don't screw it up: how to build durable web apis
TRANSCRIPT
Full stack is dead
Microservice Architecture, [...] a particular way of designing software applications as suites of independently deployable serviceshttp://martinfowler.com/articles/microservices.html
“
”
Full stack is dead
Microservice Architecture, [...] a particular way of designing software applications as suites of independently deployable serviceshttp://martinfowler.com/articles/microservices.html
“
”
SERVICE-ORIENTEDARCHITECTURES
GET vs POST
“The difference is that in a GET request you have the parameters in the url , with a POST the parameters are in the request’s body”
HTTP FUNDAMENTALS
HEADERSAccept
Accept-Encoding Accept-Language
Cookie
Content-Type
Referer
If-Modified-Since
If-None-Match
Origin User-Agent
Cache-Control
WAKA
“A new protocol designed to match the efficiency of well-designed Web Applications”
http://tools.ietf.org/agenda/83/slides/slides-83-httpbis-5.pdf
SPDY/1..3
A protocol “invented” by Google, which supports:
extended compression
multiplexing
prioritization
server push
SPDY/1..3
A protocol “invented” by Google, which supports:
extended compression
multiplexing
prioritization
server push
SPDY/1..3
A protocol “invented” by Google, which supports:
extended compression
multiplexing
prioritization
server push
SPDY/1..3
A protocol “invented” by Google, which supports:
extended compression
multiplexing
prioritization
server push
SPDY/1..3
A protocol “invented” by Google, which supports:
extended compression
multiplexing
prioritization
server push
Work around bugs
https://gist.github.com/odino/11295759/revisions
Work around bugs
https://gist.github.com/odino/11295759/revisions
Failover
HTTP/1.1 200 OKDate: Fri, 25 Apr 2014 16:52:37 GMTContent-Type: application/jsonTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingCache-Control: stale-if-error=3600, stale-while-revalidate=6000Age: 0Via: 1.1 varnishX-Cache: MISSAlternate-Protocol: 443:npn-spdy/2
Failover
HTTP/1.1 200 OKDate: Fri, 25 Apr 2014 16:52:37 GMTContent-Type: application/jsonTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingCache-Control: stale-if-error=3600, stale-while-revalidate=6000Age: 0Via: 1.1 varnishX-Cache: MISSAlternate-Protocol: 443:npn-spdy/2
Failover
HTTP/1.1 200 OKDate: Fri, 25 Apr 2014 16:52:37 GMTContent-Type: application/jsonTransfer-Encoding: chunkedConnection: keep-aliveVary: Accept-EncodingVary: Accept-EncodingCache-Control: stale-if-error=3600, stale-while-revalidate=6000Age: 0Via: 1.1 varnishX-Cache: MISSalternate-protocol: : 443:npn-spdy/2Alternate-Protocol: 443:npn-spdy/2
cache availableif the backend
is down
Versioning to the rescue
https://gist.github.com/odino/bf4c7468cba8b16c6493
Versioning to the rescue
https://gist.github.com/odino/f820dda941bf44aa7605
Versioning to the rescue
https://gist.github.com/odino/b5d963d8f8aec904d76c
Versioning to the rescue
https://gist.github.com/odino/0fbb5be8113deed752fc
Detecting the version
https://gist.github.com/odino/f5a1026449e35cfa8a29
Detecting the version
https://gist.github.com/odino/f5a1026449e35cfa8a29
Here it belongs tothe route/controller,
you need it at theRequest level
Detecting the version
https://gist.github.com/odino/f5a1026449e35cfa8a29
Use a header!
Detecting the version
https://gist.github.com/odino/bf4c7468cba8b16c6493
Let Nginx do the dirty work
https://gist.github.com/odino/6750004f735c8d08687d
Let Nginx do the dirty work
https://gist.github.com/odino/6750004f735c8d08687d
example.org/v1/customers/1
Let Nginx do the dirty work
https://gist.github.com/odino/6750004f735c8d08687d
example.org/customers/1
Api-Version: 1
Let Nginx do the dirty work
https://gist.github.com/odino/6750004f735c8d08687d
$req->getHeader(‘Api-Version’)
Let Nginx do the dirty work
https://gist.github.com/odino/6750004f735c8d08687d
Without pollutingrouting and controllers
cURL is your best friend
curl -X GET https://api.namshi.com/products
curl -X POST https://api.namshi.com/order -data=”{...}”
curl -X DELETE ...
curl -X PATCH ...
