This repository contains a plugin that extends Sylius eCommerce Fraemwork with an API in JSON that allows performing all standard shop operations from the Customer perspective.
The latest documentation is available here.
-
Run
composer require sylius/shop-api-plugin:^1.0@beta
. -
Extend config files:
- Add SyliusShopApi to AppKernel.
// app/AppKernel.php public function registerBundles(): array { return array_merge(parent::registerBundles(), [ new \Sylius\ShopApiPlugin\ShopApiPlugin(), new \League\Tactician\Bundle\TacticianBundle(), ]); }
- Add
- { path: '^/shop-api', priorities: ['json'], fallback_format: json, prefer_extension: true }
tofos_rest.format_listener.rules
section inapp/config/config.yml
file and import config from Plugin.
# app/config/config.yml imports: # ... - { resource: "@ShopApiPlugin/Resources/config/app/config.yml" } - { resource: "@ShopApiPlugin/Resources/config/app/sylius_mailer.yml" } # ... fos_rest: # ... format_listener: rules: - { path: '^/shop-api', priorities: ['json'], fallback_format: json, prefer_extension: true } # <-- Add this - { path: '^/api', priorities: ['json', 'xml'], fallback_format: json, prefer_extension: true } - { path: '^/', stop: true }
- Adjust checkout configuration to not collide with Sylius shop API. For example (assuming, that you are using regular Sylius security definition):
# app/config/config.yml # ... sylius_shop: checkout_resolver: pattern: "%sylius.security.shop_regex%/checkout/.+"
- Add routing to
app/config/routing.yml
# app/config/routing.yml # ... sylius_shop_api: resource: "@ShopApiPlugin/Resources/config/routing.yml"
- Configure firewall
- Change
sylius.security.shop_regex
parameter to excludeshop-api
prefix also - Add ShopAPI regex parameter
shop_api.security.regex: "^/shop-api"
- Add ShopAPI firewall config:
- Change
parameters: # ... sylius.security.shop_regex: "^/(?!admin|api/.*|api$|shop-api)[^/]++" # shop-api has been added inside the brackets shop_api.security.regex: "^/shop-api" # ... security: firewalls: // ... shop_api: pattern: "%shop_api.security.regex%" stateless: true anonymous: true
-
(optional) if you have installed
nelmio/NelmioCorsBundle
for Support of Cross-Origin Ajax Request,- Add the NelmioCorsBundle to the AppKernel
// app/AppKernel.php /** * {@inheritdoc} */ public function registerBundles() { $bundles = array( // ... new Nelmio\CorsBundle\NelmioCorsBundle(), // ... ); // ... }
- Add the configuration to the `config.yml
# app/config/config.yml # ... nelmio_cors: defaults: allow_credentials: false allow_origin: [] allow_headers: [] allow_methods: [] expose_headers: [] max_age: 0 hosts: [] origin_regex: false forced_allow_origin_value: ~ paths: '^/shop-api/': allow_origin: ['*'] allow_headers: ['Content-Type', 'authorization'] allow_methods: ['POST', 'PUT', 'GET', 'DELETE', 'OPTIONS'] max_age: 3600
If you would like to receive serialized attributes you need to define an array of theirs codes under shop_api.included_attributes
key. E.g.
shop_api:
included_attributes:
- "MUG_MATERIAL_CODE"
By default no authorization is provided together with this bundle. But it is tested to work along with LexikJWTAuthenticationBundle In order to check example configuration check
- security.yml
- jwt parameters and jwt config in config.yml
- example rsa keys
- login request
From the test app.
The application can be tested with API Test Case. In order to run test suite execute the following command:
$ bin/phpunit
If you think that you have found a security issue, please do not use the issue tracker and do not post it publicly.
Instead, all security issues must be sent to security@sylius.com
.