Your SlideShare is downloading. ×
Reliable Python REST API (by Volodymyr Hotsyk) - Web Back-End Tech Hangout - 2014.04.12
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Reliable Python REST API (by Volodymyr Hotsyk) - Web Back-End Tech Hangout - 2014.04.12

1,642

Published on

On Saturday, 12 of April, regular quarterly meeting of Tech Hangout Community took place in Creative Space 12, the cultural and educational center based in Kiev! The event was held under the motto …

On Saturday, 12 of April, regular quarterly meeting of Tech Hangout Community took place in Creative Space 12, the cultural and educational center based in Kiev! The event was held under the motto «One day of inspiring talks on Web Back-End». This time Python, Ruby and PHP developers gathered to make peace and learn the Force.

*TECH HANGOUT COMMUNITY was found in 2012 by the developers for the developers for knowledge and experience sharing. Such meetings are the part of Innovecs Educational Project that actively develops sphere of internal trainings and knowledge exchange program among professionals. This Initiative was born within the walls of Innovecs and has proved to be extremely popular and high-demand. In a short period of time it gained its own Facebook group with more than 90 members, blog with more than 40 posts and constant quarterly external meeting of Tech hangout community with more than 80 participants. The concept of the event proposes a 30-minute report on the topic previously defined, and the discussion in a roundtable session format.

Join to discuss - https://www.facebook.com/groups/techhangout/

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,642
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. REST APIs for Cruel World (using Python) April 12, 2004
  • 2. What is REST? • Client-Server • Stateless • Cacheable • Layered System • Uniform Interface • Code on demand (optional)
  • 3. Why REST • REST is awesome • SOAP is ugly • all others are even uglier
  • 4. REST ==* JSON * at least let’s wish this
  • 5. REST verbs HTTP Method Action Examples GET Obtain information about a resource http://example.com/api/orders/ (retrieve list of orders) GET Obtain information about a resource http://example.com/api/orders/123 (retrieve order #123) POST Create a new resource http://example.com/api/orders (create a new order, from data provided with the request) PUT Update a resource http://example.com/api/orders/123 (update order #123, from data provided with the request) DELETE Delete a resource http://example.com/api/orders/123 (delete order #123)
  • 6. API versions • Always use version • Versions in URLs: • /api/v1.0 • /api/20140412/ • Versions in headers
  • 7. Authentication • End-client to API server (oAuth) • Server-to-Server
  • 8. Server-to-Server • API key identification • Signing with API secret • Timestamp (servers should be ntp synced) • Whitelists (optional)
  • 9. import hashlib! import hmac! ! def get_signature(data, secret_key):! if isinstance(data, dict):! data = u'&'.join(! (u'='.join((key, value))! for (key, value) in sorted(data.iteritems())))! hash_key = hmac.new(! ! ! secret_key, ! ! ! data.encode('utf-8'), ! ! ! hashlib.sha256)! return hash_key.hexdigest()
  • 10. timestamp = get_utc_timestamp()! ! data = 'api_key=test&key=test&timestamp=%s' % timestamp! ! signature = get_signature(data, TEST_SECRET_KEY)! ! resp = (! ! self.client.get(“/test?%s&signature=%s" % (! ! ! data, signature))! )
  • 11. REST and Django • Django-tastypie • Django-rest-framework
  • 12. Django-tastypie • Django model is resource • All actions are hardly linked with models • http://tastypieapi.org/
  • 13. Django-rest-framework • The Web browseable API • Authentication policies including OAuth1a and OAuth2 out of the box. • Serialization that supports both ORM and non-ORM data sources. • Customizable all the way down • http://www.django-rest-framework.org/
  • 14. from rest_framework.views import APIView! from rest_framework.response import Response! from rest_framework import (! ! authentication, permissions! )! ! class ListUsers(APIView):! ! authentication_classes = (! ! ! authentication.TokenAuthentication,)! permission_classes = (permissions.IsAdminUser,)! ! def get(self, request, format=None):! usernames = [! ! ! ! user.username for user in User.objects.all()]! return Response(usernames)
  • 15. django-rest-swagger ! ! ! ! • https://github.com/marcgibbons/django-rest- swagger
  • 16. Flask-RESTful • http://flask-restful.readthedocs.org/en/latest/
  • 17. from flask import Flask! from flask.ext.restful import Api, Resource! ! app = Flask(__name__)! api = Api(app)! ! class UserAPI(Resource):! def get(self, id):! pass! ! def put(self, id):! pass! ! def delete(self, id):! pass! ! api.add_resource(UserAPI, '/users/<int:id>', endpoint = 'user')
  • 18. API testing class ApiAuthTestCase(BaseApiTestCase):! def test_get_without_params(self):! resp = self.client.get('/test')! self.assertEquals(resp.status_code, 400)! ! def test_post_without_params(self):! resp = self.client.post('/test')! self.assertEquals(resp.status_code, 400)! ! def test_get_bad_signature(self):! timestamp = get_utc_timestamp()! resp = self.client.get(! '/test?key=test&api_key=test&signature=bad&timestamp=%s' %! timestamp)! self.assertEquals(resp.status_code, 403)!
  • 19. Volodymyr Hotsyk https://github.com/hotsyk/ @hotsyk Questions?

×