A bundle that provides the possibility to generate api keys for rest apis

Installs: 3 358

Dependents: 1

Suggesters: 0

Security: 0

Stars: 8

Watchers: 4

Forks: 2

Open Issues: 1


2.0.0-alpha1 2016-12-17 14:38 UTC


Build Status Code Coverage Scrutinizer Code Quality SensioLabsInsight Latest Stable Version License

Symfony Bundle which provides an approach to authenticate users with API tokens.

Current status

Unfortunately @Ma27 doesn't have sufficient time to to keep this project running. Just open an issue if you're interested in helping out.

  1. About

This bundle applies the concept of a stateless user authenticator as described in the Symfony CookBook.

Furthermore it contains some extra features:

  • RESTful actions in order to generate its own api key and for the logout
  • Generator for safe API keys
  • Abstract model based on doctrine/common (it is possible to use any Doctrine implementation like doctrine/mongodb-odm or doctrine/phpcr-odm)
  • Powerful event system (it is possible to hook into all important processes)
  • Implementation to manage password hashing using different strategies
  • Command which purges API keys that weren't used for a certain time
  1. Documentation

Basic introduction

To get a basic idea of how this bundle works, please refer to the following blogposts:

Official documentation

In order to read the official documentation, please refer to the Resources/doc/ file.

  1. Support and BC promise

For changes in newly release versions please review the To get more information about how to contribute please refer to the


Version 1.2 is the latest 1.x release and will experience support for one year after the final 2.0.0 release came out. The 1.2 version still supports a lot of legacy PHP versions (hhvm and PHP from 5.3.9).


Version 2.0 dropped support for each PHP and HHVM versions except PHP 7.1. The support Symfony versions are 2.8 and all 3.x versions.

Handling BC breaks

The ancient, unsupported development versions (all 0.x versions) were experimental development versions and contained BC breaks.

From the 1.x versions on backward compatibility is provided when jumping between minor releases. This rule doesn't apply to internals of the codebase (these internals are marked with the @internal annotation or have a private visibility modifier).