Apigility 1.3.0

This version bumps the minimum supported PHP version to 5.5.

It incorporates the following modules at the specified versions; if no changes are specified, assume that the only changes were updating the minimum supported PHP version.

• zfcampus/zf-apigility: 1.2.1
• zfcampus/zf-apigility-admin: 1.3.0
• zfcampus/zf-apigility-admin-ui: 1.2.0
• zfcampus/zf-apigility-documentation: 1.1.0
• zfcampus/zf-apigility-documentation-apiblueprint 1.1.0
• zfcampus/zf-apigility-documentation-swagger: 1.1.0
• zfcampus/zf-apigility-provider: 1.1.0
• zfcampus/zf-api-problem: 1.1.0
• zfcampus/zf-configuration: 1.1.0
• zfcampus/zf-console: 1.2.0
• zfcampus/zf-content-negotiation: 1.1.0
• zfcampus/zf-content-validation: 1.2.0
• zfcampus/zf-deploy: 1.1.0
  • #31 improves the check for ZF2 applications.
  • #33 fixes the usage of the --modules option to target only application-specific modules (not installed 3rd party modules).
  • #43 updates the minimum PHP version to 5.5.
• zfcampus/zf-development-mode: 2.1.0
• zfcampus/zf-hal: 1.2.0
• zfcampus/zf-http-cache: 1.1.0
• zfcampus/zf-mvc-auth: 1.3.0
• zfcampus/zf-oauth2: 1.3.0
• zfcampus/zf-rest: 1.2.0
• zfcampus/zf-rpc: 1.2.0
• zfcampus/zf-versioning: 1.1.0

Apigility 1.2.0

This release includes the following changes and fixes:

• #87 Fix incorrect closing tag in layout
• #88 Change order in which zf-oauth2 and zf-mvc-auth are loaded, and adds global configuration to override the ZF\OAuth2\Service\OAuth2Server factory to ensure the one from zf-mvc-auth is used.
• #92 Promote zf-development-mode to a production requirement
• #99 Add Docker environment
• #98 Separate module list into a config/modules.config.php
• #100 Use ZF\Apigility\Application instead of Zend\Mvc\Application

Additionally, it includes the following modules at the following versions, with the specified changes:

