Guides
- Declare a Resource
- Hook a Persistence Layer with a Processor
- Provide the Resource State
- Validate incoming Data
- Use Validation Groups
- Secure a Resource Access
- Extend OpenAPI Documentation
- Secure a Resource with Custom Voters
- Validate Data on a Delete Operation
- Create a Custom Doctrine Filter
- Create a Custom Elasticsearch Filter
- Custom controller
- Doctrine ORM and ODM Attribute Filters
- Doctrine ORM and MongoDB ODM Service Filters
- Handle a Pagination on a Custom Collection
- Use Doctrine Filters
- Use Messenger with an Input Object
Tutorials
Validation
API Platform takes care of validating the data sent to the API by the client (usually user data entered through forms). By default, the framework relies on the powerful Symfony Validator Component for this task, but you can replace it with your preferred validation library such as the PHP filter extension if you want to.
Watch the Validation screencast
Symfony
In relation to Symfony, API Platform hooks a validation listener executed during the kernel.view event. It checks if the validation is disabled on your Operation via Operation::validate, then it calls the Symfony validator with the Operation::validationContext.
If one wants to use validation on a Delete operation you'd need to implement this yourself.
Error Levels
If you need to customize error levels we recommend to follow the Symfony documentation and add payload fields.
You can then retrieve the payload field by setting the serialize_payload_fields to an empty array in the API Platform configuration:
# api/config/packages/api_platform.yaml
api_platform:
validator:
serialize_payload_fields: ~# api/config/packages/api_platform.yaml
api_platform:
validator:
serialize_payload_fields: ~Then, the serializer will return all payload values in the error response.
If you want to serialize only some payload fields, define them in the config like this:
# api/config/packages/api_platform.yaml
api_platform:
validator:
serialize_payload_fields: [severity, anotherPayloadField]# api/config/packages/api_platform.yaml
api_platform:
validator:
serialize_payload_fields: [severity, anotherPayloadField]In this example, only severity and anotherPayloadField will be serialized.
JSON Schema and OpenAPI integration
Specification property restrictions
API Platform generates specification property restrictions based on Symfony’s built-in validator.
For example, from Regex constraint API
Platform builds the JSON Schema pattern restriction.
For building custom property schema based on custom validation constraints you can create a custom class for generating property scheme restriction.
To create property schema, you have to implement the PropertySchemaRestrictionMetadataInterface.
This interface defines only 2 methods:
create: to create property schemasupports: to check whether the property and constraint is supported
Here is an implementation example:
namespace App\PropertySchemaRestriction;
use ApiPlatform\Metadata\ApiProperty;
use Symfony\Component\Validator\Constraint;
use App\Validator\CustomConstraint;
final class CustomPropertySchemaRestriction implements PropertySchemaRestrictionMetadataInterface
{
public function supports(Constraint $constraint, ApiProperty $propertyMetadata): bool
{
return $constraint instanceof CustomConstraint;
}
public function create(Constraint $constraint, ApiProperty $propertyMetadata): array
{
// your logic to create property schema restriction based on constraint
return $restriction;
}
}namespace App\PropertySchemaRestriction;
use ApiPlatform\Metadata\ApiProperty;
use Symfony\Component\Validator\Constraint;
use App\Validator\CustomConstraint;
final class CustomPropertySchemaRestriction implements PropertySchemaRestrictionMetadataInterface
{
public function supports(Constraint $constraint, ApiProperty $propertyMetadata): bool
{
return $constraint instanceof CustomConstraint;
}
public function create(Constraint $constraint, ApiProperty $propertyMetadata): array
{
// your logic to create property schema restriction based on constraint
return $restriction;
}
}Open Vocabulary Generated from Validation Metadata
API Platform automatically detects Symfony's built-in validators and generates schema.org IRI metadata accordingly. This allows for rich clients such as the Admin component to infer the field types for most basic use cases.
The following validation constraints are covered:
| Constraints | Vocabulary |
|---|---|
Url | https://schema.org/url |
Email | https://schema.org/email |
Uuid | https://schema.org/identifier |
CardScheme | https://schema.org/identifier |
Bic | https://schema.org/identifier |
Iban | https://schema.org/identifier |
Date | https://schema.org/Date |
DateTime | https://schema.org/DateTime |
Time | https://schema.org/Time |
Image | https://schema.org/image |
File | https://schema.org/MediaObject |
Currency | https://schema.org/priceCurrency |
Isbn | https://schema.org/isbn |
Issn | https://schema.org/issn |
Query parameter validation
By default query parameter validation is on, you can remove it using:
# api/config/packages/api_platform.yaml
api_platform:
validator:
query_parameter_validation: false# api/config/packages/api_platform.yaml
api_platform:
validator:
query_parameter_validation: false