SlideShare a Scribd company logo

POX to HATEOAS: Our Company's Journey Building a Hypermedia API

Luke Stokes
Luke Stokes

We started FoxyCart.com in 2007 and soon after slapped together some XML and called it an API. As our customer base grew and third-party integrations emerged, the need for a true REST API became a priority. Beginning in 2012, we started researching best practices for modern API development. This talk will tell the story of that research and 10-months of development that followed. You'll get a look at the HAL hypermedia format along with some best practices we came up with for our problem domain of exposing our entire admin interface. We'll cover a lot. You may need a seat belt.

Technology
1 of 33
Download to read offline
From POX to HATEOAS Our Company's Journey Building a Hypermedia API
Who... Luke Stokes Co-Founder, Developer of FoxyCart luke.stokes@foxycart.com @lukestokes http://bestoked.blogspot.com
What... FoxyCart ● ecommerce shopping cart system ● Started by Brett Florio and myself in 2005/2006, incorporated in 2007. ● SaaS (soon to be PaaS) ● Built to integrate using your css/html (we're not a CMS) ● No duplication of data
Why... No duplication? Expose our data! POX: Plain Old XML ● Confusing API actions ○ transaction_get, transaction_list, attribute_save, attribute_delete, transaction_modify, store_includes_get, etc ● Confusing request/response model ● Tight coupling between the client and server
APIs and the Internet ● Middleware ($$$) ● RPC ● SOAP ● WSDL ● Web Services (the WS-* stack) Tight Coupling! Does your browser do this?
REST to the rescue CRUD can be standardized via HTTP methods: POST/PUT = create GET = read PATCH/PUT = update DELETE = delete (goodbye *_list, *_save, *_modify, etc methods)
REST to the rescue Agreed upon response codes ● 1xx: Informational ● 2xx: Success ● 3xx: Redirection ● 4xx: Client Error (You Screwed Up) ● 5xx: Server Error (We Screwed Up) http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
But... where do we start? What's a perfect example of a REST API?
What is REST anyway? Six Constraints: ● Client-server ● Stateless ● Cacheable ● Layered system ● Code on demand (optional) ● Uniform interface ○ Identification of resources ○ Manipulation of resources through these representations ○ Self-descriptive messages ○ Hypermedia as the engine of application state
REST Client Need-to-Know ● Homepage ● Hypermedia Format ● Rel tags ● Known media types (and possibly versions) ● Bonus stuff: ○ ?limit=5&offset=10 ○ ?order=<field> desc (or asc) ○ ?fields=<field>,<field>,<field> ○ ?<field>=<value> ○ ?<field>=<some * partial value>
What's a media type? Examples: application/json application/xml application/hal+json Originally defined as MIME types (RFC 2046) Also referred to as Content-Types
Platform = Will Not Break Ecommerce site broken at 4am and you changed nothing? No one wants that phone call.
Flexible Versioning ● FOXYCART-API-VERSION header
Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json See: http://www.foxycart.com/blog/the-hypermedia-debate
Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to.
Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to. link: <https://example.com/users/2>; rel="https://example.com/rels/user"
Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to. link: <https://example.com/users/2>; rel="https://example.com/rels/user" link: <https://example.com/customers/2>; rel="https://example.com/rels/customer"
Flexible Versioning Header: FOXYCART-API-VERSION: 1 Add "awesome_sauce" field: ... "store_name":"My Store", "awesome_sauce":"pixie dust", "store_domain":"example", ... Additions? No problem!
Flexible Versioning Header: FOXYCART-API-VERSION: 1 Remove "awesome_sauce" field... Uh Oh. Option 1: rel="https://example.com/store_v2" Option 2: FOXYCART-API-VERSION: 2