• zfcampus/zf-api-problem: 1.0.3
  • #33 Ensure non-HTTP exception codes are cast to 500
• zfcampus/zf-apigility: 1.1.0
  • #120 Extend Zend\Mvc\Application to catch route event exceptions
• zfcampus/zf-apigility-admin: 1.2.0
  • #279 Do not save an empty DSN to configuration
  • #288 digest_domains option is now required when creating HTTP Digest authentication
  • #289 Write application module list to a separate file to prevent evaluation and subsequent writing of application.config.php
  • #292 Sort services by name in API
  • #297 Return 409 status when attempting to create a REST service that already exists
  • #299 Ensure module is PHP 5.3 compatible
  • #300 Raise 409 status if new service route conflicts with existing route
• zfcampus/zf-apigility-admin-ui: 1.1.5
  • #45 digest_domains option is now required when creating HTTP Digest authentication
  • #61 Ensure file upload flag is sent properly to the API
  • #63 Ensure the API version is sent when fetching authorization details
  • #63 Improved text in delete filter modal
  • #66 Strip error message from update filter payload when empty
• zfcampus/zf-apigility-documentation: 1.0.6
  • #29 QA toolchain updates
• zfcampus/zf-apigility-provider: 1.0.2
  • #7 QA toolchain updates
  • #5 Updated requirements section in README.md
• zfcampus/zf-configuration: 1.0.3
  • #11 QA toolchain updates
• zfcampus/zf-console: 1.1.1
  • #22 Do not call cli_set_process_title on Mac OS X
  • #24 Set minimum zend-console version to 2.3, since we depend on features of 2.3+
• zfcampus/zf-content-negotiation: 1.0.8
  • #40 Better trimming of whitespace around JSON before deserialization
  • #42 Return 400 status when multipart body cannot be parsed
  • #43 Refactor listener factories for better maintainability
• zfcampus/zf-content-validation: 1.1.1
  • #50 QA toolchain updates
• zfcampus/zf-deploy: 1.0.5
  • #42 Improved error reporting and status codes
  • #41 Updated QA toolchain
  • #35 Fix directory separator issue in ZIP packages created under Windows
• zfcampus/zf-development-mode: 2.0.6
  • #11 Updated QA toolchain
• zfcampus/zf-hal: 1.1.1
  • #100 Re-instate renderEntity.post event
  • #102 Eliminate double-rendering of links
  • #106 Improved testing of HalJsonRenderer
• zfcampus/zf-mvc-auth: 1.2.0
  • #77 Merge default zf-oauth2 config when creating adapters
  • #80 Remove obsolete bin entry in composer.json
  • #83 Use oauth2-server-php response status if invalid or missing credentials are presented, or invalid for scope
  • #85 Allow custom HTTP authentication resolvers via configuration.
  • #90 Only attach listeners during HTTP requests
• zfcampus/zf-oauth2: 1.2.0
  • #98 Update HTTPie examples in README.md
  • #100 Add support for oauth2-server-php unset_refresh_token_after_use option
  • #108 Fix content-negotiation configuration for OAuth2 controller
• zfcampus/zf-rest: 1.1.1
  • #75 Return 400 status for non-array values passed to replaceList()
  • #78 Handle exceptions from Paginators for non-integer page numbers
  • #80 Extract method triggerEvent() for triggering events with common short-circuit callbacks
  • #81 Extract methods createApiProblemFromException(), isPreparedResponse(), createHalEntity(), createHalCollection() to reduce duplication
  • #83 Return 400 status for out of range page size query string parameters
  • #84 Allow returning zf-hal entities and collections from zf-rest resource listeners.
  • #85 Return 400 status for non-array values passed to patchList()
• zfcampus/zf-rpc: 1.1.0
  • #7 Allow pulling RPC callbacks via the ControllerManager or ServiceManager
• zfcampus/zf-versioning: 1.0.3
  • Updated dependencies to ensure PHP 5.3 compatibility.

Apigility 1.1.1

This is the first maintenance release in the 1.1 series, and provides a number of fixes based on feedback provided after the 1.1.0 release last week. Changes include:

• zf-apigility-admin 1.1.2
  • #285 Fix issue with path to zfdeploy.php preventing packaging from working.
  • #284 Updates to Doctrine integration to expose ODM connections and entities.
• zf-apigility-admin-ui 1.1.4
  • #35 Reinstate the "generate from config" functionality in the service documentation screens.
  • #36 Fix rendering issues in service operations of documentation.
  • #37 Reintroduce toggle buttons for boolean filter and validator options.
  • #38 Add labels around HTTP method options, in order to allow clicking the label to toggle the checkbox.
  • #39 Add "type to select" features to the filter, validator, and hydrator drop-downs. This provides in-list search to provide a list of matches to the user, based on what was typed.
  • #40 Fixes how content negotiation selectors are sent to the admin API, ensuring appropriate values are stored.
  • #41 Implemented "growl"-style notifications for most API operations to indicate success and failure status.
• zf-apigility-documentation 1.0.5
  • #27 Fix rendering issues due to non-existent array indices.
• zf-apigility-documentation-swagger 1.0.4
  • #11 Fix Service::toArray() to fetch fields from the default input filter.

Apigility 1.1.0

Welcome to the first release in the 1.1 series!

This release features a completely rewritten UI! We expect it to resolve many of the performance issues and edge cases observed previously by users; it also simplifies the most-common workflows and puts more information at developers' fingertips than previously. On top of that, it's now fully responsive; you can even use it on your smartphone!

