Get Some REST: Best RESTful API Practices About Me Lorna Jane - - PowerPoint PPT Presentation

get some rest best restful api practices about me
SMART_READER_LITE
LIVE PREVIEW

Get Some REST: Best RESTful API Practices About Me Lorna Jane - - PowerPoint PPT Presentation

Apr 25, 2023 134 likes •613 views

Get Some REST: Best RESTful API Practices About Me Lorna Jane Mitchell PHP Consultant/Developer API Specialist Author of PHP Master Twitter: @lornajane Website: http://lornajane.net 2 About REST REpresentational State

slide-1
SLIDE 1

Get Some REST: Best RESTful API Practices

slide-2
SLIDE 2

About Me

2

  • Lorna Jane Mitchell
  • PHP Consultant/Developer
  • API Specialist
  • Author of PHP Master
  • Twitter: @lornajane
  • Website: http://lornajane.net
slide-3
SLIDE 3

About REST

3

  • REpresentational State Transfer
  • Everything is a resource
  • Representations get passed around
  • Great for data-driven applications
slide-4
SLIDE 4

Not RESTful

4

Clues that your service isn’t RESTful:

  • It has a single endpoint
slide-5
SLIDE 5

Not RESTful

4

Clues that your service isn’t RESTful:

  • It has a single endpoint
  • All requests are POSTs
slide-6
SLIDE 6

Not RESTful

4

Clues that your service isn’t RESTful:

  • It has a single endpoint
  • All requests are POSTs
  • Response metadata is in the body, not header
slide-7
SLIDE 7

Not RESTful

4

Clues that your service isn’t RESTful:

  • It has a single endpoint
  • All requests are POSTs
  • Response metadata is in the body, not header
  • There are verbs in the URL
slide-8
SLIDE 8

Not RESTful

4

Clues that your service isn’t RESTful:

  • It has a single endpoint
  • All requests are POSTs
  • Response metadata is in the body, not header
  • There are verbs in the URL
  • The URL includes method names
slide-9
SLIDE 9

RESTful != Useful

slide-10
SLIDE 10

Best Practices

slide-11
SLIDE 11

Use Existing Skills/Tools

slide-12
SLIDE 12

Existing Skills

8

slide-13
SLIDE 13

MVC Applications

9

Model-View-Controller becomes Model-Controller-Output Handler

slide-14
SLIDE 14

MVC Applications

10

Model-View-Controller becomes Model-Controller-Output Handler

  • utput

controller model index

slide-15
SLIDE 15

Output Handlers: JSON

11

class JsonView extends ApiView { public function render($content) { header('Content-Type: application/json; charset=utf8'); echo $this->buildOutput($content); return true; } /** * Function to build output, can be used by JSON and JSONP */ protected function buildOutput ($content) { $content = $this->addCount($content); $retval = json_encode($content, JSON_NUMERIC_CHECK); return $retval; } }

slide-16
SLIDE 16

Meaningful URL Structure

slide-17
SLIDE 17

Meaningful URLs

13

What would you expect to find at:

http://api.joind.in/v2.1/events?filter=upcoming

slide-18
SLIDE 18

Meaningful URLs

13

What would you expect to find at:

http://api.joind.in/v2.1/events?filter=upcoming http://api.joind.in/v2.1/events/853

slide-19
SLIDE 19

Meaningful URLs

13

What would you expect to find at:

http://api.joind.in/v2.1/events?filter=upcoming http://api.joind.in/v2.1/events/853 http://api.joind.in/v2.1/events/853/talks

slide-20
SLIDE 20

Meaningful URLs

13

What would you expect to find at:

http://api.joind.in/v2.1/events?filter=upcoming http://api.joind.in/v2.1/events/853 http://api.joind.in/v2.1/events/853/talks http://api.joind.in/v2.1/talks/6232

slide-21
SLIDE 21

Meaningful URLs

13

What would you expect to find at:

http://api.joind.in/v2.1/events?filter=upcoming http://api.joind.in/v2.1/events/853 http://api.joind.in/v2.1/events/853/talks http://api.joind.in/v2.1/talks/6232 http://api.joind.in/v2.1/talks/6232/comments

slide-22
SLIDE 22

Verbs and URLs

14

These URLs give us representations of either resources or collections

  • f resources

We use HTTP verbs to operate on these resources

Verb Collection Resource GET fetch resources fetch resource POST create a resource in this collection PUT create or update a resource here PATCH update part of a resource DELETE delete a resource

slide-23
SLIDE 23

Identifying Resources

15

What is a "resource"?