XML Accepts Header HEADERS: Array ( [0] => Accept: application/hal+xml [1] => FOXYCART-API-VERSION: 1 ) curl -X GET -H "Accept: application/hal+xml" -H "FOXYCART-API-VERSION: 1" https://api-sandbox. foxycart.com/
Next...? <link rel="self" href="https://api-sandbox.foxycart.com/" title="Your API starting point."/> <link rel="https://api.foxycart.com/rels/create_client" href="https://api- sandbox.foxycart.com/clients" title="Create a client via POST."/> HATEOAS: Hypermedia as the Engine of Application State
Next...? OPTIONS curl -i -X OPTIONS -H "Authorization: Bearer cae3c0c261fc71512428d612c1d2fd2a" -H "FOXYCART-API-VERSION: 1" -H "Accept: application/hal+xml" "https://api-sandbox.foxycart.com/stores/2" HTTP/1.1 200 OK .. Allow: HEAD,GET,PUT,PATCH,DELETE ...
Next...? POST: /clients HEADERS: Array ( [0] => Accept: application/hal+xml [1] => FOXYCART-API-VERSION: 1 ) curl -X POST -H "Accept: application/hal+xml" -H "FOXYCART-API-VERSION: 1" https://api-sandbox. foxycart.com/clients
Error Handling HTTP/1.1 400 Bad Request Date: Fri, 30 Mar 2012 21:39:50 GMT Connection: close cache-control: private, must-revalidate Content-Type: application/vnd.error+xml Content-Length: 546 https://github.com/blongden/vnd.error
Error Handling <errors xml:lang="en"> <error logref=42> <message>Validation failed</message> <link rel='help' href='http://...' title='Error information'/> <link rel='describes' href='http://...' title='Error description'/> </error> </errors>
Examples! Let's take a look at the HAL Browser! Hal Talk: http://haltalk.herokuapp.com/explorer/hal_browser.html#/ Foxy Cart: http://wiki.foxycart.com/v/0.0.0/hypermedia_api https://api-sandbox.foxycart.com/hal-browser/hal_browser.html#/ https://api-sandbox.foxycart.com/hal-browser/
What's all this token stuff? * image credit: http://www.ibm.com/developerworks/library/x-androidfacebookapi/
OAuth 2.0 - Why Bother? Remember: Platform as a service! ● Hosted solutions ● Hosted CMS ● Self-hosted on a development platform Simplify where we can: ● If you created it, you get full access to it and we can skip the OAuth Dance
Client Code $resp = $client->get( $api_home_page, null, $display->getHeaders() ); $display->displayResult('Home Page',$client); $useful_links['create_client'] = $client->getLink('create_client'); $resp = $client->post( $useful_links['create_client'], $data, $display->getHeaders() );
REST is easy, right? (Nope) ● Should every resource have a custom media type? ● How should Hypermedia be represented in JSON (Collection+JSON, HAL, Siren, etc)? ● Link header exclusively or links as part of the body? ● To embedded sub resources? ● PATCH/PUT or POST? (X-HTTP-Method- Override) ● Where to put the version number?
REST is easy, right? (Nope) ● Include the full resource response when creating or use a 204? ● How do you avoid one PATCH stomping another? ○ ETags and Preconditions ○ "If-None-Match: W/"9f55f4d0f19b152a6e7c6ddeb4107e486fd7727c"" ○ "If-Modified-Since: Wed, 15 Feb 2012 12:53:52 -0800" ● How do you make hypermedia useful to the client and end user? ● Forms?
YOU NEED TESTS! Functional tests are critical ● Ensures your changes haven't broken anything old or new ● Speeds up prototyping Tests are NOT a substitute for your eyeballs
The Future Reliable platforms Consistent functionality Known, shared resources Notes: http://bestoked.blogspot.com/2012/02/restful- resources-required-reading.html http://wiki.foxycart.com/v/0.0.0/hypermedia_api

Recommended

PHP
PHPPHP
PHPJawhar Ali
 
PHP on Windows
PHP on WindowsPHP on Windows
PHP on Windowsguest60c7659
 
Web services tutorial
Web services tutorialWeb services tutorial
Web services tutorialLorna Mitchell
 