The major features in this release include:

• Doctrine-Connected REST service creation (if the zfcampus/zf-apigility-doctrine module is present)
• Database Autodiscovery, which improves on the DB-Connected services by allowing you to choose all tables you wish to expose as services, and to provide basic validations based on column types.
• Addition of a Packaging service to the Admin API and UI to simplify and automate creation of deployment packages.
• Apigility now supports multiple authentication adapters for each type supported, and per API authentication (vs per-application, as supported in 1.0).

Other features:

• API modules can now use PSR-4 directory structures. zf-apigility-admin still creates modules using PSR-0, but will detect PSR-4 directory structures and work correctly with them (including for code generation purposes).
• A new module, zf-http-cache, is available for integrating should you wish to add HTTP cache features to your API.

The following modules were tagged at 1.1.0, with features as noted below.

• zf-apigility-admin
  • Integration of zf-apigility-doctrine support in UI
  • Addition of DB Autodiscovery feature for creation of REST services
  • #246 deprecated PUT for authorization service, implemented PATCH
  • #266 New API service for creating a deployment package
  • #262 PSR-4 module structure support
  • #271 Per-API authentication configuration
• zf-apigility-admin-ui
  • Completely rewritten UI, with new features including:
    • Per-API authentication
    • Packaging
    • Doctrine-Connected REST services
    • DB Autodiscovery for REST service creation
• zf-console
  • #18 ability to remove a route
  • #19 autodetect console adapter if not passed to constructor
• zf-content-validation
  • #38 adds EVENT_BEFORE_VALIDATE to allow manipulating an input filter prior to validation
  • #34 allow specifying custom HTTP methods that do not have message bodies
  • #29 allow opting in, by controller service name, to inject the body parameters with the validated, filtered values of validation
  • #41 remove the InputFilterAbstractFactory in favor of the version shipped in ZF 2.4
• zf-hal
  • #79 "post" events for renderEntity and renderCollection
  • #91 only export public members of objects when no hydrator present
• zf-mvc-auth
  • #60 allow multiple http and/or oauth2 adapters, and allow authenticating per-API instead of per-application
• zf-oauth2
  • #70 configurable grant types
  • #72 allow returning the OAuth2 response format instead of Problem Details for error conditions
  • #83 enable the JWT grant type
  • #87 introduction of User ID providers, to map a token to a user/identity
  • #89 introduction of IbmDb2-specific OAuth2 storage adapter
• zf-rest
  • #65 removes setTerminal() call on view model in RestController, to allow using within templated systems
  • #71 syncs RestController::deleteList() with Zend\Mvc\Controller\AbstractRestfulController::deleteList() from ZF 2.4
  • #68 allow returning a Response from a Resource listener

Acknowledgements

We had a number of quite significant contributions to this release. While I'd like to name everyone who contributed, the following individuals stand out in particular:

• Tom Anderson, who contributed the zf-apigility-doctrine module.
• Julien Guittard, who did the UI integration (and much of the Admin API work) for the Doctrine-Connected REST resources, developed the DB Autodiscovery feature, and who was tireless in his testing of the UI integrations.
• Corentin Larose, who contributed zf-http-cache.
• Steve Rhoades, who contributed the PSR-4 support.
• Enrico Zimuel, who rewrote the UI for 1.1.

Apigility 1.0.5

This is the final release in the 1.0 series, and primarily contains a number of
incremental improvements, as broken down by module below.

