Api Platform conference
Register now
API Platform Conference
September 19-20, 2024 | Lille & online

The international conference on the API Platform Framework

API Platform Conference 2024: meet the best PHP, JavaScript and API experts

Learn more about the event, register for the conference, and get ready for two days of inspiration, ideas, and knowledge-sharing with our incredible lineup of renowned specialists and advocates.

Register now



Bug fixes

  • 55f27dc7a fix(symfony): documentation request _format (#6390)


Bug fixes

  • 002d8e514 fix(validation): ValidationException causes TypeError exception when called with $code=null (#6375)
  • 77a917f2a fix(metadata): resource class php doc (#6381)
  • d809315fb fix(symfony): store original data without clone (#6367)
  • fb7c4658c fix(test): canonicalizing json arrays (#6386)


Bug fixes

  • 10f24f7a1 fix(state): no location header without output (#6356)
  • 20c9165f2 fix(symfony): no read should not throw on wrong uri variables (#6359)
  • 4cd359d40 fix(graphql): resolver before validation (#6363)
  • 9d159f4fa fix(symfony): no read shouldn’t throw InvalidIdentifiers (#6357)


Bug fixes

  • 6f806f4ee fix(state): read without output (#6347)
  • 735e1509e fix(symfony): set normalization context in request attributes (#6345)
  • b4984126a fix(symfony): use_symfony_listeners before registering services (#6350)
  • f63fd8101 fix(symfony): define use_symfony_listeners (#6344)


You can remove the event_listeners_backward_compatibility_layer flag and set use_symfony_listeners instead. The use_symfony_listeners should be true if you use controllers or if you rely on Symfony event listeners. Note that now flags like read can be forced to true if you want to call a Provider even on POST operations. These are the rules we set up on runtime if no value has been set:

if (null === $operation->canValidate()) {
    $operation = $operation->withValidate(!$request->isMethodSafe() && !$request->isMethod('DELETE'));

if (null === $operation->canRead()) {
    $operation = $operation->withRead($operation->getUriVariables() || $request->isMethodSafe());

if (null === $operation->canDeserialize()) {
    $operation = $operation->withDeserialize(\in_array($operation->getMethod(), ['POST', 'PUT', 'PATCH'], true));

Previously listeners did the checks before reading our flags and you could not force the values.

When using GraphQl, with event_listeners_backward_compatibility_layer: true, mutation resolver gets called before validation, when using false (the future default) validation occurs on the user’s input.

v3.3.1 (pre-release)

Bug fixes

  • 6f806f4ee fix(state): read without output (#6347)
  • 735e1509e fix(symfony): set normalization context in request attributes (#6345)
  • f63fd8101 fix(symfony): define use_symfony_listeners (#6344)


Bug fixes

  • 629da787b fix(symfony): use non deprecated validator exception (#6297)
  • 8a232a474 fix: add legacy FilterInterface as return type of getFilter function (#6311)
  • 97c8ae26e fix(jsonapi): handle multiple relation classes, unrelated unions (#6320)
  • af61482c2 fix(symfony)!: context stamp not serializable because of request object (#6323)
  • fce42e0e7 fix(jsonapi): re-add continue once relation is determined (#6325)


  • 57fe13615 feat(serializer): update MissingConstructorArgumentsException message (#5902)
  • e867d07f5 feat(parametervalidator): parameter validation (#6296)


Bug fixes

  • 50f4f0eeb fix: change deprecated ValidationException (#6295)
  • 5e908c898 fix: reorder early return QueryParameterValidateListener (#6300)
  • 678eb4f84 fix(jsonapi): add missing “included” schema parts (#6277)
  • 8f8121865 fix(graphql): query nullish ManyToOne-Relation
  • 90c9fb31a fix(symfony): register api_error route (#6281)
  • 93f8b5f39 fix(jsonapi): return empty data array for empty relation (#6270)
  • 9ac0062a2 fix(symfony): context not serializable when session (#6302)
  • da324e457 fix(metadata): index operations (#6272)


Bug fixes

  • 23a9f2a7f fix(openapi): webhook has pathItem
  • 54638d3ca fix: fix PHPUnit 11 compatibility (#6202)
  • bc96751e0 fix(graphql): nested collection for mongo (#6174)
  • ca6be326d fix(doctrine): fix case on Mercure ExpressionLanguage (#6207)
  • dad8b7df3 fix(validation): move validation exception resource (#6204)


  • 0b724d93b feat(openapi): document parameter
  • 125f2cef4 feat: add webhook - openapi (#5873)
  • 31d24aca4 feat(hydra): read hydra:property from ApiProperty::jsonLdContext (#6240)
  • 3ad3836d5 feat(metadata): attribute Parameter (#6246)
  • 52322048c feat(state): provide parameter values
  • 5523bf5df feat(openapi): disable response override (#6221)
  • 683c34c6f feat(hydra): parameter documentation
  • 732d4aa8c feat(symfony): parameter DI for metadata state serializer
  • 842030d55 feat(doctrine): parameter filter extension (#6248)
  • b79c7ae0e feat(metadata): allow \Stringable for security parameters (#6095)
  • e427bba70 feat(jsonschema): JSON:API schema factory (#6250)

The v3.3.0-beta.1 introduces a new QueryParameter attribute to improve the filtering system.


Bug fixes

  • bc8d57b88 fix(symfony): reduce json-problem dependencies (#6169)
  • bfd759b62 fix: components split dependencies (#6186)
  • c01e10ff3 fix(hydra): remove dependency from ApiPlatform/Api dependency (#6154)


  • 24a1a18cb feat: improve ApiProperty::security using property name (#5853)
  • 3d1428e4d feat(symfony): add get_operation Expression Language function on Mercure topics (#5854)
  • 6b00cea91 feat(graphql): partial pagination for page based pagination (#6120)
  • 79fe01b97 feat(doctrine): paginators for Doctrine Collection & Selectable (#6153)
  • 89c9229f4 feat(graphql): support nullable embedded relations in GraphQL types (#6100)


Bug fixes

  • 2828157f6 fix(doctrine): constants case sensitive values
  • bbc99cfbe fix(serializer): improve TagCollector context (JSONAPI HAL) (#6076)
  • e10cc5ecf fix(graphql): use normalization context to get item from IRI (#5915)


  • 4f59677d4 feat(parametervalidator): create api-platform/parameter-validator component
  • 670e7fbea feat(serializer): collect cache tags using a TagCollector (#5758)
  • 6b79b6f47 feat(elasticsearch): filtering on nested fields (#5835)
  • 8e3a48810 feat: enable Swagger UI deep linking (#6051)
  • 9083765b0 feat(graphql): support enum collection as property (#5955)
  • a749fe849 feat(doctrine): allow to extend link handling (#6061)
  • b48836690 feat(symfony): Link security (#5290)
  • cc9f6a518 feat(symfony): request and view kernel listeners (#6102)
  • ce9ab8226 feat(metadata): headers configuration (#6074)


  • api-platform/parametervalidator
  • api-platform/doctrine-common
  • api-platform/doctrine-orm
  • api-platform/doctrine-odm

A new interface ApiPlatform\Serializer\TagCollectorInterface allows to collect cache tags (IRIs) during serialization instead of using API Platform defaults. An experimental feature (#5290) gives the ability to use security on sub resource links.

If you use controllers you should use:

    use_symfony_listeners: true

The default is false you can get rid of the event_listeners_backward_compatibility_layer flag. You can now force an operation state, for example:


#[Delete(validate: true)]
#[Post(read: true)]
class Book {}

These namespaces are deprecated:

  • ApiPlatform\Api
  • ApiPlatform\Exception
  • ApiPlatform\Problem
  • ApiPlatform\Action
  • ApiPlatform\Util

Most of the classes have moved to ApiPlatform\Metadata.

If a format is not specified in either the global configuration or the outputFormats of an operation, you’ll get a 406 Not Acceptable error:

        jsonld: ['application/ld+json']
        form: ['multipart/form-data']


Bug fixes

  • fb7c4658c fix(test): canonicalizing json arrays (#6386)


Bug fixes

  • 50c738cf6 fix(graphql): check inheritance in ResolverProvider (#6314)
  • 9cd597f80 fix(doctrine): remove usage of deprecated ClassUtils in PurgeHttpCacheListener for Doctrine ORM 3 (#6331)
  • a59fbee97 fix(serializer): uriTemplate wrong cache usage in hal format (#6313)
  • c083af346 fix(metadata): allow extracting routeName from XML config (#6329)


Bug fixes

  • 2a8767108 revert: fix(graphql): increment graphql normalizer priority
  • 6c3d58c28 fix(jsonschema): don’t try to define $ref if set in attributes (#6303)
  • 9ac0062a2 fix(symfony): context not serializable when session (#6302)


Bug fixes

  • 90c9fb31a fix(symfony): register api_error route (#6281)
  • d061c3811 fix(graphql): increment graphql normalizer priority (#6283)


Bug fixes

  • 0154fbf00 fix(elasticsearch): wrong namespace for stateOptions (#6260)
  • 4adc07524 fix: multiple error routes #6214 (#6263)
  • 88d88ed2c fix(doctrine): wrong return type without name converter #6079 (#6254)
  • db50a46c1 fix(doctrine): stateOptions force resource class on collection (#6255)


Bug fixes

  • 0073a2a1b fix(serializer): json non-resource intermittent class (HAL & JSON:API) (#6231)
  • 3689ae5f4 fix(hydra): owl:maxCardinality should be an int (#6235)
  • 4b70b7405 fix(jsonschema): generation of non-LD+JSON distinct schema formats (#6236)
  • 818b9cd62 fix(jsonschema): don’t skip remaining multiple union types (#6223)
  • 874e4d670 fix(serializer): collection property in an output dto (#6239)


Bug fixes

  • 2819d56c8 fix(hydra): hydra:view with absolute iris (#6208)
  • 98f4b8fca fix(metadata): Operations priority sort (#6206)
  • a1309bbf2 fix(serializer): skip symfony validation exception (#6220)


Bug fixes

  • 56744dcfa fix(serializer): fix union types on collection denormalization (#6192)
  • d8e2d0c5e fix(doctrine): doctrine/orm:^3.0 support (#6193)
  • f891f16d5 fix(doctrine): isAssociationInverseSide before getMappedBy (#6197)


Bug fixes

  • 09aacf98a fix(symfony): revert breaking change on attributes extractor (#6170)
  • 4138cb7c0 fix(openapi): resource name parameter description (#6178)
  • 5e4b6312a fix(jsonschema): multiple type support (draft4) (#6171)
  • 8535f9def fix(doctrine): read parent class properties on PUT (#6176)
  • a188c9473 fix(symfony): autoconfigure legacy alias fixes #6177 (#6181)
  • e7b442149 fix(validator): stop considering properties marked with NotBlank(allowNull=true) as required (#6184)


Bug fixes

  • 26295392d fix: use normalisation context when none is provided in ApiTestAssertionsTrait (#6157)
  • 2999d9ef1 fix: return null instead of exception for GraphQL Query operation (#6118)
  • 30f3f353e fix(openapi): skip requestBody if input is false (#6163)
  • 507edba82 fix(symfony): autoconfiguration on UriVariableTransformerInterface (#6159)
  • 643cff2db fix(symfony): throw metadata exception (#6164)
  • a987469e0 fix(openapi): method OpenApi::getComponents must always return a Components object (#6158)
  • c08f1e164 fix(doctrine): test array type existence before using it (#6161)


Bug fixes

  • 05713bfc8 fix(hydra): move owl:maxCardinality from JsonSchema to Hydra (#6136)


Bug fixes

  • 1c1023a71 fix: better generics support for State\ProcessorInterface (#6103)
  • dcab6c79e fix(jsonschema): keep integer and number properties draft 4 compliant (#6098)
  • ef4b261f1 fix(graphql): remove count query if paginationInfo is not requested (#6068)


Bug fixes

  • 5de077e7d fix(symfony): use Type constraint violation code instead of exception code (#6064)
  • 804da1be7 fix(openapi): compatibility with OpenAPI 3.0 (#6065)
  • cd01e043a fix(symfony): handle empty content-type as set by Symfony (#6078)
  • d3484b0f1 fix(serializer): integrate root_resource_class to cache key (#6073)

For OpenAPI 3.0, the spec_version=3.0.0 query parameter will force OpenAPI to the 3.0 version. This option is also available through the command line.


Bug fixes

  • 6f3c6a663 fix(symfony): attribute filter names (#6062)
  • dc77c7949 fix(symfony): disable symfony error handling by default
  • f75649d49 fix(symfony): use Type constraint violation code instead of exception code


  • ecffcde chore: remove comparator conflict wrongly introduced


Bug fixes

  • 2a43268f9 fix(jsonschema): fix invalid “int” type to “integer” (#6049)
  • 9660a190a fix(serializer): concat context on wrong id (#6050)
  • a35f0da11 fix(jsonld): remove link to ApiDocumentation when doc is disabled (#6029)
  • a9a06897b fix(doctrine): get reference with identifier value (#6019)
  • aac883e93 fix(symfony): bypass symfony exception listener (#6056)
  • b1926f533 fix(symfony): do not use metadata when merging schema constraints in Collection constraint (#6057)
  • cc16a1ced fix(jsonschema): iri example (#5901)
  • ccf52c199 fix: item_uri_template conflict with context on relation (#6015)
  • dcce75121 fix(doctrine): OrderFilterTrait - properties null value causing error in foreach
  • dcfd3c5ca fix(jsonschema): keep format subschema generation (#6055)
  • c13c88e5c fix(metadata): throw exception if itemUriTemplate if used on invalid operation (xml/yaml formats) (#6053)


Symfony 7 support.