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con Innomatic
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con InnomaticCostruire applicazioni multi-tenant e piattaforme SaaS in PHP con Innomatic
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con InnomaticInnoteam Srl
 
PHP Project PPT
PHP Project PPTPHP Project PPT
PHP Project PPTPankil Agrawal
 
Tech talk php_cms
Tech talk php_cmsTech talk php_cms
Tech talk php_cmsShehrevar Davierwala
 
php
phpphp
phpbhuvana553
 
Php Ppt
Php PptPhp Ppt
Php Pptvsnmurthy
 

Recommended

PHP
PHPPHP
PHPJawhar Ali
 
PHP on Windows
PHP on WindowsPHP on Windows
PHP on Windowsguest60c7659
 
Web services tutorial
Web services tutorialWeb services tutorial
Web services tutorialLorna Mitchell
 
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con Innomatic
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con InnomaticCostruire applicazioni multi-tenant e piattaforme SaaS in PHP con Innomatic
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con InnomaticInnoteam Srl
 
PHP Project PPT
PHP Project PPTPHP Project PPT
PHP Project PPTPankil Agrawal
 
Tech talk php_cms
Tech talk php_cmsTech talk php_cms
Tech talk php_cmsShehrevar Davierwala
 
php
phpphp
phpbhuvana553
 
Php Ppt
Php PptPhp Ppt
Php Pptvsnmurthy
 
Presentation php
Presentation phpPresentation php
Presentation phpMuhammad Saqib Malik
 
Webform Server 351 Architecture and Overview
Webform Server 351 Architecture and OverviewWebform Server 351 Architecture and Overview
Webform Server 351 Architecture and Overviewddrschiw
 
Send, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script codeSend, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script codeNoushadur Shoukhin
 
Java Rest
Java Rest Java Rest
Java Rest AathikaJava
 
Lotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & ArchitectureLotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & Architectureddrschiw
 
Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)Stefan Koopmanschap
 
Java web services
Java web servicesJava web services
Java web serviceskumar gaurav
 
Up to Speed on HTML 5 and CSS 3
Up to Speed on HTML 5 and CSS 3Up to Speed on HTML 5 and CSS 3
Up to Speed on HTML 5 and CSS 3M. Jackson Wilkinson
 
The Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIThe Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIEyal Vardi
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...Maarten Balliauw
 
ASP.NET WEB API
ASP.NET WEB APIASP.NET WEB API
ASP.NET WEB APIThang Chung
 
Introduccion a HTML5
Introduccion a HTML5Introduccion a HTML5
Introduccion a HTML5Pablo Garaizar
 
Architecture of the Web browser
Architecture of the Web browserArchitecture of the Web browser
Architecture of the Web browserSabin Buraga
 
Intro to web services
Intro to web servicesIntro to web services
Intro to web servicesNeil Ghosh
 
58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-services58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-serviceshomeworkping3
 
PHP presentation - Com 585
PHP presentation - Com 585PHP presentation - Com 585
PHP presentation - Com 585jstout007
 
Php
PhpPhp
PhpSaket Shukla
 
Cgi
CgiCgi
CgiAbhishek Kesharwani
 
Web Services
Web ServicesWeb Services
Web ServicesKrish
 
IN LIVING CODING
IN LIVING CODINGIN LIVING CODING
IN LIVING CODINGkdhicks2
 
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013Luke Stokes
 
Drupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practicesDrupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practicesMayflower GmbH
 

More Related Content

What's hot

Webform Server 351 Architecture and Overview
Webform Server 351 Architecture and OverviewWebform Server 351 Architecture and Overview
Webform Server 351 Architecture and Overviewddrschiw
 
Send, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script codeSend, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script codeNoushadur Shoukhin
 
Lotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & ArchitectureLotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & Architectureddrschiw
 
Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)Stefan Koopmanschap
 
The Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIThe Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIEyal Vardi
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...Maarten Balliauw
 