• zf-apigility 1.0.3
  • documentation updates
• zf-apigility-admin 1.0.5
  • UI code is now in its own repo
  • #226 (name normalization for URIs)
  • #249 (validation of content_name for content-negotiation service)
  • #252 (implementation of input filter for content negotiation rules)
  • #253 (optional selectors for content negotiation creation)
• zf-apigility-admin-ui 1.0.7
  • #6 (fixes /ui route)
• zf-apigility-doctrine 0.3.4
  • Doctrine Autodiscovery features
  • PHP 5.3 compatibility
  • Ensure service_name is available in configuration
• zf-apigility-documentation 1.0.4
  • #17 (support for documenting field types)
  • #20 (support for method-specific fields)
  • #24 (nested fields display)
  • #26 (support for PHP 5.3)
• zf-apigility-documentation-swagger 1.0.3
  • #9 (support for documenting field types)
• zf-apigility-skeleton 1.0.5
  • #68 (added config and module caching by default; disabled in development)
• zf-api-problem 1.0.2
  • documentation fixes
• zf-configuration 1.0.2
  • documentation fixes
  • CS fixes
• zf-console 1.0.4
  • #16 (automatic indentation on help screens)
• zf-content-negotiation 1.0.4
  • #25 (fix to allow multiple upload files to be filtered)
  • #25 (fix to allow multiple upload files to be filtered)
  • #29 (allow validating DELETE requests to collections)
  • #32 (allow registering the CotnentTypeListener as a service)
• zf-content-validation 1.0.3
  • #21 (created getInputFilter() controller plugin for retrieving input filter in RPC services)
  • #31 (ensure input filter abstract factory composes registered filter and validator plugin managers into input filter factory)
• zf-deploy 1.0.4
  • #31 (support for PHP 5.4 short-array syntax when detecting zf2 applications)
  • #33 (do not overwrite non-API modules when creating a deployment package with select modules)
• zf-development-mode 2.0.5
  • CS, Quality Assurance tooling, and doc fixes
  • #10 Remove cached module configuration when enabling development mode.
• zf-hal 1.0.5
  • #59 (better injection of Hal plugin into helper plugin manager)
  • #60 (move all factories into classes)
  • #63 (allow generating URLs behind proxies)
  • #68 (cache value from serverUrl() helper)
  • #69 (use hydrator map when possible - performance improvement)
  • #86 (allow auto-invokable hydrators)
  • #88 (circular dependency detection during entity extraction)
• zf-mvc-auth 1.0.3
  • #38 (created getIdentity() controller plugin for use in RPC services)
  • #40 (added configurable HTTP auth resolver - allows specifying file or Apache resolver via configuration)
  • #46 (allow using configured ZF\OAuth2\Service\OAuth2Server service instead of building from configuration)
  • #57 (inject current HTTP request headers into OAuth2\Request instance) - zf-oauth2 1.0.3
  • #61 (document pgsql-specific DDL)
  • #62 (better options merging order, to allow setting common defaults and allow overriding per adapter)
  • #65 (allow configuration-driven MongoClient options)
  • #67 (allow configuration of server storage)
  • #80 (properly handle null message bodies)
• zf-rpc 1.0.2
  • documentation fixes
• zf-versioning 1.0.2
  • documentation fixes

Apigility 1.0.4

We are pleased to announce the immediate availability of Apigility 1.0.4!

• https://apigility.org/download

This is our fourth maintenance release of Apigility.

IBM i Support

This release contains a number of fixes to ensure the ability to use Apigility on IBM i. Among them:

• We are pinning support to Zend Framework 2.3.2 and above, which contains updates supporting DB2:
  • Full transaction support.
  • Fixed LIMIT support, allowing for paginated DB result sets.
  • Fixes to database-backed authentication
• The ability to specify database driver options via the Admin UI. Most DB2
  connections need additional driver options specified, and you can now do so via the UI.

UI Improvements

One lingering issue we've had reported is an error when creating APIs: the UI reports an error, but the API has been created. We made several patches that, in aggregate, should resolve these issues going forward:

• We discovered that our promise chains in the Admin UI were not optimally constructed, and could potentially raise errors under the appropriate conditions; these have been fixed.
• We introduced comprehensive cache control headers to prevent client-side caching of Admin API calls.
• We introduced a timeout between successful completion of API creation and deletion calls, and subsequent fetching of the API list from the Admin API. In working with Julien Guittard, we were able to find an optimal timeout that resolves the issue.

