I am adding an API to a Symfony application, which should act as a REST web service. But there are some open problems.
Different URIs for bots?
I often read the "suggestion" to use URIs such as /api/:id/[...], but I think they would not be REST compatible: regardless of whether the bot or person is the same u nique r esource - i dentified.
I ask, as my expression above makes sense, but I do not expect everyone else to be to blame.
Modify existing controllers?
There are several reasons why I need a separate logic controller for both cases:
- Lack of session login in case of api requests
- various forms of Symfony must be created (for example, no widgets are required).
- JSON / XML instead of HTML output
I do not want to modify existing controllers. In accordance with the principle of open closure, classes should be open for expansion, but closed for modifications, and controller classes are already used in the "production" environment.
My idea is to use an additional HTTP header field (for example, "X-UseApi"). Routing should cause various actions, evaluating it. Is this possible inside routing.yml? How? Do you have any other ideas?
Authentication
This is how I implemented bot authentication:
$user = Doctrine_Core::getTable('sfGuardUser')->findOneByUsername($params['user']);
if($user->checkPassword($params['password']))
{
}
But the code looks like a workaround for my eyes. Are there any better solutions for all REST authentication? Is sfGuardPlugin / sfDoctrineGuardPlugin not eligible for such use cases?
,