Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

REST in Peace

6,546 views

Published on

Slides from our talk “REST in Peace” for DrupalCamp Baltics 2015: http://drupalcampbaltics.com/event/rest-peace

Speakers:
- Kate Marshalkina
- Konstantin Komelin

Speech transcript is available here: http://komelin.com/en/articles/rest-peace-api-development-drupal

Published in: Technology

REST in Peace

  1. 1. REST in Peace API DEVELOPMENT IN DRUPAL
  2. 2. Kate Marshalkina Konstantin Komelin Drupal Consultant from Moscow who fell in love with Drupal in 2011. Interested in i18n, distributions and Drupal 8. Path Breadcrumbs co-maintainer. @kalabro Drupal Consultant from Saint Petersburg Co-founder of local Drupal Community Drupal Trainer at MorningCurve @kkomelin
  3. 3. Let’s REST
  4. 4. Headless?!
  5. 5. What is API for?
  6. 6. Mobile Apps API
  7. 7. Microservices API
  8. 8. Frontend Apps API
  9. 9. What is REST?
  10. 10. Resource Representation GET /items POST /items GET /items/1 PUT /items/1 DELETE /items/1 Methods REpresentational State Transfer
  11. 11. RESTful or RESTless
  12. 12. REST in Drupal
  13. 13. Services RestWS RESTful Endpoint Drupal 8 Popularity Documentation Extensibility Authentication Performance Auto API Docs Versioning
  14. 14. Services https://www.drupal.org/project/services “A standardized solution of integrating external applications with Drupal.” 37,085 sites use this module. Popularity: ★★★★★
  15. 15. RESTful Web Services https://www.drupal.org/project/restws “Builds upon the Entity API, to provide support for all entity types out of the box.” 4,746 sites use this module. Popularity: ★★★
  16. 16. RESTful https://www.drupal.org/project/restful https://github.com/RESTful-Drupal/restful “This module allows Drupal to be operated via RESTful HTTP requests, using best practices for security, performance, and usability.” “Audience is developers and not site builders.” 395 sites use this module. Popularity: ★★
  17. 17. Endpoint https://www.drupal.org/project/endpoint “Endpoint is really light, fast and flexible, that makes it a good solution for projects where Drupal role is mobile backend and single-page app backend.” 7 sites use this module. Popularity: ★ REST-focused alternative to High-performance JavaScript callback handler https://www.drupal.org/project/js
  18. 18. Drupal 8 REST Core + https://www.drupal.org/project/restui “In Drupal 8 core, interactions with content entities are supported via a REST interface. The REST module is extensible, and modules that wish to offer other services can implement Resource Plugins.” Popularity: ★★
  19. 19. Services RestWS RESTful Endpoint Drupal 8 Popularity Documentation Extensibility Authentication Performance Auto API Docs Versioning
  20. 20. Services RestWS RESTful Endpoint Drupal 8 Popularity Documentation Extensibility Authentication Performance Auto API Docs Versioning
  21. 21. Project docs API docs (hooks) UI Examples Videos Services ★★★ ★★★★ ★★★★ ★★★ ★★★★ RestWS ★★★ ★★★★ ★ ★★★★ ★ RESTful ★★★★★ ★★★★★ ★★ ★★★★★ ★★ Endpoint ★★ ★★ ★ ★ ★ Drupal 8 ★★★ ★★★ ★★★ ★★★ ★★★ Documentation & Quick Start
  22. 22. Services RestWS RESTful Endpoint Drupal 8 Popularity Documentation Extensibility Authentication Performance Auto API Docs Versioning
  23. 23. Extensibility & hooks
  24. 24. Services RestWS RESTful Endpoint Drupal 8 Popularity Documentation Extensibility Authentication Performance Auto API Docs Versioning
  25. 25. Total lines of PHP code Without comments, tests and whitespace Hooks Services 15,000 6,000 18 RestWS 3,000 1,000 7 RESTful 18,000 6,000 1 Endpoint 300 300 - Drupal 8 5,000 1 3 Code Statistics
  26. 26. Services Custom architecture, ~18 hooks (13 — alter) To create a custom resource: 1. Implement hook_services_resources() 2. Write custom callbacks
  27. 27. RestWS Entity API + 7 hooks To create a custom resource: 1. Implement hook_restws_resource_info() 2. Create controller class on top of RestWSResourceControllerInterface
  28. 28. RESTful Ctools plugins, Entity API, OOP To create a custom resource: 1. Implement hook_ctools_plugin_directory () 2. Create controller class on top of RestfulEntityBase / RestfulInterface