Architecture of the Web browser
Architecture of the Web browserArchitecture of the Web browser
Architecture of the Web browserSabin Buraga
 
Intro to web services
Intro to web servicesIntro to web services
Intro to web servicesNeil Ghosh
 
58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-services58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-serviceshomeworkping3
 
PHP presentation - Com 585
PHP presentation - Com 585PHP presentation - Com 585
PHP presentation - Com 585jstout007
 
Web Services
Web ServicesWeb Services
Web ServicesKrish
 
IN LIVING CODING
IN LIVING CODINGIN LIVING CODING
IN LIVING CODINGkdhicks2
 

What's hot (20)

Presentation php
Presentation phpPresentation php
Presentation php
 
Webform Server 351 Architecture and Overview
Webform Server 351 Architecture and OverviewWebform Server 351 Architecture and Overview
Webform Server 351 Architecture and Overview
 
Send, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script codeSend, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script code
 
Java Rest
Java Rest Java Rest
Java Rest
 
Lotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & ArchitectureLotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & Architecture
 
Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)
 
Java web services
Java web servicesJava web services
Java web services
 
Up to Speed on HTML 5 and CSS 3
Up to Speed on HTML 5 and CSS 3Up to Speed on HTML 5 and CSS 3
Up to Speed on HTML 5 and CSS 3
 
The Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIThe Full Power of ASP.NET Web API
The Full Power of ASP.NET Web API
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
 
ASP.NET WEB API
ASP.NET WEB APIASP.NET WEB API
ASP.NET WEB API
 
Introduccion a HTML5
Introduccion a HTML5Introduccion a HTML5
Introduccion a HTML5
 
Architecture of the Web browser
Architecture of the Web browserArchitecture of the Web browser
Architecture of the Web browser
 
Intro to web services
Intro to web servicesIntro to web services
Intro to web services
 
58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-services58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-services
 
PHP presentation - Com 585
PHP presentation - Com 585PHP presentation - Com 585
PHP presentation - Com 585
 
Php
PhpPhp
Php
 
Cgi
CgiCgi
Cgi
 
Web Services
Web ServicesWeb Services
Web Services
 
IN LIVING CODING
IN LIVING CODINGIN LIVING CODING
IN LIVING CODING
 

Viewers also liked

Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013Luke Stokes
 
Drupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practicesDrupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practicesMayflower GmbH
 
iPhone Apps with HTML5
iPhone Apps with HTML5iPhone Apps with HTML5
iPhone Apps with HTML5Mayflower GmbH
 
Fast & Furious: Speed in the Opera browser
Fast & Furious: Speed in the Opera browserFast & Furious: Speed in the Opera browser
Fast & Furious: Speed in the Opera browserAndreas Bovens
 

Viewers also liked (6)

Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
 
Drupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practicesDrupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practices
 
Javascript Ttesting
Javascript TtestingJavascript Ttesting
Javascript Ttesting
 
PaaSing Your Code Around
PaaSing Your Code AroundPaaSing Your Code Around
PaaSing Your Code Around
 
iPhone Apps with HTML5
iPhone Apps with HTML5iPhone Apps with HTML5
iPhone Apps with HTML5
 
Fast & Furious: Speed in the Opera browser
Fast & Furious: Speed in the Opera browserFast & Furious: Speed in the Opera browser
Fast & Furious: Speed in the Opera browser
 

Similar to POX to HATEOAS: Our Company's Journey Building a Hypermedia API

Using the new WordPress REST API
Using the new WordPress REST APIUsing the new WordPress REST API
Using the new WordPress REST APICaldera Labs
 
Microservice Websites – Micro CPH
Microservice Websites – Micro CPHMicroservice Websites – Micro CPH
Microservice Websites – Micro CPHGustaf Nilsson Kotte
 
High quality ap is with api platform
High quality ap is with api platformHigh quality ap is with api platform
High quality ap is with api platformNelson Kopliku
 
