DEV Community: Dev The latest articles on DEV Community by Dev (@dev_null). https://dev.to/dev_null https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3782784%2Faf9a5f91-1df0-439c-a372-eef413d3cc97.png DEV Community: Dev https://dev.to/dev_null en ApiKit — Clean REST API in Symfony Without Boilerplate Dev Sat, 28 Feb 2026 17:20:18 +0000 https://dev.to/dev_null/apikit-clean-rest-api-in-symfony-without-boilerplate-27hi https://dev.to/dev_null/apikit-clean-rest-api-in-symfony-without-boilerplate-27hi <p>Writing REST APIs in Symfony is quite comfortable, but there's one recurring annoyance: controllers quickly become cluttered with repetitive code. Parsing the request, validating input, wrapping responses in the same JSON envelope, try/catch blocks converting exceptions into HTTP responses. None of this is hard, but over time it ends up duplicated across dozens of endpoints and distracts from the actual work.</p> <p>Below is a way to bring order to all of this with a small bundle I use in my own projects.</p> <h2> What a Typical Controller Looks Like </h2> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">public</span> <span class="k">function</span> <span class="n">create</span><span class="p">(</span><span class="kt">Request</span> <span class="nv">$request</span><span class="p">):</span> <span class="kt">JsonResponse</span> <span class="p">{</span> <span class="nv">$data</span> <span class="o">=</span> <span class="nb">json_decode</span><span class="p">(</span><span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">getContent</span><span class="p">(),</span> <span class="kc">true</span><span class="p">);</span> <span class="nv">$dto</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">CreateUserDto</span><span class="p">(</span> <span class="nv">$data</span><span class="p">[</span><span class="s1">'email'</span><span class="p">],</span> <span class="nv">$data</span><span class="p">[</span><span class="s1">'name'</span><span class="p">]</span> <span class="p">);</span> <span class="nv">$errors</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">validator</span><span class="o">-&gt;</span><span class="nf">validate</span><span class="p">(</span><span class="nv">$dto</span><span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="nb">count</span><span class="p">(</span><span class="nv">$errors</span><span class="p">)</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// every developer has their own error format</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">JsonResponse</span><span class="p">([</span><span class="s1">'errors'</span> <span class="o">=&gt;</span> <span class="p">(</span><span class="n">string</span><span class="p">)</span> <span class="nv">$errors</span><span class="p">],</span> <span class="mi">422</span><span class="p">);</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="nv">$user</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">userService</span><span class="o">-&gt;</span><span class="nf">create</span><span class="p">(</span><span class="nv">$dto</span><span class="p">);</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">JsonResponse</span><span class="p">([</span><span class="s1">'data'</span> <span class="o">=&gt;</span> <span class="nv">$user</span><span class="o">-&gt;</span><span class="nf">toArray</span><span class="p">()],</span> <span class="mi">201</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nc">DuplicateEmailException</span> <span class="nv">$e</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">JsonResponse</span><span class="p">([</span><span class="s1">'error'</span> <span class="o">=&gt;</span> <span class="nv">$e</span><span class="o">-&gt;</span><span class="nf">getMessage</span><span class="p">()],</span> <span class="mi">409</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nc">\Throwable</span> <span class="nv">$e</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// and this is everywhere</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">JsonResponse</span><span class="p">([</span><span class="s1">'error'</span> <span class="o">=&gt;</span> <span class="s1">'Internal server error'</span><span class="p">],</span> <span class="mi">500</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Sure, you might say — introduce DTOs and things will be fine. But DTOs only solve the problem of structuring and validating input. Wrapping responses in a unified format, catching exceptions from the service layer and turning them into proper JSON — that still has to be done manually, in every controller, over and over again. And each developer tends to introduce a slightly different format. Scale that across dozens of endpoints. Add three developers with different habits. The result is an inconsistent API that's hard to maintain and impossible to document automatically.</p> <p><a href="https://github.com/bulatronic/api-kit" rel="noopener noreferrer"><strong>ApiKit</strong></a> is a lightweight Symfony bundle that solves exactly this problem: it standardizes responses, intercepts exceptions, and lets the controller do only what it's meant to do.</p> <h2> What It Gives Your Project </h2> <p><strong>Dependencies.</strong> The bundle relies on <code>symfony/validator</code> and <code>symfony/serializer</code> — both are part of a standard Symfony project and are most likely already installed. Doctrine is optional and only needed for the <code>EntityExists</code> constraint.</p> <p><strong>DTOs are not required.</strong> The bundle does not require you to use DTOs. A controller can accept <code>Request</code> directly and still use <code>respondSuccess</code>/<code>respondCreated</code>. DTOs are a recommended pattern because they pair well with <code>#[MapRequestPayload]</code> and make validation declarative — but it's the developer's choice, not the bundle's requirement.</p> <p><strong>Unified response format.</strong> All successful responses share one structure, all errors share another. A frontend, a mobile app, another microservice — everyone knows what to expect:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">//</span><span class="w"> </span><span class="err">Successful</span><span class="w"> </span><span class="err">response</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"success"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"data"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"user@example.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Mr. Author"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"meta"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"timestamp"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2025-06-01T12:00:00+00:00"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">Validation</span><span class="w"> </span><span class="err">error</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"success"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"error"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"code"</span><span class="p">:</span><span class="w"> </span><span class="s2">"VALIDATION_ERROR"</span><span class="p">,</span><span class="w"> </span><span class="nl">"message"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Validation error"</span><span class="p">,</span><span class="w"> </span><span class="nl">"details"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"violations"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"email"</span><span class="p">,</span><span class="w"> </span><span class="nl">"message"</span><span class="p">:</span><span class="w"> </span><span class="s2">"This value is not a valid email address."