Additionally, for those users using Apache to serve the Admin UI and Admin API, we have stopped using backslashes in URI identifiers (Apache rejects URI-encoded slashes by default).

Other fixes were also made that are detailed under the "zf-apigility-admin" header below.

Documentation fixes

zf-apigility-documentation was not using the correct configuration key to discover input filters, which meant it was not reporting fields at all. This had further implications for zf-apigility-documentation-swagger, which was then unable to expose models based on those fields. This situation is now resolved.

Collections

While Apigility has supported retrieving collections in REST services, creating, replacing, updating, or deleting them has been an exercise left to the developer previously. With this release, field definitions can now be used to validate the items passed to collections, giving collections first-class support.

Console

zf-console was extensively updated, with many contributions and ideas from Zend's Slavey Karadzhov. These include:

• Simplification of mapping the command name to the route. By default the command name is considered the first argument of the route now.
• Command handlers may now be specified in the configuration via the handler key for a command.
• A number of useful CLI-specific filters are now provided, including an Explode filter (split comma or other delimited arguments to an array), a QueryString filter (specify arguments in query string format), and a Json filter (specify arguments in JSON).
• Better error handling and error reporting.
• The ability to generate autocompletion scripts for your CLI commands.

zf-console is shaping up as a capable microframework for CLI commands!

Thank You!

Many thanks to everyone who contributed fixes, big or small, towards this release!

Issues closed:

zf-apigility-admin

• Timeout delay upon API creation and deletion
• Introduced timeouts to API create/delete actions
• Disable HTTP caching for Admin API
• url-encoded backslashes cause issues in Apache
• File permissions upon resources files creation
• Revise promise chains
• Allow defining DB adapter driver options
• Resolves #210 by correcting the dead link
• Undefined index: input_filter_specs
• OAuth2 Mongo Adapter cannot be created successfully
• zf-hal option 'render_collections' can break Apigility admin
• Feature request: Ability to disable pagination from admin ui
• Creating new API fails with "API not found"
• Can't Edit OAuth Adapter

zf-apigility-documentation

• Fixed usage of configuration-driven creation of input filters

zf-apigility-documentation-swagger

• Use service name instead of api name to describe endpoint
• Add dependency

zf-apigility-skeleton

• Bump ZF2 version requirement
• Prefix config glob path
• Apache configuration
• Ensure default Apache site is disabled

zf-console

• Added out-of-the-box autocompletion help for all applications based on zf-console
• Better error handling
• Useful filters
• Allow setting handler in route configuration
• Simplify mapping the command name to the route

zf-content-validation

• Bug: Validation bypassed when POST is empty
• isCollection() method returning true for entities
• Problems concerning validating collections

zf-deploy

• Remove include of application configuration
• Cannot validate deployment.xml if zfdeploy.phar is in a folder with spaces
• Updated to use features from latest master of zf-console
• Execute composer.phar with the PHP binary running zf-deploy

zf-hal

• 422 status when my entity has no identifier on creation
• Possible issue on HAL collection first link of the paginator.
• Allow -1 for page size
• Links in metadata map are no longer honored
• Update Hal Plugin to support entities with $id = 0
• Can't return a collection object with embedded entities when content negotiation is set to Json

zf-mvc-auth

deny_by_default inverts permission rules
Support for OAuth2 Token in Query String / POST Body

zf-oauth2

• Use content negotiation in AuthController
• Ensure bodyParams is an array before creating request
• Update PdoAdapter.php
• refactored the class to support better reuse when extending the class
• Separate MongoClient creation from MongoAdapter factory
  zf-rest:
• Allow returning entities without identifiers from creation routines
• Allow Header tied to 'id' param.
• Can't attach to a resource's event using the SharedEventManager
• Update RestController to handle entities with $id = 0
• Can't return a collection object with embedded entities when content negotiation is set to Json

Apigility Version 1.0.3

This is our third maintenance release of Apigility, and the first containing security fixes; read on for more information.

