Api pain points
48
API PAIN-POINTS GETTING THINGS WRONG FOR FUN AND PROFIT @PHILSTURGEON #PHPJOBURG14
-
Upload
phil-sturgeon -
Category
Documents
-
view
275 -
download
1
description
I've been building APIs for a long time now and it is becoming ever more common for server-side developer thanks to the rise of front-end JavaScript frameworks, iPhone applications and generally API-centric architectures. On one hand you're just grabbing stuff from a data source and shoving it out as JSON, but surviving changes in business logic, database schema updates, new or deprecated etc gets super difficult. This talk will outline the common pitfalls developers get trapped in when building APIs and outline methods to avoid them, including naming stuff badly then having to rename everything, when and how to use POST/PUT/PATCH, data structures, DDoSing yourself because pagination, picking your authentication system and all sorts of other stuff.
Transcript of Api pain points
API PAIN-POINTSGETTING THINGS WRONG FOR FUN AND PROFIT
@PHILSTURGEON #PHPJOBURG14
http://girlsgotsole.com/blog/thankful-thursday-rest-days/
DATABASE SEEDINGLEAVE YOUR CUSTOMERS ALONE
ENDPOINT THEORYNAMING THINGS IS HARD
PLURAL V SINGULAR?CONSISTENCY IS KING
/user/23
/user
s
PLURAL V SINGULAR?CONSISTENCY IS KING
/opportunity/
43
/opportunitie
s
PLURAL V SINGULAR?CONSISTENCY IS KING
/places/places/12/places/12/checkins/places/12/checkins/34/checkins/34
NO NEED FOR SEOQUERY STRINGS ARE FINE
/users/active/true
/users?active=true
AUTO-INCREMENT = BADCTRL + S YOUR WEBSITE
/checkins/
1/
checkins/2
/checkins/2369
…
/checkins/
3
AUTO-INCREMENT = BADCTRL + S YOUR WEBSITE
https://github.com/zackkitzmiller/tiny-php
https://github.com/ramsey/uuid
WHICH METHODSVERB SOUP
List GET /users Create POST /usersRead GET /users/XUpdate PUT /users/XDelete DELETE /users/XImage PUT /users/X/imageImage POST /users/X/imagesFavorites GET /users/X/favoritesCheckins GET /users/X/checkins
FORM PAYLOADSJUST SEND JSON
foo=something&bar[baz]=thing&bar[stuff]=junk&bar=true
22
HACKY PAYLOADSNOT LIKE THAT
REAL JSON PAYLOADSTHNX!
200 = OK
2xx is all about success3xx is all about
redirection4xx is all about client
errors5xx is all about service
errors
200 - Generic everything is OK
201 - Created something OK
202 - Accepted but is being processed async
400 - Bad Request (Validation?)
401 - Unauthorized
403 - Current user is forbidden
404 - That URL is not a valid route
410 - Data has been deleted, deactivated, suspended, etc
405 - Method Not Allowed
500 - Something unexpected happened and it is the APIs fault
503 - API is not here right now, please try again later
SUPPLEMENT HTTP CODESWHAT HAPPENED
{"error": {
"type": "OAuthException", "message": "Session has expired at unix
time 1385243766. The current unix time is 1385848532"
}}
SUPPLEMENT HTTP CODESWHAT HAPPENED
{"error": {
"type": "OAuthException","code": “ERR-1012“,
"message": "Session has expired at unix time 1385243766. The current unix time is 1385848532"
}}
AUTHENTICATION STRATEGYHOW MUCH DO YOU CARE
HTTP Basic
HTTP Digest
OAuth 1.0a
OAuth 2.0
OAUTH 2.0
thephpleague.com
github.com/thephpleague/oauth2-server
USE SSL
OAUTH 2 CAN DO A LOTPASSWORDS, IMPLICIT, SOCIAL LOGINS…
TRANSFORMERS… ASSEMBLE!
FLEXIBLE RESPONSESSTOP YOUR IPHONE DEV COMPLAINING
GET /checkins/dsfXte ?
include=place,user,activity
PAGINATEDATA GROWS FAST
{"data": [
...],"cursors": { "after": "MTI=", "next_url": "https://api.example.com/
places?cursor=MTI%3&number=12"
}}
DEFINE A MAXIMUMPAGINATION DDOS
if ($limit > 100) {
$limit = 100;}
PHPUNIT + BEHAT
http://www.bil-jac.com/bestfriendsclub.php
AUTOMATE TESTINGIF YOU LOVE YOUR JOB
Scenario: Find a merchant When I request "GET /moments/1" Then I get a "200" response And scope into the "data" property And the properties exist: """ id … created_at """
Scenario: Try to find an invalid checkin
When I request "GET /checkins/nope"
Then I get a "404" response
Scenario:Wrong Arguments for user follow
Given I have the payload: """ {"is_following": "foo"} """
When I request "PUT /users/1”
Then I get a "400" response
apiblueprint.org
ARCHITECTUREOLD SCHOOL