  • Maybe a database row
  • Maybe an item with some information from other tables
  • Talks also show speaker names, for example
  • Maybe a sub-resource
slide-24
SLIDE 24

Considering Sub-Resources

16

Common pitfall: http://example.com/articles/42/activate

slide-25
SLIDE 25

Considering Sub-Resources

16

Common pitfall: http://example.com/articles/42/activate We have two options GET http://example.com/articles/42, change the "active" flag, and PUT it back

slide-26
SLIDE 26

Considering Sub-Resources

16

Common pitfall: http://example.com/articles/42/activate We have two options GET http://example.com/articles/42, change the "active" flag, and PUT it back Make a subresource, then you can just work with

http://example.com/articles/42/active

slide-27
SLIDE 27

Hypermedia

slide-28
SLIDE 28

Hypermedia

18

GET http://api.joind.in/v2.1/events/853

slide-29
SLIDE 29

Hypermedia

19

  • Consumers can follow links rather than construct them
  • Providers can change link structures

$event_url = 'http://api.joind.in/v2.1/events/853'; $event_data = json_decode( file_get_contents($event_url), TRUE); // get event talks $talks = json_decode( file_get_contents($event_data['events'][0]['talks_uri']), TRUE ); print_r($talks['talks'][0]);

slide-30
SLIDE 30

Content Negotiation

slide-31
SLIDE 31

Content Negotiation

21

We use the Accept and Content-Type headers to agree what formats to use. Common examples:

  • application/json
  • application/xml
  • text/html

Next stage: use Media Types for custom/versioned representations

slide-32
SLIDE 32

Content Negotiation Confession

22

The joind.in API also allows ?format=json as an override

slide-33
SLIDE 33

Error Handling

slide-34
SLIDE 34

Simple Error Rules for Service Providers

24

  • Use expected format
  • Give meaningful messages
  • Be consistent
slide-35
SLIDE 35

Exceptions Help Consistency

25

  • utput

controller model index

slide-36
SLIDE 36

Exceptions Help Consistency

26

function handle_exception($e) { // pull the correct format before we bail global $request; header("Status: " . $e->getCode(), false, $e->getCode()); $request->view->render(array($e->getMessage())); } set_exception_handler('handle_exception');

slide-37
SLIDE 37

When Things Go Wrong

slide-38
SLIDE 38

Crisis Strategies

28

  • Lots of logging!
  • Logging rather than debug output if the client expects JSON
  • Proxy or network analyser
  • Inspects traffic without application changes
  • e.g. Wireshark or Charles proxy
  • Drop back to last known good outcome
  • Increase complexity in "baby steps"
slide-39
SLIDE 39

Protecting Yourself

slide-40
SLIDE 40

Isolate External Dependencies

30

Never call an API from your own code - have a class that wraps it. You can:

  • cache results if it is slow/flaky
  • replace it in one place later, if needed
  • write tests to check the API is still doing what you expect
  • write a mock object to replace it with for your own tests
slide-41
SLIDE 41

Respect the Danger

31

Website Digital Identity API Product API Database Mobile Application logic layer

slide-42
SLIDE 42

Respect the Danger

32

abyss Website Digital Identity API Product API Database Mobile Application logic layer

slide-43
SLIDE 43

Deliver on Time

33

How to estimate for API integration?

  • You can’t estimate an unknown task
  • Invest time in a prototype
  • In agile speak, a "spike"
slide-44
SLIDE 44

Best Practice for RESTful Applications

34

  • Use existing tools, skills and conventions
  • Deliver what’s useful to your users
  • Plan defensively
slide-45
SLIDE 45

Questions?

slide-46
SLIDE 46

Thanks!

36

@lornajane

http://lornajane.net