</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>Slim controllers.</strong> A controller handles only routing and data passing — no manual validation, no try/catch, no <code>json_decode</code>. Validation happens automatically via <code>#[MapRequestPayload]</code> and Symfony Validator; all unhandled exceptions are caught by <code>ExceptionListener</code>.</p> <p><strong>Kernel-level exception handling.</strong> <code>ExceptionListener</code> handles <code>HttpExceptionInterface</code>, <code>ValidationFailedException</code>, and any uncaught <code>\Throwable</code>. In the <code>dev</code> environment, a stack trace is appended to errors; in <code>prod</code> — only the message. 5xx errors are logged via a PSR-3 logger (enabled by default, controlled via <code>log_errors</code> in config), 4xx are not — because those are client errors.</p> <p><strong><code>ApiException</code> for domain errors.</strong> Instead of building a <code>JsonResponse</code> directly inside services, you throw a typed exception with the desired status and details:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">throw</span> <span class="k">new</span> <span class="nc">ApiException</span><span class="p">(</span><span class="mi">409</span><span class="p">,</span> <span class="s1">'Email already taken'</span><span class="p">,</span> <span class="p">[</span> <span class="s1">'field'</span> <span class="o">=&gt;</span> <span class="s1">'email'</span><span class="p">,</span> <span class="s1">'reason'</span> <span class="o">=&gt;</span> <span class="s1">'already_taken'</span><span class="p">,</span> <span class="p">]);</span> <span class="c1">// Or an account lock with context</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">ApiException</span><span class="p">(</span><span class="mi">423</span><span class="p">,</span> <span class="s1">'Account locked'</span><span class="p">,</span> <span class="p">[</span> <span class="s1">'locked_until'</span> <span class="o">=&gt;</span> <span class="nv">$lockedUntil</span><span class="o">-&gt;</span><span class="nf">format</span><span class="p">(</span><span class="nc">\DateTimeInterface</span><span class="o">::</span><span class="no">ATOM</span><span class="p">),</span> <span class="s1">'attempts_left'</span> <span class="o">=&gt;</span> <span class="mi">0</span><span class="p">,</span> <span class="p">]);</span> </code></pre> </div> <p><strong><code>EntityExists</code> constraint.</strong> An optional Doctrine validator that checks for the existence of a database record directly inside a DTO — it is wired automatically if Doctrine is installed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="na">#[EntityExists(Category::class, field: 'slug')]</span> <span class="k">public</span> <span class="k">readonly</span> <span class="kt">string</span> <span class="nv">$categorySlug</span><span class="p">;</span> </code></pre> </div> <p><strong>Custom response format.</strong> The default structure with <code>success</code>, <code>data</code>, and <code>error</code> works for most projects, but if your team uses a different format — the bundle supports that too. Just implement <code>ResponseFactoryInterface</code> and register your implementation in the container:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">final</span> <span class="k">readonly</span> <span class="kd">class</span> <span class="nc">MyResponseFactory</span> <span class="kd">implements</span> <span class="nc">ResponseFactoryInterface</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="n">success</span><span class="p">(</span><span class="kt">mixed</span> <span class="nv">$data</span> <span class="o">=</span> <span class="kc">null</span><span class="p">,</span> <span class="kt">int</span> <span class="nv">$statusCode</span> <span class="o">=</span> <span class="mi">200</span><span class="p">,</span> <span class="kt">array</span> <span class="nv">$meta</span> <span class="o">=</span> <span class="p">[]):</span> <span class="kt">JsonResponse</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">JsonResponse</span><span class="p">([</span><span class="s1">'result'</span> <span class="o">=&gt;</span> <span class="nv">$data</span><span class="p">,</span> <span class="s1">'ok'</span> <span class="o">=&gt;</span> <span class="kc">true</span><span class="p">],</span> <span class="nv">$statusCode</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// ...</span> <span class="p">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># config/services.yaml</span> <span class="na">ApiKit\Response\ResponseFactoryInterface</span><span class="pi">:</span> <span class="na">alias</span><span class="pi">:</span> <span class="s">App\Api\MyResponseFactory</span> </code></pre> </div> <p>The entire bundle — controllers and <code>ExceptionListener</code> — will start using the new format automatically.</p> <h2> Slim Controllers in Practice </h2> <p>Here's a CRUD example for users. Notice: each action is 1–3 lines of logic. The <code>#[OA\*]</code> attributes are optional and only needed if you use <code>nelmio/api-doc-bundle</code> for documentation generation. Without it the controller works exactly the same — the <code>update</code> and <code>delete</code> actions below show what it looks like without OpenAPI annotations.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="na">#[Route('/api/users', name: 'api_users_')]</span> <span class="na">#[OA\Tag(name: 'Users')]</span> <span class="k">final</span> <span class="kd">class</span> <span class="nc">UserController</span> <span class="kd">extends</span> <span class="nc">AbstractApiController</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__construct</span><span class="p">(</span> <span class="k">private</span> <span class="k">readonly</span> <span class="kt">UserService</span> <span class="nv">$userService</span><span class="p">,</span> <span class="p">)</span> <span class="p">{}</span> <span class="na">#[Route('', name: 'list', methods: ['GET'])]</span> <span class="err">#</span><span class="p">[</span><span class="nf">OA\Get</span><span class="p">(</span><span class="n">path</span><span class="o">:</span> <span class="s1">'/api/users'</span><span class="p">,</span> <span class="n">summary</span><span class="o">:</span> <span class="s1">'List all users'</span><span class="p">,</span> <span class="n">responses</span><span class="o">:</span> <span class="p">[</span> <span class="k">new</span> <span class="nc">OA\Response</span><span class="p">(</span><span class="n">response</span><span class="o">:</span> <span class="mi">200</span><span class="p">,</span> <span class="n">description</span><span