SlideShare a Scribd company logo

POX to HATEOAS: Our Company's Journey Building a Hypermedia API

Luke Stokes
Luke Stokes

We started FoxyCart.com in 2007 and soon after slapped together some XML and called it an API. As our customer base grew and third-party integrations emerged, the need for a true REST API became a priority. Beginning in 2012, we started researching best practices for modern API development. This talk will tell the story of that research and 10-months of development that followed. You'll get a look at the HAL hypermedia format along with some best practices we came up with for our problem domain of exposing our entire admin interface. We'll cover a lot. You may need a seat belt.

Technology
1 of 33
Download to read offline
From POX to HATEOAS Our Company's Journey Building a Hypermedia API
Who... Luke Stokes Co-Founder, Developer of FoxyCart luke.stokes@foxycart.com @lukestokes http://bestoked.blogspot.com
What... FoxyCart ● ecommerce shopping cart system ● Started by Brett Florio and myself in 2005/2006, incorporated in 2007. ● SaaS (soon to be PaaS) ● Built to integrate using your css/html (we're not a CMS) ● No duplication of data
Why... No duplication? Expose our data! POX: Plain Old XML ● Confusing API actions ○ transaction_get, transaction_list, attribute_save, attribute_delete, transaction_modify, store_includes_get, etc ● Confusing request/response model ● Tight coupling between the client and server
APIs and the Internet ● Middleware ($$$) ● RPC ● SOAP ● WSDL ● Web Services (the WS-* stack) Tight Coupling! Does your browser do this?
REST to the rescue CRUD can be standardized via HTTP methods: POST/PUT = create GET = read PATCH/PUT = update DELETE = delete (goodbye *_list, *_save, *_modify, etc methods)
REST to the rescue Agreed upon response codes ● 1xx: Informational ● 2xx: Success ● 3xx: Redirection ● 4xx: Client Error (You Screwed Up) ● 5xx: Server Error (We Screwed Up) http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
But... where do we start? What's a perfect example of a REST API?
What is REST anyway? Six Constraints: ● Client-server ● Stateless ● Cacheable ● Layered system ● Code on demand (optional) ● Uniform interface ○ Identification of resources ○ Manipulation of resources through these representations ○ Self-descriptive messages ○ Hypermedia as the engine of application state
REST Client Need-to-Know ● Homepage ● Hypermedia Format ● Rel tags ● Known media types (and possibly versions) ● Bonus stuff: ○ ?limit=5&offset=10 ○ ?order=<field> desc (or asc) ○ ?fields=<field>,<field>,<field> ○ ?<field>=<value> ○ ?<field>=<some * partial value>
What's a media type? Examples: application/json application/xml application/hal+json Originally defined as MIME types (RFC 2046) Also referred to as Content-Types
Platform = Will Not Break Ecommerce site broken at 4am and you changed nothing? No one wants that phone call.
Flexible Versioning ● FOXYCART-API-VERSION header
Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json See: http://www.foxycart.com/blog/the-hypermedia-debate
Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to.
Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to. link: <https://example.com/users/2>; rel="https://example.com/rels/user"
Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to. link: <https://example.com/users/2>; rel="https://example.com/rels/user" link: <https://example.com/customers/2>; rel="https://example.com/rels/customer"
Flexible Versioning Header: FOXYCART-API-VERSION: 1 Add "awesome_sauce" field: ... "store_name":"My Store", "awesome_sauce":"pixie dust", "store_domain":"example", ... Additions? No problem!
Flexible Versioning Header: FOXYCART-API-VERSION: 1 Remove "awesome_sauce" field... Uh Oh. Option 1: rel="https://example.com/store_v2" Option 2: FOXYCART-API-VERSION: 2
