Building RESTful APIs with Yii2

0 Comments | This entry was posted on Sep 21 2015

I have been building an API with Yii2 for the last four months and and I’m really enjoying it. The developers of Yii have done a tremendous job putting together a framework that makes building applications both fun and fast. The API is to be used by iOS and Android apps as well as a web app (Angular JS) to facilitate phone calls and messages, among other things.

Many of Yii’s strengths come from the clever and well thought-out design that makes common tasks incredibly easy to implement and more complex tasks easy to build whilst keeping the code and structure of your application clean. Some of my favourite attributes to see are:

RESTful services

Building a RESTful service is incredibly quick to build by calling the inbuilt scaffolding tool. It will read the database table to build the model, and also views if you’re building a traditional website. Then with just a few changes in the controller you can start creating, reading, updating and deleting records through your browser.


Attaching a behaviour to a component or controller is similar to extending a class but gives you more control and can act on events. Yii2 has a collection of behaviours that are built in but allows you to create your own. Two built-in behaviors that I’m using are Authenticator and CORS.

Authenticator behaviour: This behaviour allows you to easily implement common authentication models such as HTTP Basic Auth and OAuth. But I was able to add a custom authentication module to the auth behaviour to meet our unique rrequirements.

CORS behaviour: CORS (Cross Origin Resource Sharing) is a standard that allows browsers to make Javascript requests to servers that the Javascript files themselves weren’t server from. This is generally not possible due to security issues. CORS can be quite complicated and can cause major headaches but Yii2 allows you to simply include the behaviour to a controller and the API will respond with the required headers to each CORS request from the browser.

Custom authentication

Yii2 has a great solution for Authentication and has the common ones, such as OAuth and Basic Http Auth built in. But it also quite simple to add your own authentication if need be. The requirements for us was to allow each user to connect to the API with multiple devices. Therefore each device is required to send its individual token for each request made to the API. Yii2 makes this quite trivial.


Yii makes it easy to use use test databases and environment variables which makes testing easy. My solution was to setup an alias domain (env.myapi.test) for each environment. When Yii receives a request on a domain ending with .test it will use test variables and database to run my tests and not pollute the dev or prod data with test data. Every API endpoint is tested and it’s very reassuring watching the tests that you have not broken any endpoints when new features are added.

Growing pains building RESTful APIs with Yii2

0 Comments | This entry was posted on Feb 26 2015


The issues discussed in this post were easily resolved and surfaced due to my unfamiliarity with the new version of Yii. Issue one fixed with one line of code. When JSON output is required you can set this by adding a new line into the controller action:

\Yii::$app->response->format = \yii\web\Response::FORMAT_JSON;

Issue two is also easily resolved by creating an actions method in your controller and unsetting the default action that you need.

As most things in software development, the things you’re looking for are a lot easier to find when you have a better idea of what you’re looking for.

Original post:

I have begun playing with Yii2 to build RESTful APIs with the intention of creating backends for single-page websites and mobile apps. Although I am excited at how well Yii2 applications are built I am seeing issues and bugs when following documentation and examples. Unfortunately for me it doesn’t seem that many people are building RESTful apps with Yii2 at this time to ask questions from. Here are some issues that I’m experiencing.

Issue 1

When extending a controller from the RESTful ActiveController the behavior method is no longer available. It triggers an exception with the error:

Response content must not be an array

Is this due to a bug that’s been introduced?

Issue 2

When extending a controller from RESTful ActiveController, the normal action methods are no longer used or can be modified. There doesn’t seem to be a way to add additional functionality because of this such as pagination rules. How would I go about hooking into these actions?


I feel that the documentation I’m reading is from earlier iterations of Yii2 and not valid for the latest version. I would love to hear from anyone who can shed some light on these issues.

Example I’m referring to

Setting up development environments for Yii2 with Vagrant and Ansible

0 Comments | This entry was posted on Feb 18 2015

In an effort to streamline all work and learning that I do I have put together an Ansible script that will build a web server with Yii2 advanced application template framework ready to start development with the newly released Yii2 PHP framework.

After Vagrant is used to create the virtual machine with Debian 7, Ansible is called to provision the server with PHP5.5, MariaDB and Nginx. It will then setup to virtual host for Yii2 framework with both frontend and backend configuation.