CharlesSweetResume06155122015
CharlesSweetResume06155122015CharlesSweetResume06155122015
CharlesSweetResume06155122015Charlie Sweet
 
WordPress and Client Side Web Applications WCTO
WordPress and Client Side Web Applications WCTOWordPress and Client Side Web Applications WCTO
WordPress and Client Side Web Applications WCTORoy Sivan
 
REST Development made Easy with ColdFusion Aether
REST Development made Easy with ColdFusion AetherREST Development made Easy with ColdFusion Aether
REST Development made Easy with ColdFusion AetherPavan Kumar
 
Rails missing features
Rails missing featuresRails missing features
Rails missing featuresAstrails
 
Simplify your professional web development with symfony
Simplify your professional web development with symfonySimplify your professional web development with symfony
Simplify your professional web development with symfonyFrancois Zaninotto
 
Wordcamp Toronto Presentation
Wordcamp Toronto PresentationWordcamp Toronto Presentation
Wordcamp Toronto PresentationRoy Sivan
 
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?Wong Hoi Sing Edison
 
Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB WSO2
 
Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...
Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...
Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...valcker
 
PHP on Windows and on Azure
PHP on Windows and on AzurePHP on Windows and on Azure
PHP on Windows and on AzureMaarten Balliauw
 
CONTENT MANAGEMENT SYSTEM
CONTENT MANAGEMENT SYSTEMCONTENT MANAGEMENT SYSTEM
CONTENT MANAGEMENT SYSTEMANAND PRAKASH
 
Making Of PHP Based Web Application
Making Of PHP Based Web ApplicationMaking Of PHP Based Web Application
Making Of PHP Based Web ApplicationSachin Walvekar
 
Introduction to PHP - SDPHP
Introduction to PHP - SDPHPIntroduction to PHP - SDPHP
Introduction to PHP - SDPHPEric Johnson
 

Similar to POX to HATEOAS: Our Company's Journey Building a Hypermedia API (20)

PHP on Windows
PHP on WindowsPHP on Windows
PHP on Windows
 
Using the new WordPress REST API
Using the new WordPress REST APIUsing the new WordPress REST API
Using the new WordPress REST API
 
Microservice Websites – Micro CPH
Microservice Websites – Micro CPHMicroservice Websites – Micro CPH
Microservice Websites – Micro CPH
 
Crafting APIs
Crafting APIsCrafting APIs
Crafting APIs
 
High quality ap is with api platform
High quality ap is with api platformHigh quality ap is with api platform
High quality ap is with api platform
 
CharlesSweetResume06155122015
CharlesSweetResume06155122015CharlesSweetResume06155122015
CharlesSweetResume06155122015
 
unit1 part 1 sem4 php.docx
unit1 part 1 sem4 php.docxunit1 part 1 sem4 php.docx
unit1 part 1 sem4 php.docx
 
WordPress and Client Side Web Applications WCTO
WordPress and Client Side Web Applications WCTOWordPress and Client Side Web Applications WCTO
WordPress and Client Side Web Applications WCTO
 
REST Development made Easy with ColdFusion Aether
REST Development made Easy with ColdFusion AetherREST Development made Easy with ColdFusion Aether
REST Development made Easy with ColdFusion Aether
 
Rails missing features
Rails missing featuresRails missing features
Rails missing features
 
Simplify your professional web development with symfony
Simplify your professional web development with symfonySimplify your professional web development with symfony
Simplify your professional web development with symfony
 
Wordcamp Toronto Presentation
Wordcamp Toronto PresentationWordcamp Toronto Presentation
Wordcamp Toronto Presentation
 
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
 
Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB
 
Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...
Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...
Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...
 
