api pain points
TRANSCRIPT
API PAIN-POINTSGETTING THINGS WRONG FOR FUN AND PROFIT
@PHILSTURGEON #PHPCAPETOWN14
ARCHITECTUREOLD SCHOOL
http://girlsgotsole.com/blog/thankful-thursday-rest-days/
DATABASE SEEDINGLEAVE YOUR CUSTOMERS ALONE
ENDPOINT THEORYNAMING THINGS IS HARD
PLURAL V SINGULAR?CONSISTENCY IS KING
/user/23
/user
s
PLURAL V SINGULAR?CONSISTENCY IS KING
/opportunity/
43
/opportunitie
s
PLURAL V SINGULAR?CONSISTENCY IS KING
/places/places/12/places/12/checkins/places/12/checkins/34/checkins/34
NO NEED FOR SEOQUERY STRINGS ARE FINE
/users/active/true
/users?active=true
AUTO-INCREMENT = BADCTRL + S YOUR WEBSITE
/checkins/
1/
checkins/2
/checkins/2369
…
/checkins/
3
AUTO-INCREMENT = BADCTRL + S YOUR WEBSITE
https://github.com/zackkitzmiller/tiny-php
https://github.com/ramsey/uuid
WHICH METHODSVERB SOUP
List GET /users Read GET /users/XUpdate PUT /users/XUpdate PATCH /users/XCreate POST /usersDelete DELETE /users/XImage PUT /users/X/imageImages POST /users/X/imagesFavorites GET /users/X/favoritesCheckins GET /users/X/checkins
FORM PAYLOADSJUST SEND JSON
foo=something&bar[baz]=thing&bar[stuff]=junk&bar=true
23
HACKY PAYLOADSNOT LIKE THAT
REAL JSON PAYLOADSTHNX!
200 = OKOr deal with
Chuck
2xx is all about success3xx is all about
redirection4xx is all about client
errors5xx is all about service
errors
200 - Generic everything is OK
201 - Created something OK
202 - Accepted but is being processed async
400 - Bad Request (Validation?)
401 - Unauthorized
403 - Current user is forbidden
404 - That URL is not a valid route
405 - Method Not Allowed
410 - Data has been deleted, deactivated, suspended, etc
500 - Something unexpected happened and it is the APIs fault
503 - API is not here right now, please try again later
SUPPLEMENT HTTP CODESWHAT HAPPENED
{"error": {
"type": "OAuthException", "message": "Session has expired at unix
time 1385243766. The current unix time is 1385848532"
}}
SUPPLEMENT HTTP CODESWHAT HAPPENED
{"error": {
"type": "OAuthException","code": “ERR-1012“,
"message": "Session has expired at unix time 1385243766. The current unix time is 1385848532"
}}
AUTHENTICATION STRATEGYHOW MUCH DO YOU CARE
HTTP Basic
HTTP Digest
OAuth 1.0a
OAuth 2.0
OAUTH 2 CAN DO A LOTPASSWORDS, IMPLICIT, SOCIAL LOGINS…
OAUTH 2.0
thephpleague.com
github.com/thephpleague/oauth2-server
USE SSL
LOLEXCEPT FOR…
TRANSFORMERS… ASSEMBLE!
FLEXIBLE RESPONSESSTOP YOUR IPHONE DEV COMPLAINING
GET /checkins/dsfXte ?
include=place,user,activity
PAGINATEDATA GROWS FAST
{"data": [
...],"cursors": { "after": "MTI=", "next_url": "https://api.example.com/
places?cursor=MTI%3&number=12"
}}
DEFINE A LIMIT RANGEPAGINATION DDOS
if ($limit < 1 || $limit > 100) {
$limit = 100;}
AUTOMATE TESTINGIF YOU LOVE YOUR JOB
http://www.engineersgotblued.com/
PHPUNIT + BEHAT
http://www.bil-jac.com/bestfriendsclub.php
Scenario: Find a merchant When I request "GET /moments/1" Then I get a "200" response And scope into the "data" property And the properties exist: """ id … created_at """
Scenario: Try to find an invalid checkin
When I request "GET /checkins/nope"
Then I get a "404" response
Scenario:Wrong Arguments for user follow
Given I have the payload: """ {"is_following": "foo"} """
When I request "PUT /users/1”
Then I get a "400" response
VERSIONING/V1/DOESNT COUNT
https://api.example.com/v1/places
VERSIONING/V1/DOESNT COUNT
https://api-v1.example.com/places
VERSIONING/V1/DOESNT COUNT
Accept: application/vnd.com.example.api-v1+json
Accept: application/vnd.com.example.api-v2+json
VERSIONING/V1/DOESNT COUNT
Accept: application/vnd.com.example.user-v2+json
Accept: application/vnd.com.example.user-v3+json
VERSIONING/V1/DOESNT COUNT
Copy Facebook
Maybe?
THIS ONE TIME!
EVERYTHING IS WRONGDONT BE THAT GUY
troyhunt.com/2014/02/your-api-versioning-is-wrong-which-is.html
leanpub.com/build-apis-you-wont-hate/c/CAPEMAN2014