Bug fixes

  • 183b4d637 fix(symfony): named arguments dependency injection
  • 3d32d5e12 fix(openapi): entrypoint access vnd+openapi (#6012)
  • 58f4a3dda fix: no boolean types for exclusive minimum and exclusive maximum open api (#5993)
  • 5e8f5eb99 fix(graphql): consider writable flag also for nested input types (#5954)
  • 9848bd4d4 fix: missing eager joins on to-one relationships (#5992)
  • aa44dd726 fix(openapi): max cardinality
  • c2be40994 fix(symfony): error in provider without uri variables (#6005)
  • d2f281eed fix(jsonschema): fix recursive documentation when using a dto entity wrapper (#5973)
  • e7bc2ab57 fix(jsonschema): indirect resource input schema (#6001)


Bug fixes

To have errors backward compatible with 3.1, use:

             rfc_7807_compliant_errors: false

New extension points are available using Errors with rfc_7807_compliant_errors: true such as Error provider and Error Resource

  • 1b4289412 fix: errors bc with rfc_7807_compliant_errors false (#5974)
  • ce297e6f7 fix(jsonschema): child entity property schema generation (#5988) (#5989)


Bug fixes


Bug fixes

  • 436921f3b fix(serializer): json violation list normalizer (#5941)


Bug fixes

  • 0f015214c fix(symfony): 404 wrongly normalized (#5936)
  • 495f75f81 fix(serializer): json non-resource intermitent class (#5937)


Bug fixes

  • 3d0dfc148 fix(symfony): swagger ui should use base url (#5918)
  • 4f51b5198 fix(symfony): use http exception headers (#5932)
  • 547c4e605 fix(graphql): item resolver inheritance error (#5910)
  • 6b5df95ca fix(doctrine): odm order filter should use a left join on nullable fields (#5911)
  • ae090c7c4 fix(graphql): use normalization context to get item from IRI (#5915)
  • b2d9ce40c fix(serializer): pass $context to IriConverter (#5908)
  • c2824c1d7 fix(jsonschema): restore type factory usage (#5897)
  • cd6f5834b fix(serializer): use error normalizers (#5931)
  • d9f77402d fix(graphql): service missing in debug mode (#5930)


extra_properties.skip_deprecated_exception_normalizers is set to false so that decorating Error normalizers works. Set it to true to avoid deprecations and decorate the corresponding ItemNormalizer instead.


Bug fixes

  • 05363d98f fix(symfony): force json format with GraphQL
  • 0c50d4ceb fix(state): add link header processor without links (#5888)
  • 51b818304 fix: error traces without arguments (#5891)
  • b7c094aca fix(metadata): interface breaking in 3.2 (#5883)
  • dbd4f64de fix(graphql): docs should answer text/html


Bug fixes

  • 2e48c7ecc fix(jsonschema): do not override nor complete ApiProperty::schema user value (#5855, #5864)
  • 33b1658a0 fix(serializer): disable_type_enforcement with null values (#5593)
  • 3953f6f0a fix(state): read provider without request (#5803)
  • 49981505a fix(metadata): convert composite uri variables w/ proper type
  • 4ac62b0c2 fix(jsonschema): build non-resource class schema (#5842)
  • 51e4295b2 fix: missing parent construct calls with named arguments (#5387)
  • 6c9e121db fix(elasticsearch): elasticsearch 8 compatibility (#5795)
  • 7ecfdff85 fix(symfony): graphql security/validator only when enabled
  • b58ec1207 fix(metadata): correct interface aliases (#5766)
  • c353e5aa4 fix(graphql): do not add id field if operation already has a dedicated input type (#5095)
  • c76d9b0b7 fix(serializer): allow usage of genId property for collection (#5870)


  • 0d04f28f2 feat(metadata): improve CreateProvider (#5770)
  • 2141b0118 feat: deprecate not setting formats manually (#5808)
  • 2cf9d552a feat: improve ’not_normalizable_value_exception’ (#5844)
  • 3fa0176a3 feat(metadata): add canonical_uri_template (#5832)
  • 46e84ffc1 feat(symfony): add mercure asserts (#5764)
  • 4ef0ef856 feat: error as resources, jsonld errors are now problem-compliant (#5433)
  • 6babb3d6b feat: replace doctrine/inflector by symfony/string (#5637)
  • 7a1d351b0 feat(tests): add a method to generate the IRI from a resource (#5582)
  • 851aa3778 feat(graphql)!: add extra args for custom queries or mutations (#5359)
  • 92a81f024 feat(graphql): allow to disable the introspection query (#5711)
  • b9cf49969 feat(openapi): update Swagger UI to v5.6.2 (#5807)
  • ccef472ca feat(openapi): use OpenAPI 3.1 (#5489)
  • c7dcd3669 feat(doctrine): stateOptions can handleLinks for query optimization (#5732)
  • d793ffb92 feat: union/intersect types (#5470)
  • d85884d53 feat(elasticsearch): filtering on nested fields (#5820)
  • e65d2c35a feat(serializer): add ApiProperty::uriTemplate option (#5675)


Use composer recipes:update to update your configuration file. The default configuration file is:

    title: Hello API Platform
    version: 1.0.0
        jsonld: ['application/ld+json']
        jsonld: ['application/ld+json']
        jsonopenapi: ['application/vnd.openapi+json']
        html: ['text/html']
        stateless: true
            vary: ['Content-Type', 'Authorization', 'Origin']
            standard_put: true
            rfc_7807_compliant_errors: true # this will be the default value in 4.x
    event_listeners_backward_compatibility_layer: false # use symfony event listeners
    keep_legacy_inflector: false # use doctrine/inflector

Listeners will not get removed in API Platform 4 but will rather use our new Providers and Processors. You can now force the request to go through a particular state for example:

#[Post(read: true)] // to force reading even though it's a POST
  • ApiPlatform\Api got moved to ApiPlatform\Metadata

  • Adds assertMercureUpdateMatchesJsonSchema(Update $update, array $topics, array|object|string $jsonSchema = '', bool $private = false, string $id = null, string $type = null, int $retry = null, string $message = '')

  • The handle links feature is experimental

When using GraphQl, with event_listeners_backward_compatibility_layer: true, mutation resolver gets called before validation, when using false (the future default) validation occurs on the user’s input.


Bug fixes

  • 2e48c7ecc fix(jsonschema): do not override nor complete ApiProperty::schema user value (#5855 #5869, #5864)
  • 6a62a53f8 fix(hydra): hydra:search iexact strategies
  • adbc57865 fix(openapi): entrypoint text/html 200 (#5868, #5863)
  • d42f00ce1 fix(validation): normalize constraint violation list (#5866)


  • 1fccb8413 feat(doctrine): add SearchFilter case-insensitive strategies constants
  • 2cf9d552a feat: improve ’not_normalizable_value_exception’ (#5844)
  • c76d9b0b7 feat(serializer): allow usage of genId property for collection (#5870)


  • ApiPlatform\Api got moved to ApiPlatform\Metadata


Bug fixes

  • 1c6862dd5 fix(symfony): use static variable to store Error (#5837, #5828)
  • 2703a4507 fix(swagger): no throw when operation is not found
  • 2dd058a45 fix(symfony): use “main” state alias for decoration (#5806)
  • 3dedf6d9d fix: exception to status on error resource (#5823)
  • 4ac62b0c2 fix(jsonschema): build non-resource class schema (#5842)
  • 660955b69 fix(symfony): show documentation as entrypoint when requesting html (#5836)
  • 7ebff2702 fix: errors without compatibility flag (#5841)
  • 828e42997 fix: Mercure assertions to public to allow Mercure Hub reset (#5834)


  • 2141b0118 feat: deprecate not setting formats manually (#5808)
  • 3fa0176a3 feat(metadata): add canonical_uri_template (#5832)
  • b9cf49969 feat(openapi): update Swagger UI to v5.6.2 (#5807)
  • e65d2c35a feat(serializer): add ApiProperty::uriTemplate option (#5675)


Bug fixes

  • 6c9e121db fix(elasticsearch): elasticsearch 8 compatibility (#5795)
  • 7ecfdff85 fix(symfony): graphql security/validator only when enabled


  • 0d04f28f2 feat(metadata): improve CreateProvider (#5770)
  • 46e84ffc1 feat(symfony): add mercure asserts (#5764)
  • c7dcd3669 feat(doctrine): stateOptions can handleLinks for query optimization (#5732)


  • Adds assertMercureUpdateMatchesJsonSchema(Update $update, array $topics, array|object|string $jsonSchema = '', bool $private = false, string $id = null, string $type = null, int $retry = null, string $message = '')
  • The handle links feature is experimental until 3.3


Bug fixes

  • 33b1658a0 fix(serializer): disable_type_enforcement with null values (#5593)
  • 49981505a fix(metadata): convert composite uri variables w/ proper type
  • 502234cf5 fix: allowed composite identifiers with differents types
  • 51e4295b2 fix: missing parent construct calls with named arguments (#5387)
  • 9116f1554 fix(symfony): provider can throw validation exception (#5586)
  • b58ec1207 fix(metadata): correct interface aliases (#5766)
  • c353e5aa4 fix(graphql): do not add id field if operation already has a dedicated input type (#5095)
  • ccef472ca fix(openapi): use 3.1 version (#5489)


  • 4ef0ef856 feat: error as resources, jsonld errors are now problem-compliant (#5433)
  • 6babb3d6b feat: replace doctrine/inflector by symfony/string (#5637)
  • 7a1d351b0 feat(tests): add a method to generate the IRI from a resource (#5582)
  • 851aa3778 feat(graphql)!: add extra args for custom queries or mutations (#5359)
  • 92a81f024 feat(graphql): allow to disable the introspection query (#5711)
  • d793ffb92 feat: union/intersect types (#5470)


Bug fixes

  • 5de077e7d fix(symfony): use Type constraint violation code instead of exception code (#6064)
  • d3484b0f1 fix(serializer): integrate root_resource_class to cache key (#6073)


Bug fixes

  • 9660a190a fix(serializer): concat context on wrong id (#6050)
  • a9a06897b fix(doctrine): get reference with identifier value (#6019)
  • cc16a1ced fix(jsonschema): iri example (#5901)


Bug fixes

  • 9848bd4d4 fix: missing eager joins on to-one relationships (#5992)
  • d2f281eed fix(jsonschema): fix recursive documentation when using a dto entity wrapper (#5973)
  • dac49cb16 Revert “fix: missing eager joins on to-one relationships (#5992)”


Bug fixes

  • 157faafd5 fix(state): wrong variable name
  • b2d9ce40c fix(serializer): pass $context to IriConverter (#5908)


Bug fixes

  • 364732d83 fix(serializer): missing parenthesis fixes #5773


Bug fixes

  • eebc7c5a0 fix: add itemUriTemplate to resources.xsd (#5872)


Bug fixes

  • 6a62a53f8 fix(hydra): add xxx[] hydra:search iexact
  • 7f0e00cd2 fix(mercure): custom topics on newly created entities causes error #5074
  • 1fccb8413 fix(doctrine): add SearchFilter case-insensitive strategies constants



Bug fixes

  • 50999d651 fix(symfony): missing translation contracts (#5799)


Bug fixes

  • c14b6f419 fix(graphql): add cache_key in item normalizer (#5686)
  • c2b3514c0 fix(serializer): no mapping cache in debug mode (#5777)
  • c7892a646 fix(serializer): retrieve only first uriVariable from operation (#5788)
  • c8b974131 fix(serializer): correct supported types for elasticsearch item normalizer decorator (#5769)


Bug fixes

  • 07c9989eb fix(metadata): notexposed no urivariables inheritance (#5765)
  • 8d04dcf5f fix(metadata): fix POST on subresource (#5734)
  • a774f4c51 fix(doctrine): searchfilter with nested custom identifiers (#5760)
  • b7258ef38 fix: error 500 on request with ’empty’ accept headers, e.g. ‘accept: 0’ or ‘accept: ’ (#5767)


Bug fixes

  • 146f55330 fix(metadata): operation NotExposed status to 404 (#5717)
  • 4dcfc16c3 fix(symfony): perf regression with Symfony 6.3 (#5721)
  • 4f9626f42 fix(serializer): use data if no uri_variables provided (#5743)
  • 7bb92a52f fix(doctrine): use stateOptions only within doctrine context (#5726)
  • 83dbfbff1 fix(metadata): generated NotExposed operation should inherit resource options (#5722)
  • ccad63683 Revert “fix: search on nested sub-entity that doesn’t use “id” as its ORM identifier (#5623)” (#5744)
  • e2745855b fix(openapi): model Example, Header and Reference (#5716)
  • ebf03104f fix(jsonld): skolem uri template may have a _format (#5729)