Security Fixes

We were notified by Stefano Torresi of a potential security vector in ZF\Apigility\DbConnectedResource. While the create() method of that class pulls data from the composed input filter, if present, the patch() and update() methods were not, making it possible for an attacker to send unwanted data to the API service.

We have updated the class to pull from the composed input filter, if present, for each of the create(), patch(), and update() methods.

If you use DB-Connected REST resources in Apigility, we strongly recommend updating immediately. You can do so by running composer update inside your application.

Deployment Fixes

We were notified that the logic for finding a Composer executable in zf-deploy would fail in some situations. A fix was contributed that better resolves the path to the executable, particularly in situations where a composer.phar must first be downloaded.

Additionally, in reviewing this fix, Enrico Zimuel noted that we needed test coverage for most of the ZFDeploy functionality; we now have a comprehensive set of tests, all passing!

Documentation Fixes

Kaloyan Raev noted that the HTML documentation does not render properly under Internet Explorer, due to the order in which media type selectors are matched. A swap in the order fixes the situation, and continues to work as expected under other browsers.

Thank You!

Many thanks to Stefano Torresi for working with us on the DB-Connected security issue, to Kaloyan Raev for his assistance with zf-deploy and the documentation, and to Enrico Zimuel, for the huge amount of testing he added to zf-deploy!

Apigility Version 1.0.2

This is our second maintenance release of Apigility, fixing a number of issues, and providing significant improvements for file upload capabilities.

Upload Support

Uploads were possible before this release, but were difficult to properly enable. Additionally, PATCH and PUT requests required manually handling the file uploads, as PHP does not natively support file uploads for those request methods; the Zend Framework 2 InputFilter component, because it utilizes PHP's native support for validating that an upload completed and for moving an upload file to a new location, also could not deal with these methods.

This release makes the following changes in order to facilitate file uploads via your Apigility API:

• Content validation was altered to merge file upload data, when present, with the submitted API fields.
• The Admin UI now allows you to mark a field as representing a file upload; this ensures that content validation will work properly, as content validation differs for file uploads.
• The content negotiation module now provides emulation for PHP's file upload support when receiving PATCH and PUT requests, ensuring that the files are uploaded in the same manner, cleaned up post-request, and passed to validation properly. You should notice no difference between POST, PUT, or PATCH requests when performing file uploads, whether a single or multiple files are provided.

File uploads are only done using the multipart/form-data media type. You will need to add that media type to the content negotiation whitelist if you plan to perform file uploads.

If you have further questions, you can consult the documentation.

Changelog

While upload support is the major feature of this release, we fixed many other issues.

General

• All repositories have updated composer.json files that properly define the two branch aliases for the master and develop branches.
• All repositories have updated README.md files that provide a "Requirements" section linking to the composer.json file.

zf-apigility-admin

• Fixes for the "Encrypt" and "Compress" filter adapters, ensuring that these filters can be properly created and configured.
• Ability to specify file upload fields. A field can now be marked as representing a file upload, ensuring it can then be validated correctly. - Fix for unclosed link in authentication screen, which was preventing edits and saves of authentication details.
• Remove charset option for Postgres adapters, as that adapter does not support setting the character set.
• Added DSN to DB adapter input filter, so that edits to an existing DB adapter will save when the DSN is provided.
• Fixes to the DB-Connected service model, to ensure that update data is saved properly.

zf-apigility-documentation

• Fixes HTTP status code for POST operations, to now display 201 as a potential status.

zf-apigility-skeleton

• Adds composer.phar to the skeleton, since it should have always been there!

zf-content-negotiation

• Implements file uploads via request body streaming for PUT and PATCH requests.

zf-content-validation

• Ensures file upload data is passed to validation, which allows validating file uploads.

zf-deploy

• Ensures --gitignore flag is passed when copying source tree.

zf-hal

• Always store the original entity within ZF\Hal\Entity, fixing an issue where REST controllers cast entities to arrays prior to creating the ZF\Hal\Entity instance, and thus causing listeners on renderEntity et. al. to receive data that could never be matched.

zf-oauth2

• Pass all OAuth2 adapter options to oauth2-server-php, enabling the ability to turn on refresh token re-issue, among other things.

