The document discusses HTTP requests and responses. It explains that a request contains a start line with the method, URL and HTTP version, followed by headers providing additional information, and an optional message body. A response contains a status line with the protocol version and status code, followed by headers including caching information, and an optional message body. Content negotiation headers like Accept and Content-Type are used to select the appropriate representation format.

1. HTTP
& Your Angry Dog
ZendCon 2014
Ross Tuck

2. Freerange Codemonkey
Know-It-All
Hot-Air Balloon

3. @rosstuck
rosstuck.com

4. Today's topic:

5. Dogs

10. HTTP & Dogs

15. The Agenda

16. Basics

17. Request
Response
Client Server

18. Request
POST /gists HTTP/1.1
Authorization: Basic xxxxxxxx
Host: api.github.com
Content-Length: 146
{
"description": "the description for this gist",
"public": false,
"files": {
...

19. Request
POST /gists HTTP/1.1
Authorization: Basic xxxxxxxx
Host: api.github.com
Content-Length: 146
{
"description": "the description for this gist",
"public": false,
"files": {
...
2 Parts

20. Request
POST /gists HTTP/1.1
Authorization: Basic xxxxxxxx
Host: api.github.com
Content-Length: 146
{
"description": "the description for this gist",
"public": false,
"files": {
...
The body

21. Request
POST /gists HTTP/1.1
Authorization: Basic xxxxxxxx
Host: api.github.com
Content-Length: 146
<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8'>
<title>My application</title>
...
The body

22. Request
POST /gists HTTP/1.1
Authorization: Basic xxxxxxxx
Host: api.github.com
Content-Length: 146
{
"description": "the description for this gist",
"public": false,
"files": {
...
The body

23. Request
POST /gists HTTP/1.1
Authorization: Basic xxxxxxxx
Host: api.github.com
Content-Length: 146
{
"description": "the description for this gist",
"public": false,
"files": {
...

24. Request
POST /gists HTTP/1.1
Authorization: Basic xxxxxxxx
Host: api.github.com
Content-Length: 146
{
"description": "the description for this gist",
"public": false,
"files": {
...
The headers

25. Request
POST /gists HTTP/1.1
Authorization: Basic xxxxxxxx
Host: api.github.com
Content-Length: 146
{
"description": "the description for this gist",
"public": false,
"files": {
...
The good stuf

26. Request
POST /gists HTTP/1.1
Authorization: Basic xxxxxxxx
Host: api.github.com
Content-Length: 146
{
"description": "the description for this gist",
"public": false,
"files": {
...

27. Request
POST /gists HTTP/1.1
Authorization: Basic xxxxxxxx
Host: api.github.com
Content-Length: 146
{
"description": "the description for this gist",
"public": false,
"files": {
...
GET, POST, PUT, DELETE

28. Request Relative URL
POST /gists HTTP/1.1
Authorization: Basic xxxxxxxx
Host: api.github.com
Content-Length: 146
{
"description": "the description for this gist",
"public": false,
"files": {
...
HTTP version

29. Request
POST /gists HTTP/1.1
Authorization: Basic xxxxxxxx
Host: api.github.com
Content-Length: 146
{
"description": "the description for this gist",
"public": false,
"files": {
...
Key/Value pairs

30. Request
POST /gists HTTP/1.1
Authorization: Basic xxxxxxxx
Host: api.github.com
Content-Length: 146
{
"description": "the description for this gist",
"public": false,
"files": {
...

32. Response
HTTP/1.1 201 Created
Date: Sun, 09 Sep 2012 11:42:41 GMT
Content-Length: 1848
Location: https://api.github.com/gists/a43a0cf58
{
"description": "the description for this gist",
"comments": 0,
"created_at": "2012-09-09T11:42:40Z",
...
Status code

34. • 2xx
• 3xx
• 4xx
• 5xx
OK!
Over there!
Client screwed up!
Server screwed up!