Bug fixes

  • 0c1c1c36f fix(symfony): enable API Platform in LexikJWTAuthenticationBundle (#5609)

    You can disable this behaviour by setting the configuration key lexik_jwt_authentication.api_platform.enabled to false

  • 146991ba4 fix(openapi): merge parameters with deprecated openApiContext (#5703)

  • 14969aa0c fix(serializer): put replaces embed collection (#5604)

  • 9cb0ee43c fix(metadata): missing xml/yaml properties (#5684)

  • a8796238d fix: filters don’t have to implement the “legacy” FilterInterface (#5619)

  • ada115966 fix: don’t implement deprecated CacheableSupportsMethodInterface with Symfony 6.3+ (#5696)

  • b8cbdb1cb fix(doctrine): search on nested sub-entity that doesn’t use “id” as its ORM identifier (#5623)

  • e21e9faee fix(symfony): support for custom controller with class method (#5681)


  • 011fd4862 feat(serializer): support for getSupportedTypes (symfony 6.3) (#5671)
  • db2cc9567 feat(serializer): support for getSupportedTypes (symfony 6.3) (#5672)


Bug fixes

  • 1bcca0930 fix(symfony): provider can throw validation exception (#5586)
  • 57bfefbfa 547078cf7 fix(metadata): convert composite uri variables w/ proper type
  • a0f12b667 fix(serializer): disable_type_enforcement with null values (#5593)

Also updates: graphiql, opensans


Bug fixes

  • 2121d15c3 fix(symfony): allow post with uri variables and no provider
  • ed4bca9b9 fix(serializer): Guess uri variables with the operation and the data instead of hardcoding id (#5546)


Bug fixes

  • 1281b0f49 fix(serializer): don’t force resource class on relation (#5576)
  • 810e4455b fix(serializer): fix denormalizing to non-cloneable objects (#5569)


  • 0fc5ad580 Fixes wrong interfaces aliases (#5563)


Bug fixes

  • 1f28efc56 fix(graphql): send headers in GraphiQL (#5539)
  • 25861348d fix(elasticsearch): add is_collection to documentation (#5497)
  • 60082d7a5 fix(doctrine): use fromClass metadata for each link (#5508)
  • 62510b2bb fix(jsonschema): change type to integer in json schema for int backed enums (#5553)
  • 6d2f883d1 fix(metadata): remove identifier_metadata_factory services (#5518)
  • 6d7aaf7de fix: class already declared with preloading (#5523)
  • aa7f4b8fe Revert “fix(symfony): query parameter validation after authentication (#5473)” (#5556)
  • e4fa5a234 fix(serializer): no forced resource class relation (#5542)
  • f3935749e fix: the stateOptions::entityClass should be used when present while building Links (#5550)


Bug fixes

  • 05b572234 fix(jsonschema): access related subschema on readableLink (#5515)
  • 138c51218 fix(serializer): skip unknown property and use the name converter
  • 23ef01aa2 fix(openapi): restore OpenApiFactory::OPENAPI_DEFINITION_NAME (#5516)
  • 871824c44 fix(symfony): check operations parameters (#5513)
  • af5cd209d fix(serializer): cache class metadata factory (#5512)
  • f128e3b3c fix(openapi): yaml parameters extractor (#5487)


Bug fixes

  • 2be8b4f74 fix(symfony): OperationMetadataFactoryInterface service alias (#5491)
  • 4c87a97c2 fix(openapi): deprecate api_keys names not compatible with 3.1 (#5490)
  • e47162227 fix(jsonschema): find the related operation instead of assuming one (#5469)
  • e7114b7ed fix(elasticsearch): remove old bridge service (#5488)


Bug fixes

  • 1f23344b0 fix(symfony): status at 200 when allowCreate is false (#5465)
  • 42c5c3e64 fix(symfony): query parameter validation after security (#5473)
  • 8a88e0cbc fix(metadata): no deprecation when elasticsearch is null (#5450)
  • 9421ba537 fix(serializer): propertyFilter should apply to arrays as well (#5444)
  • a5aa52923 fix(metadata): remove ReflectionEnum usage (#5453)
  • bf29fb973 fix(openapi): document PropertyFilter within parameter (#5458)
  • cfdc9ad9b fix(metadata): add default operations config (#5459)
  • 6e35a714f perf(symfony): cache identifier metadata factory (#5466)


  • #5473 changes the priority of the ApiPlatform\Symfony\EventListener\QueryParameterValidateListener from 16 to 2 so that it occurs after the security listener.

  • ReflectionEnum was removed as it was causing segfaults with opcache preload and an unidentified PHP extension

  • #5459 fixes the defaults operation declaration such as:

      - ApiPlatform\Metadata\Get
      - ApiPlatform\Metadata\GetCollection

    very useful for read only APIs, this was possible in 2.7 but not backported correctly


Bug fixes

  • 80ac2e3d6 fix(serializer): find parent class operation
  • b6139234a fix(metadata): default graphql operations on ApiResource only
  • bd3ff68ce fix: missing PlaceholderAction service alias (#5429)


Bug fixes

  • dcc4733d5 fix(serializer): reset cache key on collection items CVE-2023-25575
  • 1170c3846 fix(metadata): map uriVariables to uriTemplate vars (#5410)
  • d1d139aa4 fix(metadata): in xml resource extractor > building request body content values (#5419)
  • ea71416bb fix(openapi): allow overriding of openapi responses (#5393)
  • ff3255c9e fix(serializer): check which instance of NameConverterInstance is used (#5398)


  • d3783d611 feat(metadata): class IdentifiersExtractor now handles enums (#5411)


Bug fixes

  • 85209558c fix(symfony): missing http clients varnish purger (#5383)
  • a76ebf271 fix: missing parent construct calls with named arguments (#5385)


Bug fixes

  • 186cd69d4 fix(symfony): wrong purger clients type (#5373)
  • 4eb0ab5a9 fix(openapi): fix openapi requestbody decoration (#5377)
  • 78ae12298 fix(metadata): allow custom http status code for put (#5375)
  • a5fb2aa28 fix(metadata): defaults extra properties (#5362)
  • f7c70b17d fix(graphql): name and key should be the same for an enum without Enum suffix in class name (#5369)


Bug fixes

  • 7f09a2640 fix(jsonschema): remove @id @type @context from input schema (#5267)
  • 7fa9ca5a7 fix: do not use api_graphql_graphiql route when graphiQl is disabled because it won’t exist (#5266)
  • 9f5a408a1 fix(metadata): attributes parameter order (#5317)
  • d0fcd70c3 fix(graphql): remove inline styles and add twig blocks to aid overriding templates in strict CSP environments (#5251)


  • 3a845f1fb fix(symfony): use swagger.api_keys with a key to handle multiple authorizations (#4691)
  • 06185b7c9 feat: add groups filter whitelist info to swagger (#5244)
  • 10da65f67 feat: support collect denormalization errors (#5170)
  • 36d930eda feat(graphql): enable profiler panel when using graphql (#5072)
  • 471185d3e feat(symfony): agnostic cache purger + souin support (#5273)
  • 8744857a3 feat: add GraphQL enum support (#5199)
  • 8c8a91b4a feat(jsonschema): serialization context on JsonSchema (#4860)
  • 902b1354f feat: better separation of entity class and resource (#5275)
  • a558c94d0 feat: add context to XML parsing errors (#5335)
  • a828af0e8 feat: use phpdoc-parser instead of phpdocumentor (#5214)
  • bd361bbed feat(doctrine): add link factory (#5345)
  • bde59ba12 feat: spec-compliant PUT method (#4996)
  • c145ec700 feat(openapi): add ApiResource::openapi and deprecate openapiContext (#5254)
  • e5f1be056 feat: add @type property on mercure delete update (#2688)
  • f1ecc30a3 feat(openapi): add backed enum support (#5120)

Backward compatibility

  • only use named arguments on metadata attributes (Get, Query, Operation, ApiProperty etc.) as we don’t guarantee the backward compatibility on positional arguments


Bug fixes

  • 5723d6836 fix(serializer): reset cache key on collection items CVE-2023-25575
  • 1983089d9 fix(metadata): reader should be nullable (#5378)
  • 80aeb3158 fix(symfony): autoconfigure elasticsearch extension (#5379)


Bug fixes

  • 0154bf13c fix(metadata): homogenize operations constructor (#5344) Note: we made clear that we are supporting only named arguments on our Attributes. We do not support backward compatibility on positional arguments.
  • 53cb25fab fix(symfony): annotation reader argument optional (#5358)
  • 722802c13 fix(graphql): usable YAML/XML configuration (#5333) Note: paginationViaCursor was removed from GraphQl operations as it had no behavior
  • 937786efe fix(metadata): extract identifier using Link::toProperty (#5352)


Bug fixes

  • ec67b3f47 fix: fix argument resolver error (#5342)


Bug fixes

  • 3d8371a56 fix(graphql): use depth for nested resource class operation (#5314)
  • 6f9289eb8 fix(serializer): use symfony’s default serializer context (#5305)
  • af98b645f fix: compatibility with PHP 8.2 (#5292)
  • b5734a73e fix(graphql): pass graphql enabled flag (#5315)


  • 9632b6416 feat: serialize error title from ValidationException (#5313)


Bug fixes

  • 26040444e fix(graphql): dont add graphql operations when disabled (#5265)
  • 3d3c2c744 fix(graphql): link relations requires the property (#5169)
  • ddeda9c93 fix(normalizer): normalize items in related collection with concrete class (#5261)
  • e73878570 fix(jsonschema): remove @id @type @context from input schema (#5267)


Bug fixes

  • 27af3216f fix(symfony): wire Symfony JsonEncoder if it exists (#5240)
  • 31215c623 ci: fix mongod startup (#5248)
  • 55be4ca41 fix: get back return phpdoc on ProviderInterface
  • 6d38cd941 fix(metadata): include routePrefix in default operation name (#5203) (#5252)
  • b52161f perf(symfony): use default cache pool config in development environment (#5242)


Bug fixes

  • d4173e7db fix(metadata): do not override name fixes #5235 (#5237)


Bug fixes

  • 0f891616f fix(metadata): route prefix in the operation name (#5208)
  • 84a7e564d fix(metadata): getOperation cache matches arguments (#5215)
  • bd0b05abc fix(serializer): dynamic groups should not be cached (#5207)
  • ebaad51b2 fix(serializer): read groups off the root operation (#5196)


Bug fixes

  • 148442c49 fix(metadata): item uri template with another resource (#5176)
  • 2a582764a fix(graphql): add filters from the nested resource metadata (#5171)
  • 45b552673 fix(metadata): _format broken bc promise on #5080 (#5187)
  • 5bc84ce36 fix(graphql): use default nested query operations (#5174)
  • 6e2f920ec fix(serializer): empty object as array with supports cache (#5100)
  • 706f66f6b fix(metadata): allow input/output configuration values to be bool in yaml config (#5186)
  • b3bc4d6ac fix: use legacy iri converter for legacy resources (#5172)
  • d18813597 fix: securityPostDenormalize not working because clone is made after denormalization (#5182)
  • dbf44470a fix(metadata): check if elasticsearch is set to false by user through ApiResource (#5115) (#5177)
  • a52750496 fix(metadata): allow custom Attribute to extend ApiResource (#5076) (#5175)
  • 62af87485 fix(openapi): use “openapi” key to validate filter parameters (#5114)


Bug fixes

  • 176fff2cb fix(metadata): upgrade script keep operation name (#5109)
  • 1b64ebf6a fix: upgrade command remove ApiSubresource attribute (#5049)
  • 27fcdc6b2 fix(metadata): deprecate when user decorates in legacy mode (#5091)
  • 310363d56 fix: remove @internal annotation for Operations (#5089)
  • 41bbad94e fix: update yaml extractor test file coding standard (#5068)
  • 44337ddb3 fix(graphql): use right nested operation (#5102)
  • 541b738e9 fix(graphql): add clearer error message when TwigBundle is disabled but graphQL clients are enabled (#5064)
  • 59826bbe9 fix: only alias if exists for opcache preload
  • 7044c5a1b fix(doctrine): use abitrary index instead of value (#5079)
  • 8250d41a3 fix(metadata): define a name on a single operation (#5090)
  • 9c19fa171 fix(metadata): add class key in payload argument resolver (#5067)
  • a4cd12b2a fix: uri template should respect rfc 6570 (#5080)
  • bbeaf7082 fix(graphql): always allow to query nested resources (#5112)
  • c1cb3cd2f Revert “fix(graphql): use right nested operation (#5102)” (#5111)


  • Metadata: generate skolem IRI by default, use genId: false to disable BC


  • Symfony: don’t use ArrayAdapter cache in production #5027
  • Symfony: remove _api_exception_to_status leftovers (#4992)
  • Serializer: support empty array as object (#4999)
  • Chore: compatibility with PHP 8.2 (#5024)
  • Symfony: resource class directories bc break (#4982)
  • Symfony: exception_status bad merge (#4981)
  • Graphql: remove unused service for ItemResolverFactory (#4976)
  • Chore: document missing breaking changes on the 3.0.0-beta.1


  • Metadata: CRUD on subresource with experimental write support (#4932)
  • Symfony: 6.1 compatibility and remove 4.4 and 5.4 support (#4851)
  • Symfony: removed the $exceptionOnNoToken parameter in ResourceAccessChecker::__construct() (#4905)
  • Symfony: use conventional service names for Doctrine state providers and processors (#4859)
  • Symfony: adjust mapping paths to the SF best practices for Bundles BC Resources/config/api_resources to config/api_resources (#4853)
  • Symfony: src/ApiResource/ is the recommended place for API models (#4874)
  • Cache: remove guzzle from the Varnish purger (#4872)

Various cleanup in services and removal of backward compatibility layer.