PHP on Windows and on Azure
PHP on Windows and on AzurePHP on Windows and on Azure
PHP on Windows and on Azure
 
CONTENT MANAGEMENT SYSTEM
CONTENT MANAGEMENT SYSTEMCONTENT MANAGEMENT SYSTEM
CONTENT MANAGEMENT SYSTEM
 
Switch to Backend 2023
Switch to Backend 2023Switch to Backend 2023
Switch to Backend 2023
 
Making Of PHP Based Web Application
Making Of PHP Based Web ApplicationMaking Of PHP Based Web Application
Making Of PHP Based Web Application
 
Introduction to PHP - SDPHP
Introduction to PHP - SDPHPIntroduction to PHP - SDPHP
Introduction to PHP - SDPHP
 

Recently uploaded

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 

Recently uploaded (20)

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

POX to HATEOAS: Our Company's Journey Building a Hypermedia API

  • 1. From POX to HATEOAS Our Company's Journey Building a Hypermedia API
  • 2. Who... Luke Stokes Co-Founder, Developer of FoxyCart luke.stokes@foxycart.com @lukestokes http://bestoked.blogspot.com
  • 3. What... FoxyCart ● ecommerce shopping cart system ● Started by Brett Florio and myself in 2005/2006, incorporated in 2007. ● SaaS (soon to be PaaS) ● Built to integrate using your css/html (we're not a CMS) ● No duplication of data
  • 4. Why... No duplication? Expose our data! POX: Plain Old XML ● Confusing API actions ○ transaction_get, transaction_list, attribute_save, attribute_delete, transaction_modify, store_includes_get, etc ● Confusing request/response model ● Tight coupling between the client and server
  • 5. APIs and the Internet ● Middleware ($$$) ● RPC ● SOAP ● WSDL ● Web Services (the WS-* stack) Tight Coupling! Does your browser do this?
  • 6. REST to the rescue CRUD can be standardized via HTTP methods: POST/PUT = create GET = read PATCH/PUT = update DELETE = delete (goodbye *_list, *_save, *_modify, etc methods)
  • 7. REST to the rescue Agreed upon response codes ● 1xx: Informational ● 2xx: Success ● 3xx: Redirection ● 4xx: Client Error (You Screwed Up) ● 5xx: Server Error (We Screwed Up) http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
  • 8. But... where do we start? What's a perfect example of a REST API?
  • 9. What is REST anyway? Six Constraints: ● Client-server ● Stateless ● Cacheable ● Layered system ● Code on demand (optional) ● Uniform interface ○ Identification of resources ○ Manipulation of resources through these representations ○ Self-descriptive messages ○ Hypermedia as the engine of application state
  • 10. REST Client Need-to-Know ● Homepage ● Hypermedia Format ● Rel tags ● Known media types (and possibly versions) ● Bonus stuff: ○ ?limit=5&offset=10 ○ ?order=<field> desc (or asc) ○ ?fields=<field>,<field>,<field> ○ ?<field>=<value> ○ ?<field>=<some * partial value>
  • 11. What's a media type? Examples: application/json application/xml application/hal+json Originally defined as MIME types (RFC 2046) Also referred to as Content-Types
  • 12. Platform = Will Not Break Ecommerce site broken at 4am and you changed nothing? No one wants that phone call.
  • 14. Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json See: http://www.foxycart.com/blog/the-hypermedia-debate
  • 15. Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to.
  • 16. Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to. link: <https://example.com/users/2>; rel="https://example.com/rels/user"
  • 17. Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to. link: <https://example.com/users/2>; rel="https://example.com/rels/user" link: <https://example.com/customers/2>; rel="https://example.com/rels/customer"
  • 18. Flexible Versioning Header: FOXYCART-API-VERSION: 1 Add "awesome_sauce" field: ... "store_name":"My Store", "awesome_sauce":"pixie dust", "store_domain":"example", ... Additions? No problem!