class="o">:</span> <span class="s1">'List of users'</span><span class="p">,</span> <span class="n">content</span><span class="o">:</span> <span class="k">new</span> <span class="nc">OA\JsonContent</span><span class="p">(</span><span class="n">type</span><span class="o">:</span> <span class="s1">'array'</span><span class="p">,</span> <span class="n">items</span><span class="o">:</span> <span class="k">new</span> <span class="nc">OA\Items</span><span class="p">(</span><span class="n">ref</span><span class="o">:</span> <span class="k">new</span> <span class="nc">Model</span><span class="p">(</span><span class="n">type</span><span class="o">:</span> <span class="nc">UserResponseDto</span><span class="o">::</span><span class="n">class</span><span class="p">))))</span> <span class="p">])]</span> <span class="k">public</span> <span class="k">function</span> <span class="n">list</span><span class="p">():</span> <span class="kt">JsonResponse</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">respondSuccess</span><span class="p">(</span> <span class="nb">array_map</span><span class="p">(</span><span class="nc">UserResponseDto</span><span class="o">::</span><span class="nf">fromEntity</span><span class="p">(</span><span class="mf">...</span><span class="p">),</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">userService</span><span class="o">-&gt;</span><span class="nf">findAll</span><span class="p">())</span> <span class="p">);</span> <span class="p">}</span> <span class="na">#[Route('', name: 'create', methods: ['POST'])]</span> <span class="err">#</span><span class="p">[</span><span class="nf">OA\Post</span><span class="p">(</span><span class="n">path</span><span class="o">:</span> <span class="s1">'/api/users'</span><span class="p">,</span> <span class="n">summary</span><span class="o">:</span> <span class="s1">'Create a new user'</span><span class="p">,</span> <span class="n">requestBody</span><span class="o">:</span> <span class="k">new</span> <span class="nc">OA\RequestBody</span><span class="p">(</span><span class="n">required</span><span class="o">:</span> <span class="kc">true</span><span class="p">,</span> <span class="n">content</span><span class="o">:</span> <span class="k">new</span> <span class="nc">OA\JsonContent</span><span class="p">(</span><span class="n">ref</span><span class="o">:</span> <span class="k">new</span> <span class="nc">Model</span><span class="p">(</span><span class="n">type</span><span class="o">:</span> <span class="nc">CreateUserDto</span><span class="o">::</span><span class="n">class</span><span class="p">))),</span> <span class="n">responses</span><span class="o">:</span> <span class="p">[</span> <span class="k">new</span> <span class="nc">OA\Response</span><span class="p">(</span><span class="n">response</span><span class="o">:</span> <span class="mi">201</span><span class="p">,</span> <span class="n">description</span><span class="o">:</span> <span class="s1">'User created'</span><span class="p">,</span> <span class="n">content</span><span class="o">:</span> <span class="k">new</span> <span class="nc">OA\JsonContent</span><span class="p">(</span><span class="n">ref</span><span class="o">:</span> <span class="k">new</span> <span class="nc">Model</span><span class="p">(</span><span class="n">type</span><span class="o">:</span> <span class="nc">UserResponseDto</span><span class="o">::</span><span class="n">class</span><span class="p">))),</span> <span class="k">new</span> <span class="nc">OA\Response</span><span class="p">(</span><span class="n">response</span><span class="o">:</span> <span class="mi">422</span><span class="p">,</span> <span class="n">description</span><span class="o">:</span> <span class="s1">'Validation error'</span><span class="p">),</span> <span class="k">new</span> <span class="nc">OA\Response</span><span class="p">(</span><span class="n">response</span><span class="o">:</span> <span class="mi">409</span><span class="p">,</span> <span class="n">description</span><span class="o">:</span> <span class="s1">'Email already taken'</span><span class="p">),</span> <span class="p">]</span> <span class="p">)]</span> <span class="k">public</span> <span class="k">function</span> <span class="n">create</span><span class="p">(</span><span class="err">#</span><span class="p">[</span><span class="nc">MapRequestPayload</span><span class="p">]</span> <span class="nc">CreateUserDto</span> <span class="nv">$dto</span><span class="p">)</span><span class="o">:</span> <span class="nc">JsonResponse</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">respondCreated</span><span class="p">(</span> <span class="nc">UserResponseDto</span><span class="o">::</span><span class="nf">fromEntity</span><span class="p">(</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="n">userService</span><span class="o">-&gt;</span><span class="nf">create</span><span class="p">(</span><span class="nv">$dto</span><span class="p">))</span> <span class="p">);</span> <span class="p">}</span> <span class="na">#[Route('/{id}', name: 'update', requirements: ['id' =&gt; '\d+'], methods: ['PUT'])]</span> <span class="k">public</span> <span class="k">function</span> <span class="n">update</span><span class="p">(</span><span class="kt">int</span> <span class="nv">$id</span><span class="p">,</span> <span class="err">#</span><span class="p">[</span><span class="nc">MapRequestPayload</span><span class="p">]</span> <span class="nc">UpdateUserDto</span> <span class="nv">$dto</span><span class="p">)</span><span class="o">:</span> <span class="nc">JsonResponse</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">respondSuccess</span><span class="p">(</span> <span class="nc">UserResponseDto</span><span class="o">::</span><span class="nf">fromEntity</span><span class="p">(</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="n">userService</span><span class="o">-&gt;</span><span class="nf">update</span><span class="p">(</span><span class="nv">$id</span><span class="p">,</span> <span class="nv">$dto</span><span class="p">))</span> <span class="p">);</span> <span class="p">}</span> <span class="na">#[Route('/{id}', name: 'delete', requirements: ['id' =&gt; '\d+'], methods: ['DELETE'])]</span> <span class="k">public</span> <span class="k">function</span> <span class="n">delete</span><span class="p">(</span><span class="kt">int</span> <span class="nv">$id</span><span class="p">):</span> <span class="kt">JsonResponse</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">userService</span><span class="o">-&gt;</span><span class="nb">delete</span><span class="p">(</span><span class="nv">$id</span><span class="p">);</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">respondNoContent</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>A DTO carries both validation rules and the OpenAPI schema at the same time:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="na">#[OA\Schema(description: 'Create user payload', required: ['email', 'name'])]</span> <span class="k">final</span> <span class="k">readonly</span> <span class="kd">class</span> <span class="nc">CreateUserDto</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__construct</span><span class="p">(</span> <span class="na">#[Assert\NotBlank]</span> <span class="na">#[Assert\Email]</span> <span class="na">#[Assert\Length(max: 180)]</span> <span class="na">#[OA\Property(example: 'user@example.com')]</span> <span class="k">public</span> <span class="kt">string</span> <span class="nv">$email</span><span class="p">,</span> <span class="na">#[Assert\NotBlank]</span> <span class="na">#[Assert\Length(min: 1, max: 100)]</span> <span class="na">#[OA\Property(example: 'Mr. Author')]</span> <span class="k">public</span> <span class="kt">string</span> <span class="nv">$name</span><span class="p">,</span> <span class="p">)</span> <span class="p">{}</span> <span class="p">}</span> </code></pre> </div> <p>If the email is invalid, <code>#[MapRequestPayload]</code> throws a <code>ValidationFailedException</code> on its own, <code>ExceptionListener</code> catches it and returns a 422 with the list of violations. The controller knows nothing about this.