The international conference on the API Platform Framework
Get ready for game-changing announcements for the PHP community!
The API Platform Conference 2024 is happening soon, and it's close to selling out.
API Platform 4, Caddy web server, Xdebug, AI... Enjoy two days of inspiring talks with our friendly community and our amazing speakers.
# Security
# Policies
API platform is compatible with Laravel authorization mechanism. Once a gate is defined, API Platform will automatically detect your policy.
// app/Models/Book.php
use ApiPlatform\Metadata\Patch;
#[Patch]
class Book extends Model
{
}
API Platform will detect the operation and map it to a specific method in your policy according to the rules defined in this table:
| Operation | Policy |
|---|---|
| GET collection | viewAny |
| GET | view |
| POST | create |
| PATCH | update |
| DELETE | delete |
| PUT | update or create if the resource doesn’t already exist |
If your policy methods do not match Laravel’s conventions, you can always use the policy property on an operation attribute to enforce this policy:
// app/Models/Book.php
namespace App\Models;
use ApiPlatform\Metadata\ApiResource;
+use ApiPlatform\Metadata\Patch;
use Illuminate\Database\Eloquent\Model;
-#[ApiResource]
#[ApiResource(
paginationItemsPerPage: 10,
+ operations: [
+ new Patch(
+ policy: 'myCustomPolicy',
+ ),
+ ],
)]
class Book extends Model
{
}
You also can link a model to a policy:
use App\Models\Book;
use App\Tests\Book\BookPolicy;
use Illuminate\Support\Facades\Gate;
Gate::guessPolicyNamesUsing(function (string $modelClass): ?string {
return Book::class === $modelClass ?
BookPolicy::class :
null;
});
# Authentication
Usually, you will use Sanctum and add a middleware on secured routes:
// app/Models/Book.php
use ApiPlatform\Metadata\Patch;
#[Patch(middleware: 'auth:sanctum')]
class Book extends Model
{
}
You can also help us improve the documentation of this page.