XML Accepts Header HEADERS: Array ( [0] => Accept: application/hal+xml [1] => FOXYCART-API-VERSION: 1 ) curl -X GET -H "Accept: application/hal+xml" -H "FOXYCART-API-VERSION: 1" https://api-sandbox. foxycart.com/
Next...? <link rel="self" href="https://api-sandbox.foxycart.com/" title="Your API starting point."/> <link rel="https://api.foxycart.com/rels/create_client" href="https://api- sandbox.foxycart.com/clients" title="Create a client via POST."/> HATEOAS: Hypermedia as the Engine of Application State
Next...? OPTIONS curl -i -X OPTIONS -H "Authorization: Bearer cae3c0c261fc71512428d612c1d2fd2a" -H "FOXYCART-API-VERSION: 1" -H "Accept: application/hal+xml" "https://api-sandbox.foxycart.com/stores/2" HTTP/1.1 200 OK .. Allow: HEAD,GET,PUT,PATCH,DELETE ...
Next...? POST: /clients HEADERS: Array ( [0] => Accept: application/hal+xml [1] => FOXYCART-API-VERSION: 1 ) curl -X POST -H "Accept: application/hal+xml" -H "FOXYCART-API-VERSION: 1" https://api-sandbox. foxycart.com/clients
Error Handling HTTP/1.1 400 Bad Request Date: Fri, 30 Mar 2012 21:39:50 GMT Connection: close cache-control: private, must-revalidate Content-Type: application/vnd.error+xml Content-Length: 546 https://github.com/blongden/vnd.error
Error Handling <errors xml:lang="en"> <error logref=42> <message>Validation failed</message> <link rel='help' href='http://...' title='Error information'/> <link rel='describes' href='http://...' title='Error description'/> </error> </errors>
Examples! Let's take a look at the HAL Browser! Hal Talk: http://haltalk.herokuapp.com/explorer/hal_browser.html#/ Foxy Cart: http://wiki.foxycart.com/v/0.0.0/hypermedia_api https://api-sandbox.foxycart.com/hal-browser/hal_browser.html#/ https://api-sandbox.foxycart.com/hal-browser/
What's all this token stuff? * image credit: http://www.ibm.com/developerworks/library/x-androidfacebookapi/
OAuth 2.0 - Why Bother? Remember: Platform as a service! ● Hosted solutions ● Hosted CMS ● Self-hosted on a development platform Simplify where we can: ● If you created it, you get full access to it and we can skip the OAuth Dance
Client Code $resp = $client->get( $api_home_page, null, $display->getHeaders() ); $display->displayResult('Home Page',$client); $useful_links['create_client'] = $client->getLink('create_client'); $resp = $client->post( $useful_links['create_client'], $data, $display->getHeaders() );
REST is easy, right? (Nope) ● Should every resource have a custom media type? ● How should Hypermedia be represented in JSON (Collection+JSON, HAL, Siren, etc)? ● Link header exclusively or links as part of the body? ● To embedded sub resources? ● PATCH/PUT or POST? (X-HTTP-Method- Override) ● Where to put the version number?
REST is easy, right? (Nope) ● Include the full resource response when creating or use a 204? ● How do you avoid one PATCH stomping another? ○ ETags and Preconditions ○ "If-None-Match: W/"9f55f4d0f19b152a6e7c6ddeb4107e486fd7727c"" ○ "If-Modified-Since: Wed, 15 Feb 2012 12:53:52 -0800" ● How do you make hypermedia useful to the client and end user? ● Forms?
YOU NEED TESTS! Functional tests are critical ● Ensures your changes haven't broken anything old or new ● Speeds up prototyping Tests are NOT a substitute for your eyeballs
The Future Reliable platforms Consistent functionality Known, shared resources Notes: http://bestoked.blogspot.com/2012/02/restful- resources-required-reading.html http://wiki.foxycart.com/v/0.0.0/hypermedia_api

Recommended

PHP
PHPPHP
PHPJawhar Ali
 
PHP on Windows
PHP on WindowsPHP on Windows
PHP on Windowsguest60c7659
 
Web services tutorial
Web services tutorialWeb services tutorial
Web services tutorialLorna Mitchell
 