35. Content Negotiation

36. Request
GET /dogs/corgi HTTP/1.1
Host: api.example.com

37. Response
HTTP/1.1 200 OK
Date: Sun, 26 Aug 2012 18:00:43 GMT
{
"cute": true,
"big": false,
"data_dog": true
}

38. Response
HTTP/1.1 200 OK
Date: Sun, 26 Aug 2012 18:00:43 GMT
<dog breed="corgi">
<cute>true</cute>
<data capacity="on" />
</dog>

39. Request
GET /dogs/corgi HTTP/1.1
Host: api.example.com

40. Request
GET /dogs/corgi.json HTTP/1.1
Host: api.example.com

41. /dogs/corgi.json !== /dogs/corgi.xml

42. Imagine the URL as your primary key.

43. Request
GET /dogs/corgi HTTP/1.1
Host: api.example.com

44. Request
GET /dogs/corgi?_format=json HTTP/1.1
Host: api.example.com

45. Request
POST /dogs/corgi?_format=json HTTP/1.1
Host: api.example.com

46. Request
GET /dogs/corgi HTTP/1.1
Host: api.example.com

47. Request
GET /dogs/corgi HTTP/1.1
Host: api.example.com
Accept: application/json

48. More POWAH

49. Request
GET /dogs/corgi HTTP/1.1
Host: api.example.com
Accept: application/json

50. Request
GET /dogs/corgi HTTP/1.1
Host: api.example.com
Accept: application/json, application/xml
How do I choose?

52. Request
GET /dogs/corgi HTTP/1.1
Host: api.example.com
Accept: application/json, application/xml

53. Response
HTTP/1.1 200 OK
Date: Sun, 26 Aug 2012 18:00:43 GMT
Content-Type: application/json
{
"cute": true,
"big": false,
"data_dog": true
}

54. Nifty.

55. Request
GET /dogs/corgi HTTP/1.1
Host: api.example.com
Accept: application/json, application/xml

56. text/html, text/plain

57. text/html;key=value, text/plain

58. text/html;key=value;foo=bar, text/plain

59. text/html, text/plain

60. Quality
(Default 1.0)
text/html, text/plain;q=0.5

61. text/html, text/plain;q=0.5, text/*;q=0.1
Wildcards

62. Anything at all
text/html, text/plain;q=0.5, */*;q=0.1

63. Accept Headers
Little weird...

64. But not so scary.

65. text/html,application/xhtml+xml,
application/xml;q=0.9,*/*;q=0.8

66. Cool...

67. What the heck is it good for?

68. Accept is a “Pattern”

69. Accept-Language
Accept-Encoding
Accept-Charset
Accept-Ranges

70. Content-Language
Content-Encoding
(works differently)
Content-Range

71. /dog/corgi
Resource vs Representation
JSON,
Dutch,
Gzipped,
/dog/corgi

72. Resource vs Representation

73. Best way to version your API.
Arguably.
Right now.

74. /v1/dogs/corgi

75. Accept: application/vnd.dogipedia-v1+json

76. Accept: application/vnd.dogipedia-v2+json

79. Vary

80. GET /dogs/corgi HTTP/1.1
Host: api.example.com
Client Server

81. GET /dogs/corgi HTTP/1.1
Host: api.example.com
Client Server

82. GET /dogs/corgi HTTP/1.1
Host: api.example.com
Client Proxy Server

83. GET /dogs/corgi HTTP/1.1
Host: api.example.com
Accept: application/json, text/plain
User-Species: cat
Client Proxy Server

84. Same URL.
Different output.
WTF should I return?

85. GET /dogs/corgi HTTP/1.1
Host: api.example.com
Accept: application/json, text/plain
User-Species: cat
Client Proxy Server

86. Client Proxy Server

87. Here's how.
Hint:
Involves the
Vary header!

88. /dogs/corgi
Accept: application/json, text/plain
User-Species: cat
Client Proxy Server

89. Response
HTTP/1.1 200 OK
Date: Sun, 26 Aug 2012 18:00:43 GMT
Content-Type: application/json
Vary: Accept
{“json”: “omgz”}

90. URL and Accept?
Okay, I got this.
Client Proxy Server

91. Some time later...

92. /dogs/corgi
Accept: application/json, text/plain
User-Species: aardvark
Client Proxy Server

93. Valid cache.
I has it.
Client Proxy Server

94. ZZZ
Z Z
Z
Client Proxy Server

95. Response
HTTP/1.1 200 OK
Date: Sun, 26 Aug 2012 18:00:43 GMT
Content-Type: application/json
Vary: Accept
{“json”: “omgz”}

