REST APIs for Cruel
World
(using Python)
April 12, 2004
What is REST?
• Client-Server
• Stateless
• Cacheable
• Layered System
• Uniform Interface
• Code on demand (optional)
Why REST
• REST is awesome
• SOAP is ugly
• all others are even uglier
REST ==* JSON
* at least let’s wish this
REST verbs
HTTP Method Action Examples
GET
Obtain information
about a resource
http://example.com/api/orders/
(retrieve li...
API versions
• Always use version
• Versions in URLs:
• /api/v1.0
• /api/20140412/
• Versions in headers
Authentication
• End-client to API server (oAuth)
• Server-to-Server
Server-to-Server
• API key identification
• Signing with API secret
• Timestamp (servers should be ntp synced)
• Whitelists...
import hashlib!
import hmac!
!
def get_signature(data, secret_key):!
if isinstance(data, dict):!
data = u'&'.join(!
(u'='....
timestamp = get_utc_timestamp()!
!
data = 'api_key=test&key=test&timestamp=%s' % timestamp!
!
signature = get_signature(da...
REST and Django
• Django-tastypie
• Django-rest-framework
Django-tastypie
• Django model is resource
• All actions are hardly linked with
models
• http://tastypieapi.org/
Django-rest-framework
• The Web browseable API
• Authentication policies including OAuth1a and
OAuth2 out of the box.
• Se...
from rest_framework.views import APIView!
from rest_framework.response import Response!
from rest_framework import (!
! au...
django-rest-swagger
!
!
!
!
• https://github.com/marcgibbons/django-rest-
swagger
Flask-RESTful
• http://flask-restful.readthedocs.org/en/latest/
from flask import Flask!
from flask.ext.restful import Api, Resource!
!
app = Flask(__name__)!
api = Api(app)!
!
class UserA...
API testing
class ApiAuthTestCase(BaseApiTestCase):!
def test_get_without_params(self):!
resp = self.client.get('/test')!
...
Volodymyr Hotsyk
https://github.com/hotsyk/
@hotsyk
Questions?
Reliable Python REST API (by Volodymyr Hotsyk) - Web Back-End Tech Hangout - 2014.04.12
Upcoming SlideShare
Loading in …5
×

Reliable Python REST API (by Volodymyr Hotsyk) - Web Back-End Tech Hangout - 2014.04.12

2,001
-1

Published on

On Saturday, 12 of April, regular quarterly meeting of Tech Hangout Community took place in Creative Space 12, the cultural and educational center based in Kiev! The event was held under the motto «One day of inspiring talks on Web Back-End». This time Python, Ruby and PHP developers gathered to make peace and learn the Force.

*TECH HANGOUT COMMUNITY was found in 2012 by the developers for the developers for knowledge and experience sharing. Such meetings are the part of Innovecs Educational Project that actively develops sphere of internal trainings and knowledge exchange program among professionals. This Initiative was born within the walls of Innovecs and has proved to be extremely popular and high-demand. In a short period of time it gained its own Facebook group with more than 90 members, blog with more than 40 posts and constant quarterly external meeting of Tech hangout community with more than 80 participants. The concept of the event proposes a 30-minute report on the topic previously defined, and the discussion in a roundtable session format.

Join to discuss - https://www.facebook.com/groups/techhangout/

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,001
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Reliable Python REST API (by Volodymyr Hotsyk) - Web Back-End Tech Hangout - 2014.04.12

  1. 1. REST APIs for Cruel World (using Python) April 12, 2004
  2. 2. What is REST? • Client-Server • Stateless • Cacheable • Layered System • Uniform Interface • Code on demand (optional)
  3. 3. Why REST • REST is awesome • SOAP is ugly • all others are even uglier
  4. 4. REST ==* JSON * at least let’s wish this
  5. 5. REST verbs HTTP Method Action Examples GET Obtain information about a resource http://example.com/api/orders/ (retrieve list of orders) GET Obtain information about a resource http://example.com/api/orders/123 (retrieve order #123) POST Create a new resource http://example.com/api/orders (create a new order, from data provided with the request) PUT Update a resource http://example.com/api/orders/123 (update order #123, from data provided with the request) DELETE Delete a resource http://example.com/api/orders/123 (delete order #123)
  6. 6. API versions • Always use version • Versions in URLs: • /api/v1.0 • /api/20140412/ • Versions in headers
  7. 7. Authentication • End-client to API server (oAuth) • Server-to-Server
  8. 8. Server-to-Server • API key identification • Signing with API secret • Timestamp (servers should be ntp synced) • Whitelists (optional)
  9. 9. import hashlib! import hmac! ! def get_signature(data, secret_key):! if isinstance(data, dict):! data = u'&'.join(! (u'='.join((key, value))! for (key, value) in sorted(data.iteritems())))! hash_key = hmac.new(! ! ! secret_key, ! ! ! data.encode('utf-8'), ! ! ! hashlib.sha256)! return hash_key.hexdigest()
  10. 10. timestamp = get_utc_timestamp()! ! data = 'api_key=test&key=test&timestamp=%s' % timestamp! ! signature = get_signature(data, TEST_SECRET_KEY)! ! resp = (! ! self.client.get(“/test?%s&signature=%s" % (! ! ! data, signature))! )
  11. 11. REST and Django • Django-tastypie • Django-rest-framework
  12. 12. Django-tastypie • Django model is resource • All actions are hardly linked with models • http://tastypieapi.org/
  13. 13. Django-rest-framework • The Web browseable API • Authentication policies including OAuth1a and OAuth2 out of the box. • Serialization that supports both ORM and non-ORM data sources. • Customizable all the way down • http://www.django-rest-framework.org/
  14. 14. from rest_framework.views import APIView! from rest_framework.response import Response! from rest_framework import (! ! authentication, permissions! )! ! class ListUsers(APIView):! ! authentication_classes = (! ! ! authentication.TokenAuthentication,)! permission_classes = (permissions.IsAdminUser,)! ! def get(self, request, format=None):! usernames = [! ! ! ! user.username for user in User.objects.all()]! return Response(usernames)
  15. 15. django-rest-swagger ! ! ! ! • https://github.com/marcgibbons/django-rest- swagger
  16. 16. Flask-RESTful • http://flask-restful.readthedocs.org/en/latest/
  17. 17. from flask import Flask! from flask.ext.restful import Api, Resource! ! app = Flask(__name__)! api = Api(app)! ! class UserAPI(Resource):! def get(self, id):! pass! ! def put(self, id):! pass! ! def delete(self, id):! pass! ! api.add_resource(UserAPI, '/users/<int:id>', endpoint = 'user')
  18. 18. API testing class ApiAuthTestCase(BaseApiTestCase):! def test_get_without_params(self):! resp = self.client.get('/test')! self.assertEquals(resp.status_code, 400)! ! def test_post_without_params(self):! resp = self.client.post('/test')! self.assertEquals(resp.status_code, 400)! ! def test_get_bad_signature(self):! timestamp = get_utc_timestamp()! resp = self.client.get(! '/test?key=test&api_key=test&signature=bad&timestamp=%s' %! timestamp)! self.assertEquals(resp.status_code, 403)!
  19. 19. Volodymyr Hotsyk https://github.com/hotsyk/ @hotsyk Questions?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×