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con Innomatic
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con InnomaticCostruire applicazioni multi-tenant e piattaforme SaaS in PHP con Innomatic
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con InnomaticInnoteam Srl
 
PHP Project PPT
PHP Project PPTPHP Project PPT
PHP Project PPTPankil Agrawal
 
Tech talk php_cms
Tech talk php_cmsTech talk php_cms
Tech talk php_cmsShehrevar Davierwala
 
php
phpphp
phpbhuvana553
 
Php Ppt
Php PptPhp Ppt
Php Pptvsnmurthy
 

Recommended

PHP
PHPPHP
PHPJawhar Ali
 
PHP on Windows
PHP on WindowsPHP on Windows
PHP on Windowsguest60c7659
 
Web services tutorial
Web services tutorialWeb services tutorial
Web services tutorialLorna Mitchell
 
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con Innomatic
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con InnomaticCostruire applicazioni multi-tenant e piattaforme SaaS in PHP con Innomatic
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con InnomaticInnoteam Srl
 
PHP Project PPT
PHP Project PPTPHP Project PPT
PHP Project PPTPankil Agrawal
 
Tech talk php_cms
Tech talk php_cmsTech talk php_cms
Tech talk php_cmsShehrevar Davierwala
 
php
phpphp
phpbhuvana553
 
Php Ppt
Php PptPhp Ppt
Php Pptvsnmurthy
 
Presentation php
Presentation phpPresentation php
Presentation phpMuhammad Saqib Malik
 
Webform Server 351 Architecture and Overview
Webform Server 351 Architecture and OverviewWebform Server 351 Architecture and Overview
Webform Server 351 Architecture and Overviewddrschiw
 
Send, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script codeSend, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script codeNoushadur Shoukhin
 
Java Rest
Java Rest Java Rest
Java Rest AathikaJava
 
Lotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & ArchitectureLotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & Architectureddrschiw
 
Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)Stefan Koopmanschap
 
Java web services
Java web servicesJava web services
Java web serviceskumar gaurav
 
Up to Speed on HTML 5 and CSS 3
Up to Speed on HTML 5 and CSS 3Up to Speed on HTML 5 and CSS 3
Up to Speed on HTML 5 and CSS 3M. Jackson Wilkinson
 
The Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIThe Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIEyal Vardi
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...Maarten Balliauw
 
ASP.NET WEB API
ASP.NET WEB APIASP.NET WEB API
ASP.NET WEB APIThang Chung
 
Introduccion a HTML5
Introduccion a HTML5Introduccion a HTML5
Introduccion a HTML5Pablo Garaizar
 
Architecture of the Web browser
Architecture of the Web browserArchitecture of the Web browser
Architecture of the Web browserSabin Buraga
 
Intro to web services
Intro to web servicesIntro to web services
Intro to web servicesNeil Ghosh
 
58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-services58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-serviceshomeworkping3
 
PHP presentation - Com 585
PHP presentation - Com 585PHP presentation - Com 585
PHP presentation - Com 585jstout007
 
Php
PhpPhp
PhpSaket Shukla
 
Cgi
CgiCgi
CgiAbhishek Kesharwani
 
Web Services
Web ServicesWeb Services
Web ServicesKrish
 
IN LIVING CODING
IN LIVING CODINGIN LIVING CODING
IN LIVING CODINGkdhicks2
 
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013Luke Stokes
 
Drupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practicesDrupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practicesMayflower GmbH
 

More Related Content

What's hot

Webform Server 351 Architecture and Overview
Webform Server 351 Architecture and OverviewWebform Server 351 Architecture and Overview
Webform Server 351 Architecture and Overviewddrschiw
 
Send, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script codeSend, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script codeNoushadur Shoukhin
 
Lotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & ArchitectureLotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & Architectureddrschiw
 
Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)Stefan Koopmanschap
 
The Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIThe Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIEyal Vardi
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...Maarten Balliauw
 
