Lets said I have a restful API (built on top of FOSRestBundle) open to the world and I don't want that, instead I want to secure the endpoints. This is part of my security.yml file:
access_control:
- { path: ^/api/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
As you can see any can access the API so this area needs to be secured in somehow. My idea? By passing a parameter at the request header. Since my client is an iOs app then its need to take care of send that parameter when request are made to any API endpoint. The parameter is named X-PDONE-SESSION-ID and basically it holds a PHP session. How I can protect the API? Any ideas using this bundle or any other ideas?