  • JsonLd: correct the api_jsonld_context route format (#4844)
  • Metadata: remove metadata_backward_compatibility_layer option (#4843)
  • OpenApi: fixed required fields (in and name) within ApiPlatform\OpenApi\Model\Parameter BC

Various cleanup, removed Core namespace leftovers and todos.

3.0.0-beta.2 / 3.0.0-rc.1

  • ExpressionLanguage: deprecated class ApiPlatform\Symfony\Security\ExpressionLanguage has been removed in favor of Symfony\Component\Security\Core\Authorization\ExpressionLanguage.


Breaking changes:

  • Identifiers: Allow plain identifiers is removed, use a custom normalizer if needed (#4811)
  • Symfony: deprecated configuration was removed (#4811)
  • DataTransformers: concept got removed, input and output classes are handled as anonymous resources (#4805)
  • Doctrine: some interfaces have changed (extensions and filters), string $operationName got removed in favor of ApiPlatform\Metadata\Operation $operation. (#4779)
  • Doctrine: ContextAware interfaces were merged with their child interfaces you can safely remove them (#4779)
  • Metadata: the Core namespace got removed (#4805)
  • Mercure: deprecation removed (#4805)
  • Identifiers: using an object as identifier is supported only when this object is Stringable
  • Serializer: skip_null_values now defaults to true
  • Metadata: Patch is added to the automatic CRUD
  • Symfony: generated route names and operation names changed, route naming can be changed directly within metadata
  • Doctrine: remove @final annotation from filters and mark them as final


Bug fixes

  • deed442e0 fix: handle item iri with identifiers in LegacyIriConverter (#5670)


Bug fixes

  • 20371ccad fix: IriConverterInterface injection and deprecation (#5630)
  • c5f709d17 fix: api:upgrade-resource output formatting (#5624)


Bug fixes

  • 810e4455b fix(serializer): fix denormalizing to non-cloneable objects (#5569)
  • b6dc7728b fix(symfony): update for PHPUnit 10 (#5551)


Bug fixes

  • 01ce3f811 fix(serializer): find parent class operation (#5449)


Bug fixes

  • 5723d6836 fix(serializer): reset cache key on collection items CVE-2023-25575


Bug fixes

  • 1983089d9 fix(metadata): reader should be nullable (#5378)
  • 80aeb3158 fix(symfony): autoconfigure elasticsearch extension (#5379)


Bug fixes

  • b15a97d7f fix(symfony): autoconfigure elasticsearch extension (#5376)
  • cbe7355d1 fix(metadata): annotation reader should be nullable


Bug fixes

  • 53cb25fab fix(symfony): annotation reader argument optional (#5358)


Bug fixes

  • 31215c623 ci: fix mongod startup (#5248)
  • 444f339ae fix: avoid unneeded use of covariance to keep compatibility with PHP < 7.4 (#5327)
  • 5baea781c fix(metadata): fix extra properties method (#5294)
  • a6f0d9aac fix(symfony): http cache wrong metadata argument
  • ab6822f77 fix: Set twig.exception_listener as service parent (#5059)
  • f22fa73f4 fix(elasticsearch): elasticsearch BC


Bug fixes

  • 096ac119a fix(metadata): keep configured uri variables (#5217)
  • 2b2d468f0 fix(metadata): operations must inherit from resource and defaults
  • 2cb3b4272 fix(serializer): use iri from $context if defined (#5201)
  • 39398579e fix(symfony): definition when mercure is not installed (#5206)
  • e9c7e4abb fix(serializer): avoid call to legacy iri converter with non-resource class (#5219)
  • ebaad51b2 fix(serializer): read groups off the root operation (#5196)


Bug fixes

  • 706f66f6b fix(metadata): allow input/output configuration values to be bool in yaml config (#5186)
  • b3bc4d6ac fix: use legacy iri converter for legacy resources (#5172)


Bug fixes

  • 176fff2cb fix(metadata): upgrade script keep operation name (#5109)
  • 1b64ebf6a fix: upgrade command remove ApiSubresource attribute (#5049)
  • 27fcdc6b2 fix(metadata): deprecate when user decorates in legacy mode (#5091)
  • 310363d56 fix: remove @internal annotation for Operations (#5089)
  • 41bbad94e fix: update yaml extractor test file coding standard (#5068)
  • 59826bbe9 fix: only alias if exists for opcache preload
  • 8250d41a3 fix(metadata): define a name on a single operation (#5090)
  • 9c19fa171 fix(metadata): add class key in payload argument resolver (#5067)


  • Metadata: no skolem IRI by default
  • Symfony: use service id as tag for lower symfony versions (processor/provider service locator)
  • Symfony: fix command constants not available on lower symfony versions


  • Chore: update swagger ui and javascript libraries (#5028)
  • Symfony: don’t use ArrayAdapter cache in production #4975 (#5025)
  • Doctrine: check fetch joined queries based on all aliases (#4974)
  • Metadata: fix missing array cast for RDF types in ApiResource & ApiProperty constructors (#5000)
  • Symfony: replace FQCN service names by snake ones (#5019)
  • Symfony: add missing dependency on symfony/deprecation-contracts (#5015)
  • Chore: add conflict on elasticsearch >= 8.0 (#5018)
  • Symfony: bc layer broken for symfony/console lower than 5.3 (#4990)
  • Symfony: missing deprecations related to Ulid and Uuid normalize… (#4963)
  • Metadata: do not auto-generate NotExposed operation when using custom operation classes
  • Symfony: upgrade command requires phpunit (#4968)
  • Symfony: upgrade command removes filters (#4970)
  • Symfony: missing Elasticsearch DocumentMetadataFactoryInterface alias definition (#4962)
  • Chore: drop dependency on fig/link-util (#4945)
  • Metadata: resource name collection missing deprecation (#4953)
  • Doctrine: ability to use ORM and ODM (#5032)


  • chore: remove @experimental phpdoc (#4933)
  • Metadata: do not set id when identifier is false (#4880)
  • Metadata: automatic GET operation when none is declared (#4881)
  • Metadata: exception to status on operations (#4861)
  • Serializer: adds the JSON_INVALID_UTF8_IGNORE flag to JsonEncode (#4741)
  • Symfony: autoconfigure legacy Doctrine extensions (#4909)
  • Elasticsearch: skip metadata without ES nodes (#4913)
  • Symfony: deprecated the $exceptionOnNoToken parameter in ResourceAccessChecker::__construct() (#4900)

Various cs fixes and PHPDoc to help upgrading to 3.0.


  • Symfony: the upgrade command now updates ApiFilter as well (#4845)
  • Symfony: maker command to create a state Processor (#4423)


  • Serializer: ignore no-operation on SerializeListener (#4828)
  • Schema: schema generation with default operation (#4818)


  • Metadata: reduce coalescing operator call (#4810)
  • Api: remove dump (#4809)


  • Metadata: use the HTTP method instead of an interface for writability (#4785)
  • Cache: IriConverter gets called only for resources (#4796)
  • JsonApi: Use skolem IRIs (#4796)
  • Metadata: Merge defaults instead of overriding (#4796)
  • ApiTestCase: Fix JSON Schema assertions (#4796)
  • Metadata: Cast YAML/XML values properly (#4800)
  • Symfony: fix deprecations (#4795 #4801 #4802)
  • Input/Output: backport serializer changes to make input/output work as resource classes without data transformers (#4804)
  • GraphQl: the SerializerContextBuilder interface changes to reflect operation instead of the operation name BC (#4804)


  • Processor: adds previous_data to the context (#4776)
  • Doctrine: fix filter binding (#4789)
  • Cache: fix headers not being read from metadata (#4777)


  • Json-Ld: property metadata types and iris (#4769)
  • Symfony: write listener uri variables converter (#4774)
  • Metadata: extra properties operation inheritance (#4773)


Doctrine: new interfaces for Filters and Extensions ready, switch to the ApiPlatform\Doctrine namespace after fixing your deprecations: (#4779)

  • ApiPlatform\Core\Bridge\Doctrine\Orm\Extension interfaces have an Operation instead of the $operationName, the new namespace is ApiPlatform\Doctrine\Orm\Extension
  • ApiPlatform\Core\Bridge\Doctrine\MongoDbOdm\Extension interfaces have an Operation instead of the $operationName, the new namespace is ApiPlatform\Doctrine\Odm\Extension


  • Metadata: defaults deprecation (#4772)


  • GraphQl: output creates its own type in TypeBuilder (#4766)
  • Metadata: clear missing metadata cache pools (#4770)
  • Metadata: property override when value is set (#4767)
  • Metadata: add read and write to extractor (#4760)
  • JsonSchema: factory backward compatibility layer (#4758)
  • Metadata: defaults properly overrides metadata (#4759)
  • Metadata: Add missing processor and provider to extractor (#4754)


  • Backward compatibility: fix upgrade script for subresources (#4747)
  • Backward compatibility: fix dependency injection (#4748)


  • Backward compatibility: fix dependency injection (#4744)
  • Metadata: allow extra keys within defaults (#4743)


  • Implements Skolem IRIs instead of blank nodes, can be disabled using iri: false (#4731)
  • IRI Converter: new interface declaring getIriFromResource and getResourceFromIri (#4734)


  • Review interfaces (ProcessorInterface, ProviderInterface, TypeConverterInterface, ResolverFactoryInterface etc.) to use ApiPlatform\Metadata\Operation instead of operationName (#4712)
  • Introduce CollectionOperationInterface instead of the collection flag (#4712)
  • Introduce DeleteOperationInterface instead of the delete flag (#4712)
  • The compositeIdentifier flag only lives under the uriVariables property (#4712)
  • The provider or processor property is specified within the Operation and we removed the chain pattern (#4712)
  • JSON Schema: fix nullable types validation using assertMatchesResourceItemJsonSchema (#4725)
  • Elasticsearch: verify whether mapping type is supported (#4726)
  • Deprecate Data Transformers (#4722)
  • Fix missing service declaration and BC breaks (#4721 #4716 #4717 #4718)
  • Hydra: add hydra view example values (#4681)


  • Swagger UI: Add usePkceWithAuthorizationCodeGrant to Swagger UI initOAuth (#4649)
  • BC: mapping.paths in configuration should override bundles configuration (#4465)
  • GraphQL: Add the ability to use different pagination types for the queries of a resource (#4453)
  • Security: BC Fix ApiProperty security attribute expression being passed a class string for the object variable on updates/creates - null is now passed instead if the object is not available (#4184)
  • Security: ApiProperty now supports a security_post_denormalize attribute, which provides access to the object variable for the object being updated/created and previous_object for the object before it was updated (#4184)
  • Maker: Add make:data-provider and make :data-persister commands to generate a data provider / persister (#3850)
  • JSON Schema: Add support for generating property schema with numeric constraint restrictions (#4225)
  • JSON Schema: Add support for generating property schema with Collection restriction (#4182)
  • JSON Schema: Add support for generating property schema format for Url and Hostname (#4185)
  • JSON Schema: Add support for generating property schema with Count restriction (#4186)
  • JSON Schema: Manage Compound constraint when generating property metadata (#4180)
  • Validator: Add an option to disable query parameter validation (#4165)
  • JSON Schema: Add support for generating property schema with Choice restriction (#4162)
  • JSON Schema: Add support for generating property schema with Range restriction (#4158)
  • JSON Schema: Add support for generating property schema with Unique restriction (#4159)
  • BC: Change api_platform.listener.request.add_format priority from 7 to 28 to execute it before firewall (priority 8) (#3599)
  • BC: Use @final annotation in ORM filters (#4109)
  • Allow defining exception_to_status per operation (#3519)
  • Doctrine: Better exception to find which resource is linked to an exception (#3965)
  • Doctrine: Allow mixed type value for date filter (notice if invalid) (#3870)
  • Doctrine: Add nulls_always_first and nulls_always_last to nulls_comparison in order filter (#4103)
  • Doctrine: Add a global order_nulls_comparison configuration (#3117)
  • MongoDB: date_immutable support (#3940)
  • DataProvider: Add TraversablePaginator (#3783)
  • JSON:API: Support inclusion of resources from path (#3288)
  • Swagger UI: Add swagger_ui_extra_configuration to Swagger / OpenAPI configuration (#3731)
  • Allow controller argument with a name different from $data thanks to an argument resolver (#3263)
  • GraphQL: Support ApiProperty security (#4143)
  • GraphQL: BC Fix security on association collection properties. The collection resource item_query security is no longer used. ApiProperty security can now be used to secure collection (or any other) properties. (#4143)
  • Deprecate allow_plain_identifiers option (#4167)
  • Exception: Add the ability to customize multiple status codes based on the validation exception (#4017)
  • ApiLoader: Support _format resolving (#4292)
  • Metadata: new namespace ApiPlatform\Metadata instead of ApiPlatform\Core\Metadata, for example ApiPlatform\Metadata\ApiResource (#4351)
  • Metadata: deprecation of ApiPlatform\Core\Annotation (#4351)
  • Metadata: ApiPlatform\Core\Metadata\Resource\Factory\ResourceMetadataFactoryInterface is deprecated in favor of ApiPlatform\Metadata\Resource\Factory\ResourceMetadataCollectionFactoryInterface (#4351)
  • Metadata: item and collection prefixes for operations are deprecated, as well as the ApiPlatform\Core\Api\OperationType class (#4351)
  • Graphql: ApiPlatform\Metadata\GraphQl follow the same metadata conventions (a Subscription operation is available and isn’t hidden behind an update Mutation anymore), interfaces got simplified (being @experimental) (#4351)
  • IriConverter: new interface for ApiPlatform\Bridge\Symfony\Routing\IriConverter that adds an operationName, same for ApiPlatform\Api\IdentifiersExtractor (#4351)
  • DataProvider: new ApiPlatform\State\ProviderInterface that replaces DataProviders (#4351)
  • DataPersister: new ApiPlatform\State\ProcessorInterface that replaces DataPersisters (#4351)
  • A new configuration is available to keep old services (IriConverter, IdentifiersExtractor and OpenApiFactory) metadata_backward_compatibility_layer (defaults to false) (#4351)
  • Add support for security_post_validation attribute
  • Mark the GraphQL subsystem as stable (#4500)
  • feat(test): add Client::loginUser() (#4588)
  • feat(http_cache): use symfony/http-client instead of guzzlehttp/guzzle, ApiPlatform\Core\HttpCache\PurgerInterface is deprecated in favor of ApiPlatform\HttpCache\PurgerInterface, new purger that uses PURGE (#4695)