96. Response
HTTP/1.1 200 OK
Date: Sun, 26 Aug 2012 18:00:43 GMT
Content-Type: application/json
Vary: Accept, User-Species
{“json”: “omgz”}

97. Response
HTTP/1.1 200 OK
Date: Sun, 26 Aug 2012 18:00:43 GMT
Content-Type: application/json
Vary: Accept, User-Species
{“json”: “dogs rule, cats drool”}

98. Request headers.
Not Response!

99. Bad Reputation?
2 Reasons

100. 1. Accept-Encoding
-Language

101. 2. Internet Explorer

102. Caching

103. Expires
Pragma
Cache-Control

104. Expires
Pragma
Cache-Control

105. Expires
Cache-Control
HTTP 1.0
HTTP 1.1

106. Response
HTTP/1.1 200 OK
Expires: Wed, 29 Oct 2014 22:00:00 GMT
{“herp”: “derp”}

107. Response
HTTP/1.1 200 OK
Cache-Control: max-age=120
{“herp”: “derp”}

108. Response
HTTP/1.1 200 OK
Cache-Control: max-age=120

109. Expires
Cache-Control
HTTP 1.0
HTTP 1.1

110. Response
HTTP/1.1 200 OK
Cache-Control: max-age=120
{“herp”: “derp”}

111. Response
HTTP/1.1 200 OK
Cache-Control: max-age=120, s-maxage=120
{“herp”: “derp”}
Dude, Where's
my dash?

112. public
private
no-store
no-cache
no-transform
must-revalidate
proxy-revalidate

113. Much better
than me.
Mark Nottingham's Caching Tutorial
http://www.mnot.net/cache_docs/

114. Conditional Requests

115. Conditional Requests

116. The Part About ETags

117. Conditional Requests

118. Request
DELETE /ross/reputation HTTP/1.1
Host: api.joind.in
If-Talk-Quality: Crap

119. if ($talkQuality === 'Crap') {
real code
delete($rossReputation);
Not } Server

120. What kind of conditions?

121. If-Match
If-None-Match
If-Modified-Since
If-Unmodified-Since
If-Range
ETags
Datetimes
Either

122. Wait a second, Ross.
Audience

123. What the heck is an ETag?

124. A string.
Any string.

125. One rule:

126. Represent the current state.

127. “14”
“a381bedb5d4478053eb04be35f8798dd”
“winnie-the-pooh”

128. ...for the current representation.

129. etag(“v14-json-en”) !== etag(“v14-xml-en”)
Don't cross the streams
Server

130. Last Modified Date sounds easier...
Audience

131. One second
of precision
Wed, 15 Nov 1995 04:58:08 GMT

132. Caching With Conditionals

133. Use Case

134. Request
GET /gists/3481910 HTTP/1.1
Host: api.github.com
Accept: */*

135. Response
HTTP/1.1 200 OK
Server: nginx/1.0.13
Date: Sun, 26 Aug 2012 18:00:43 GMT
Vary: Accept
ETag: "f4e15911542b92b44bb38186e71cc8f5"
"history": [
{
"version": "529f6311d5518977534b6e1fd313...",
...

136. Response
...
"user": {
"gravatar_id": "c26bfcbd5f786591e036fa0",
"avatar_url": "https://secure.gravatar...",
"login": "rosstuck",
"url": "https://api.github.com/users/rosstuck",
"id": 146766
},
"change_status": {
"additions": 1,
"deletions": 0,
"total": 1
},

137. Response
"url": "https://api.github.com/gists/348...",
"committed_at": "2012-08-26T17:40:03Z"
}
],
"git_pull_url": "git://gist.github.com/34819...",
"forks": [
],
"html_url": "https://gist.github.com/3481910",
"git_push_url": "git@gist.github.com:3481910.git",
"comments": 0,
"user": {

