FOSUserBundle Integration

⚠️ Deprecated: this integration is deprecated and will be removed in API Platform 3

FOSUserBundle is not well suited for APIs. We strongly encourage you to use the Doctrine user provider shipped with Symfony or to create a custom user provider instead of using this bundle.

API Platform Core is shipped with a bridge for FOSUserBundle. If the FOSUser bundle is enabled, this bridge will use its UserManager to create, update and delete user resources.

User Entity screencast
Watch the User Entity screencast

Installing the Bundle

The installation procedure of the FOSUserBundle is described in the main Symfony docs

You can:

If you are using the API Platform Standard Edition, you will need to enable the form services in the symfony framework configuration options:

# api/config/packages/framework.yaml
    form: { enabled: true }

Enabling the Bridge

To enable the provided bridge with FOSUserBundle, you need to add the following configuration to API Platform:

# api/config/packages/api_platform.yaml
    enable_fos_user: true

Creating a User Entity with Serialization Groups

Here's an example of declaration of a Doctrine ORM User class. There's also an example for a Doctrine MongoDB ODM. You need to use serialization groups to hide some properties like plainPassword (only in read) and password. The properties shown are handled with normalization_context, while the properties you can modify are handled with denormalization_context.

Create your User entity with serialization groups:

// api/src/Entity/User.php

namespace App\Entity;

use ApiPlatform\Core\Annotation\ApiResource;
use Doctrine\ORM\Mapping as ORM;
use FOS\UserBundle\Model\User as BaseUser;
use FOS\UserBundle\Model\UserInterface;
use Symfony\Component\Serializer\Annotation\Groups;

 * @ORM\Entity
 * @ORM\Table(name="fos_user")
    normalizationContext: ["groups" => ["user", "user:read"]],
    denormalizationContext: ["groups" => ["user", "user:write"]]
class User extends BaseUser
     * @ORM\Id
     * @ORM\Column(type="integer")
     * @ORM\GeneratedValue(strategy="AUTO")
    protected $id;

    protected $email;

     * @ORM\Column(type="string", length=255, nullable=true)
    protected $fullname;

    protected $plainPassword;

    protected $username;

    public function setFullname(?string $fullname): void
        $this->fullname = $fullname;

    public function getFullname(): ?string
        return $this->fullname;

    public function isUser(?UserInterface $user = null): bool
        return $user instanceof self && $user->id === $this->id;