</p> <h2> Alternatives </h2> <p>There are not many direct bundle-level equivalents; developers usually solve the same problems manually or through separate packages.</p> <p><strong>API Platform</strong> is the most obvious neighbor. A powerful framework for resource-based APIs with auto-generated endpoints, JSONAPI/Hydra/OpenAPI out of the box. But it's a completely different scale: it imposes a specific architectural approach, requires adapters, and is not a fit for every project. ApiKit is a tool for those who want to write regular controllers — just cleaner.</p> <p><strong>FOSRestBundle</strong> was historically popular for REST in Symfony, but active development has slowed down, and its use with Symfony 7+ is no longer straightforward.</p> <p><strong>Handwritten base controllers and ExceptionListener</strong> — the most common path. Most teams end up writing exactly what ApiKit does, just every time from scratch and slightly differently.</p> <p><strong>league/fractal or spatie/laravel-*</strong> — the Laravel ecosystem, not applicable to Symfony.</p> <h2> File and Media Uploads </h2> <p><code>#[MapRequestPayload]</code> works with JSON and form-data, but it cannot resolve <code>UploadedFile</code> — that's the job of a different attribute. As of Symfony 7.1, there is <code>#[MapUploadedFile]</code> for files, and it fits naturally into the same slim-controller pattern. File validation is described directly in the attribute using standard Symfony constraints — <code>Assert\Image</code> or <code>Assert\Video</code> (added in 7.4, requires <code>ffprobe</code> on the server — installed via <code>apt install ffmpeg</code>).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="na">#[Route('/{id}/avatar', name: 'upload_avatar', requirements: ['id' =&gt; '\d+'], methods: ['POST'])]</span> <span class="k">public</span> <span class="k">function</span> <span class="n">uploadAvatar</span><span class="p">(</span> <span class="kt">int</span> <span class="nv">$id</span><span class="p">,</span> <span class="err">#</span><span class="p">[</span><span class="nf">MapUploadedFile</span><span class="p">([</span> <span class="k">new</span> <span class="nc">Assert\NotNull</span><span class="p">(</span><span class="n">message</span><span class="o">:</span> <span class="s1">'Avatar file is required'</span><span class="p">),</span> <span class="k">new</span> <span class="nc">Assert\Image</span><span class="p">(</span> <span class="n">maxSize</span><span class="o">:</span> <span class="s1">'5M'</span><span class="p">,</span> <span class="n">mimeTypes</span><span class="o">:</span> <span class="p">[</span><span class="s1">'image/jpeg'</span><span class="p">,</span> <span class="s1">'image/png'</span><span class="p">,</span> <span class="s1">'image/webp'</span><span class="p">],</span> <span class="n">mimeTypesMessage</span><span class="o">:</span> <span class="s1">'Only JPEG, PNG and WebP images are allowed'</span><span class="p">,</span> <span class="n">maxWidth</span><span class="o">:</span> <span class="mi">2048</span><span class="p">,</span> <span class="n">maxHeight</span><span class="o">:</span> <span class="mi">2048</span><span class="p">,</span> <span class="p">),</span> <span class="p">])]</span> <span class="nc">UploadedFile</span> <span class="nv">$avatar</span><span class="p">,</span> <span class="p">)</span><span class="o">:</span> <span class="nc">JsonResponse</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">respondSuccess</span><span class="p">(</span> <span class="nc">UserResponseDto</span><span class="o">::</span><span class="nf">fromEntity</span><span class="p">(</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="n">userService</span><span class="o">-&gt;</span><span class="nf">updateAvatar</span><span class="p">(</span><span class="nv">$id</span><span class="p">,</span> <span class="nv">$avatar</span><span class="p">))</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>If a constraint is violated, <code>#[MapUploadedFile]</code> throws an <code>HttpException</code>, which <code>ExceptionListener</code> already intercepts and converts into a standard 422 response — no extra code needed in the controller.</p> <p>For video the pattern is identical — extract it into a separate controller:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="na">#[Route('/api/media', name: 'api_media_')]</span> <span class="k">final</span> <span class="kd">class</span> <span class="nc">MediaController</span> <span class="kd">extends</span> <span class="nc">AbstractApiController</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__construct</span><span class="p">(</span> <span class="k">private</span> <span class="k">readonly</span> <span class="kt">FileUploader</span> <span class="nv">$fileUploader</span><span class="p">,</span> <span class="p">)</span> <span class="p">{}</span> <span class="na">#[Route('/video', name: 'upload_video', methods: ['POST'])]</span> <span class="k">public</span> <span class="k">function</span> <span class="n">uploadVideo</span><span class="p">(</span> <span class="err">#</span><span class="p">[</span><span class="nf">MapUploadedFile</span><span class="p">([</span> <span class="k">new</span> <span class="nc">Assert\NotNull</span><span class="p">(</span><span class="n">message</span><span class="o">:</span> <span class="s1">'Video file is required'</span><span class="p">),</span> <span class="k">new</span> <span class="nc">Assert\Video</span><span class="p">(</span> <span class="n">maxSize</span><span class="o">:</span> <span class="s1">'100M'</span><span class="p">,</span> <span class="n">mimeTypes</span><span class="o">:</span> <span class="p">[</span><span class="s1">'video/mp4'</span><span class="p">,</span> <span class="s1">'video/webm'</span><span class="p">],</span> <span class="n">maxWidth</span><span class="o">:</span> <span class="mi">1920</span><span class="p">,</span> <span class="n">maxHeight</span><span class="o">:</span> <span class="mi">1080</span><span class="p">,</span> <span class="n">mimeTypesMessage</span><span class="o">:</span> <span class="s1">'Only MP4 and WebM videos are allowed'</span><span