Architecture of the Web browser
Architecture of the Web browserArchitecture of the Web browser
Architecture of the Web browserSabin Buraga
 
Intro to web services
Intro to web servicesIntro to web services
Intro to web servicesNeil Ghosh
 
58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-services58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-serviceshomeworkping3
 
PHP presentation - Com 585
PHP presentation - Com 585PHP presentation - Com 585
PHP presentation - Com 585jstout007
 
Web Services
Web ServicesWeb Services
Web ServicesKrish
 
IN LIVING CODING
IN LIVING CODINGIN LIVING CODING
IN LIVING CODINGkdhicks2
 

What's hot (20)

Presentation php
Presentation phpPresentation php
Presentation php
 
Webform Server 351 Architecture and Overview
Webform Server 351 Architecture and OverviewWebform Server 351 Architecture and Overview
Webform Server 351 Architecture and Overview
 
Send, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script codeSend, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script code
 
Java Rest
Java Rest Java Rest
Java Rest
 
Lotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & ArchitectureLotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & Architecture
 
Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)
 
Java web services
Java web servicesJava web services
Java web services
 
Up to Speed on HTML 5 and CSS 3
Up to Speed on HTML 5 and CSS 3Up to Speed on HTML 5 and CSS 3
Up to Speed on HTML 5 and CSS 3
 
The Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIThe Full Power of ASP.NET Web API
The Full Power of ASP.NET Web API
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
 
ASP.NET WEB API
ASP.NET WEB APIASP.NET WEB API
ASP.NET WEB API
 
Introduccion a HTML5
Introduccion a HTML5Introduccion a HTML5
Introduccion a HTML5
 
Architecture of the Web browser
Architecture of the Web browserArchitecture of the Web browser
Architecture of the Web browser
 
Intro to web services
Intro to web servicesIntro to web services
Intro to web services
 
58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-services58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-services
 
PHP presentation - Com 585
PHP presentation - Com 585PHP presentation - Com 585
PHP presentation - Com 585
 
Php
PhpPhp
Php
 
Cgi
CgiCgi
Cgi
 
Web Services
Web ServicesWeb Services
Web Services
 
IN LIVING CODING
IN LIVING CODINGIN LIVING CODING
IN LIVING CODING
 

Viewers also liked

Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013Luke Stokes
 
Drupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practicesDrupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practicesMayflower GmbH
 
iPhone Apps with HTML5
iPhone Apps with HTML5iPhone Apps with HTML5
iPhone Apps with HTML5Mayflower GmbH
 
Fast & Furious: Speed in the Opera browser
Fast & Furious: Speed in the Opera browserFast & Furious: Speed in the Opera browser
Fast & Furious: Speed in the Opera browserAndreas Bovens
 

Viewers also liked (6)

Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
 
Drupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practicesDrupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practices
 
Javascript Ttesting
Javascript TtestingJavascript Ttesting
Javascript Ttesting
 
PaaSing Your Code Around
PaaSing Your Code AroundPaaSing Your Code Around
PaaSing Your Code Around
 
iPhone Apps with HTML5
iPhone Apps with HTML5iPhone Apps with HTML5
iPhone Apps with HTML5
 
Fast & Furious: Speed in the Opera browser
Fast & Furious: Speed in the Opera browserFast & Furious: Speed in the Opera browser
Fast & Furious: Speed in the Opera browser
 

Similar to POX to HATEOAS: Our Company's Journey Building a Hypermedia API

Using the new WordPress REST API
Using the new WordPress REST APIUsing the new WordPress REST API
Using the new WordPress REST APICaldera Labs
 
Microservice Websites – Micro CPH
Microservice Websites – Micro CPHMicroservice Websites – Micro CPH
Microservice Websites – Micro CPHGustaf Nilsson Kotte
 
High quality ap is with api platform
High quality ap is with api platformHigh quality ap is with api platform
High quality ap is with api platformNelson Kopliku
 
