide some information about rest api authorization?