The scripts are available on Github for anyone who wants to have a try with Yii2.

Crypto-Currency Market Watcher Built with Yii2

0 Comments | This entry was posted on Feb 02 2015

Some time ago I wanted to sink my teeth into Yii2. The completely rewritten framework built with PHP. To do so I decided to build a crypto-currency market watcher. My idea was to build a site that would download all market data at regular intervals from different exchanges and record the values, which could then be graphed and sorted in an effort to watch near real-time market trends.

It proved to be both fun and challenging. What I enjoyed a lot was using Composer to install Yii and third-party packages required to meet some tasks. Quite a lot changed with the new version of Yii. One of those is the way that you create and use components. But once you’ve got it, it makes sense with the new format.

At the time I built components for markets at Cryptsy and Mintpal but it is rather easy to add new crypto exchanges. If you use a marketplace that offer an API then you can most likely add it to Coinhawk.

It really is a pleasure to work with Yii2. If anyone would like to see the code and even run the site themselves, I have made the repo public on Github:

The repo includes a vagrant machine provisioned with Ansible so it’s incredibly easy for a developer to get started. I would love to hear some feedback

Defcon 22 – Security Conference

0 Comments | This entry was posted on Aug 13 2014

I love Defcon. I attended two years ago and was disappointed in myself for not going in 2013. Defcon is about security and fun. Although there is a lot to learn and share, there are also parties and other events that fill up the days and nights. Despite being to Las Vegas twice now I haven’t really been a tourist there. I spend all of my time at Defcon.

The presentations at Defcon are the most entertaining talks I see at conferences. They are fascinating and educational. Presenters talk about exploits they’ve made or discovered and the impact the vulnerabilities can have to vendors and users. Presenters bring ideas forward that make you question technologies and think about them in new and different ways. One presentation I saw was about a project where a quadcopter was used to fly autonomously over regions, picking up wireless access points and devices and map their locations. In regards to devices it would record their current location, but using the devices broadcast request would record all the locations that device (and therefore device owner’s) that it had ever been. This is scary from a privacy point of view but it’s amazing to think that hardware has become so accessible and cheap now that anyone can start a similar project to this that can achieve so much.

I also sat on a presentation by Ladar Levison from Lavabit. The owner of the company that hosted Edward Snowden’s email before he become a whistle blower. He discussed his new project that would prevent authorities or anyone getting access to your emails. This is a project that you could host yourself if you desired.

Apart from presentations there are many competitions. These range from lock picking to capture-the-packet and capture-the-flag. Each with their own technical challenges that test your understanding of the underlying technologies.

It was also good to spend time with friends and share stories of our own security challenges and concerns. We walk away from the event with a list of tasks that we force upon ourselves to achieve before the next Defcon. I really hope to attend again next year.

Open Source Convention OSCON 2014

1 Comment | This entry was posted on Jul 26 2014

It was great to be back in Portland to attend OSCON again and again was inspired by a community of enthusiastic people that truly love open source software. People travel from all over the US and overseas for the event. All with different careers but often using the same tools and always a love for sharing software and experiences.

Topics covered over the five days ranged from web front and backend technologies as well as compiled languages to philosophical talks on what is open source and open source communities and hardware such as RaspberryPi, Arduino wireless scanning devices.

I focused my time on technologies that I already use or intend to use for my work as a web developer. These included AngularJS, PHP and Golang. As all technologies are evolving so quickly it can be hard to keep up so it helps to be at a convention where you are immersed in it all. It was great to hear that Golang and AngularJS really are being embraced in the commercial world as leading technologies.

I was reminded how I want to adapt some hardware into the work I do. Either Arduino, Raspberry Pi and quadcopters. There is so much happening in to tech world and I just want to get immersed in it all.

See you next time, Portland.


Yii2: Second Generation Yii

0 Comments | This entry was posted on Jul 01 2014

I found enough time recently to finally look into Yii2. I decided that a good test project would be to build a crypto currency exchange tracker. It would download latest prices of all markets from both Cryptsy and Mintpal and then display the data in charts so I could quickly scan trends of all currencies.