  • fix(serializer): remove ‘iri’ from context cache (#4925)


  • fix: serializing embedded non resource objects
  • chore(openapi): upgrade Swagger UI to version 4.1.3
  • chore(openapi): upgrade ReDoc to version 2.0.0-rc.59
  • chore(graphql): upgrade GraphiQL to version 1.5.16


  • feat: compatibility with Symfony 6 (#4503, #4582, #4604, #4564)
  • feat: compatibility with PHP 8.1 (#4503, #4582, #4604)
  • fix: pass the child context when normalizing nested non-resource objects (#4521)


  • fix(json-schema): consider SplFileInfo class as a binary type (#4332)
  • fix(json-schema): use collectionKeyType for building JSON Schema (#4385)
  • fix(openapi): failing recursion on api resources with “paths” key (#4325)
  • fix(graphql): make sure form content type is recognized as a multipart request (#4461)
  • fix(doctrine): handle inverse side of OneToOne association in Doctrine search filter (#4366)
  • fix(doctrine): usage of deprecated DBAL type constants (#4399)
  • fix(test): fix REMOTE_ADDR support in ApiTestCase (#4446)
  • fix(docs): use asset_package for all assets (#4470)
  • fix(docs): upgrade Swagger UI to version 3.52.3 (#4477)
  • fix(docs): upgrade ReDoc to version 2.0.0-rc.56 (#4477)
  • fix(docs): upgrade Swagger UI to version 2.0.0-rc.56 (#4477)


  • Fix various usage of various deprecated methods
  • JsonSchema: Update Hydra @context property possible types (#4223)
  • JsonSchema: Add hydra:previousto thehydra:view` schema properties (#4310)
  • Filter validation: Fix issue in Required filter validator with dot notation (#4221)
  • OpenAPI: Fix notice/warning for response without content in the openapi_context (#4210)
  • OpenAPI: Do not use output for request body (#4213)
  • OpenAPI: Do not use JSON-lD schema for all media types (#4247) (BC note: SchemaFactory::buildSchema() is now immutable as it no longer modifies the passed $schema)
  • OpenAPI: Allow setting extensionProperties with YAML schema definition (#4228)
  • OpenAPI: do not throw error with non-standard HTTP verb (#4304)
  • Serializer: Convert internal error to HTTP 400 in Ramsey uuid denormalization from invalid body string (#4200)
  • GraphQL: Fix FieldsBuilder not fully unwrapping nested types before deciding if a resolver is needed (#4251)
  • GraphQL: Do not use a resolver for the nested payload of a mutation or subscription (#4289)
  • GraphQL: Allow search filter to use an int for its value (#4295)
  • Varnish: Improve BAN regex performance (#4231)
  • MongoDB: Fix denormalization of properties with embeds many that omit target document directive (#4315)
  • MongoDB: Fix resolving proxy class in class metadata factory (#4322)
  • Test: Add withOptions() to our HttpClient implementation (#4282)
  • Metadata: Fix allow using constants in XML configuration (resource attribute) (#4321)


  • OpenAPI: Using an implicit flow is now valid, changes oauth configuration default values (#4115)
  • OpenAPI: Fix response support via the openapi_context (#4116)
  • OpenAPI: Fix Link->requestBody default value (#4116)
  • OpenAPI: Make sure we do not override defined parameters (#4138)
  • Swagger UI: Remove Google fonts (#4112)
  • Serializer: Fix denormalization of basic property-types in XML and CSV (#4145)
  • Serializer: Fix denormalization of collection with one element in XML (#4154)
  • JSON Schema: Manage Sequentially and AtLeastOneOf constraints when generating property metadata (#4139 and #4147)
  • JSON Schema: properties regex pattern is now correctly anchored (#4176 and #4198)
  • JSON Schema: Fix PropertySchemaLengthRestriction string-only (#4177)
  • Doctrine: Fix purging HTTP cache for unreadable relations (#3441)
  • Doctrine: Revert #3774 support for binary UUID in search filter (#4134)
  • Doctrine: Fix order filter when using embedded and nulls comparison (#4151)
  • Doctrine: Fix duplicated eager loading joins (#3525)
  • Doctrine: Fix joinRelations with multiple associations. (#2791)
  • Doctrine: Revert using defaults.order as collection.order (#4178)
  • GraphQL: Partial pagination support (#3223)
  • GraphQL: Manage pagination_use_output_walkers and pagination_fetch_join_collection for operations (#3311)
  • GraphQL: Make sure the order of order filters is preserved if nested resources are used (#4171)
  • Metadata: Sort mapping resources (#3256)
  • UUID: manage Ulid in format property schema restriction (#4148)
  • Symfony: Do not override Vary headers already set in the Response (#4146)
  • Symfony: Make Twig dependency lazy (#4187)
  • Compatibility with psr/cache version 2 and 3 (#4117)
  • Docs: Upgrade Swagger UI to version 3.46.0
  • Docs: Upgrade ReDoc to version 2.0.0-rc.51
  • Docs: Upgrade GraphiQL to version 1.4.1


  • Identifiers: Re-allow POST operations even if no identifier is defined (#4052)
  • Hydra: Fix partial pagination which no longer returns the hydra:next property (#4015)
  • Security: Use a NullToken when using the new authenticator manager in the resource access checker (#4067)
  • Mercure: Do not use data in options when deleting (#4056)
  • Doctrine: Support for foreign identifiers (#4042)
  • Doctrine: Support for binary UUID in search filter (#3774, reverted in 2.6.4)
  • Doctrine: Do not add join or lookup for search filter with empty value (#3703)
  • Doctrine: Reduce code duplication in search filter (#3541)
  • JSON Schema: Allow generating documentation when property and method start from “is” (property isActive and method isActive) (#4064)
  • OpenAPI: Fix missing 422 responses in the documentation (#4086)
  • OpenAPI: Fix error when schema is empty (#4051)
  • OpenAPI: Do not set scheme to oauth2 when generating securitySchemes (#4073)
  • OpenAPI: Fix missing $ref when no type is used in context (#4076)
  • GraphQL: Fix “Resource class cannot be determined.” error when a null iterable field is returned (#4092)
  • Metadata: Check the output class when calculating serializer groups (#3696)


  • Validation: properties regex pattern is now compliant with ECMA 262 (#4027)
  • OpenApi: normalizer is now backward compatible (#4016), fix the name converter issue changing OpenApi properties (#4019)
  • Identifiers: Break after transforming the identifier (#3985), use the identifiers context to transform with multiple classes (#4029)
  • JsonSchema: Revert ALLOW_EXTRA_ATTRIBUTE=false as it is a BC break and will be done in 3.0 instead see #3881 (#4007)
  • Subresource: fix ApiSubresource maxDepth option (#3986), recursive issue in the profiler (#4023)
  • OpenApi: Allow requestBody and parameters via the openapi_context (#4001), make openapi_context work on subresources (#4004), sort paths (#4013)
  • Config: Allow disabling OpenAPI and Swagger UI without loosing the schema (#3968 and #4018), fix pagination defaults (#4011)
  • DataPersister: context propagation fix (#3983)


  • Fix defaults when using attributes (#3978)


  • Cache: adds a max_header_length configuration (#2865)
  • Cache: support stale-while-revalidate and stale-if-error cache control headers (#3439)
  • Config: Add an option to set global default values (#3151)
  • DTO: Add ApiPlatform\Core\DataTransformer\DataTransformerInitializerInterface to pre-hydrate inputs (#3701)
  • DTO: Improve Input/Output support (#3231)
  • Data Persisters: Add previous_data to the context passed to persisters when available (#3752)
  • Data Persister: Add a ResumableDataPersisterInterface that allows to call multiple persisters (#3912)
  • Debug: Display API Platform’s version in the debug bar (#3235)
  • Docs: Make asset_package configurable (#3764)
  • Doctrine: Allow searching on multiple values on every strategies (#3786)
  • Elasticsearch: The Paginator class constructor now receives the denormalization context to support denormalizing documents using serialization groups. This change may cause potential BC breaks for existing applications as denormalization was previously done without serialization groups.
  • GraphQL: BC New syntax for the filters’ arguments to preserve the order: order: [{foo: 'asc'}, {bar: 'desc'}] (#3468)
  • GraphQL: BC operation is now operationName to follow the standard (#3568)
  • GraphQL: BC paginationType is now pagination_type (#3614)
  • GraphQL: Add page-based pagination (#3175, #3517)
  • GraphQL: Allow formatting GraphQL errors based on exceptions (#3063)
  • GraphQL: Errors thrown from the GraphQL library can now be handled (#3632, #3643)
  • GraphQL: Possibility to add a custom description for queries, mutations and subscriptions (#3477, #3514)
  • GraphQL: Subscription support with Mercure (#3321)
  • GraphQL: Support for field name conversion (serialized name) (#3455, #3516)
  • Hydra: Sort entries in the API entrypoint (#3091)
  • Identifiers: Add Symfony Uid support (#3715)
  • IriConverter: BC Fix double encoding in IRIs - may cause breaking change as some characters no longer encoded in output (#3552)
  • JSON-LD: Add an iri_only attribute to simplify documents structure (useful when using Vulcain) (#3275)
  • Exception: Response error codes can be specified via the ApiPlatform\Core\Exception\ErrorCodeSerializableInterface (#2922)
  • Mercure: Add a normalization_context option in mercure attribute (#3772)
  • Messenger: Add a context stamp containing contextual data (#3157)
  • Metadata: Deprecate InheritedPropertyMetadataFactory (#3273)
  • Metadata: Improve and simplify identifiers management (#3825)
  • Metadata: Support the Symfony Serializer’s @Ignore annotation (#3820)
  • Metadata: Support using annotations as PHP 8 attributes (#3869, #3868, #3851)
  • Metadata: Throw an error when no identifier is defined (#3871)
  • Metadata: Use id as default identifier if none provided (#3874)
  • MongoDB: Mercure support (#3290)
  • MongoDB: Possibility to add execute options (aggregate command fields) for a resource, like allowDiskUse (#3144)
  • OpenAPI: Add default values of PHP properties to the documentation (#2386)
  • OpenAPI: BC Replace all characters other than [a-zA-Z0-9\.\-_] to . in definition names to be compliant with OpenAPI 3.0 (#3669)
  • OpenAPI: Refactor OpenAPI v3 support, OpenAPI v2 (aka Swagger) is deprecated (#3407)
  • Order: Support default order for a specific custom operation (#3784)
  • PATCH: BC Support patching deep objects, previously new objects were created instead of updating current objects (#3847)
  • Router: UrlGenerator strategy configuration via url_generation_strategy (#3198)
  • Routing: Add stateless ApiResource attribute (#3436)
  • Security: Add support for access control rule on attributes (#3503)
  • Subresources: resourceClass can now be defined as a container parameter in XML and YAML definitions
  • Symfony: improved 5.x support with fewer deprecations (#3589)
  • Symfony: Allow using ItemNormalizer without Symfony SecurityBundle (#3801)
  • Symfony: Lazy load all commands (#3798)
  • Tests: adds a method to retrieve the CookieJar in the test Client getCookieJar
  • Tests: Fix the registration of the test.api_platform.client service when the FrameworkBundle bundle is registered after the ApiPlatformBundle bundle (#3928)
  • Validator: Add the violation code to the violation properties (#3857)
  • Validator: Allow customizing the validation error status code. BC Status code for validation errors is now 422, use exception_to_status to fallback to 400 if needed (#3808)
  • Validator: Autoconfiguration of validation groups generator via ApiPlatform\Core\Validator\ValidationGroupsGeneratorInterface
  • Validator: Deprecate using a validation groups generator service not implementing ApiPlatform\Core\Bridge\Symfony\Validator\ValidationGroupsGeneratorInterface (#3346)
  • Validator: Property validation through OpenAPI (#33329)
  • Validator: Query filters and parameters are validated (#1723)
  • ExceptionInterface now extends \Throwable (#3217)


