•  

ADD THE SECURITY LAYER TO YOUR REST API AND SERVE A DISTRIBUTED WEB APPLICATION

A session at phpDay 2014

Saturday 17th May, 2014

9:45am to 10:45am (CET)

In the past editions of the PhpDay we have assisted to several talks about REST APIs and we learned how to implement a proper REST API service. In this talk I want to present how, at Capturator S.r.l., we have added a security layer to our private REST API (based on Symfony 2) adding authentication token and the support for CORS.

I will start with some theoretical and historical facts on Same Origin Policy and I will present the different solutions to deal with it, dwelling on CORS and its W3C recommendation document. CORS is the solution for a web app that needs to communicate with a REST API able to manage all the CRUD verbs in a distributed architecture (different domain or subdomain).
In the second part I will illustrate the actual implementation of the RESTfull API able to manage distributed and authenticated clients. The backend relies on a couple of Symfony 2 useful bundles (FosRestBundle and NelmioCorsBundle) and a customization of the security layer.

Keywords: HTTP, Same Origin Policy, CORS, REST API, PHP, Symfony2

About the speaker

This person is speaking at this event.
Marco Loche

Owner and CEO, Capturator S.r.l. bio from LinkedIn

Next session in track 1

11am THE BIG “WHY EQUAL DOESN’T EQUAL” QUIZ by Juliette Reinders Folmer

2 attendees

  • Enrico Marongiu
  • Marco Loche

Sign in to add slides, notes or videos to this session

Sign in to track this session

phpDay 2014

Italy Italy, Verona

16th17th May 2014

Tell your friends!

When

Time 9:45am10:45am CET

Date Sat 17th May 2014

Where

track 1, Hotel San Marco

Short URL

lanyrd.com/sczhyd

View the schedule

Share

See something wrong?

Report an issue with this session