USER TAGS
deleting a non-existent tag
200 or 204 or 404?
http://stackoverflow.com/questions/2342579/http-status-code-for-update-and-delete
USER TAGS
deleting a non-existent tag
200 or 204 or 404?
http://stackoverflow.com/questions/2342579/http-status-code-for-update-and-delete
ON STACKOVERFLOW THEY’RE
STILL FIGHTING
http://stackoverflow.com/questions/2342579/http-status-code-for-update-and-delete
The client receives a GET on /something
and will let theAPI figure out
what /u/something actually is
“Most APIs are designed by the API provider with the goal of maintaining data model purity. When building an OL, be prepared to sometimes abandon purity in favor of optimizations and/or performance.”
Daniel Jacobson,director of engineering
for the Netflix APIhttp://www.infoq.com/presentations/API-Revolution
codebase organization
one bundle for each api?
one bundle for each application?
one app for each sets of api?
STACK
https://gist.github.com/odino/b3fdacceaa0cce65fbce
iFrames to the rescue!
the iFrametriggers theajax request
on its owndomain with
the parametersin the message
CORS
on the centralizedxauth.org
http://hueniverse.com/2010/06/05/xauth-a-terrible-horrible-no-good-very-bad-idea/
(silly) browsers
WHAT. THE. HECK.
http://opensourcehacker.com/2011/03/20/android-webkit-xhr-status-code-0-and-expires-headers/
Don’t play with fire
POST https://api.example.com/login
200 OKdate: Thu, 01 May 2014 21:52:33 GMTcontent-type: application/jsontransfer-encoding: chunkedconnection: closeset-cookie: login=...;cache-control: no-cache
{ "email"=>"[email protected]", "firstName"=>"Alex", "lastName"=>"Nadalin", "birthday"=>"21/10/1988",
}
Security matters
while(1);[ "[email protected]", "[email protected]", ...
]
http://bit.ly/why-does-google
github.com/cirpo
twitter.com/cirpo
cirpo.org
github.com/odino
twitter.com/_odino_
odino.org
Namshi Lead Developer Namshi VP Technology
CREDITS
http://www.panoramio.com/photo/30329016https://farm3.staticflickr.com/2199/2365883747_3a5c753719_o.jpg
http://news.buzzbuzzhome.com/2013/04/top-7-aerial-photos-cities.htmlhttps://www.flickr.com/photos/superlekker/5917559189/sizes/lhttps://www.flickr.com/photos/derekbruff/12336187505/sizes/l
https://www.flickr.com/photos/chberge/3803475294/sizes/lhttps://www.flickr.com/photos/neilsingapore/8057578769
https://www.flickr.com/photos/dionnehartnett/6805481856/sizes/lhttps://www.flickr.com/photos/thomashawk/186339737
https://www.flickr.com/photos/cesarastudillo/3981364314/sizes/lhttps://www.flickr.com/photos/an_untrained_eye/6630719431
https://www.flickr.com/photos/30835738@N03/7936491790/sizes/lhttps://www.flickr.com/photos/deboni/2959228565/sizes/lhttps://www.flickr.com/photos/ghalog/6782751111/sizes/l
https://www.flickr.com/photos/timzim/177640262/sizes/o/https://www.flickr.com/photos/innoxiuss/2824204305
https://www.flickr.com/photos/hawk59/6038847752/sizes/lhttps://www.flickr.com/photos/remydwd/5487417702/sizes/l
https://www.flickr.com/photos/rammorrison/4359793666/sizes/o/https://www.flickr.com/photos/piers_nye/2501994750/sizes/o/
https://www.flickr.com/photos/danielygo/7559750132/sizes/lhttps://www.flickr.com/photos/msc72/2600035028/sizes/l
https://www.flickr.com/photos/sicilianitaliano/3609275241/sizes/lhttps://www.flickr.com/photos/scottmontreal/7235110028/sizes/lhttps://www.flickr.com/photos/piet_musterd/6170853224/sizes/l
https://www.flickr.com/photos/music_embassy/7137413247/sizes/lhttp://upload.wikimedia.org/wikipedia/commons/9/9c/William_James_b1842c.jpg
http://theverybesttop10.files.wordpress.com/2013/08/the-world_s-top-10-things-no-person-with-a-ocd-should-see-1.jpg
https://www.flickr.com/photos/62244271@N03/8553590682/sizes/l