NEPHP '12: Create a RESTful API

and Conquering the World Andrew Curioso

 Cre·ate[kree-eyt] verb1. to cause to come into being, as something unique that would not naturally evolve or that is not made by ordinary processes.2. to evolve from ones own thought or imagination, as a work of art or an invention. Source: Dictionary.com

 Ep·ic [ep-ik] adjective1. noting or pertaining to a long poetic composition, usually centered upon a hero, in which a series of great achievements or events is narrated in elevated style: Homers Iliad is an epic poem.2. resembling or suggesting such poetry: an epic novel on the founding of the country.3. heroic; majestic; impressively great: the epic events of the war.4. of unusually great size or extent: a crime wave of epic proportions. Source: Dictionary.com

 Rest[rest] noun1. the refreshing quiet or repose of sleep: a good nights rest.2. refreshing ease or inactivity after exertion or labor: to allow an hour for rest.3. relief or freedom, especially from anything that wearies, troubles, or disturbs.4. a period or interval of inactivity, repose, solitude, or tranquility: to go away for a rest.5. mental or spiritual calm; tranquility.6. Representational State Transfer Source: Dictionary.com

 Rest [rest] noun1. the refreshing quiet or repose of sleep: a good nights rest.2. refreshing ease or inactivity after exertion or labor: to allow an hour for rest.3. relief or freedom, especially from anything that wearies, troubles, or disturbs.4. a period or interval of inactivity, repose, solitude, or tranquility: to go away for a rest.5. mental or spiritual calm; tranquility.6. Representational State Transfer Source: Common Knowledge

 A·P·I [ey-pee-ahy] noun1. Application Programming Interface. A contract between two applications that allows them to communicate effectively. Source: Andrew Curioso

 Con·quer[kong-ker] verb1. to acquire by force of arms; win in war: to conquer a foreign land.2. to overcome by force; subdue: to conquer an enemy.3. to gain, win, or obtain by effort, personal appeal, etc.: conquer the hearts of his audience.4. to gain a victory over; surmount; master; overcome: to conquer disease and poverty; to conquer ones fear. Source: Andrew Curioso

 World [wurld] noun1. the earth or globe, considered as a planet.2. ( often initial capital letter ) a particular division of the earth: the Western world.3. the earth or a part of it, with its inhabitants, affairs, etc., during a particular period: the ancient world.4. humankind; the human race; humanity: The world must eliminate war and poverty.5. the public generally: The whole world knows it. Source: Andrew Curioso

 World [wurld] noun1. The ecosystem around your startup or cause into which you drag your family, friends, investors, and anyone who will listen. Source: Andrew Curioso

 Internal only (closed)  External (open)  Multiple consumers  Everything +  Scalable  Growth ▪ Mash-ups! Semi-Private ▪ Innovation ▪ Evangelists  Partner Integration  “The Platform Play”

PATTERNS PROTOCOLS / FORMATS Representation State  XML Transfer (REST)  JSON Remote Procedure Calls  YAML (RPC)  AMF  Etc...

 Representational State Transfer Resource based (nouns) 5 verbs  GET   POST  DELETE  Easy in PHP

1. Client / Server2. Stateless3. Cacheable4. Layered5. Uniform Interface6. ???

 URL shortening website  User authentication (simple)  Create, read, update, and delete (CRUD)

 id user_id users urls url created modified

Verb URL ActionGET /urls.json List URLsGET /urls/123.json Resource for URL with id 123POST /urls.json Shorten a new URLPUT /urls/123.json Edit the URL with the ID 123DELETE /urls/123.json Delete the URL with the ID 123POST /urls/123.json Also edit the URL with the ID 123

<?php if ( $_SERVER[REQUEST_METHOD] == POST ) { ... }?>

 Only you can prevent CSRF  Only POST and PUT should write data  Only POST and DELETE should delete data  Check Referrer  Per request tokens

 HTTP Accepts Mime Types

 Simple Fast Wide-spread Mime: application/json<?php echo json_encode( $urlObject);?>

 P w/ padding  Uses callback  Cross domain  Mime: application/javascriptif ( array_key_exists(callback’, $_GET) ) $callbackFunc = $_GET[callback];else $callbackFunc = false;if ( $callbackFunc !== false ) echo $callbackFunc.(;echojson_encode( $urlObject );if ( $callbackFunc )echo );?>

 Strongly Typed Human readable Lots of existing tools Mime: application/xml<?php...?>

HUMAN READABLE BINARY  AMF  Microsoft Excel HTML  PDF YAML  JPEG / PNG CSV  Etc… Serialized PHP Etc…

Createcurl –d “url=www.example.com” http://tinyr.me/urls.jsonReadcurl http://tinyr.me/urls/123.jsonUpdatecurl –d “url=www.example.com/foo” http://tinyr.me/urls/123.jsonDeletecurl –X DELETE http://tinyr.me/urls/123.json

WE HAVE WE’RE MISSING Request handling  Error handling RESTful Output Formats  Pagination  XML  Authentication  Json / JsonP  Authorization  Documentation

 Success  Error (continued)  200 OK *  405 Method Not Allowed *  201 Created *  409 Conflict  303 See Other *  410 Gone  500 Internal Server Error * Error  501 Not Implemented  401 Unauthorized *  503 Service Unavailable  402 Payment Required  403 Forbidden *  404 Not Found *

 If not a POST request  405 Method Not Allowed Already existed  303 See Other Save success  201 Created Failure  500 Internal Server Error with explanation

 If not a POST or PUT request  405 Method Not Allowed Invalid ID  404 File Not Found Success  200 OK Failure  500 Internal Server Error with explanation

 If not a POST or DELETE request  405 Method Not Allowed Invalid ID  404 File Not Found Success  200 OK Failure  500 Internal Server Error with explanation

 User is not allowed to access resource  403 Forbidden User is not logged in  401 Unauthorized

 Same format Descriptive  Human  Computer Comprehensive

{"Error": { "code" : 404, "description" : "File Not Found"}}

 Return meta-information  Rate limiting  Pagination  Expiration / cache  Etc.

 Uses HTTP headers App defined “used to” start with “X-”header(“X-Current-Page:”.$currentPage);header(“X-Total: ”.$total);header(“X-Per-Page: ”.$perPage);

SOME PLATFORMS (LIKE MANYWEB BROWSERS) FORTUNATELY… Do not support:  You can/should do this:  DELETE  PUT _method=DELETE

DELETE /urls/123.json HTTP1.1 POST /urls/123.json HTTP1.1Host: www.example.com Host: www.example.com _method=DELETE

BAD No Authentication GOOD Basic BETTERForm and Cookie Digest BEST Oauth Shared Secret

 There are no shortcuts One or more:  All Users (public)  Owner  Shared User  Moderator  Administrator

 Vocabularies / Schemas  DTD or schema files Examples  Code  I/O Community Feedback WSDL 2.0

 PHP rocks with REST SOAP is heavy AMF is light but requires Flash But, if you still want to, you can

User Gateway REST API POST REST request REST request Response Aka the Façade Pattern

 Built-in to HTTP  Expires  Last-Modified  Cache-Control  Etag ▪ If-None-Match Stateless

 Hypermedia as the Engine of Application State Roy Thomas Fielding

 REST constraints Documentation Security Unit tests

 Contact:  www.AndrewCurioso.com/contact  @AndrewCurioso on Twitter  Careers.FreePriceAlerts.com

NEPHP '12: Create a RESTful API

by Andrew Curioso on Aug 12, 2012

Accessibility

Categories

Upload Details

Usage Rights

Statistics