The primary goal of the beta phase for the Zend Framework team is documenting
the project. We've made enormous headway at this point, but we'll let you be
the judge of that; visit the documentation yourself!
Among topics covered:
- A "Getting Started" guide, and a companion, "REST Service Tutorial".
- An API Primer
- Chapters on Authentication/Authorization, Content Validation, and the
- A module-by-module reference guide, detailing configuration options.
While the beta cycle is primarily around stabilizing the API and Admin UI, we
decided one new feature warranted inclusion in version 1: a packaging/deployment
This tool allows you to create packages from your Apigility -- or any ZF2
application -- for deployment. Formats supported include zip, tar, tgz, and zpk
(the Zend Server deployment package format). We plan to integrate support for
deploying zpk packages soon as well.
Polishing, polishing, polishing was our mantra for beta2. This included
incorporating user feedback, but also scrutinizing the UI and code for
Following beta1, we had a number of complaints about UI responsiveness,
particularly around the "Fields" screen. We did some analysis of the UI, and a
lot of work around dynamically loading and unloading DOM in the admin based on
what should be visible. As a result, we were able to significantly improve
responsiveness. There may be more work to do, but early reports indicate that
the changes make the Admin UI usable in situations that previously crashed the
In addition to the performance improvements, we made the following updates:
- On the "Authorizations" screen for each API, if no authentication is currently
configured, we display a message to this effect, and link to the
authentication screen. Unfortunately, in beta1, that link was invalid; we've
- The "Fields" tab received a slight overhaul. We noticed that items with
toggles displayed "Yes/No" terminology, but "On/Off" for the actual form
input; these now use "Yes/No" verbiage consistently. The "Help" screen could
not be dismissed with the
<Esc>key; it now can. Previously, when hitting
<Enter>from the "Create New Field" text input, it would raise the "Help"
screen; it now properly creates the new field. The "Description" field was
moved to the first option displayed for each field, to promote documentation
of fields. We also added a "Validation Failure Message" field to allow
specifying a unified error message on failed validation (vs. one or more per
validator); we also ensured that "blanking" out the data in this field will
remove any such message previously set. Finally, filters are now listed before
validators, to signal the order in which validation operations occur
(filtering/normalization occurs before validation).
- The "Source Code" tab was not properly generating links for files; we've fixed
this in beta2.
A few improvements were made to the API engine itself:
UnauthorizedListenerregistered by the
zf-apigilitymodule was not
registering headers set by the
zf-mvc-authmodule, meaning that the
WWW-Authenticateheader was not propagating. This has been corrected.
- We modified
ZF\ContentNegotiation\JsonModelto check for
errors, and to raise an exception when one is detected. This prevents
situations where an empty response is returned on inability to serialize to
zf-apigility-documentation-swaggerwas not returning a
application/vnd.swagger+json; it now does.
- We fixed the bcrypt cost in
zf-oauth2to use the defaults from
- We updated the OAuth2 database schema in
zf-oauth2to match that of the
upstream oauth2-server-php package.
- We now inject the
ZF\Rest\ResourceEventwith the current MVC request object;
you can retrieve it from within your resource class using
$this->getEvent()->getRequest(). This will give you access to HTTP request
headers, query string arguments, etc.
- We no longer allow multiple "self" relational links in
- When specifying route parameters for a
zf-halmetadata map, you can now use
a PHP callable as the value;
zf-halwill invoke that callable with the
object for which a link is being generated in order to get the value for that
route parameter. This is particularly useful for deterimining identifiers for
- We moved the
zf-apiglity-welcomerequirement to be a development-only