I need some help with the design of my phalcon app. Until now I got working a simple MVC app, and now I'm writing a small microframework, since my app needs to use an internal REST API.
The point is that my microframework-based app needs to be used based on the ACL specivied in the MVC app (which code is largely inspired from vokuro), - some of the API needs to be public, some - private, and there are also a couple to be used only by a certain group of users.
How do I achieve this result? I thought about some kind of an API key based on JWT, or OAuth2.0, - but how do I integrate that in phalcon? Also, I stated that I'm separating my app in 2 concerns - MVC and REST API, but is that really the desired approach? Maybe, I could simply merge them somehow?
tl;dr: some paths need to show a view, some need to return only a JSON, but all need authentication and session control. How should I proceed?