Used library

We’re using a few libraries to serve RESTful API, it’s automatically generated documentation and JWT Tokens used to authenticate a user. More information about API, requests and response is available at here.


This bundle provides various tools to rapidly develop RESTful API’s & applications with Symfony. Features include: A View layer to enable output and format agnostic Controllers A custom route loader to generate url’s following REST conventions Accept header format negotiation including handling for custom mime types RESTful decoding of HTTP request body and Accept headers Exception controller for sending appropriate HTTP status codes



The NelmioApiDocBundle bundle allows you to generate documentation in the OpenAPI (Swagger) format and provides a sandbox to interactively browse the API documentation.



This bundle provides JWT (Json Web Token) authentication for your Symfony API.



The purpose of this bundle is manage refresh tokens with JWT (Json Web Tokens) in an easy way. This bundles uses LexikJWTAuthenticationBundle. At the moment only supports Doctrine ORM.



Not described yet.

JWT tokens

Not described yet.

How to authenticate

Not described yet.

How to use

Not described yet.


Open Loyalty has context which is basically three different types of users.

There is an admin context who is responsible for managing whole loyalty platform.

Second context is a customer context, a person who registered to the loyalty program and the third last context is a seller. It’s usually a merchant with physical store that is handling customer.

Each context, an therefore each user, has different permissions and can use different API endpoints.

API assumptions

API and it’s naming follows convention from contexts by prefixing their names. So only the customer can use /api/customer and seller can use /api/seller.

If an endpoint is prefixed with /api/admin or is not prefixed with any context, by default is available only for an administrator.

However, there are some exceptions from this convention. The best examples are endpoints from the UserBundle and prefixed with /api/customer. Most of them are available only in the administrator context, but some of them are also available for a customer like endpoint /api/customer/{customer}. It’s available for an administrator to view any customer but it’s also available for a customer to view only his own data. It’s restricted in the code.

Why I see 404?

Open Loyalty uses /api for all API endpoints so there is no / route in application. If route is not found, then by default 404 is returned.