  • Hydra: only display hydra:next when the item total is strictly greater than the number of items per page (#3967)


  • Fix a warning when preloading the AbstractPaginator class (#3827)
  • OpenAPI: prevent additionalProp1 from showing in example values (#3888)
  • Varnish: fix a bug when passing an empty list of tags to the purger (#3827)
  • JSON Schema: mark hydra:mapping properties as nullable (#3877)


  • PHP 8 support (#3791, #3745, #3855)
  • Metadata: Fix merging null values from annotations (#3711)
  • JSON-LD: Add missing @type from collection using output DTOs (#3699)
  • Cache: Improve PurgeHttpCacheListener performances (#3743)
  • Cache: Fix VarnishPurger max header length (#3843)
  • Identifiers: Do not denormalize the same identifier twice (#3762)
  • OpenAPI: Lazy load SwaggerCommand (#3802)
  • OpenAPI: Use Output class name instead of the Resource short name when available (#3741)
  • OpenAPI: Allow unset PathItem method (#4107)
  • Router: Replace baseurl only once (#3776)
  • Mercure: Publisher bug fixes (#3790, #3739)
  • Serializer: Catch NotNormalizableValueException to UnexpectedValueEception with inputs (#3697)
  • Doctrine: Do not add JOINs for filters without a value (#3703)
  • MongoDB: Escape search terms in RegexFilter (#3755)
  • Tests: Improve JSON Schema assertions (#3807, #3803, #3804, #3806, #3817, #3829, #3830)
  • Tests: Allow passing extra options in ApiTestClient (#3486)
  • Docs: Upgrade Swagger UI to version 3.37.2 (#3867)
  • Docs: Upgrade ReDoc to version 2.0.0-rc.45 (#3867)
  • Docs: Upgrade GraphiQL to version 15.3.0 (#3867)
  • Docs: Upgrade GraphQL Playground to version 1.7.26 (#3867)

For compatibility reasons with Symfony 5.2 and PHP 8, we do not test anymore the integration with these legacy packages:

  • FOSUserBundle
  • NelmioApiDoc 2


  • Compatibility with Symfony 5.1 (#3589 and #3688)
  • Resource Cache-Control HTTP header can be private (#3543)
  • Doctrine: Fix missing ManagerRegistry class (#3684)
  • Doctrine: Order filter doesn’t throw anymore with numeric key (#3673 and #3687)
  • Doctrine: Fix ODM check change tracking deferred (#3629)
  • Doctrine: Allow 2inflector version 2.0 (#3607)
  • OpenAPI: Allow subresources context to be added (#3685)
  • OpenAPI: Fix pagination documentation on subresources (#3678)
  • Subresource: Fix query when using a custom identifier (#3529 and #3671)
  • GraphQL: Fix relation types without Doctrine (#3591)
  • GraphQL: Fix DTO relations (#3594)
  • GraphQL: Compatibility with graphql-php version 14 (#3621 and #3654)
  • Docs: Upgrade Swagger UI to version 3.32.5 (#3693)
  • Docs: Upgrade ReDoc to version 2.0.0-rc.40 (#3693)
  • Docs: Upgrade GraphiQL to version 1.0.3 (#3693)
  • Docs: Upgrade GraphQL Playground to version 1.7.23 (#3693)


  • Add support for Mercure 0.10 (#3584)
  • Allow objects without properties (#3544)
  • Fix Ramsey uuid denormalization (#3473)
  • Revert #3331 as it breaks backwards compatibility
  • Handle deprecations from Doctrine Inflector (#3564)
  • JSON Schema: Missing JSON-LD context from Data Transformers (#3479)
  • GraphQL: Resource with no operations should be available through relations (#3532)


  • Filter: Improve the RangeFilter query in case the values are equals using the between operator (#3488)
  • Pagination: Fix bug with large values (#3451)
  • Doctrine: use the correct type within setParameter of the SearchFilter (#3331)
  • Allow \Traversable resources (#3463)
  • Hydra: hydra:writable => hydra:writeable (#3481)
  • Hydra: Show hydra:next only when it’s available (#3457)
  • Swagger UI: Missing default context argument (#3443)
  • Swagger UI: Fix API docs path in swagger ui (#3475)
  • OpenAPI: Export with unescaped slashes (#3368)
  • OpenAPI: OAuth flows fix (#3333)
  • JSON Schema: Fix metadata options (#3425)
  • JSON Schema: Allow decoration (#3417)
  • JSON Schema: Add DateInterval type (#3351)
  • JSON Schema: Correct schema generation for many types (#3402)
  • Validation: Use API Platform’s ValidationException instead of Symfony’s (#3414)
  • Validation: Fix a bug preventing to serialize validator’s payload (#3375)
  • Subresources: Improve queries when there’s only one level (#3396)
  • HTTP: Location header is only set on POST with a 201 or between 300 and 400 (#3497)
  • GraphQL: Do not allow empty cursor values on before or after (#3360)
  • Bump versions of Swagger UI, GraphiQL and GraphQL Playground (#3510)


  • Add a local cache in ResourceClassResolver::getResourceClass()
  • JSON Schema: Fix generation for non-resource class
  • Doctrine: Get class metadata only when it’s needed in SearchFilter
  • GraphQL: Better detection of collection type


  • Compatibility with Symfony 5
  • GraphQL: Fix hasNextPage when offset > itemsPerPage


  • Compatibility with Symfony 5 RC
  • Compatibility with NelmioCorsBundle 2
  • Fix the type of ApiResource::$paginationPartial
  • Ensure correct return type from AbstractItemNormalizer::normalizeRelation


  • Compatibility with Symfony 5 beta
  • Fix a notice in SerializerContextBuilder
  • Fix dashed path segment generation
  • Fix support for custom filters without constructors in the @ApiFilter annotation
  • Fix a bug that was preventing to disable Swagger/OpenAPI
  • Return a 404 HTTP status code instead of 500 whe the identifier is invalid (e.g.: invalid UUID)
  • Add links to the documentation in @ApiResource annotation’s attributes to improve DX
  • JSON:API: fix pagination being ignored when using the filter query parameter
  • Elasticsearch: Allow multiple queries to be set
  • OpenAPI: Do not append body parameter if it already exists
  • OpenAPI: Fix removal of illegal characters in schema name for Amazon API Gateway
  • Swagger UI: Add missing oauth2-redirect configuration
  • Swagger UI: Allow changing the location of Swagger UI
  • GraphQL: Fix an error that was occurring when SecurityBundle was not installed
  • HTTP/2 Server Push: Push relations as fetch


  • Fix BC-break when using short-syntax notation for access_control
  • Fix BC-break when no item operations are declared
  • GraphQL: Adding serialization group difference condition for item_query and collection_query types
  • JSON Schema: Fix command

2.5.0 beta 3

  • GraphQL: Use different types (MyTypeItem and MyTypeCollection) only if serialization groups are different for item_query and collection_query (#3083)

2.5.0 beta 2

  • Allow to not declare GET item operation
  • Add support for the Accept-Patch header
  • Make the maximum_items_per_page attribute consistent with other attributes controlling pagination
  • Allow to use a string instead of an array for serializer groups
  • Test: Add a helper method to find the IRI of a resource
  • Test: Add assertions for testing response against JSON Schema from API resource
  • GraphQL: Add support for multipart request so user can create custom file upload mutations (#3041)
  • GraphQL: Add support for name converter (#2765)

2.5.0 beta 1

  • Add an HTTP client dedicated to functional API testing (#2608)
  • Add PATCH support (#2895) Note: with JSON Merge Patch, responses will skip null values. As this may break on some endpoints, you need to manually add the merge-patch+json format to enable PATCH support. This will be the default behavior in API Platform 3.
  • Add a command to generate json schemas api:json-schema:generate (#2996)
  • Add infrastructure to generate a JSON Schema from a Resource ApiPlatform\Core\JsonSchema\SchemaFactoryInterface (#2983)
  • Replaces access_control by security and adds a security_post_denormalize attribute (#2992)
  • Add basic infrastructure for cursor-based pagination (#2532)
  • Change ExistsFilter syntax to exists[property], old syntax still supported see #2243, fixes its behavior on GraphQL (also related #2640).
  • Pagination with subresources (#2698)
  • Improve search filter id’s management (#1844)
  • Add support of name converter in filters (#2751, #2897), filter signature in abstract methods has changed see b42dfd198b1644904fd6a684ab2cedaf530254e3
  • Ability to change the Vary header via cacheHeaders attributes of a resource (#2758)
  • Ability to use the Query object in a paginator (#2493)
  • Compatibility with Symfony 4.3 (#2784)
  • Better handling of JsonSerializable classes (#2921)
  • Elasticsearch: Add pagination (#2919)
  • Add default, min, max specification in pagination parameter API docs (#3002)
  • Add a swagger version configuration option swagger.versions and deprecates the enable_swagger configuration option (#2998)
  • Order filter now documents asc/desc as enum (#2971)
  • GraphQL: BC Break Separate query resource operation attribute into item_query and collection_query operations so user can use different security and serialization groups for them (#2944, #3015)
  • GraphQL: Add support for custom queries and mutations (#2447)
  • GraphQL: Add support for custom types (#2492)
  • GraphQL: Better pagination support (backwards pagination) (#2142)
  • GraphQL: Support the pagination per resource (#3035)
  • GraphQL: Add the concept of stages in the workflow of the resolvers and add the possibility to disable them with operation attributes (#2959)
  • GraphQL: Add GraphQL Playground besides GraphiQL and add the possibility to change the default IDE (or to disable it) for the GraphQL endpoint (#2956, #2961)
  • GraphQL: Add a command to print the schema in SDL api:graphql:export > schema.graphql (#2600)
  • GraphQL: Improve serialization performance by avoiding calls to the serialize PHP function (#2576)
  • GraphQL: Allow to use a search and an exist filter on the same resource (#2243)
  • GraphQL: Refactor the architecture of the whole system to allow the decoration of useful services (TypeConverter to manage custom types, SerializerContextBuilder to modify the (de)serialization context dynamically, etc.) (#2772)


Please read #2825 if you have issues with the behavior of Readable/Writable Link


  • Fix passing context to data persisters’ remove method
  • Ensure OpenAPI normalizers properly expose the date format
  • Add source maps for Swagger UI
  • Improve error message when filter class is not imported
  • Add missing autowiring alias for Pagination
  • Doctrine: ensure that EntityManagerInterface is used in data providers


  • GraphQL: Use correct resource configuration for filter arguments of nested collection
  • Swagger UI: compatibility with Internet Explorer 11
  • Varnish: Prevent cache miss by generating IRI for child related resources
  • Messenger: Unwrap exception thrown in handler for Symfony Messenger 4.3
  • Fix remaining Symfony 4.3 deprecation notices
  • Prevent cloning non cloneable objects in previous_data
  • Return a 415 HTTP status code instead of a 406 one when a faulty Content-Type is sent
  • Fix WriteListener trying to generate IRI for non-resources
  • Allow extracting blank values from composite identifier


  • Fix denormalization of a constructor argument which is a collection of non-resources
  • Allow custom operations to return a different class than the expected resource class


  • Store the original data in the previous_data request attribute, and allow to access it in security expressions using the previous_object variable (useful for PUT and PATCH requests)
  • Fix resource inheritance handling
  • Fix BC break in AbstractItemNormalizer introduced in 2.4
  • Fix serialization when using interface as resource
  • Basic compatibility with Symfony 4.3


  • Doctrine: allow autowiring of filter classes

  • Doctrine: don’t use fetchJoinCollection on Paginator when not needed

  • Doctrine: fix a BC break in OrderFilter

  • GraphQL: input objects aren’t nullable anymore (compliance with the Relay spec)

  • Cache: Remove some useless purges

  • Mercure: publish to Mercure using the default response format

  • Mercure: use the Serializer context

  • OpenAPI: fix documentation of the PropertyFilter

  • OpenAPI: fix generation of the servers block (also fixes the compatibility with Postman)

  • OpenAPI: skip not readable and not writable properties from the spec

  • OpenAPI: add the id path parameter for POST item operation

  • Serializer: add support for Symfony Serializer’s @SerializedName metadata

  • Metadata: ApiResource’s attributes property now defaults to null, as expected

  • Metadata: Fix identifier support when using an interface as resource class

  • Metadata: the HTTP method is now always uppercased

  • Allow to disable listeners per operation (fix handling of empty request content)

    Previously, empty request content was allowed for any POST and PUT operations. This was an unsafe assumption which caused other problems.

