Your SlideShare is downloading. ×
Api pain points
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Api pain points

1,607
views

Published on

Published in: Technology

0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,607
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
29
Comments
0
Likes
5
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. API PAIN-POINTS GETTING THINGS WRONG FOR FUN AND PROFIT @PHILSTURGEON #PHPCAPETOWN14
  • 2. ARCHITECTURE OLD SCHOOL
  • 3. http://girlsgotsole.com/blog/thankful-thursday-rest-days/
  • 4. DATABASE SEEDING LEAVE YOUR CUSTOMERS ALONE
  • 5. ENDPOINT THEORY NAMING THINGS IS HARD
  • 6. PLURAL V SINGULAR? CONSISTENCY IS KING /user/23 /user s
  • 7. PLURAL V SINGULAR? CONSISTENCY IS KING /opportunity/43 /opportunities
  • 8. PLURAL V SINGULAR? CONSISTENCY IS KING /places /places/12 /places/12/checkins /places/12/checkins/34 /checkins/34
  • 9. NO NEED FOR SEO QUERY STRINGS ARE FINE /users/active/true /users?active=tru e
  • 10. AUTO-INCREMENT = BAD CTRL + S YOUR WEBSITE /checkins/1 /checkins/2 /checkins/236 9 … /checkins/3
  • 11. AUTO-INCREMENT = BAD CTRL + S YOUR WEBSITE https://github.com/zackkitzmiller/tiny-php https://github.com/ramsey/uuid
  • 12. WHICH METHODS VERB SOUP List GET /users Read GET /users/X Update PUT /users/X Update PATCH /users/X Create POST /users Delete DELETE /users/X Image PUT /users/X/image Images POST /users/X/images Favorites GET /users/X/favorites Checkins GET /users/X/checkins
  • 13. FORM PAYLOADS JUST SEND JSON foo=something&bar[baz]=thi ng 23
  • 14. HACKY PAYLOADS NOT LIKE THAT
  • 15. REAL JSON PAYLOADS THNX!
  • 16. 200 = OK Or deal with Chuck
  • 17. 2xx is all about success 3xx is all about redirection 4xx is all about client errors 5xx is all about service errors
  • 18. 200 - Generic everything is OK 201 - Created something OK 202 - Accepted but is being processed async 400 - Bad Request (Validation?) 401 - Unauthorized 403 - Current user is forbidden 404 - That URL is not a valid route 405 - Method Not Allowed 410 - Data has been deleted, deactivated, suspended, etc 500 - Something unexpected happened and it is the APIs fault 503 - API is not here right now, please try again later
  • 19. SUPPLEMENT HTTP CODES WHAT HAPPENED { "error": { "type": "OAuthException", "message": "Session has expired at unix time 1385243766. The current unix time is 1385848532" } }
  • 20. SUPPLEMENT HTTP CODES WHAT HAPPENED { "error": { "type": "OAuthException", "code": “ERR-1012“, "message": "Session has expired at unix time 1385243766. The current unix time is 1385848532" } }
  • 21. AUTHENTICATION STRATEGY HOW MUCH DO YOU CARE HTTP Basic HTTP Digest OAuth 1.0a OAuth 2.0
  • 22. OAUTH 2 CAN DO A LOT PASSWORDS, IMPLICIT, SOCIAL LOGINS…
  • 23. OAUTH 2.0 thephpleague.com github.com/thephpleague/oauth2-server
  • 24. USE SSL
  • 25. LOL EXCEPT FOR…
  • 26. TRANSFORMERS… ASSEMBLE!
  • 27. FLEXIBLE RESPONSES STOP YOUR IPHONE DEV COMPLAINING GET /checkins/dsfXte ?include=place,user,activity
  • 28. PAGINATE DATA GROWS FAST { "data": [ ... ], "cursors": { "after": "MTI=", "next_url": "https://api.example.com/places ?cursor=MTI%3&number=12" } }
  • 29. DEFINE A LIMIT RANGE PAGINATION DDOS if ($limit < 1 || $limit > 100) { $limit = 100; }
  • 30. AUTOMATE TESTING IF YOU LOVE YOUR JOB http://www.engineersgotblued.com/
  • 31. PHPUNIT + BEHAT http://www.bil-jac.com/bestfriendsclub.php
  • 32. Scenario: Find a merchant When I request "GET /moments/1" Then I get a "200" response And scope into the "data" property And the properties exist: """ id … created_at
  • 33. Scenario: Try to find an invalid checkin When I request "GET /checkins/nope" Then I get a "404" response
  • 34. Scenario:Wrong Arguments for user follow Given I have the payload: """ {"is_following": "foo"} """ When I request "PUT /users/1” Then I get a "400" response
  • 35. apiblueprint.org
  • 36. VERSIONING /V1/DOESNT COUNT https://api.example.com/v1/places
  • 37. VERSIONING /V1/DOESNT COUNT https://api-v1.example.com/places
  • 38. VERSIONING /V1/DOESNT COUNT Accept: application/vnd.com.example.api-v1+json Accept: application/vnd.com.example.api-v2+json
  • 39. VERSIONING /V1/DOESNT COUNT Accept: application/vnd.com.example.user-v2+json Accept: application/vnd.com.example.user-v3+json
  • 40. VERSIONING /V1/DOESNT COUNT Copy Facebook Maybe? THIS ONE TIME!
  • 41. EVERYTHING IS WRONG DONT BE THAT GUY troyhunt.com/2014/02/your-api-versioning-is-wrong-which-is.html
  • 42. leanpub.com/build-apis-you-wont-hate/c/CAPEMAN2014