139. Response
HTTP/1.1 200 OK
Server: nginx/1.0.13
Date: Sun, 26 Aug 2012 18:00:43 GMT
Vary: Accept
ETag: "f4e15911542b92b44bb38186e71cc8f5"
{
"history": [
{
"version": "529f6311d5518970903cb5427534b6e1fd313aca",
"user": {
"gravatar_id": "c26bfcbd5f786591e036fa0958a11e8b",
"avatar_url": "https://secure.gravatar.com/avatar/c26bfcbd5f786591e036fa0958a11e8b?d=https://a2...
"login": "rosstuck",
"url": "https://api.github.com/users/rosstuck",
"id": 146766
},
"change_status": {
"additions": 1,
"deletions": 0,
"total": 1
},
"url": "https://api.github.com/gists/3481910/529f6311d5518970903cb5427534b6e1fd313aca",
"committed_at": "2012-08-26T17:40:03Z"
}
],
"git_pull_url": "git://gist.github.com/3481910.git",
"forks": [
],
"html_url": "https://gist.github.com/3481910",
"git_push_url": "git@gist.github.com:3481910.git",
"comments": 0,
"user": {
"gravatar_id": "c26bfcbd5f786591e036fa0958a11e8b",
"avatar_url": "https://secure.gravatar.com/avatar/c26bfcbd5f78659....",}
"login": "rosstuck",
"url": "https://api.github.com/users/rosstuck",
"id": 146766
},
"public": true,
"created_at": "2012-08-26T17:40:03Z",
"files": {
"gistfile1.txt": {
"type": "text/plain",
"filename": "gistfile1.txt",
"raw_url": "https://gist.github.com/raw/3481910/8b6946739e8098408ee3af96...
"content": "Hello PFC!",
"language": null,
"size": 10
}
},
"description": "",
"url": "https://api.github.com/gists/3481910",
"updated_at": "2012-08-26T17:40:03Z",
"id": "3481910"
}

141. Request
GET /gists/3481910 HTTP/1.1
Host: api.github.com
Accept: */*
If-None-Match: "f4e15911542b92b44bb38186e71cc8f5"

142. Response
HTTP/1.1 304 Not Modified
Server: nginx/1.0.13
Date: Sun, 26 Aug 2012 18:00:43 GMT
Vary: Accept
ETag: "f4e15911542b92b44bb38186e71cc8f5"

143. Response
HTTP/1.1 304 Not Modified
Server: nginx/1.0.13
Date: Sun, 26 Aug 2012 18:00:43 GMT
Vary: Accept
ETag: "f4e15911542b92b44bb38186e71cc8f5"

144. Response
HTTP/1.1 304 Not Modified
Server: nginx/1.0.13
Date: Sun, 26 Aug 2012 18:00:43 GMT
Vary: Accept
ETag: "f4e15911542b92b44bb38186e71cc8f5"
No giant body!

145. Caching.
You has it.

146. Request
GET /gists/3481910 HTTP/1.1
Host: api.github.com
Accept: */*
If-None-Match: "a381bedb5d4478053eb04be35f8798dd"

147. Request
GET /gists/3481910 HTTP/1.1
Host: api.github.com
Accept: */*
If-None-Match: "ross-is-a-poo-poo-head"

148. Response
HTTP/1.1 200 OK
Server: nginx/1.0.13
Date: Sun, 26 Aug 2012 18:00:43 GMT
Vary: Accept
ETag: "f4e15911542b92b44bb38186e71cc8f5"
"history": [
{
"version": "529f6311d5518977534b6e1fd313...",

149. Recap

150. No ETag
Old ETag
Matching ETag
Full Body
Full Body
No Body
→
→
→

151. ...on supported servers.

152. Why?

153. Parsing
Bandwidth
Response time
Probably
.Maybe

154. However...

155. “The fastest request is one you don't make.”
- Jesus

156. More Fun With ETags

157. Optimistic Concurrency Control
“Record Versioning”

158. Request

159. Request
GET /gists/3481910 HTTP/1.1
Host: api.github.com
Accept: */*
If-None-Match: "f4e15911542b92b44bb38186e71cc8f5"

160. Request
PATCH /gists/3481910 HTTP/1.1
Host: api.github.com
Accept: */*
If-None-Match: "f4e15911542b92b44bb38186e71cc8f5"

161. Request
PATCH /gists/3481910 HTTP/1.1
Host: api.github.com
Accept: */*
If-Match: "f4e15911542b92b44bb38186e71cc8f5"

162. Request
PATCH /gists/3481910 HTTP/1.1
Host: api.github.com
Accept: */*
If-Match: "f4e15911542b92b44bb38186e71cc8f5"
{ "description": "cheese om nom nom" }

163. Response

164. Response
HTTP/1.1 200 OK
Server: nginx/1.0.13
Date: Sat, 01 Sep 2012 14:01:38 GMT
ETag: "899b76047a5e68445668374c2e0faa32"
{
"description": "cheese om nom nom",
"user": {
"login": "rosstuck",
...

