API PAIN-POINTS
GETTING THINGS WRONG FOR FUN AND PROFIT
@PHILSTURGEON #PHPCAPETOWN14
ARCHITECTURE
OLD SCHOOL
http://girlsgotsole.com/blog/thankful-thursday-rest-days/
DATABASE SEEDING
LEAVE YOUR CUSTOMERS ALONE
ENDPOINT THEORY
NAMING THINGS IS HARD
PLURAL V SINGULAR?
CONSISTENCY IS KING
/user/23
/user
s
PLURAL V SINGULAR?
CONSISTENCY IS KING
/opportunity/43
/opportunities
PLURAL V SINGULAR?
CONSISTENCY IS KING
/places
/places/12
/places/12/checkins
/places/12/checkins/34
/checkins/34
NO NEED FOR SEO
QUERY STRINGS ARE FINE
/users/active/true
/users?active=tru
e
AUTO-INCREMENT = BAD
CTRL + S YOUR WEBSITE
/checkins/1
/checkins/2
/checkins/236
9
…
/checkins/3
AUTO-INCREMENT = BAD
CTRL + S YOUR WEBSITE
https://github.com/zackkitzmiller/tiny-php
https://github.com/ramsey/uuid
WHICH METHODS
VERB SOUP
List GET /users
Read GET /users/X
Update PUT /users/X
Update PATCH /users/X
Create POST /users
Del...
FORM PAYLOADS
JUST SEND JSON
foo=something&bar[baz]=thi
ng
23
HACKY PAYLOADS
NOT LIKE THAT
REAL JSON PAYLOADS
THNX!
200 = OK
Or deal with Chuck
2xx is all about success
3xx is all about redirection
4xx is all about client errors
5xx is all about service errors
200 - Generic everything is OK
201 - Created something OK
202 - Accepted but is being processed async
400 - Bad Request (V...
SUPPLEMENT HTTP CODES
WHAT HAPPENED
{
"error": {
"type": "OAuthException",
"message": "Session has expired at unix time
13...
SUPPLEMENT HTTP CODES
WHAT HAPPENED
{
"error": {
"type": "OAuthException",
"code": “ERR-1012“,
"message": "Session has exp...
AUTHENTICATION STRATEGY
HOW MUCH DO YOU CARE
HTTP Basic
HTTP Digest
OAuth 1.0a
OAuth 2.0
OAUTH 2 CAN DO A LOT
PASSWORDS, IMPLICIT, SOCIAL LOGINS…
OAUTH 2.0
thephpleague.com
github.com/thephpleague/oauth2-server
USE SSL
LOL
EXCEPT FOR…
TRANSFORMERS… ASSEMBLE!
FLEXIBLE RESPONSES
STOP YOUR IPHONE DEV COMPLAINING
GET /checkins/dsfXte
?include=place,user,activity
PAGINATE
DATA GROWS FAST
{
"data": [
...
],
"cursors": {
"after": "MTI=",
"next_url": "https://api.example.com/places
?cur...
DEFINE A LIMIT RANGE
PAGINATION DDOS
if ($limit < 1 || $limit > 100) {
$limit = 100;
}
AUTOMATE TESTING
IF YOU LOVE YOUR JOB
http://www.engineersgotblued.com/
PHPUNIT + BEHAT
http://www.bil-jac.com/bestfriendsclub.php
Scenario: Find a merchant
When I request "GET
/moments/1"
Then I get a "200" response
And scope into the "data"
property
A...
Scenario: Try to find an invalid
checkin
When I request "GET
/checkins/nope"
Then I get a "404" response
Scenario:Wrong Arguments for user
follow
Given I have the payload:
"""
{"is_following": "foo"}
"""
When I request "PUT /us...
apiblueprint.org
VERSIONING
/V1/DOESNT COUNT
https://api.example.com/v1/places
VERSIONING
/V1/DOESNT COUNT
https://api-v1.example.com/places
VERSIONING
/V1/DOESNT COUNT
Accept: application/vnd.com.example.api-v1+json
Accept: application/vnd.com.example.api-v2+json
VERSIONING
/V1/DOESNT COUNT
Accept: application/vnd.com.example.user-v2+json
Accept: application/vnd.com.example.user-v3+j...
VERSIONING
/V1/DOESNT COUNT
Copy Facebook
Maybe?
THIS ONE TIME!
EVERYTHING IS WRONG
DONT BE THAT GUY
troyhunt.com/2014/02/your-api-versioning-is-wrong-which-is.html
leanpub.com/build-apis-you-wont-hate/c/CAPEMAN2014
Api pain points
Api pain points
Api pain points
Api pain points
Api pain points
Api pain points
Api pain points
Api pain points
Api pain points
Api pain points
Api pain points
Api pain points
Api pain points
Api pain points
Api pain points
Nächste SlideShare
Wird geladen in …5
×

Api pain points

3.032 Aufrufe

Veröffentlicht am

Veröffentlicht in: Technologie
0 Kommentare
5 Gefällt mir
Statistik
Notizen
  • Als Erste(r) kommentieren

Keine Downloads
Aufrufe
Aufrufe insgesamt
3.032
Auf SlideShare
0
Aus Einbettungen
0
Anzahl an Einbettungen
221
Aktionen
Geteilt
0
Downloads
38
Kommentare
0
Gefällt mir
5
Einbettungen 0
Keine Einbettungen

