ContentNegotiator::class, 'formats' => [ 'application/json' => Response::FORMAT_JSON, ], ], 'authenticatior' => [ 'class' => QueryParamAuth::class, //implement access token authentication 'except' => ['login'], // no need to verify the access token method, pay attention to distinguish between $noAclLogin ], 'corsFilter' => [ 'class' => GsCors::class, 'cors' => [ 'Origin' => ['*'], //'Access-Control-Allow-Credentials' => true, 'Access-Control-Allow-Headers' => [ 'Content-Type', 'Access-Control-Allow-Headers', 'Authorization', 'X-Requested-With' ], ] ] ]); } public function actions() { $action = parent::actions(); // TODO: Change the autogenerated stub unset($action['index']); unset($action['create']); unset($action['update']); unset($action['delete']); } public function actionLogin() { $model = new LoginForm(); if ($model->load(Yii::$app->getRequest()->getBodyParams(), '') && $model->login()) { return [ 'access_token' => $model->login(), ]; } else { throw new BadRequestHttpException(json_encode($model->errors)); } } }