The document discusses developing REST APIs with Python and Django Rest Framework (DRF). It explains the basics of REST, why it is used, and how to build a REST API with DRF including serializers, views, URLs, permissions, versioning, documentation, and testing. DRF allows building web APIs with Django that are highly configurable and have little boilerplate code. It also supports non-ORM data sources.

1. Rest API with Python
Santosh Ghimire
COO and Co-founder,
Phunka Technologies

2. REST API
REpresentational State Transfer
Not a new concept
The concepts are as old as the web itself

3. Why REST?
Client-Server
Stateless
JSON, XML, etc.
GET
PUT
POST
DELETE

4. Develop your API RESTful and go to rest….

5. REST with Python
REST API can be implemented with Python’s
web frameworks.
Django, Flask, Tornado, Pyramid

6. REST API in Django
Libraries
Django Rest Framework (DRF)
Django-Tastypie
Django-Braces
Restless

7. Django Rest Framework
Package for Django
Views, authentication and utilities for building
web APIs
Both highly configurable and low boilerplate

8. Installation
$ pip install djangorestframework
$ python manage.py syncdb
# settings.py
INSTALLED_APPS = (
...
# third party apps
'rest_framework',
...
)

9. Basic Elements
Serializers
Views
Urls

10. Serializers
from rest_framework import serializers
from .models import Book, Author
class BookSerializer(serializers.HyperlinkedModelSerializer):
class Meta:
model = Book
fields = ('name', 'price', 'category', 'url')
class AuthorSerializer(serializers.HyperlinkedModelSerializer):
class Meta:
model = Author
fields = ('name', 'creations', 'url')

11. Views
from rest_framework import viewsets, permissions
from .models import Book, Author
from .serializers import BookSerializer, AuthorSerializer
class BookViewSet(viewsets.ModelViewSet):
""" API endpoint that allows books in the library to be viewed or edited """
queryset = Book.objects.all()
serializer_class = BookSerializer
class AuthorViewSet(viewsets.ModelViewSet):
""" API endpoint that allows Authors details to be viewed or edited """
queryset = Author.objects.all()
serializer_class = AuthorSerializer
permission_classes = (permissions.IsAuthenticated,)

12. Urls
from django.conf.urls import patterns, include, url
from django.contrib import admin
from rest_framework import routers
from book import views
router = routers.DefaultRouter()
router.register(r'book', views.BookViewSet)
router.register(r'authors', views.AuthorViewSet)
admin.autodiscover()
urlpatterns = patterns( '',
url(r'^', include(router.urls)),
url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
# Django admin
url(r'^admin/', include(admin.site.urls)),
)

13. So, what’s the result?

17. Let’s add some stuffs

19. CSRF Protection
Ensure that the 'safe' HTTP operations, such as GET,
HEAD and OPTIONS can’t be used to alter any server-side
state.
Ensure that any 'unsafe' HTTP operations, such as POST,
PUT, PATCH and DELETE, always require a valid CSRF
token.

20. Setting Permissions Globally
# library/settings/base.py
...
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticatedOrReadOnly',
)
}

21. API Best Practices

22. Versioning
Clients are not generally updated
Typically handled by URL

23. Versioning
routerV1 = routers.DefaultRouter()
...
urlpatterns = patterns('',
url(r'^api/v1', include(routerV1.urls)),
)

24. Documentation
Plan your API first
Prepare documentation before you code

25. Testing
Your API is a promise to your fellow developers
Unit testing helps you keep your promises

26. Testing
from rest_framework.test import APITestCase
from .models import Book
class BookTestCase(APITestCase):
def setUp(self):
book1 = Book.objects.create(
name='Eleven Minutes',
price=2000,
category='literature'
)
def test_get_books(self):
response = self.client.get('/book/', format='json')
self.assertEqual(response.data[0]['name'], u'Eleven Minutes')

27. What about Non-ORM?
Yes ! DRF serialization supports non-ORM data
sources.
REST API implemented with Mongodb and
DRF in Meroanswer.

28. Further Reading
● http://www.django-rest-framework.org/
● http://jacobian.org/writing/rest-worst-practices/
● http://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm

29. Santosh Ghimire
COO and Co-founder, Phunka Technologies
Twitter: @SantoshGhimire
Email: santosh@phunka.com
Thanks !