class="p">,</span> <span class="p">),</span> <span class="p">])]</span> <span class="nc">UploadedFile</span> <span class="nv">$video</span><span class="p">,</span> <span class="p">)</span><span class="o">:</span> <span class="nc">JsonResponse</span> <span class="p">{</span> <span class="nv">$path</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">fileUploader</span><span class="o">-&gt;</span><span class="nf">upload</span><span class="p">(</span><span class="nv">$video</span><span class="p">,</span> <span class="s1">'videos'</span><span class="p">);</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">respondSuccess</span><span class="p">([</span> <span class="s1">'path'</span> <span class="o">=&gt;</span> <span class="nv">$path</span><span class="p">,</span> <span class="s1">'originalName'</span> <span class="o">=&gt;</span> <span class="nv">$video</span><span class="o">-&gt;</span><span class="nf">getClientOriginalName</span><span class="p">(),</span> <span class="s1">'size'</span> <span class="o">=&gt;</span> <span class="nv">$video</span><span class="o">-&gt;</span><span class="nf">getSize</span><span class="p">(),</span> <span class="s1">'mimeType'</span> <span class="o">=&gt;</span> <span class="nv">$video</span><span class="o">-&gt;</span><span class="nf">getMimeType</span><span class="p">(),</span> <span class="p">]);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>If you need to accept both JSON fields and a file in a single request (<code>multipart/form-data</code>), both attributes can be combined in the method signature — they are validated independently, and any violation produces a 422:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="na">#[Route('', name: 'create', methods: ['POST'])]</span> <span class="k">public</span> <span class="k">function</span> <span class="n">create</span><span class="p">(</span> <span class="err">#</span><span class="p">[</span><span class="nc">MapRequestPayload</span><span class="p">]</span> <span class="nc">CreatePostDto</span> <span class="nv">$dto</span><span class="p">,</span> <span class="err">#</span><span class="p">[</span><span class="nf">MapUploadedFile</span><span class="p">([</span> <span class="k">new</span> <span class="nc">Assert\Image</span><span class="p">(</span> <span class="n">maxSize</span><span class="o">:</span> <span class="s1">'2M'</span><span class="p">,</span> <span class="n">mimeTypes</span><span class="o">:</span> <span class="p">[</span><span class="s1">'image/jpeg'</span><span class="p">,</span> <span class="s1">'image/png'</span><span class="p">,</span> <span class="s1">'image/webp'</span><span class="p">],</span> <span class="p">),</span> <span class="p">])]</span> <span class="o">?</span><span class="nc">UploadedFile</span> <span class="nv">$thumbnail</span> <span class="o">=</span> <span class="kc">null</span><span class="p">,</span> <span class="p">)</span><span class="o">:</span> <span class="nc">JsonResponse</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">respondCreated</span><span class="p">(</span> <span class="nc">PostResponseDto</span><span class="o">::</span><span class="nf">fromEntity</span><span class="p">(</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="n">postService</span><span class="o">-&gt;</span><span class="nf">create</span><span class="p">(</span><span class="nv">$dto</span><span class="p">,</span> <span class="nv">$thumbnail</span><span class="p">))</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><code>Assert\Image</code> and <code>Assert\Video</code> have nothing to do with the bundle itself — they are standard Symfony constraints, and <code>ExceptionListener</code> simply intercepts violations regardless of what triggered them.</p> <h2> Supported Architectures </h2> <p><strong>Classic MVC / service layer</strong> — an ideal fit. Controller → Service → Repository. ApiKit was written exactly for this scenario.</p> <p><strong>Hexagonal Architecture (Ports &amp; Adapters)</strong> — pairs well. The controller stays a thin input adapter, the DTO serves as a port. <code>ApiException</code> can be thrown from any Application service layer.</p> <p><strong>CQRS</strong> — works without restrictions. The controller maps a DTO into a Command/Query and passes it to the bus. The response is the result of a Handler, wrapped with <code>respondSuccess</code>.</p> <p><strong>DDD</strong> — works correctly, including strict layer isolation. More details in the next section.</p> <p><strong>Microservices</strong> — a great choice for small services that need a consistent API without the overhead of API Platform.</p> <p><strong>Vertical Slice Architecture (VSA)</strong> — pairs nicely. Each slice is a vertical cut for a specific feature (CreateUser, UploadAvatar, PublishPost) with its own controller, DTO, and handler. The bundle does not know how the code is organized and places no constraints on directory structure. An invokable controller slice looks natural:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// src/Features/CreateUser/CreateUserController.php</span> <span class="k">final</span> <span class="kd">class</span> <span class="nc">CreateUserController</span> <span class="kd">extends</span> <span class="nc">AbstractApiController</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__construct</span><span class="p">(</span> <span class="k">private</span> <span class="k">readonly</span> <span class="kt">CreateUserHandler</span> <span class="nv">$handler</span><span class="p">,</span> <span class="p">)</span> <span class="p">{}</span> <span class="na">#[Route('/api/users', methods: ['POST'])]</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__invoke</span><span class="p">(</span><span class="err">#</span><span class="p">[</span><span class="nc">MapRequestPayload</span><span class="p">]</span> <span class="nc">CreateUserInput</span> <span class="nv">$input</span><span class="p">)</span><span class="o">:</span> <span class="nc">JsonResponse</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">respondCreated</span><span class="p">(</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="n">handler</span><span class="o">-&gt;</span><span class="nf">handle</span><span class="p">(</span><span class="nv">$input</span><span class="p">));</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><code>ApiException</code> is thrown from the handler, <code>ExceptionListener</code> catches it globally — each slice is written independently, but the external API contract stays unified.</p> <p><strong>Modular monolith</strong> — each module can use <code>ApiControllerTrait</code> independently, and the response format will be consistent across the entire application.</p> <h2> EntityExists in DDD Projects </h2> <p>A classic question when using the bundle in DDD projects: does <code>EntityExists</code> violate the isolation of the domain layer? No — the architecture is built around a port.</p> <p>The <code>#[EntityExists]</code> constraint and <code>EntityExistsValidator</code> depend only on <code>EntityExistenceCheckerInterface</code>. All Doctrine interaction is isolated in <code>DoctrineEntityExistenceChecker</code> at the infrastructure level.