CharlesSweetResume06155122015
CharlesSweetResume06155122015CharlesSweetResume06155122015
CharlesSweetResume06155122015Charlie Sweet
 
WordPress and Client Side Web Applications WCTO
WordPress and Client Side Web Applications WCTOWordPress and Client Side Web Applications WCTO
WordPress and Client Side Web Applications WCTORoy Sivan
 
REST Development made Easy with ColdFusion Aether
REST Development made Easy with ColdFusion AetherREST Development made Easy with ColdFusion Aether
REST Development made Easy with ColdFusion AetherPavan Kumar
 
Rails missing features
Rails missing featuresRails missing features
Rails missing featuresAstrails
 
Simplify your professional web development with symfony
Simplify your professional web development with symfonySimplify your professional web development with symfony
Simplify your professional web development with symfonyFrancois Zaninotto
 
Wordcamp Toronto Presentation
Wordcamp Toronto PresentationWordcamp Toronto Presentation
Wordcamp Toronto PresentationRoy Sivan
 
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?Wong Hoi Sing Edison
 
Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB WSO2
 
Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...
Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...
Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...valcker
 
PHP on Windows and on Azure
PHP on Windows and on AzurePHP on Windows and on Azure
PHP on Windows and on AzureMaarten Balliauw
 
CONTENT MANAGEMENT SYSTEM
CONTENT MANAGEMENT SYSTEMCONTENT MANAGEMENT SYSTEM
CONTENT MANAGEMENT SYSTEMANAND PRAKASH
 
Making Of PHP Based Web Application
Making Of PHP Based Web ApplicationMaking Of PHP Based Web Application
Making Of PHP Based Web ApplicationSachin Walvekar
 
Introduction to PHP - SDPHP
Introduction to PHP - SDPHPIntroduction to PHP - SDPHP
Introduction to PHP - SDPHPEric Johnson
 

Similar to POX to HATEOAS: Our Company's Journey Building a Hypermedia API (20)

PHP on Windows
PHP on WindowsPHP on Windows
PHP on Windows
 
Using the new WordPress REST API
Using the new WordPress REST APIUsing the new WordPress REST API
Using the new WordPress REST API
 
Microservice Websites – Micro CPH
Microservice Websites – Micro CPHMicroservice Websites – Micro CPH
Microservice Websites – Micro CPH
 
Crafting APIs
Crafting APIsCrafting APIs
Crafting APIs
 
High quality ap is with api platform
High quality ap is with api platformHigh quality ap is with api platform
High quality ap is with api platform
 
CharlesSweetResume06155122015
CharlesSweetResume06155122015CharlesSweetResume06155122015
CharlesSweetResume06155122015
 
unit1 part 1 sem4 php.docx
unit1 part 1 sem4 php.docxunit1 part 1 sem4 php.docx
unit1 part 1 sem4 php.docx
 
WordPress and Client Side Web Applications WCTO
WordPress and Client Side Web Applications WCTOWordPress and Client Side Web Applications WCTO
WordPress and Client Side Web Applications WCTO
 
REST Development made Easy with ColdFusion Aether
REST Development made Easy with ColdFusion AetherREST Development made Easy with ColdFusion Aether
REST Development made Easy with ColdFusion Aether
 
Rails missing features
Rails missing featuresRails missing features
Rails missing features
 
Simplify your professional web development with symfony
Simplify your professional web development with symfonySimplify your professional web development with symfony
Simplify your professional web development with symfony
 
Wordcamp Toronto Presentation
Wordcamp Toronto PresentationWordcamp Toronto Presentation
Wordcamp Toronto Presentation
 
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
 
Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB
 
Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...
Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...
Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...
 