Roadmap

Many thanks for all the great issue reports and discussions on the mailing list and the various issue trackers!

We will do additional maintenance releases on an as-needed basis. The next feature release, 1.1, is in development, and includes:

• Doctrine-Connected REST services
• Database Autodiscovery for REST services (think of this as DB-Connected that finds all your tables and proposes field configuration for you!)
• Mongo-Connected REST services
• HTTP Caching

We would appreciate any feedback you can provide, either in the mailing lists, in issues, or via comments on associated pull requests.

Stay tuned!

Apigility Version 1.0.1

We are pleased to announce the immediate availability of Apigility 1.0.1!

This is our first maintenance release of Apigility, and features a number of bugfixes reported since the initial release.

Changelog

• zf-content-negotiation
  • Removed a conditional in ZF\ContentNegotiation\JsonModel that could never
    be reached, and which was redundant with the parent class.
    (#17)
• zf-apigility-skeleton
  • Added a footer and favicon to the default layout.
    (#60)
• zf-apigility-admin
  • Fixed a refresh issue with new RPC services.
    (#159)
  • Fixed a rendering issue in the navbars when on small screens.
    (#162)
  • Ensured the <base href> for the admin UI uses a fully-qualified URI,
    including scheme, host, and port, to ensure assets may be resolved
    cross-platform.
    (#164)
  • Added config information for the zend_datacache.apc-compatibility INI
    setting to the "disable your cache" modal.
    (#165)
  • Ensured the entity_identifier_name and hydrator_name configuration
    settings in db-connected configuration are properly synced on updates to
    DB-Connected REST services.
    (#166)
  • Ensured that togglable filter option values are saved correctly.
    (#167)
  • Ensured that available options for the DateTimeFormatter (and several
    others) are propagated to the Admin UI.
    (#168)
  • Added a footer, favicon, and a number of documentation links to the Admin
    UI.
    (#169)
  • Ensured that the collection_name REST setting can be updated from the Admin
    UI and API.
    (#170)

Changes to Composer configuration

A user noted that we had two branch-alias sections in each repository. While this did not lead to invalid configuration, it did mean that the latter took precedence of the former, meaning that the only "development" alias we had for mapping the development branch to future 1.1 releases. All repositories have been updated with the 1.0.1 release to fix this situation; all sections now read as the following:

{
    "extra": {
        "branch-alias": {
            "dev-master": "1.0-dev",
            "dev-develop": "1.1-dev"
        }
    }
}

Switch to SSL

apigility.org was originally served over HTTP. However, with the addition of the installer script, we felt it was important to serve the site over SSL. We were not able to do this in time for the 1.0.0 release, but put the functionality in place by the end of last week. Any previous link will now perform a permanent redirect to the SSL version of the site.

Roadmap

Many thanks for all the great issue reports and discussions on the mailing list! (We promise we'll get to more of the questions, now that we've dealt with the initial issue reports!)

We will do additional maintenance releases on an as-needed basis. We already have plans for 1.1, which include:

• Doctrine-Connected REST services
• Database Autodiscovery for REST services (think of this as DB-Connected that
  finds all your tables and proposes field configuration for you!)
• Mongo-Connected REST services
• HTTP Caching

Many of these are near completion already (and primarily by community authors!); we'll be dropping announcements to the mailing lists when they're ready to test.

Stay tuned!

Apigility Version 1.0.0

We're happy to announce the immediate availability of Apigility 1.0.0!

Apigility is the world's easiest way to create robust, well-formed, documented, and secure APIs.