</p> <p><strong>How the bundle registers the Doctrine implementation.</strong> Precision matters here — simply checking whether the package is installed is not enough. <code>doctrine/orm</code> may exist in <code>vendor</code> (e.g. as <code>require-dev</code>) while <code>DoctrineBundle</code> is not configured and <code>EntityManagerInterface</code> is therefore absent from the container. Autowiring would then fail with an error on <code>cache:clear</code>.</p> <p>The bundle handles this with a two-level check:</p> <ol> <li> <code>ApiKitExtension</code> registers definitions only if <code>interface_exists('Doctrine\ORM\EntityManagerInterface')</code> — a string check, to avoid creating a static class reference and triggering "Undefined class" from PHPStan in projects without Doctrine.</li> <li> <code>RegisterDoctrineCheckerPass</code> runs later, after the container is compiled, and checks <code>$container-&gt;has('doctrine.orm.entity_manager')</code>. If the service is absent — it removes the definitions for <code>DoctrineEntityExistenceChecker</code>, <code>EntityExistsValidator</code>, and the interface alias. This guards against the "package installed but DoctrineBundle not configured" scenario.</li> </ol> <p>The result: the bundle works correctly in any configuration — with Doctrine, without Doctrine, and in the in-between state.</p> <p><strong>Custom persistence backend.</strong> In projects using a different ORM or a non-standard persistence layer, you can register your own implementation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// Infrastructure/Persistence/CustomEntityExistenceChecker.php</span> <span class="k">final</span> <span class="kd">class</span> <span class="nc">CustomEntityExistenceChecker</span> <span class="kd">implements</span> <span class="nc">EntityExistenceCheckerInterface</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__construct</span><span class="p">(</span> <span class="k">private</span> <span class="k">readonly</span> <span class="kt">MyRepositoryRegistry</span> <span class="nv">$registry</span><span class="p">,</span> <span class="p">)</span> <span class="p">{}</span> <span class="k">public</span> <span class="k">function</span> <span class="n">exists</span><span class="p">(</span><span class="kt">string</span> <span class="nv">$entityClass</span><span class="p">,</span> <span class="kt">mixed</span> <span class="nv">$value</span><span class="p">,</span> <span class="kt">string</span> <span class="nv">$field</span> <span class="o">=</span> <span class="s1">'id'</span><span class="p">):</span> <span class="kt">bool</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">registry</span><span class="o">-&gt;</span><span class="k">for</span><span class="p">(</span><span class="nv">$entityClass</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">existsBy</span><span class="p">(</span><span class="nv">$field</span><span class="p">,</span> <span class="nv">$value</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># config/services.yaml</span> <span class="na">services</span><span class="pi">:</span> <span class="na">ApiKit\Validator\Constraint\EntityExistenceCheckerInterface</span><span class="pi">:</span> <span class="na">alias</span><span class="pi">:</span> <span class="s">App\Infrastructure\Persistence\CustomEntityExistenceChecker</span> </code></pre> </div> <p>The <code>#[EntityExists]</code> constraint stays in the Application or Domain layer — it knows nothing about Doctrine or any specific storage. All database work is isolated in the infrastructure layer, as it should be.</p> <p>One separate note — <strong>performance</strong>: every <code>EntityExists</code> on a DTO field means a separate <code>SELECT</code>. When validating multiple such fields, queries run sequentially. For most use cases this is negligible, but it's worth keeping in mind for high-load endpoints.</p> <h2> Installation and Configuration </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>composer require bulatronic/api-kit </code></pre> </div> <p>The bundle is available on <a href="https://packagist.org/packages/bulatronic/api-kit" rel="noopener noreferrer">Packagist</a>. Requires PHP 8.2+ and Symfony <code>^7.4|^8.0</code>. When installed via Composer, the bundle registers itself automatically. A recipe for Symfony Flex has been submitted to <code>symfony/recipes-contrib</code>. Once approved, the <code>config/packages/api_kit.yaml</code> configuration file will be created automatically. Until then, create it manually if needed — all values have sensible defaults and the file is not required:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># config/packages/api_kit.yaml</span> <span class="na">api_kit</span><span class="pi">:</span> <span class="na">response</span><span class="pi">:</span> <span class="na">include_timestamp</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">pretty_print</span><span class="pi">:</span> <span class="s1">'</span><span class="s">%kernel.debug%'</span> <span class="na">exception_handling</span><span class="pi">:</span> <span class="na">log_errors</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">show_trace</span><span class="pi">:</span> <span class="s1">'</span><span class="s">%kernel.debug%'</span> <span class="na">validation</span><span class="pi">:</span> <span class="na">translate_messages</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <p>If your controller does not extend any base class — extend <code>AbstractApiController</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">final</span> <span class="kd">class</span> <span class="nc">UserController</span> <span class="kd">extends</span> <span class="nc">AbstractApiController</span> <span class="p">{</span> <span class="na">#[Route('/api/users', methods: ['GET'])]</span> <span class="k">public</span> <span class="k">function</span> <span class="n">list</span><span class="p">():</span> <span class="kt">JsonResponse</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">respondSuccess</span><span class="p">(</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="n">userService</span><span class="o">-&gt;</span><span class="nf">findAll</span><span class="p">());</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>If you already have your own inheritance hierarchy — add the trait directly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// Already extending another base class — just add the trait</span> <span class="kd">class</span> <span class="nc">MyController</span> <span class="kd">extends</span> <span class="nc">MyBaseController</span> <span class="p">{</span> <span class="kn">use</span> <span class="nc">ApiControllerTrait</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Both options give you the same set of methods: <code>respondSuccess</code>, <code>respondCreated</code>, <code>respondNoContent</code>, <code>respondError</code>, <code>respondNotFound</code>, <code>respondForbidden</code>, <code>respondUnauthorized</code>.