Security That Covers Your Entire API


In this video you will learn how to use Symfony's built in Security component to secure your REST API.

By the end of this video you will have gained an understanding of how HTTP Basic works and how to keep your Codeception test suite up to date in a very easy manner when testing with required authentication.

Truthfully, you can use this technique on any Symfony routes, it doesn't only apply to routes created using FOS REST Bundle, or RESTful routes in general.

We'll start off looking at Firewalls. Now, these aren't a direct match to the typical network firewalls you know and love tolerate. Instead they are a way of securing parts of our Symfony routing setup, and can be as broad as to cover our entire project, or as narrow as to focus on one specific route.

Testing this using Chrome's Postman plugin in my opinion makes this whole process a little easier to comprehend. It's quite raw, and excuse the bad pun, basic, so there's less to confuse and confound.

However, Postman has a nasty habit of caching given usernames and passwords, so do be careful not just when following along, but when testing and working with real world API projects.

Code For This Course

Get the code for this course.

Code For This Video

Get the code for this video.

Episodes

# Title Duration
1 Security That Covers Your Entire API 04:28
2 Securing by Verb (GET, POST, PUT, etc) 02:42
3 Restricting Symfony Routes Based On A User's Role 05:26