We've noticed that web development has fundamentally shifted over the past few years. Server side applications that return heavy loads of HTML markup are waning; instead APIs are driving the web. APIs are being used to enable inter-division data exchange. APIs are being used as the building blocks for web applications -- allowing user interface experts the flexibility to change the look and feel of a website with no intervention from the server-side application developers. APIs are driving and empowering the mobile web, allowing creation of both native mobile applications and mobile web applications.

Apigility exists to allow you to expose your business logic as an API.

Opinionated

APIs are not just about tossing around some JSON or XML. They require a ton of architectural decisions every step of the way as you implement the API:

• How will you handle HTTP method negotiation?
• How will you handle content negotiation?
• How will you handle authentication?
• How will you handle authorization?
• How will you handle input validation?
• What representation format will you use?
• How will you represent errors?
• How will you document your API?

Most of these questions have no single, correct answer. Many standards, proposals, and drafts exist for all aspects of APIs. As a developer, you have to wade through them and choose which you will use, and how you will put them together.

In short, when developing an API, you often spend an equal or greater amount of time developing the architecture for the API as you would writing the code you want to expose in the first place.

Apigility is opinionated for you, and provides a flexible and robust engine that answers these questions:

• application/hal+json is
  used for the representation format (but you can add your own representations
  if you really want).
• application/problem+json
  is used for representing errors.
• HTTP method negotiation is handled early, returning appropriate response
  status codes and headers when invalid methods are detected. Support for
  OPTIONS requests is built in.
• Content negotiation is handled early, returning appropriate response
  status codes and headers when we cannot return an appropriate representation,
  or cannot understand the data provided to the application.
• Authentication is handled early, returning appropriate response
  status codes and headers when invalid credentials are detected. We provide
  HTTP Basic, HTTP Digest, and OAuth2 support out-of-the-box, but provide a
  flexible, event-driven system for implementing or integrating your own
  authentication systems.
• Authorization is handled early, returning appropriate response
  status codes and headers when access is not allowed. We provide an ACL-based
  system that can be easily extended to provide user-specific permissions as
  well as an event-driven system for implementing or integrating your own
  authorization systems if needed.
• Input validation is handled early, returning appropriate response status codes
  and error messages when invalid data is detected.
• Documentation is provided out of the box. We provide HTML, JSON, and
  Swagger representations; we
  anticipate adding more in the future. Documentation is generated automatically
  from your API configuration, and you are able to add descriptions and more
  detail as desired.

We make decisions so you don't have to. However, you'll note that we've created flexibility so that if you have an opinion, you can integrate it!

Interface with your API

Apigility is not just an engine. Apigility also provides a web-based Admin UI to allow you to quickly create and modify your API and services, set up authentication, create authorization rules, set up validations for incoming data, and write document.

The Admin UI is built using AngularJS, and is backed by... an API! (We're taking the "API First" mantra very seriously!)

Get Started in Seconds

You can install Apigility in seconds; execute the following command in your shell:

$ curl -sS http://apigility.org/install | php

or, if you don't have curl installed, use the PHP interpreter itself:

$ php -r "readfile('http://apigility.org/install');" | php

Deploy Anywhere

Apigility is built on top of Zend Framework 2, and has tools to ensure that the Admin UI is only present in development mode. As such, you can deploy Apigility anywhere you normally deploy PHP applications: a local server, your web host provider, or the cloud.

We provide a tool, ZFDeploy, to aid in creating deployment packages, including Zend Server ZPK files.

Modular

Apigility consists of more than a dozen Zend Framework 2 modules, each doing one specific task in the workflow. As such, you can mix and match these modules in your own ZF2 applications, or even add Apigility to an existing application.

The Future

Reaching 1.0 is a huge milestone -- but it's not the end of the road!

We already have a number of great features waiting in the wings for a 1.1 release: Doctrine-Connected services, Database Autodiscovery, Mongo-Connected services, and HTTP Caching.

What will you build today?