My company is creating an API using ZF2 on Zend Server via the PHP Toolkit. We are keeping our backend logic on RPG and the API allows us to call it via our new interface. One of the biggest questions of development when you start separating out your pieces is where and how you should be validating your data and which piece has what responsibility.
As a general guideline you want to have your parameter validation done in your view or PHP and your logic validation done in RPG. Let me expand/explain:
Parameter Validation: This is validating the type of data you will be using to call the API. The checks you will run are, for example, if the field is alpha or numeric. If the field is numeric, does it have any decimals or allow negative numbers.
Logic Validation: Once the data has been validated that is the right format and type of data, your API will validate if the call is correct. For example if you are wanting to delete a product the parameter validation will make sure the product ID that was submitted was in the correct format and then the API will determine if the product actually exists or is even allowed to be deleted (aka logic).
By having this plan in place when developing or expanding your project your developers can know who carries what responsibility.