Security That Covers Your Entire API

This video is available to view for members only.

Click here to Join!

Already a member?


In this video you will learn how to use Symfony's built in Security component to secure your REST API.

By the end of this video you will have gained an understanding of how HTTP Basic works and how to keep your Codeception test suite up to date in a very easy manner when testing with required authentication.

Truthfully, you can use this technique on any Symfony routes, it doesn't only apply to routes created using FOS REST Bundle, or RESTful routes in general.

We'll start off looking at Firewalls. Now, these aren't a direct match to the typical network firewalls you know and ~~love~~ tolerate. Instead they are a way of securing parts of our Symfony routing setup, and can be as broad as to cover our entire project, or as narrow as to focus on one specific route.

Testing this using Chrome's Postman plugin in my opinion makes this whole process a little easier to comprehend. It's quite raw, and excuse the bad pun, basic, so there's less to confuse and confound.

However, Postman has a nasty habit of caching given usernames and passwords, so do be careful not just when following along, but when testing and working with real world API projects.

Share This Episode

If you have found this video helpful, please consider sharing. I really appreciate it.

Episodes in this series

# Title Duration
1 Security That Covers Your Entire API 04:28
2 Securing by Verb (GET, POST, PUT, etc) 02:42
3 Restricting Symfony Routes Based On A User's Role 05:26