Keine Notizen für die Folie

Api pain points

  1. 1. API PAIN-POINTS GETTING THINGS WRONG FOR FUN AND PROFIT @PHILSTURGEON #PHPCAPETOWN14
  2. 2. ARCHITECTURE OLD SCHOOL
  3. 3. http://girlsgotsole.com/blog/thankful-thursday-rest-days/
  4. 4. DATABASE SEEDING LEAVE YOUR CUSTOMERS ALONE
  5. 5. ENDPOINT THEORY NAMING THINGS IS HARD
  6. 6. PLURAL V SINGULAR? CONSISTENCY IS KING /user/23 /user s
  7. 7. PLURAL V SINGULAR? CONSISTENCY IS KING /opportunity/43 /opportunities
  8. 8. PLURAL V SINGULAR? CONSISTENCY IS KING /places /places/12 /places/12/checkins /places/12/checkins/34 /checkins/34
  9. 9. NO NEED FOR SEO QUERY STRINGS ARE FINE /users/active/true /users?active=tru e
  10. 10. AUTO-INCREMENT = BAD CTRL + S YOUR WEBSITE /checkins/1 /checkins/2 /checkins/236 9 … /checkins/3
  11. 11. AUTO-INCREMENT = BAD CTRL + S YOUR WEBSITE https://github.com/zackkitzmiller/tiny-php https://github.com/ramsey/uuid
  12. 12. WHICH METHODS VERB SOUP List GET /users Read GET /users/X Update PUT /users/X Update PATCH /users/X Create POST /users Delete DELETE /users/X Image PUT /users/X/image Images POST /users/X/images Favorites GET /users/X/favorites Checkins GET /users/X/checkins
  13. 13. FORM PAYLOADS JUST SEND JSON foo=something&bar[baz]=thi ng 23
  14. 14. HACKY PAYLOADS NOT LIKE THAT
  15. 15. REAL JSON PAYLOADS THNX!
  16. 16. 200 = OK Or deal with Chuck
  17. 17. 2xx is all about success 3xx is all about redirection 4xx is all about client errors 5xx is all about service errors
  18. 18. 200 - Generic everything is OK 201 - Created something OK 202 - Accepted but is being processed async 400 - Bad Request (Validation?) 401 - Unauthorized 403 - Current user is forbidden 404 - That URL is not a valid route 405 - Method Not Allowed 410 - Data has been deleted, deactivated, suspended, etc 500 - Something unexpected happened and it is the APIs fault 503 - API is not here right now, please try again later
  19. 19. SUPPLEMENT HTTP CODES WHAT HAPPENED { "error": { "type": "OAuthException", "message": "Session has expired at unix time 1385243766. The current unix time is 1385848532" } }
  20. 20. SUPPLEMENT HTTP CODES WHAT HAPPENED { "error": { "type": "OAuthException", "code": “ERR-1012“, "message": "Session has expired at unix time 1385243766. The current unix time is 1385848532" } }
  21. 21. AUTHENTICATION STRATEGY HOW MUCH DO YOU CARE HTTP Basic HTTP Digest OAuth 1.0a OAuth 2.0
  22. 22. OAUTH 2 CAN DO A LOT PASSWORDS, IMPLICIT, SOCIAL LOGINS…
  23. 23. OAUTH 2.0 thephpleague.com github.com/thephpleague/oauth2-server
  24. 24. USE SSL
  25. 25. LOL EXCEPT FOR…
  26. 26. TRANSFORMERS… ASSEMBLE!
  27. 27. FLEXIBLE RESPONSES STOP YOUR IPHONE DEV COMPLAINING GET /checkins/dsfXte ?include=place,user,activity
  28. 28. PAGINATE DATA GROWS FAST { "data": [ ... ], "cursors": { "after": "MTI=", "next_url": "https://api.example.com/places ?cursor=MTI%3&number=12" } }
  29. 29. DEFINE A LIMIT RANGE PAGINATION DDOS if ($limit < 1 || $limit > 100) { $limit = 100; }
  30. 30. AUTOMATE TESTING IF YOU LOVE YOUR JOB http://www.engineersgotblued.com/
  31. 31. PHPUNIT + BEHAT http://www.bil-jac.com/bestfriendsclub.php
  32. 32. Scenario: Find a merchant When I request "GET /moments/1" Then I get a "200" response And scope into the "data" property And the properties exist: """ id … created_at
  33. 33. Scenario: Try to find an invalid checkin When I request "GET /checkins/nope" Then I get a "404" response
  34. 34. Scenario:Wrong Arguments for user follow Given I have the payload: """ {"is_following": "foo"} """ When I request "PUT /users/1” Then I get a "400" response
  35. 35. apiblueprint.org
  36. 36. VERSIONING /V1/DOESNT COUNT https://api.example.com/v1/places
  37. 37. VERSIONING /V1/DOESNT COUNT https://api-v1.example.com/places
  38. 38. VERSIONING /V1/DOESNT COUNT Accept: application/vnd.com.example.api-v1+json Accept: application/vnd.com.example.api-v2+json
  39. 39. VERSIONING /V1/DOESNT COUNT Accept: application/vnd.com.example.user-v2+json Accept: application/vnd.com.example.user-v3+json
  40. 40. VERSIONING /V1/DOESNT COUNT Copy Facebook Maybe? THIS ONE TIME!
  41. 41. EVERYTHING IS WRONG DONT BE THAT GUY troyhunt.com/2014/02/your-api-versioning-is-wrong-which-is.html
  42. 42. leanpub.com/build-apis-you-wont-hate/c/CAPEMAN2014

×