    If you wish to allow empty request content, please add "deserialize"=false to the operation’s attributes. For example:

    // api/src/Entity/Book.php
    use ApiPlatform\Core\Annotation\ApiResource;
    use App\Controller\PublishBookAction;
     * @ApiResource(
     *     itemOperations={
     *         "put_publish"={
     *             "method"="PUT",
     *             "path"="/books/{id}/publish",
     *             "controller"=PublishBookAction::class,
     *             "deserialize"=false,
     *         },
     *     },
     * )
    class Book

    You may also need to add "validate"=false if the controller result is null (possibly because you don’t need to persist the resource).

  • Return the 204 HTTP status code when the output class is set to null

  • Be more resilient when normalizing non-resource objects

  • Replace the data request attribute by the return of the data persister

  • Fix error message in identifiers extractor

  • Improve the bundle’s default configuration when using symfony/symfony is required

  • Fix the use of MetadataAwareNameConverter when available (configuring name_converter: serializer.name_converter.metadata_aware will now result in a circular reference error)


  • Fix a dependency injection problem in FilterEagerLoadingExtension
  • Improve performance by adding a NoOpScalarNormalizer handling scalar values


  • Improve performance of the dev environment and deprecate the api_platform.metadata_cache parameter
  • Fix a BC break in SearchFilter
  • Don’t send HTTP cache headers for unsuccessful responses
  • GraphQL: parse input and messenger metadata on the GraphQl operation
  • GraphQL: do not enable graphql when webonyx/graphql-php is not installed


  • Listeners are now opt-in when not handling API Platform operations
  • DISTINCT is not used when there are no joins
  • Preserve manual join in FilterEagerLoadingExtension
  • The elasticsearch attribute can be disabled resource-wise or per-operation
  • The messenger attribute can now take the input string as a value (messenger="input"). This will use a default transformer so that the given input is directly sent to the messenger handler.
  • The messenger attribute can be declared per-operation
  • Mercure updates are now published after the Doctrine flush event instead of on kernel.terminate, so the Mercure and the Messenger integration can be used together
  • Use Symfony’s MetadataAwareNameConverter when available
  • Change the extension’s priorities (<0) for improved compatibility with Symfony’s autoconfiguration feature. If you have custom extensions we recommend to use positive priorities.
Service nameOld priorityNew priorityClass
api_platform.doctrine.orm.query_extension.eager_loading (collection)-8ApiPlatform\Core\Bridge\Doctrine\Orm\Extension\EagerLoadingExtension
api_platform.doctrine.orm.query_extension.eager_loading (item)-8ApiPlatform\Core\Bridge\Doctrine\Orm\Extension\EagerLoadingExtension
  • Fix JSON-LD contexts when using output classes
  • GraphQl: Fix pagination (the endCursor behavior was wrong)
  • GraphQl: Improve output/input behavior
  • GraphQl: Improve mutations (make the clientMutationId nullable and return mutation payload as an object)
  • MongoDB: Fix search filter when searching by related collection id
  • MongoDB: Fix numeric and range filters

2.4.0 beta 2

  • Fix version constraints for Doctrine MongoDB ODM
  • Respect _api_respond request attribute in the SerializeListener
  • Change the normalizer’s priorities (< 0). If you have custom normalizer we recommend to use positive priorities.
Service nameOld priorityNew priorityClass
  • Allow custom stylesheets to be appended or replaced in the swagger UI
  • Load messenger only if available
  • Fix missing metadata cache pool for Elasticsearch
  • Make use of the new AdvancedNameConverterInterface interface for name converters
  • Refactor input/output attributes, where these attributes now take:
    • an array specifying a class and some specific attributes (name and iri if needed)
    • a string representing the class
    • a falsy boolean to disable the input/output
  • Introduce the DataTransformer concept to transform an input/output from/to a resource
  • Api Platform normalizer is not limited to Resources anymore (you can use DTO as relations and more…)
  • MongoDB: allow a 0 limit in the pagination
  • Fix support of a discriminator mapping in an entity

2.4.0 beta 1

  • MongoDB: full support
  • Elasticsearch: add reading support (including pagination, sort filter and term filter)
  • Mercure: automatically push updates to clients using the Mercure protocol
  • CQRS support and async message handling using the Symfony Messenger Component
  • OpenAPI: add support for OpenAPI v3 in addition to OpenAPI v2
  • OpenAPI: support generating documentation using ReDoc
  • OpenAPI: basic hypermedia hints using OpenAPI v3 links
  • OpenAPI: expose the pagination controls
  • Allow using custom classes for input and output (DTO) with the input_class and output_class attributes
  • Allow disabling the input or the output by setting input_class and output_class to false
  • Guess and automatically set the appropriate Schema.org IRIs for common validation constraints
  • Allow setting custom cache HTTP headers using the cache_headers attribute
  • Allow setting the HTTP status code to send to the client through the status attribute
  • Add support for the Sunset HTTP header using the sunset attribute
  • Set the Content-Location and Location headers when appropriate for better RFC7231 conformance
  • Display the matching data provider and data persister in the debug panel
  • GraphQL: improve performance by lazy loading types
  • Add the api_persist request attribute to enable or disable the WriteListener
  • Allow setting a default context in all normalizers
  • Permit using a string instead of an array when there is only one serialization group
  • Add support for setting relations using the constructor of the resource classes
  • Automatically set a 409 Conflict HTTP status code when an OptimisticLockException is thrown
  • Resolve Dependency Injection Container parameters in the XML and YAML files for the resource class configuration
  • RequestAttributesExtractor is not internal anymore and can be used in userland code
  • Always use the user-defined metadata when set
  • OpenAPI: add a description explaining how to use the property filter
  • GraphQL: the look’n’feel of GraphiQL now match the API Platform one
  • PHPStan level 6 compliance
  • Add a show_webby configuration option to hide the spider in API docs
  • Add an easter egg (find it!)


  • /!\ Security: a vulnerability impacting the GraphQL subsystem was allowing users authorized to run mutations for a specific resource type, to execute it on any resource, of any type (CVE-2019-1000011)
  • Fix normalization of raw collections (not API resources)
  • Fix content negotiation format matching


  • GraphQL: compatibility with webonyx/graphql-php 0.13
  • OpenAPI/Swagger: expose properties[] as a collection parameter
  • OpenAPI/Swagger: add a description for the properties[] filter
  • OpenAPI/Swagger: Leverage advanced name converters
  • JSON-LD: Prevent an error in ItemNormalizer when $context['resource_class'] is not defined
  • Allow to pass the serialization group to use a string instead of as an array of one element
  • Modernize the code base to use PHP 7.1 features when possible
  • Bump minimal dependencies of the used Symfony components
  • Improve the Packagist description


  • Open API/Swagger: fix YAML export
  • Open API/Swagger: Correctly expose overridden formats
  • GraphQL: display the stack trace when in debug mode
  • GraphQL: prevent a crash when the class name isn’t provided
  • Fix handling of one-to-one relations in subresources
  • Fix max depth handling when eager fetching is disabled
  • Compatibility with Symfony 4.2
  • Prevent calling the remove method from all data persisters
  • Persist Doctrine entities with the DEFERRED_EXPLICIT change tracking policy
  • Throw an InvalidArgumentException when trying to get an item from a collection route
  • Improve the debug bar panel visibility
  • Take into account the route_prefix attribute in subresources
  • Allow using multiple values with NumericFilter
  • Improve exception handling in ReadListener by adding the previous exception


  • Doctrine: revert “prevent data duplication in Eager loaded relations”


  • Open API/Swagger: detect correctly collection parameters
  • Open API/Swagger: fix serialization of nested objects when exporting as YAML
  • GraphQL: fix support of properties also mapped as subresources
  • GraphQL: fix retrieving the internal _id when id is not part of the requested fields
  • GraphQL: only exposes the mutations if any
  • Doctrine: prevent data duplication in Eager loaded relations
  • Preserve the host in the internal router


  • Data persisters: call only the 1st matching data persister, this fix may break existing code, see https://github.com/api-platform/docs/issues/540#issuecomment-405945358
  • Subresources: fix inverse side population
  • Subresources: add subresources collections to cache tags
  • Subresources: fix Doctrine identifier parameter type detection
  • Subresources: fix max depth handling
  • GraphQL: send a 200 HTTP status code when a GraphQL response contain some errors
  • GraphQL: fix filters to allow dealing with multiple values
  • GraphQL: remove invalid and useless parameters from the GraphQL schema
  • GraphQL: use the collection resolver in mutations
  • JSON API: remove duplicate data from includes
  • Filters: fix composite keys support
  • Filters: fix the OrderFilter when applied on nested entities
  • List Doctrine Inflector as a hard dependency
  • Various quality and usability improvements


  • Add support for deprecating resources, operations and fields in GraphQL, Hydra and Swagger
  • Add API Platform panels in the Symfony profiler and in the web debug toolbar
  • Make resource class’s constructor parameters writable
  • Add support for interfaces as resources
  • Add a shortcut syntax to define attributes at the root of @ApiResource and @ApiProperty annotations
  • Throw an exception if a required filter isn’t set
  • Allow to specify the message when access is denied using the access_control_message attribute
  • Add a new option to include null results when using the date filter
  • Allow data persisters to return a new instance instead of mutating the existing one
  • Add a new attribute to configure specific formats per resources or operations
  • Add an --output option to the api:swagger:export command
  • Implement the CacheableSupportsMethodInterface introduced in Symfony 4.1 in all (de)normalizers (improves the performance dramatically)
  • Drop support for PHP 7.0
  • Upgrade Swagger UI and GraphiQL
  • GraphQL: Add a totalCount field in GraphQL paginated collections
  • JSONAPI: Allow inclusion of related resources


  • /!\ Security: a vulnerability impacting the GraphQL subsystem was allowing users authorized to run mutations for a specific resource type, to execute it on any resource, of any type (CVE-2019-1000011)


  • Fix ExistsFilter for inverse side of OneToOne association
  • Fix to not populate subresource inverse side
  • Improve the overall code quality (PHPStan analysis)


  • Fix support for max depth when using subresources
  • Fix a fatal error when a subresource type is not defined
  • Add support for group sequences in the validator configuration
  • Add a local class metadata cache in the HAL normalizer
  • FilterEagerLoadingExtension now accepts joins with class name as join value


  • Compatibility with Symfony 4.1
  • Compatibility with webonyx/graphql-php 0.12
  • Add missing ApiPlatform\Core\EventListener\EventPriorities’s PRE_SERIALIZE and POST_SERIALIZE constants
  • Disable eager loading when no groups are specified to avoid recursive joins
  • Fix embeddable entities eager loading with groups
  • Don’t join the same association twice when eager loading
  • Fix max depth handling when using HAL
  • Check the value of enable_max_depth if defined
  • Minor performance and quality improvements


  • Fix identifiers creation and update when using GraphQL
  • Fix nested properties support when using filters with GraphQL
  • Fix a bug preventing the ExistFilter to work properly with GraphQL
  • Fix a bug preventing to use a custom denormalization context when using GraphQL
  • Enforce the compliance with the JSONAPI spec by throwing a 400 error when using the “inclusion of related resources” feature
  • Update ChainSubresourceDataProvider to take into account RestrictedDataProviderInterface
  • Fix the cached identifiers extractor support for stringable identifiers
  • Allow a POST request to have an empty body
  • Fix a crash when the ExpressionLanguage component isn’t installed
  • Enable item route on collection’s subresources
  • Fix an issue with subresource filters, was incorrectly adding filters for the parent instead of the subresource
  • Throw when a subresources identifier is not found
  • Allow subresource items in the IriConverter
  • Don’t send the Link HTTP header pointing to the Hydra documentation if docs are disabled
  • Fix relations denormalization with plain identifiers
  • Prevent the OrderFilter to trigger faulty deprecation notices
  • Respect the fetchEager=false directive on an association in the EagerLoadingExtension
  • Use the configured name converter (if any) for relations in the HAL’s ItemNormalizer
  • Use the configured name converter (if any) in the ConstraintViolationListNormalizer
  • Dramatically improve the overall performance by fixing the normalizer’s cache key generation
  • Improve the performance CachedRouteNameResolver and CachedSubresourceOperationFactory by adding a local memory cache layer
  • Improve the performance of access control checking when using GraphQL
  • Improve the performance by using isResourceClass when possible
  • Remove a useless try/catch in the CachedTrait
  • Forward the operation name to the IriConverter
  • Fix some more code quality issues


  • Fix various issues preventing the metadata cache to work properly (performance fix)
  • Fix a cache corruption issue when using subresources
  • Fix non-standard outputs when using the HAL format
  • Persist data in Doctrine DataPersister only if needed
  • Fix identifiers handling in GraphQL mutations
  • Fix client-side ID creation or update when using GraphQL mutations
  • Fix an error that was occurring when the Expression Language component wasn’t installed
  • Update the ChainSubresourceDataProvider class to take into account RestrictedDataProviderInterface