165. It works.

166. So what?

167. What if I send something...

169. Request
PATCH /gists/3481910 HTTP/1.1
Host: api.github.com
Accept: */*
If-Match: "899b76047a5e68445668374c2e0faa32"
{ "description": "cheese om nom nom" }

170. Request
PATCH /gists/3481910 HTTP/1.1
Host: api.github.com
Accept: */*
If-Match: "stay-puft-marshmellow-dog!"
{ "description": "cheese om nom nom" }

171. Response
HTTP/1.1 412 Precondition Failed
Server: nginx/1.0.13
Date: Sun, 26 Aug 2012 18:00:43 GMT

172. Response

173. Server
if (“stay-puft-marshmellow-dog” == “f4e1591..”) {
patchTheRecord();
}

174. Server
if (“stay-puft-marshmellow-dog” == “f4e1591..”) {
patchTheRecord();
} else {
sendScary412Message();
}

175. Your ETag is out of date.

176. “Two guys on the same record” problem

177. Scary Precondition Error pt. 2

178. Disclaimer
New Stuff Ahead

179. Request
DELETE /gists/3481910 HTTP/1.1
Host: api.github.com

180. Response
HTTP/1.1 428 Precondition Required
Server: nginx/1.0.13
Date: Sun, 26 Aug 2012 18:00:43 GMT

181. Am I operating on the latest version?

182. Request
DELETE /gists/3481910 HTTP/1.1
Host: api.github.com

183. Request
DELETE /gists/3481910 HTTP/1.1
Host: api.github.com
If-Match: "f4e15911542b92b44bb38186e71cc8f5"

184. Response
HTTP/1.1 204 No Content
Server: nginx/1.0.13
Date: Sun, 26 Aug 2012 18:00:43 GMT

185. Look before you leap.

186. Tooling

190. Epilogue: HTTP & Dogs

191. Content Negotiation
Vary
Caching
Preconditions

192. Treat it like your framework.

197. Questions?

198. Resources
• RFC 7231
–Sections 4 - 7
• http://redbot.org/
• http://mnot.net/cache_docs/
• http://charlesproxy.com/
• http://guzzlephp.org/

199. Image Credits
• http://www.sxc.hu/photo/555539
• http://www.flickr.com/photos/thedalogs/2953136078/
• http://www.sxc.hu/photo/678952
• http://www.flickr.com/photos/designgate/8317884432/
• http://www.flickr.com/photos/barretthall/3289317664/
• http://www.flickr.com/photos/binaryape/3702275400/lightbox/
• http://www.flickr.com/photos/istolethetv/2956799679/in/photostream/
• http://theflashbackspodcast.blogspot.nl/2012/01/30-day-film-challenge-day-8.html
• http://www.flickr.com/photos/jonomueller/6906420190/
• http://www.flickr.com/photos/cookbookman/6175752147
• http://www.flickr.com/photos/creativedc/2913123330/
• http://www.flickr.com/photos/epc/44053757/
• http://www.flickr.com/photos/soggydan/4698849104/
• http://www.flickr.com/photos/owldreams/4430175427/
• http://www.flickr.com/photos/piddleville/2499539542/
• http://www.flickr.com/photos/danja/5665671907/
• http://www.flickr.com/photos/cradlehall/3574160744/
• http://www.flickr.com/photos/ironypoisoning/7114801437/
• http://www.flickr.com/photos/piddleville/2499539542/lightbox/
• http://everydayidrawadog.blogspot.nl/2009_02_01_archive.html

200. joind.in/12071
Ross Tuck rosstuck.com
@rosstuck