</p> <h2> Open Source </h2> <p>The bundle is open source. You are free to use it, modify it, and adapt it to your own projects. If a feature is missing, behavior differs from what you expected, or you have an improvement idea — feel free to open an issue or send a PR. If the tool proved useful, a GitHub star is the best currency and motivation.</p> <h2> Summary </h2> <p>ApiKit solves a boring but important problem: it removes boilerplate from controllers, guarantees API consistency, and gives the team a shared language for errors and responses. It does not impose an architecture, does not pull in unnecessary dependencies, and integrates into any Symfony project in a few minutes.</p> <p>The scenarios where it delivers the most value are projects with multiple developers where consistency matters, and APIs for mobile apps or SPAs where the frontend relies on a predictable response structure.</p> <p><em>GitHub: <a href="https://github.com/bulatronic/api-kit" rel="noopener noreferrer">bulatronic/api-kit</a></em><br> <em>Packagist: <a href="https://packagist.org/packages/bulatronic/api-kit" rel="noopener noreferrer">bulatronic/api-kit</a></em></p> symfony php rest api Symfony Init - Fast Project Bootstrap Without the Boilerplate Dev Sat, 21 Feb 2026 18:06:59 +0000 https://dev.to/dev_null/symfony-init-fast-project-bootstrap-without-the-boilerplate-2ihe https://dev.to/dev_null/symfony-init-fast-project-bootstrap-without-the-boilerplate-2ihe <p>Every time I wanted to quickly try something with Symfony, the same story repeated itself: spin up a PHP-FPM or FrankenPHP container, exec into it, install <code>symfony/skeleton</code>, configure Nginx or a Caddyfile, set environment variables... All that before writing a single line of actual code.</p> <p>DI container, console commands, component-based architecture... It's no secret that Symfony is heavily inspired by the Java ecosystem. So why not try to build something similar to <code>start.spring.io</code>?</p> <p>That's how pet project <a href="https://symfony-init.dev" rel="noopener noreferrer">https://symfony-init.dev</a> was born.</p> <h2> What the User Gets </h2> <p>You choose the parameters on the website:</p> <ul> <li> <strong>PHP</strong>: 8.3, 8.4, 8.5 (parsed from php.net in real time)</li> <li> <strong>Server</strong>: PHP-FPM + Nginx or FrankenPHP</li> <li> <strong>Symfony</strong>: latest versions (parsed from symfony.com in real time)</li> <li> <strong>Database</strong>: PostgreSQL, MySQL, MariaDB, SQLite, or none</li> <li> <strong>Cache</strong>: Redis or Memcached</li> <li> <strong>Extensions</strong>: Doctrine ORM, Security, Mailer, Messenger, Validator, Serializer, API Platform, HTTP Client, Nelmio API Doc</li> <li> <strong>Message broker</strong>: RabbitMQ</li> </ul> <p>Click "Generate" - and you get a ZIP archive with a fully working project. Inside: Symfony, <code>docker-compose.yml</code>, <code>Dockerfile</code>, web server config, and a preconfigured <code>.env</code>.</p> <p>Run a single command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker compose up <span class="nt">-d</span> <span class="nt">--build</span> </code></pre> </div> <p>That's it.</p> <h2> The Service Stack </h2> <p>Ironically, the service itself is built with Symfony 7.4, runs on FrankenPHP, and is formatted with PHP CS Fixer using the <code>@Symfony</code> rule set.</p> <h2> How It Works Internally </h2> <h3> Project Generation </h3> <p>The core class is <code>ProjectBuilder</code>. It performs the following steps:</p> <ol> <li> Runs <code>composer create-project symfony/skeleton</code> with <code>--no-install</code> </li> <li> Generates <code>Dockerfile</code>, <code>docker-compose.yml</code>, and web server config via Twig</li> <li> Patches <code>composer.json</code> to set the required PHP version</li> <li> Installs selected packages using <code>composer require</code> </li> <li> Runs <code>composer install --optimize-autoloader</code> </li> <li> Cleans up Docker blocks automatically added by Symfony Flex</li> </ol> <p>The last step is an important nuance. Symfony Flex injects<code>###&gt;bundle###</code> blocks into <code>docker-compose.yml</code> when installing certain packages. To avoid duplicating services (postgres, redis, etc.), generation runs with <code>SYMFONY_SKIP_DOCKER=1</code>, and any leftovers are removed using a regex:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nv">$content</span> <span class="o">=</span> <span class="nb">preg_replace</span><span class="p">(</span><span class="s1">'/\n*###&gt;.*?###.*?\n.*?###&lt;.*?###.*?\n*/s'</span><span class="p">,</span> <span class="s2">"</span><span class="se">\n</span><span class="s2">"</span><span class="p">,</span> <span class="nv">$content</span><span class="p">);</span> </code></pre> </div> <p>Extensions are implemented using Symfony's tagging system. Each extension is a separate class tagged as <code>app.extension</code>. <code>ExtensionRegistry</code> collects them via <code>#[TaggedIterator]</code> and resolves dependency graphs. For example, if you select API Platform, Doctrine ORM, Serializer, and Nelmio API Doc are automatically included.</p> <h2> Caching </h2> <p>The most interesting architectural decision is filesystem-based caching.</p> <p>Each combination of parameters (PHP × Symfony × server × extensions × database × cache × RabbitMQ) is converted into a stable cache key:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">public</span> <span class="k">function</span> <span class="n">cacheKey</span><span class="p">():</span> <span class="kt">string</span> <span class="p">{</span> <span class="nv">$ext</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">extensions</span><span class="p">;</span> <span class="nb">sort</span><span class="p">(</span><span class="nv">$ext</span><span class="p">);</span> <span class="k">return</span> <span class="nb">sprintf</span><span class="p">(</span> <span class="s1">'project_%s_%s_%s_%s_%s_%s_%s'</span><span class="p">,</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">phpVersion</span><span class="p">,</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">server</span><span class="p">,</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">symfonyVersion</span><span class="p">,</span> <span class="nb">implode</span><span class="p">(</span><span class="s1">'_'</span><span class="p">,</span> <span class="nv">$ext</span><span class="p">),</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">database</span> <span class="o">??</span> <span class="s1">'none'</span><span class="p">,</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">cache</span> <span class="o">??</span> <span class="s1">'nocache'</span><span class="p">,</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">rabbitmq</span> <span class="o">?</span> <span class="s1">'rabbitmq'</span> <span class="o">:</span> <span class="s1">'norabbitmq'</span> <span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The project name is intentionally excluded from the key - it only affects the folder name inside the archive, not the file contents. This allows multiple users with identical stacks to reuse the same generated project.