  • Fix a BC break preventing to pass non-arrays to the builtin Symfony normalizers when using custom normalizers
  • Fix a bug when using FilterEagerLoadingExtension with manual joins
  • Fix some bugs in the AWS API Gateway compatibility mode for Open API/Swagger


  • Fix object state inconsistency after persistence
  • Allow using multiple @ApiFilter annotations on the same class
  • Fix a BC break when the serialization context builder depends of the retrieved data
  • Fix a bug regarding collections handling in the GraphQL endpoint


  • Autoregister classes implementing SubresourceDataProviderInterface
  • Fix the DateTimeImmutable support in the date filter
  • Fix a BC break in DocumentationAction impacting NelmioApiDoc
  • Fix the context passed to data providers (improve the eager loading)
  • Fix fix a subresource’s metadata cache bug
  • Fix the configuration detection when using a custom directory structure


  • Merge bug fixes from older branches


  • Add GraphQL support (including mutations, pagination, filters, access control rules and automatic SQL joins)
  • Fully implement the GraphQL Relay Server specification
  • Add JSONAPI support
  • Add a new @ApiFilter annotation to directly configure filters from resource classes
  • Add a partial paginator that prevents COUNT() SQL queries
  • Add a new simplified way to configure operations
  • Add an option to serialize Validator’s payloads (e.g. error levels)
  • Add support for generators in data providers
  • Add a new allow_plain_identifiers option to allow using plain IDs as identifier instead of IRIs
  • Add support for resource names without namespace
  • Automatically enable FOSUser support if the bundle is installed
  • Add an AbstractCollectionNormalizer to help supporting custom formats
  • Deprecate NelmioApiDocBundle 2 support (upgrade to v3, it has native API Platform support)
  • Deprecate the ApiPlatform\Core\Bridge\Doctrine\EventListener\WriteListener class in favor of the new ApiPlatform\Core\EventListener\WriteListener class.
  • Remove the api_platform.doctrine.listener.view.write event listener service.
  • Add a data persistence layer with a new ApiPlatform\Core\DataPersister\DataPersisterInterface interface.
  • Add a new configuration to disable the API entrypoint and the documentation
  • Allow setting maximum items per page at operation/resource level
  • Add the ability to customize the message when configuring an access control rule trough the access_control_message attribute
  • Allow empty operations in XML configs


  • Add a new config option to specify the directories containing resource classes
  • Fix a bug regarding the ordering filter when dealing with embedded fields
  • Allow to autowire the router
  • Fix the base path handling the Swagger/Open API documentation normalizer


  • Add support for filters autoconfiguration with Symfony 3.4+
  • Add service aliases required to use the autowiring with Symfony 3.4+
  • Allow updating nested resource when issuing a POST HTTP request
  • Add support for the immutable date and time types introduced in Doctrine
  • Fix the Doctrine query generated to retrieve nested subresources
  • Fix several bugs in the automatic eager loading support
  • Fix a bug occurring when passing neither an IRI, nor an array in an embedded relation
  • Allow requesting 0 items per page in collections
  • Copy the Host from the Symfony Router
  • Paginator::getLastPage() now always returns a float
  • Minor performance improvements
  • Minor quality fixes


  • Symfony 3.4 and 4.0 compatibility
  • Autowiring strict mode compatibility
  • Fix a bug preventing to create resource classes in the global namespace
  • Fix Doctrine type conversion in filters WHERE clauses
  • Fix filters when using eager loading and non-association composite identifier
  • Fix Doctrine type resolution for identifiers (for custom DBALType)
  • Add missing Symfony Routing options to operations configuration
  • Add SubresourceOperations to metadata
  • Fix disabling of cache pools with the dev environment


  • Don’t use dynamic values in Varnish-related service keys (improves Symfony 3.3 compatibility)
  • Hydra: Fix the value of owl:allValuesFrom in the API documentation
  • Swagger: Include the context even when the type is null
  • Minor code and PHPDoc cleanups


  • PHP 7.2 compatibility
  • Symfony 4 compatibility
  • Fix the Swagger UI documentation for specific routes (the API request wasn’t executed automatically anymore)
  • Add a missing cache tag on empty collections
  • Fix a missing service when no Varnish URL is defined
  • Fix the whitelist comparison in the property filer
  • Fix some bugs regarding subresources in the Swagger and Hydra normalizers
  • Make route requirements configurable
  • Make possible to configure the Swagger context for properties
  • Better exception messages when there is a content negotiation error
  • Use the PriorityTaggedServiceTrait provided by Symfony instead of a custom implementation
  • Test upstream libs deprecations
  • Various quality fixes and tests cleanup


  • Fix path generators
  • Fix some method signatures related to subresources
  • Improve performance of the deserialization mechanism


  • Add a builtin HTTP cache invalidation system able to store all requests in Varnish (or any other proxy supporting cache tags) and purge it instantly when needed
  • Add an authorization system configurable directly from the resource class
  • Add support for subresources (like /posts/1/comments or /posts/1/comments/2
  • Revamp the automatic documentation UI (upgraded to the React-based version of Swagger UI, added a custom stylesheet)
  • Add a new filter to select explicitly which properties to serialize
  • Add a new filter to choose which serialization group to apply
  • Add a new filter to test if a property value exists or not
  • Add support for OAuth 2 in the UI
  • Add support for embedded fields
  • Add support for customizable API resources folder’s name
  • Filters’s ids now defaults to the Symfony’s service name
  • Add configuration option to define custom metadata loader paths
  • Make Swagger UI compatible with a strict CSP environment
  • Add nulls comparison to OrderFilter
  • Add a flag to disable all request listeners
  • Add a default order option in the configuration
  • Allow to disable all operations using the XML configuration format and deprecate the previous format
  • Allow upper-cased property names
  • Improve the overall performance by optimizing RequestAttributesExtractor
  • Improve the performance of the filter subsystem by using a PSR-11 service locator and deprecate the FilterCollection class
  • Add compatibility with Symfony Flex and Symfony 4
  • Allow the Symfony Dependency Injection component to autoconfigure data providers and query extensions
  • Allow to use service for dynamic validation groups
  • Allow using PHP constants in YAML resources files
  • Upgrade to the latest version of the Hydra spec
  • Add pagination and itemPerPage parameters in the Swagger/Open API documentation
  • Add support for API key authentication in Swagger UI
  • Allow to specify a whitelist of serialization groups
  • Allow to use the new immutable date and time types of Doctrine in filters
  • Update swagger definition keys to more verbose ones (ie Resource-md5($groups) => Resource-groupa_groupb) - see https://github.com/api-platform/core/pull/1207


  • Ensure PHP 7.2 compatibility
  • Fix some bug regarding Doctrine joins
  • Let the hydra_context option take precedence over operation metadata
  • Fix relations handling by the non-hypermedia ItemNormalizer (raw JSON, XML)
  • Fix a bug in the JSON-LD context: should not be prefixed by #
  • Fix a bug regarding serialization groups in Hydra docs


  • Performance improvement
  • Swagger: Allow non-numeric IDs (such as UUIDs) in URLs
  • Fix a bug when a composite identifier is missing
  • ApiPlatform\Core\Bridge\Doctrine\Orm\Filter\OrderFilter::extractProperties now always return an array
  • Fix NelmioApiDocParser recursive relations


  • Add support for Symfony 3.3
  • Disable the partial eager loading by default
  • Fix support for ignored attributes in normalizers
  • Specify the LEFT JOIN clause for filter associations
  • Move the metadata from validator factory to the validator.xml file
  • Throw an exception when the number of items per page is 0
  • Improve the Continuous Integration process


  • Leverage serialization groups to eager load data
  • Fix the Swagger Normalizer to correctly support nested serialization groups
  • Use strict types
  • Get rid of the dependency to the Templating component
  • Explicitly add missing dependency to PropertyAccess component
  • Allow the operation name to be null in ResourceMetadata
  • Fix an undefined index error occurring in some cases when using sub types
  • Make the bundle working even when soft dependencies aren’t installed
  • Fix serialization of multiple inheritance child types
  • Fix the priority of the FOSUSer’s event listener
  • Fix the resource class resolver with using \Traversable values
  • Fix inheritance of property metadata for the Doctrine ORM property metadata factory
  • EagerLoadingExtension: Disable partial fetching if entity has subclasses
  • Refactoring and cleanup of the eager loading mechanism
  • Fix the handling of composite identifiers
  • Fix HAL normalizer when the context isn’t serializable
  • Fix some quality problems found by PHPStan


  • [security] Hide error’s message in prod mode when a 500 error occurs (Api Problem format)
  • Fix sorting when eager loading is used
  • Allow eager loading when using composite identifiers
  • Don’t use automatic eager loading when disabled in the config
  • Use declare(strict_types=1) and improve coding standards
  • Automatically refresh routes in dev mode when a resource is created or deleted


  • Correct the XML Schema type generated for floats in the Hydra documentation


  • Fix a bug when multiple filters are applied


  • [security] Hide error’s message in prod mode when a 500 error occurs
  • Prevent duplicate data validation
  • Fix filter Eager Loading
  • Fix the Hydra documentation for ConstraintViolationList
  • Fix some edge cases with the automatic configuration of Symfony
  • Remove calls to each() (deprecated since PHP 7.2)
  • Add a missing property in EagerLoadingExtension


  • Fix a bug when handling invalid IRIs
  • Allow to have a property called id even in JSON-LD
  • Exclude static methods from AnnotationPropertyNameCollectionFactory
  • Improve compatibility with Symfony 2.8


  • Fix the support of the Symfony’s serializer @MaxDepth annotation
  • Fix property range of relations in the Hydra doc when an IRI is used
  • Fix an error “api:swagger:export” command when decorating the Swagger normalizer
  • Fix an error in the Swagger documentation generator when a property has several serialization groups


  • Various fixes related to automatic eager loading
  • Symfony 3.2 compatibility


  • Full refactoring
  • Use PHP 7
  • Add support for content negotiation
  • Add Swagger/OpenAPI support
  • Integrate Swagger UI
  • Add HAL support
  • Add API Problem support
  • Update the Hydra support to be in sync with the last version of the spec
  • Full rewrite of the metadata system (annotations, YAML and XML formats support)
  • Remove the event system in favor of the builtin Symfony kernel’s events
  • Use the ADR pattern
  • Fix a ton of issues
  • ItemDataproviderInterface: fetchData is now in the context parameterer. getItemFromIri is now context aware 7f82fd7
  • Constants for event’s priorities 2e7b73e
  • Properties mapping with XML/YAML is now possible ef5d037
  • Ability to configure and match exceptions with an HTTP status code e9c1863
  • Various fixes and improvements (SwaggerUI, filters, stricter property metadata)


  • Fix a case typo in a namespace alias in the Hydra documentation

1.1.0 beta 2

  • Allow to configure the default controller to use
  • Ability to add route requirements
  • Add a range filter
  • Search filter: add a case sensitivity setting
  • Search filter: fix the behavior of the search filter when 0 is provided as value
  • Search filter: allow using identifiers different from id
  • Exclude tests from classmap
  • Fix some deprecations and tests

1.1.0 beta 1

  • Support Symfony 3.0
  • Support nested properties in Doctrine filters
  • Add new start and word_start strategies to the Doctrine Search filter
  • Add support for abstract resources
  • Add a new option to totally disable Doctrine
  • Remove the ID attribute from the Hydra documentation when it is read only
  • Add method to avoid naming collision of DQL join alias and bound parameter name
  • Make exception available in the Symfony Debug Toolbar
  • Improve the Doctrine Paginator performance in some cases
  • Enhance HTTPS support and fix some bugs in the router
  • Fix some edge cases in the date and time normalizer
  • Propagate denormalization groups through relations
  • Run tests against all supported Symfony versions
  • Add a contribution documentation
  • Refactor tests
  • Check CS with StyleCI


  • Avoid an error if the attribute isn’t an array


  • Extract the documentation in a separate repository
  • Add support for eager loading in collections

1.0.0 beta 3

  • The Hydra documentation URL is now /apidoc (was /vocab)
  • Exceptions implements Dunglas\ApiBundle\Exception\ExceptionInterface
  • Prefix automatically generated route names by api_
  • Automatic detection of the method of the entity class returning the identifier when using Doctrine (previously getId() was always used)
  • New extension point in Dunglas\ApiBundle\Doctrine\Orm\DataProvider allowing to customize Doctrine paginator and performance optimization when using typical queries
  • New Dunglas\ApiBundle\JsonLd\Event\Events::CONTEXT_BUILDER event allowing to modify the JSON-LD context
  • Change HTTP status code from 202 to 200 for PUT requests
  • Ability to embed the JSON-LD context instead of embedding it

1.0.0 beta 2

  • Preserve indexes when normalizing and denormalizing associative arrays
  • Allow setting default order for property when registering a Doctrine\Orm\Filter\OrderFilter instance

You can also help us improve the documentation of this page.

Made with love by

Les-Tilleuls.coop can help you design and develop your APIs and web projects, and train your teams in API Platform, Symfony, Next.js, Kubernetes and a wide range of other technologies.

Learn more

Copyright © 2023 Kévin Dunglas

Sponsored by Les-Tilleuls.coop