Of course, we could use an IP firewall, which would be a more secure solution, but not this time. The Symfony framework has good documentation, but in our case, you will only see a few lines in the config that will not help you at all.
Why wouldn't that help? Because these changes will enable HTTP Basic authentication for all your clients if you have them. You also need to understand what type of "password_hasher" and what "provider" you should use.
So if you want to make it as easy as possible, copy the config below, and everything will work. You only need to add one variable "BASIC_USER_PASSWORD" into your .env file with the password.
.env ###> symfony/security-bundle ### BASIC_USER_PASSWORD=test ###< symfony/security-bundle ###
config/packages/security.yaml
security:
password_hashers:
Symfony\Component\Security\Core\User\InMemoryUser: plaintext
providers:
users_in_memory:
memory:
users:
api: {password: '%env(BASIC_USER_PASSWORD)%', roles: ['ROLE_API']}
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
lazy: true
provider: users_in_memory
http_basic:
realm: Secured Area
access_control:
- { path: ^/api, roles: ROLE_API }
Useful links below
Hashers -Providers -
Access Control -
Firewalls -
Example of curl request (api:test)
curl --location --request POST 'https://your_site.com/api/v1/notify' \ --header 'Authorization: Basic YXBpOnRlc3Q=' \ --header 'Content-Type: application/json' \