</p> <p>When a request comes in, the service checks the cache. If a match is found, it reuses the existing directory and packages it into a ZIP with the user's chosen project name. If not, it performs a full build, stores the result in <code>var/share/projects/</code>, and returns the path. Cache TTL is 24 hours.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nv">$cachedPath</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">cache</span><span class="o">-&gt;</span><span class="nf">get</span><span class="p">(</span> <span class="nv">$config</span><span class="o">-&gt;</span><span class="nf">cacheKey</span><span class="p">(),</span> <span class="k">function</span> <span class="p">(</span><span class="kt">ItemInterface</span> <span class="nv">$item</span><span class="p">)</span> <span class="k">use</span> <span class="p">(</span><span class="nv">$config</span><span class="p">):</span> <span class="kt">string</span> <span class="p">{</span> <span class="nv">$item</span><span class="o">-&gt;</span><span class="nf">expiresAfter</span><span class="p">(</span><span class="k">self</span><span class="o">::</span><span class="no">CACHE_TTL</span><span class="p">);</span> <span class="c1">// 86400 sec</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">buildAndCache</span><span class="p">(</span><span class="nv">$config</span><span class="p">);</span> <span class="p">}</span> <span class="p">);</span> <span class="k">return</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">zipper</span><span class="o">-&gt;</span><span class="nf">createZip</span><span class="p">(</span><span class="nv">$cachedPath</span><span class="p">,</span> <span class="nv">$config</span><span class="o">-&gt;</span><span class="n">projectName</span><span class="p">);</span> </code></pre> </div> <p>There is also a console command for cache warming:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># popular configurations only (default)</span> php bin/console app:warm-cache <span class="nt">--popular-only</span> <span class="c"># all base combinations PHP × Symfony × server (no extensions/db; slower)</span> php bin/console app:warm-cache <span class="nt">--all-base</span> </code></pre> </div> <h2> Why No Redis, No Database - and Why So Simple? </h2> <p>A fair question. Redis is an obvious solution for caching with TTL. But here we are caching <strong>entire project directories</strong> weighing several megabytes each. Redis operates in memory - storing full project directories there would be wasteful and against its intended use.</p> <p>The filesystem is the right tool for this job. Symfony Cache natively supports <code>cache.adapter.filesystem</code>, storing data under<code>var/share/pools/</code>. No extra infrastructure. No synchronization complexity.</p> <p>A database is also unnecessary. The service has no users, no history, and no relational data requirements. Adding PostgreSQL just for rate limiting or metrics would be overengineering.</p> <p>The same philosophy applies to the overall architecture. FrankenPHP supports <a href="https://frankenphp.dev/docs/worker/" rel="noopener noreferrer">worker mode</a>, where the PHP process persists across requests and the application boots only once. That can significantly improve performance for high-RPS applications. But in this case, the bottleneck isn't PHP - it's Composer process execution, which takes several seconds. Worker mode wouldn't help here and would introduce state management complexity between requests. Not worth it.</p> <p>Horizontal scaling raises similar issues. Multiple replicas would break the filesystem cache since each container would have isolated storage. That would require a shared volume or centralized storage, adding complexity for no real benefit at the current scale. One container. One filesystem cache. Symfony Lock for synchronization. That's enough.</p> <h2> Why ZIP Instead of Just composer.json? </h2> <p>This question defines the entire value proposition.</p> <p>If the service only returned a <code>composer.json</code>, the user would still need PHP, Composer, manual <code>composer install</code>, and manual server configuration. The original problem wouldn't be solved.</p> <p>The real value lies in delivering a <strong>fully built</strong> project:</p> <ul> <li> <code>composer install</code> already executed</li> <li> <code>vendor/</code> included</li> <li> <code>composer.lock</code> generated</li> <li> <code>Dockerfile</code> with correct PHP extensions</li> <li> <code>docker-compose.yml</code> with required services</li> <li> <code>.env</code> preconfigured with correct DSNs</li> </ul> <p>The user receives a project in a state of "unzip and<code>docker compose up</code>".</p> <p>The <code>composer.lock</code> file is crucial - it locks exact dependency versions, ensuring reproducible builds. Generating it properly without actually installing packages is impossible.</p> <h2> Rate Limiting &amp; Security </h2> <p>The <code>/generate</code> endpoint is protected by a rate limiter: 30 requests per hour per IP (sliding window). It's implemented via <code>RateLimitSubscriber</code>, an event subscriber on<code>kernel.controller</code>. If the limit is exceeded, it returns HTTP 429 with<code>Retry-After</code> and <code>X-RateLimit-Remaining</code> headers.</p> <p>Project generation is expensive - Composer processes take seconds. Cache absorbs most traffic (popular configurations are prewarmed and returned instantly). But intentionally generating rare combinations would cause cache misses and trigger full builds each time. On a small server, that's noticeable. The rate limiter prevents such abuse.</p> <h2> Small Notes </h2> <p>The <code>cleanupFlexDockerFiles</code> method relies on a regex. It works, but it's fragile. If Symfony Flex changes its block format, it could silently break. At minimum, logging a warning when cleanup behaves unexpectedly would be wise.</p> <p>The project name not being part of the cache key is logically correct, but it should be explicitly documented. Since <code>composer.json</code> contains the package name, two users with different project names will receive identical <code>composer.json</code> files. For a starter project generator, that's acceptable - but potentially surprising.</p> <h2> Final Thoughts </h2> <p>The service solves a very specific problem for me: eliminating boilerplate when starting a Symfony project. Every architectural decision - worker mode, scaling, Redis - was consciously rejected because it added complexity without meaningful benefit. One container. Filesystem cache. Simple lock. Sometimes the best solution is the boring one.</p> <p>The service runs on a modest VPS: 1 CPU core (2.2 GHz), 0.5 GB RAM, 10 GB HDD. If it becomes unavailable or the load grows, it can always be run locally - the repository is open source: <a href="https://github.com/bulatronic/symfony-init" rel="noopener noreferrer">https://github.com/bulatronic/symfony-init</a></p> <p>Try it: <a href="https://symfony-init.dev" rel="noopener noreferrer">https://symfony-init.dev</a></p> <p>I'd love to get feedback, ideas, and pull requests. And a star on GitHub would be greatly appreciated ⭐</p> symfony php docker webdev