  • 19. Flexible Versioning Header: FOXYCART-API-VERSION: 1 Remove "awesome_sauce" field... Uh Oh. Option 1: rel="https://example.com/store_v2" Option 2: FOXYCART-API-VERSION: 2
  • 20. XML Accepts Header HEADERS: Array ( [0] => Accept: application/hal+xml [1] => FOXYCART-API-VERSION: 1 ) curl -X GET -H "Accept: application/hal+xml" -H "FOXYCART-API-VERSION: 1" https://api-sandbox. foxycart.com/
  • 21. Next...? <link rel="self" href="https://api-sandbox.foxycart.com/" title="Your API starting point."/> <link rel="https://api.foxycart.com/rels/create_client" href="https://api- sandbox.foxycart.com/clients" title="Create a client via POST."/> HATEOAS: Hypermedia as the Engine of Application State
  • 22. Next...? OPTIONS curl -i -X OPTIONS -H "Authorization: Bearer cae3c0c261fc71512428d612c1d2fd2a" -H "FOXYCART-API-VERSION: 1" -H "Accept: application/hal+xml" "https://api-sandbox.foxycart.com/stores/2" HTTP/1.1 200 OK .. Allow: HEAD,GET,PUT,PATCH,DELETE ...
  • 23. Next...? POST: /clients HEADERS: Array ( [0] => Accept: application/hal+xml [1] => FOXYCART-API-VERSION: 1 ) curl -X POST -H "Accept: application/hal+xml" -H "FOXYCART-API-VERSION: 1" https://api-sandbox. foxycart.com/clients
  • 24. Error Handling HTTP/1.1 400 Bad Request Date: Fri, 30 Mar 2012 21:39:50 GMT Connection: close cache-control: private, must-revalidate Content-Type: application/vnd.error+xml Content-Length: 546 https://github.com/blongden/vnd.error
  • 25. Error Handling <errors xml:lang="en"> <error logref=42> <message>Validation failed</message> <link rel='help' href='http://...' title='Error information'/> <link rel='describes' href='http://...' title='Error description'/> </error> </errors>
  • 26. Examples! Let's take a look at the HAL Browser! Hal Talk: http://haltalk.herokuapp.com/explorer/hal_browser.html#/ Foxy Cart: http://wiki.foxycart.com/v/0.0.0/hypermedia_api https://api-sandbox.foxycart.com/hal-browser/hal_browser.html#/ https://api-sandbox.foxycart.com/hal-browser/
  • 27. What's all this token stuff? * image credit: http://www.ibm.com/developerworks/library/x-androidfacebookapi/
  • 28. OAuth 2.0 - Why Bother? Remember: Platform as a service! ● Hosted solutions ● Hosted CMS ● Self-hosted on a development platform Simplify where we can: ● If you created it, you get full access to it and we can skip the OAuth Dance
  • 29. Client Code $resp = $client->get( $api_home_page, null, $display->getHeaders() ); $display->displayResult('Home Page',$client); $useful_links['create_client'] = $client->getLink('create_client'); $resp = $client->post( $useful_links['create_client'], $data, $display->getHeaders() );
  • 30. REST is easy, right? (Nope) ● Should every resource have a custom media type? ● How should Hypermedia be represented in JSON (Collection+JSON, HAL, Siren, etc)? ● Link header exclusively or links as part of the body? ● To embedded sub resources? ● PATCH/PUT or POST? (X-HTTP-Method- Override) ● Where to put the version number?
  • 31. REST is easy, right? (Nope) ● Include the full resource response when creating or use a 204? ● How do you avoid one PATCH stomping another? ○ ETags and Preconditions ○ "If-None-Match: W/"9f55f4d0f19b152a6e7c6ddeb4107e486fd7727c"" ○ "If-Modified-Since: Wed, 15 Feb 2012 12:53:52 -0800" ● How do you make hypermedia useful to the client and end user? ● Forms?
  • 32. YOU NEED TESTS! Functional tests are critical ● Ensures your changes haven't broken anything old or new ● Speeds up prototyping Tests are NOT a substitute for your eyeballs
  • 33. The Future Reliable platforms Consistent functionality Known, shared resources Notes: http://bestoked.blogspot.com/2012/02/restful- resources-required-reading.html http://wiki.foxycart.com/v/0.0.0/hypermedia_api