XDebug and RESTful server using PHPStorm or POSTman

Just add ?XDEBUG_SESSION_START=filter_string at the end of the url, for eg:

https://new-supplier.local/api/login?XDEBUG_SESSION_START=PHPSTORM

PHPSTORM is my default filter string, you can use whatever you want. Your editor should be set up to filter connections by IDE key (filter string), and thats it. You should be able to debug the same way as from Chrome or FF.


Warning!

xdebug >= 3.0 has changed the parameters in php.ini. After upgrading xdebug, most of the answers here will not be relevant.

Refer to: https://xdebug.org/docs/upgrade_guide

Basically, you need to add something like this to your php.ini:

xdebug.mode=develop,gcstats,coverage,profile,debug
xdebug.start_with_request=1
xdebug.idekey=PHPSTORM

You can use one of these approaches:

  1. Configure your Xdebug (by editing php.ini) to attempt to debug every PHP script. The key option:

    • Xdebug v2: xdebug.remote_autostart = 1
    • Xdebug v3: xdebug.start_with_request = yes
  2. Add Xdebug session start parameter to the actual URL (XDEBUG_SESSION_START={{KEY}} -- https://xdebug.org/docs/step_debug#manual-init), for example: ?XDEBUG_SESSION_START=PHPSTORM

  3. Pass Xdebug cookie as part of the request (the one which is set by bookmarklet or browser extension, for example).

For this to work: make sure that "phone handle" icon is activated in advance in PhpStorm (Run | Start Listen for PHP Debug Connection).


P.S. If you are using Postman, Insominia or alike (another REST client) then the best / most transparent way IMO is to use Xdebug cookie. You're most likely already using separate Environments (e.g. "dev", "test", "production") so you can have such a cookie only where it is needed (depends on the tool and version used of course).

This way there is no need to edit the URL (even if you have it as a "conditional parameter" that is present for some environment and absent for another) or configure Xdebug to "debug all requests" at all.

An example of such Xdebug cookie from my Postman (edit it as needed; here it is set for the local some-domain.local.test fake domain):

XDEBUG_SESSION=value; Path=/; Domain=.some-domain.local.test; Expires=Tue, 19 Jan 2038 03:14:07 GMT;

Since the host URL should be a part of your Environment (e.g. the endpoint URL will be like {{host}}/api/v1/welcome) then such cookie will be sent to the dev domain only and not to the production one.