  29. 29. Endpoint Custom routing function. To create a custom resource: 1. Create /api.php with an array of endpoints. 2. Call endpoint_route() from that file.
  30. 30. Drupal 8 REST Plugin Manager, Config Manager, Routes, Annotations etc. To create a custom resource: 1. Create controller on top of ResourceBase / ResourceInterface. 2. Save it as src/Plugin/rest/resource/MyCustomResource.php inside your module. To enable endpoint for existing resource: 1. Write/paste resource settings into rest.settings.yml. 2. Create config/install/rest.settings.yml inside your module.
  31. 31. Services RestWS RESTful Endpoint Drupal 8 Popularity Documentation Extensibility Authentication Performance Auto API Docs Versioning
  32. 32. Security & Authentication
  33. 33. Security & Authentication 0. X-CSRF-Token 1. Cookie Auth 2. HTTP Basic Auth 3. Token Auth 4. OAuth 5. Oauth2
  34. 34. X-CSRF-Token HTTP Header to prevent Cross-Site Request Forgery for session based authentication. For writing methods: POST, PUT, PATCH, DELETE. Services RestWS RESTful Endpoint Drupal 8 ✔️ ✔️ ✔️ ✖️ ✔️ services/session/tok en restws/session/ token api/session/ token rest/session/ token
  35. 35. Cookie Auth Drupal build-in auth mechanism. 1. Client sends auth request (user / password). 2. Server returns session cookie in Set-Cookie header. 3. Client makes further requests with Cookie: SESSb7f18cc=pvOhLNLdNNs7BkwbX8… header. Services RestWS RESTful Endpoint Drupal 8 ✔️ ✔️ ✔️ ✔️ ✔️
  36. 36. HTTP Basic Auth Username and password are sent on every request (base64): Authorization: Basic aHR0cHdhdGNoOmY= Services RestWS RESTful Endpoint Drupal 8 ✔️ ✔️ ✔️ ✖️ ✔️
  37. 37. Token Auth Server returns token instead of Set-Cookie. { access_token: "7P1bwJtBTSKm-f_UHZFa6m2VWtyLNA8jHRiKUbhNwMQ", type: "Bearer", expires_in: 39584, refresh_token: "Ch9p0Q4KZjisw-vGDzjAQW583bj6He6eiRZOp1ovFLQ" } (Example from Restful). Solves some cookies problems with CDNs, session store, CSRF, CORS. Services RestWS RESTful Endpoint Drupal 8 ✖️ ✖️ ✔️ ✖️ ✖️ See #1494132
  38. 38. OAuth implementations in Drupal: 1. OAuth 1.0: https://www.drupal.org/project/oauth 2. OAuth 2.0: https://www.drupal.org/project/oauth2_server OAuth & OAuth2 Services RestWS RESTful Endpoint Drupal 8 OAuth ✔️ ✖️ ✖️ ✖️ ✖️* OAuth2 Server ✔️ ✖️ ✔️ ✖️ ✖️
  39. 39. Services RestWS RESTful Endpoint Drupal 8 Popularity Documentation Extensibility Authentication Performance Auto API Docs Versioning
  40. 40. Performance & Speed
  41. 41. How did we count? • Ubuntu 14.04, Nginx 1.8.0, Mariadb 10.0.20, PHP 5.5.9 with php5-fpm, 1GB RAM • Minimal Drupal Profile • Node with just Title and Body • Disabled Drupal cache • Anonymous requests • HTTP POST to create entities • Apache Benchmark (ab) • Clean database after each ab run
  42. 42. Services RestWS RESTful Endpoint Drupal 8 Popularity Documentation Extensibility Authentication Performance Auto API Docs Versioning
  43. 43. From apiary.io
  44. 44. Services Documentation API https://www.drupal.org/project/services_documentation
  45. 45. Self Documenting REST API https://www.drupal.org/project/rest_api_doc (7.x)
  46. 46. RESTful OPTIONS Request
  47. 47. Self Documenting REST API https://www.drupal.org/project/rest_api_doc (8.x)
  48. 48. Services RestWS RESTful Endpoint Drupal 8 Popularity Documentation Extensibility Authentication Performance Auto API Docs Versioning
  49. 49. 1. Versioning API 2. Multiple endpoints: /api/v1, /api/v2/ Versioning in Services
  50. 50. Built-in resource versioning. Versioning in RESTful
  51. 51. Services RestWS RESTful Endpoint Drupal 8 Popularity Documentation Extensibility Authentication Performance Auto API Docs Versioning
  52. 52. Better to make a difference together than make it different alone
  53. 53. Leave feedback through Picback http://promokids.github.io/picback konstantin@komelin.com @kkomelin marshalkina@gmail.com @kalabro
  54. 54. Bonus: Drupal as an API Client 1. drupal_http_request()/ curl_exec() 2. RESTClient — Wrapper for 1. 3. Guzzle — PHP HTTP client 4. Feeds — for GET only 5. Clients — Pluggable client, supports Services endpoints 6. Remote Entity — Entity API + Clients 7. WSData — Alternative to Remote Entity 8. Integration with popular APIs: Twitter, Facebook, Dropbox etc. 9. Saucier — A Node.JS framework for Drupal API consumption.

×