[Extension] Restful Api


I want to introduce Yii RESTful API extension, which was written for our project.

Key Features

  • integration in existing project - you can use single action to display html page or returning API response

  • model render rule - rule can be simply added to default rules list

  • support application and model errors render

  • support auth adapters - defult is HTTP Basic Auth

  • support renderer adapters - defult is JSON and XML

GitHub repo: https://github.com/paysio/yii-rest-api

Smail docs: https://github.com/paysio/yii-rest-api/blob/master/README.md

I’ll be glad to answer to all of yours questions!

Are there any examples of this extension implemented with the token auth scheme described below? Or perhaps an example of an auth adapter?

[color=#222222][font=Arial, sans-serif][size=4]http://docs.amazonwebservices.com/AmazonS3/latest/dev/RESTAuthentication.html#RESTAuthenticationQueryStringAuth[/size][/font][/color]

[color=#222222][font=Arial, sans-serif][size=4]


Extension have one default Auth adapter, which can be rewrited or extended - https://github.com/paysio/yii-rest-api/blob/master/library/rest/service/auth/adapters/Basic.php

Your auth scheme can use adapter something like this

namespace rest\service\auth\adapters;

use rest\service\auth\AdapterInterface;

class AccessKey implements AdapterInterface



     * @var string


    public $identityClass = 'application.components.UserIdentity';


     * @throws \CHttpException


    public function authenticate()


        if (!isset($_GET['AccessKeyId']) || !($key = $_GET['AccessKeyId'])) {

            throw new \CHttpException(401, \Yii::t('ext', 'Undefined AccessKeyId'));


        if (!isset($_GET['Expires']) || !($expires = $_GET['Expires'])) {

            throw new \CHttpException(401, \Yii::t('ext', 'Undefined Expires'));


        if (!isset($_GET['Signature']) || !($sign = $_GET['Signature'])) {

            throw new \CHttpException(401, \Yii::t('ext', 'Undefined Signature'));


        $user = $this->getUserByAccessKey($key); // some logic matching user by AccessKeyId

        if (!$user) {

            throw new \CHttpException(401, \Yii::t('ext', 'AccessKeyId not found'));



        $secretKey = $user->secretAccessKeyID; // user should have own secretAccessKeyID

        $validSign = sha1($secretKey . '.' . $_SERVER['REQUEST_URI'] . '.' .  $expires); // it's not AWS algo - just for example

        if ($sign != $validSign) {

            throw new \CHttpException(401, \Yii::t('ext', 'Wrong Signature'));



        if ($expires > time()) {

            throw new \CHttpException(401, \Yii::t('ext', 'AccessKeyId Expired'));


        // Authenticate \Yii::app()->user

        $identityClass = \Yii::import($this->identityClass);

        $identity = new $identityClass($user->name, $user->password);




    public function getUserByAccessKey($key)


        // not implemented



Be careful, it’s is just simple example! I’m not tested it.

Method getUserByAccessKey and user object not written, because it is the implementation details.

Thank you for your interest, I hope I was able to help.

Hi, thanks for great extension. I’d like to know if it’s possible to control the auth process. may I exclude authentication for user creation for example? auth is done in Service onBeginRequest, so for each request user/pass should be sent.

Thanks for a great stuff. However, you gave us only links to GitHub:


[size=2]Is this extension hosted among other Yii extensions in [/size]Yii extensions repository[size=2] or is it available only on GitHub?[/size]