Yii2 and it’s dependencies can be installed and managed through Composer which I enjoy. It prevents you from needing to keep any third party packages in version control and makes installs, upgrades and deployments easier. The Yii2 documentation is again great and the community is already solid. Any questions I had that were Yii2 specific were answered on the forum in good time. Some things are different and migrating projects from Yii 1.x to 2.x will take a lot of work. Yii2 uses namespaces and this means namespaces need to be declared at the top of views and other files that wasn’t previously necessary. Getting instances of records is slightly different and was changed several times during Yii2’s evolution. However this is stable now.

Many things are still the same. Migrations, scaffolding, commands and nearly everything else is the same. In my opinion, Yii2 is still the best PHP framework and I can’t wait to start a production project with it. Yii2 is still beta but the code base has mostly settled with only bug fixes remaining. My next task is to incorporate AngularJS into my Yii projects.

Spreading the Word on Vagrant and Ansible

0 Comments | This entry was posted on May 31 2014

Over the last two months I have presented the advantages of using Vagrant and Ansible to the PHP melbourne and Melbourne Linux user groups and on both occasions it was well received. I demonstrated how development environments can be automated for teams to ensure that everyone is running the same software and at the same versions.

Getting development environments up and running for your current project can very time consuming on some occasions hard to debug when things are behaving strangely. If you have several developers running environments of Windows, Mac and Linux, getting each developer’s rig set to start work can be unnecessarily difficult. With Vagrant and Ansible, one person can easily script the configuration, allowing others to just run it to get the environment setup.

When talking with the Linux group I focused the talk about Ansible more on deploying to production servers (web, mail, etc..) which has no real need for Vagrant. However Vagrant is helpful here also because it allows you to test your Ansible scripts locally before deploying to production systems, saving time and money.

Just a 20 minute presentation is enough to give some examples and a live demonstration to show how easy it is to implement and why they should look at using these technologies in their own work.

My slides are available here and the working script is available on Github.

Setting Up Development Environments With Vagrant and Ansible

0 Comments | This entry was posted on Feb 19 2014

One of the reasons I love running Linux on my main laptop/workstations is that I have an ideal environment to develop web projects. However there’s been many developments in software that moves away from this model which I have grown to love, and that is running your dev environments in virtual machines.

Instead of running Apache (or Nginx), MySQL and PHP natively on my dev machine, I have found it’s now easier to setup and run dev environments in virtual machines that are configured specifically for a given project, which can be automated through server management scripts. Initially this sounds like additional work, and it is but it has several advantages:

  • Custom environments for each project
  • Easily deployable for other developers in your team
  • No knowledge required for other team members.
  • Scripts can be reused for staging and development environments.

What are Vagrant and Ansible:

Vagrant is software that allows you to easily build reproducible development environments for various operating systems. It runs on top of other virtual machine platforms such as Virtualbox but, among other things, creates a sync drive that is accessible to your local file system, allowing you to use you IDE as you would normally without the need to transfer files to the machine.

Ansible, like Puppet or Chef is a server management scripting language. However the learning curve is a lot simpler and doesn’t require any software running on the remote servers. It configures the hosts over ssh.

By combining Vagrant with Ansible, it’s very easy to create development environments for developers who are running any common operating system within minutes without having to manually configure their dev environments to suit their operating system.

I have created Vagrant/Ansible setup script which can be found on Github. This will configure a development virtual machine that will have installed the latest versions of Nginx, MariaDB and PHP on Debian 7.

I think it’s worthwhile for any development teams to investigate using virtual machines like this, especially where complex environments are required.

New AFL Websites Built with Yii

0 Comments | This entry was posted on May 14 2013

I was tasked with building the new AFL websites Mark of the Year and Goal of the Year for the 2013 season for the Australian Football League. After gathering the requirements it was excited to find that Yii will be perfect to build these sites.

I love the sink my teeth into a project by starting with database design. The requirements were clear and not too exhaustive so it didn’t take too long to design. From there I was quickly able to build the models, views and controllers with Yii’s great scaffolding tool, Gii.

From this point I could start with the basic page layout and add the business rules to the the models and controllers and tweak the views to meet the functionality. Once the site was fully functional I could then add all the design elements to meet the page layout and styles created by the client.

The tricky part was including the video code into the site with Telstra’s proprietary video embedding code.

It was a great experience and really highlighted how easy and fun it is to build functional websites with Yii.