Post on 18-Dec-2014
description
API PAIN-POINTSGETTING THINGS WRONG FOR FUN AND PROFIT
@PHILSTURGEON #PHPJOBURG14
http://girlsgotsole.com/blog/thankful-thursday-rest-days/
DATABASE SEEDINGLEAVE YOUR CUSTOMERS ALONE
ENDPOINT THEORYNAMING THINGS IS HARD
PLURAL V SINGULAR?CONSISTENCY IS KING
/user/23
/user
s
PLURAL V SINGULAR?CONSISTENCY IS KING
/opportunity/
43
/opportunitie
s
PLURAL V SINGULAR?CONSISTENCY IS KING
/places/places/12/places/12/checkins/places/12/checkins/34/checkins/34
NO NEED FOR SEOQUERY STRINGS ARE FINE
/users/active/true
/users?active=true
AUTO-INCREMENT = BADCTRL + S YOUR WEBSITE
/checkins/
1/
checkins/2
/checkins/2369
…
/checkins/
3
AUTO-INCREMENT = BADCTRL + S YOUR WEBSITE
https://github.com/zackkitzmiller/tiny-php
https://github.com/ramsey/uuid
WHICH METHODSVERB SOUP
List GET /users Create POST /usersRead GET /users/XUpdate PUT /users/XDelete DELETE /users/XImage PUT /users/X/imageImage POST /users/X/imagesFavorites GET /users/X/favoritesCheckins GET /users/X/checkins
FORM PAYLOADSJUST SEND JSON
foo=something&bar[baz]=thing&bar[stuff]=junk&bar=true
22
HACKY PAYLOADSNOT LIKE THAT
REAL JSON PAYLOADSTHNX!
200 = OK
2xx is all about success3xx is all about
redirection4xx is all about client
errors5xx is all about service
errors
200 - Generic everything is OK
201 - Created something OK
202 - Accepted but is being processed async
400 - Bad Request (Validation?)
401 - Unauthorized
403 - Current user is forbidden
404 - That URL is not a valid route
410 - Data has been deleted, deactivated, suspended, etc
405 - Method Not Allowed
500 - Something unexpected happened and it is the APIs fault
503 - API is not here right now, please try again later
SUPPLEMENT HTTP CODESWHAT HAPPENED
{"error": {
"type": "OAuthException", "message": "Session has expired at unix
time 1385243766. The current unix time is 1385848532"
}}
SUPPLEMENT HTTP CODESWHAT HAPPENED
{"error": {
"type": "OAuthException","code": “ERR-1012“,
"message": "Session has expired at unix time 1385243766. The current unix time is 1385848532"
}}
AUTHENTICATION STRATEGYHOW MUCH DO YOU CARE
HTTP Basic
HTTP Digest
OAuth 1.0a
OAuth 2.0
OAUTH 2.0
thephpleague.com
github.com/thephpleague/oauth2-server
USE SSL
OAUTH 2 CAN DO A LOTPASSWORDS, IMPLICIT, SOCIAL LOGINS…
TRANSFORMERS… ASSEMBLE!
FLEXIBLE RESPONSESSTOP YOUR IPHONE DEV COMPLAINING
GET /checkins/dsfXte ?
include=place,user,activity
PAGINATEDATA GROWS FAST
{"data": [
...],"cursors": { "after": "MTI=", "next_url": "https://api.example.com/
places?cursor=MTI%3&number=12"
}}
DEFINE A MAXIMUMPAGINATION DDOS
if ($limit > 100) {
$limit = 100;}
PHPUNIT + BEHAT
http://www.bil-jac.com/bestfriendsclub.php
AUTOMATE TESTINGIF YOU LOVE YOUR JOB
Scenario: Find a merchant When I request "GET /moments/1" Then I get a "200" response And scope into the "data" property And the properties exist: """ id … created_at """
Scenario: Try to find an invalid checkin
When I request "GET /checkins/nope"
Then I get a "404" response
Scenario:Wrong Arguments for user follow
Given I have the payload: """ {"is_following": "foo"} """
When I request "PUT /users/1”
Then I get a "400" response
apiblueprint.org
ARCHITECTUREOLD SCHOOL