PHP on Windows and on Azure
PHP on Windows and on AzurePHP on Windows and on Azure
PHP on Windows and on Azure
 
CONTENT MANAGEMENT SYSTEM
CONTENT MANAGEMENT SYSTEMCONTENT MANAGEMENT SYSTEM
CONTENT MANAGEMENT SYSTEM
 
Switch to Backend 2023
Switch to Backend 2023Switch to Backend 2023
Switch to Backend 2023
 
Making Of PHP Based Web Application
Making Of PHP Based Web ApplicationMaking Of PHP Based Web Application
Making Of PHP Based Web Application
 
Introduction to PHP - SDPHP
Introduction to PHP - SDPHPIntroduction to PHP - SDPHP
Introduction to PHP - SDPHP
 

Recently uploaded

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Recently uploaded (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

POX to HATEOAS: Our Company's Journey Building a Hypermedia API

  • 1. From POX to HATEOAS Our Company's Journey Building a Hypermedia API
  • 2. Who... Luke Stokes Co-Founder, Developer of FoxyCart luke.stokes@foxycart.com @lukestokes http://bestoked.blogspot.com
  • 3. What... FoxyCart ● ecommerce shopping cart system ● Started by Brett Florio and myself in 2005/2006, incorporated in 2007. ● SaaS (soon to be PaaS) ● Built to integrate using your css/html (we're not a CMS) ● No duplication of data
  • 4. Why... No duplication? Expose our data! POX: Plain Old XML ● Confusing API actions ○ transaction_get, transaction_list, attribute_save, attribute_delete, transaction_modify, store_includes_get, etc ● Confusing request/response model ● Tight coupling between the client and server
  • 5. APIs and the Internet ● Middleware ($$$) ● RPC ● SOAP ● WSDL ● Web Services (the WS-* stack) Tight Coupling! Does your browser do this?
  • 6. REST to the rescue CRUD can be standardized via HTTP methods: POST/PUT = create GET = read PATCH/PUT = update DELETE = delete (goodbye *_list, *_save, *_modify, etc methods)
  • 7. REST to the rescue Agreed upon response codes ● 1xx: Informational ● 2xx: Success ● 3xx: Redirection ● 4xx: Client Error (You Screwed Up) ● 5xx: Server Error (We Screwed Up) http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
  • 8. But... where do we start? What's a perfect example of a REST API?
  • 9. What is REST anyway? Six Constraints: ● Client-server ● Stateless ● Cacheable ● Layered system ● Code on demand (optional) ● Uniform interface ○ Identification of resources ○ Manipulation of resources through these representations ○ Self-descriptive messages ○ Hypermedia as the engine of application state
  • 10. REST Client Need-to-Know ● Homepage ● Hypermedia Format ● Rel tags ● Known media types (and possibly versions) ● Bonus stuff: ○ ?limit=5&offset=10 ○ ?order=<field> desc (or asc) ○ ?fields=<field>,<field>,<field> ○ ?<field>=<value> ○ ?<field>=<some * partial value>
  • 11. What's a media type? Examples: application/json application/xml application/hal+json Originally defined as MIME types (RFC 2046) Also referred to as Content-Types
  • 12. Platform = Will Not Break Ecommerce site broken at 4am and you changed nothing? No one wants that phone call.
  • 14. Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json See: http://www.foxycart.com/blog/the-hypermedia-debate
  • 15. Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to.
  • 16. Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to. link: <https://example.com/users/2>; rel="https://example.com/rels/user"
  • 17. Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to. link: <https://example.com/users/2>; rel="https://example.com/rels/user" link: <https://example.com/customers/2>; rel="https://example.com/rels/customer"
  • 18. Flexible Versioning Header: FOXYCART-API-VERSION: 1 Add "awesome_sauce" field: ... "store_name":"My Store", "awesome_sauce":"pixie dust", "store_domain":"example", ... Additions? No problem!
