Search code examples

Yii2 Make endpoint accessible through web and rest api

A customer has requested to have the exact same endpoints available through web interface as well as through REST API.

The same endpoint should be visible using web browser only when being logged in. When accessing it via REST API, a valid access token must be submitted.

The rule for this specific endpoint is defined as follows:

    'class' => 'yii\rest\UrlRule',
    'controller' => 'site',
    'pluralize' => false,
    'extraPatterns' => [
        'POST upload-raw-data' => 'uploadRawData'

Now, when I try to access this endpoint, I've got these results:

  • Browser: no problem
  • Postman / POST: 404 error
  • Postman / GET: no problem
  • When trying the same with enableStrictParsing enabled, I've got 404 errors all around.

    If I need to provide other parts of the code, I'll happily provide them.


  • I think I found the solution for my issue. The problem seems to have been the CSRF validation.

    By disabling it for this specific action in beforeAction(), the POST call behaves as intended.

    public function beforeAction($action) {
        if ($action->id == 'upload-raw-data')
            Yii::$app->controller->enableCsrfValidation = false;
        return parent::beforeAction($action);