  • 19. Flexible Versioning Header: FOXYCART-API-VERSION: 1 Remove "awesome_sauce" field... Uh Oh. Option 1: rel="https://example.com/store_v2" Option 2: FOXYCART-API-VERSION: 2
  • 20. XML Accepts Header HEADERS: Array ( [0] => Accept: application/hal+xml [1] => FOXYCART-API-VERSION: 1 ) curl -X GET -H "Accept: application/hal+xml" -H "FOXYCART-API-VERSION: 1" https://api-sandbox. foxycart.com/
  • 21. Next...? <link rel="self" href="https://api-sandbox.foxycart.com/" title="Your API starting point."/> <link rel="https://api.foxycart.com/rels/create_client" href="https://api- sandbox.foxycart.com/clients" title="Create a client via POST."/> HATEOAS: Hypermedia as the Engine of Application State
  • 22. Next...? OPTIONS curl -i -X OPTIONS -H "Authorization: Bearer cae3c0c261fc71512428d612c1d2fd2a" -H "FOXYCART-API-VERSION: 1" -H "Accept: application/hal+xml" "https://api-sandbox.foxycart.com/stores/2" HTTP/1.1 200 OK .. Allow: HEAD,GET,PUT,PATCH,DELETE ...
  • 23. Next...? POST: /clients HEADERS: Array ( [0] => Accept: application/hal+xml [1] => FOXYCART-API-VERSION: 1 ) curl -X POST -H "Accept: application/hal+xml" -H "FOXYCART-API-VERSION: 1" https://api-sandbox. foxycart.com/clients
  • 24. Error Handling HTTP/1.1 400 Bad Request Date: Fri, 30 Mar 2012 21:39:50 GMT Connection: close cache-control: private, must-revalidate Content-Type: application/vnd.error+xml Content-Length: 546 https://github.com/blongden/vnd.error
  • 25. Error Handling <errors xml:lang="en"> <error logref=42> <message>Validation failed</message> <link rel='help' href='http://...' title='Error information'/> <link rel='describes' href='http://...' title='Error description'/> </error> </errors>
  • 26. Examples! Let's take a look at the HAL Browser! Hal Talk: http://haltalk.herokuapp.com/explorer/hal_browser.html#/ Foxy Cart: http://wiki.foxycart.com/v/0.0.0/hypermedia_api https://api-sandbox.foxycart.com/hal-browser/hal_browser.html#/ https://api-sandbox.foxycart.com/hal-browser/
  • 27. What's all this token stuff? * image credit: http://www.ibm.com/developerworks/library/x-androidfacebookapi/
  • 28. OAuth 2.0 - Why Bother? Remember: Platform as a service! ● Hosted solutions ● Hosted CMS ● Self-hosted on a development platform Simplify where we can: ● If you created it, you get full access to it and we can skip the OAuth Dance
  • 29. Client Code $resp = $client->get( $api_home_page, null, $display->getHeaders() ); $display->displayResult('Home Page',$client); $useful_links['create_client'] = $client->getLink('create_client'); $resp = $client->post( $useful_links['create_client'], $data, $display->getHeaders() );
  • 30. REST is easy, right? (Nope) ● Should every resource have a custom media type? ● How should Hypermedia be represented in JSON (Collection+JSON, HAL, Siren, etc)? ● Link header exclusively or links as part of the body? ● To embedded sub resources? ● PATCH/PUT or POST? (X-HTTP-Method- Override) ● Where to put the version number?
  • 31. REST is easy, right? (Nope) ● Include the full resource response when creating or use a 204? ● How do you avoid one PATCH stomping another? ○ ETags and Preconditions ○ "If-None-Match: W/"9f55f4d0f19b152a6e7c6ddeb4107e486fd7727c"" ○ "If-Modified-Since: Wed, 15 Feb 2012 12:53:52 -0800" ● How do you make hypermedia useful to the client and end user? ● Forms?
  • 32. YOU NEED TESTS! Functional tests are critical ● Ensures your changes haven't broken anything old or new ● Speeds up prototyping Tests are NOT a substitute for your eyeballs
  • 33. The Future Reliable platforms Consistent functionality Known, shared resources Notes: http://bestoked.blogspot.com/2012/02/restful- resources-required-reading.html http://wiki.foxycart.com/v/0.0.0/hypermedia_api