SlideShare a Scribd company logo

POX to HATEOAS: Our Company's Journey Building a Hypermedia API

Luke Stokes
Luke Stokes

We started FoxyCart.com in 2007 and soon after slapped together some XML and called it an API. As our customer base grew and third-party integrations emerged, the need for a true REST API became a priority. Beginning in 2012, we started researching best practices for modern API development. This talk will tell the story of that research and 10-months of development that followed. You'll get a look at the HAL hypermedia format along with some best practices we came up with for our problem domain of exposing our entire admin interface. We'll cover a lot. You may need a seat belt.

Technology
1 of 33
Download to read offline
From POX to HATEOAS Our Company's Journey Building a Hypermedia API
Who... Luke Stokes Co-Founder, Developer of FoxyCart luke.stokes@foxycart.com @lukestokes http://bestoked.blogspot.com
What... FoxyCart ● ecommerce shopping cart system ● Started by Brett Florio and myself in 2005/2006, incorporated in 2007. ● SaaS (soon to be PaaS) ● Built to integrate using your css/html (we're not a CMS) ● No duplication of data
Why... No duplication? Expose our data! POX: Plain Old XML ● Confusing API actions ○ transaction_get, transaction_list, attribute_save, attribute_delete, transaction_modify, store_includes_get, etc ● Confusing request/response model ● Tight coupling between the client and server
APIs and the Internet ● Middleware ($$$) ● RPC ● SOAP ● WSDL ● Web Services (the WS-* stack) Tight Coupling! Does your browser do this?
REST to the rescue CRUD can be standardized via HTTP methods: POST/PUT = create GET = read PATCH/PUT = update DELETE = delete (goodbye *_list, *_save, *_modify, etc methods)
REST to the rescue Agreed upon response codes ● 1xx: Informational ● 2xx: Success ● 3xx: Redirection ● 4xx: Client Error (You Screwed Up) ● 5xx: Server Error (We Screwed Up) http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
But... where do we start? What's a perfect example of a REST API?
What is REST anyway? Six Constraints: ● Client-server ● Stateless ● Cacheable ● Layered system ● Code on demand (optional) ● Uniform interface ○ Identification of resources ○ Manipulation of resources through these representations ○ Self-descriptive messages ○ Hypermedia as the engine of application state
REST Client Need-to-Know ● Homepage ● Hypermedia Format ● Rel tags ● Known media types (and possibly versions) ● Bonus stuff: ○ ?limit=5&offset=10 ○ ?order=<field> desc (or asc) ○ ?fields=<field>,<field>,<field> ○ ?<field>=<value> ○ ?<field>=<some * partial value>
What's a media type? Examples: application/json application/xml application/hal+json Originally defined as MIME types (RFC 2046) Also referred to as Content-Types
Platform = Will Not Break Ecommerce site broken at 4am and you changed nothing? No one wants that phone call.
Flexible Versioning ● FOXYCART-API-VERSION header
Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json See: http://www.foxycart.com/blog/the-hypermedia-debate
Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to.
Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to. link: <https://example.com/users/2>; rel="https://example.com/rels/user"
Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to. link: <https://example.com/users/2>; rel="https://example.com/rels/user" link: <https://example.com/customers/2>; rel="https://example.com/rels/customer"
Flexible Versioning Header: FOXYCART-API-VERSION: 1 Add "awesome_sauce" field: ... "store_name":"My Store", "awesome_sauce":"pixie dust", "store_domain":"example", ... Additions? No problem!
Flexible Versioning Header: FOXYCART-API-VERSION: 1 Remove "awesome_sauce" field... Uh Oh. Option 1: rel="https://example.com/store_v2" Option 2: FOXYCART-API-VERSION: 2
XML Accepts Header HEADERS: Array ( [0] => Accept: application/hal+xml [1] => FOXYCART-API-VERSION: 1 ) curl -X GET -H "Accept: application/hal+xml" -H "FOXYCART-API-VERSION: 1" https://api-sandbox. foxycart.com/
Next...? <link rel="self" href="https://api-sandbox.foxycart.com/" title="Your API starting point."/> <link rel="https://api.foxycart.com/rels/create_client" href="https://api- sandbox.foxycart.com/clients" title="Create a client via POST."/> HATEOAS: Hypermedia as the Engine of Application State
Next...? OPTIONS curl -i -X OPTIONS -H "Authorization: Bearer cae3c0c261fc71512428d612c1d2fd2a" -H "FOXYCART-API-VERSION: 1" -H "Accept: application/hal+xml" "https://api-sandbox.foxycart.com/stores/2" HTTP/1.1 200 OK .. Allow: HEAD,GET,PUT,PATCH,DELETE ...
Next...? POST: /clients HEADERS: Array ( [0] => Accept: application/hal+xml [1] => FOXYCART-API-VERSION: 1 ) curl -X POST -H "Accept: application/hal+xml" -H "FOXYCART-API-VERSION: 1" https://api-sandbox. foxycart.com/clients
Error Handling HTTP/1.1 400 Bad Request Date: Fri, 30 Mar 2012 21:39:50 GMT Connection: close cache-control: private, must-revalidate Content-Type: application/vnd.error+xml Content-Length: 546 https://github.com/blongden/vnd.error
Error Handling <errors xml:lang="en"> <error logref=42> <message>Validation failed</message> <link rel='help' href='http://...' title='Error information'/> <link rel='describes' href='http://...' title='Error description'/> </error> </errors>
Examples! Let's take a look at the HAL Browser! Hal Talk: http://haltalk.herokuapp.com/explorer/hal_browser.html#/ Foxy Cart: http://wiki.foxycart.com/v/0.0.0/hypermedia_api https://api-sandbox.foxycart.com/hal-browser/hal_browser.html#/ https://api-sandbox.foxycart.com/hal-browser/
What's all this token stuff? * image credit: http://www.ibm.com/developerworks/library/x-androidfacebookapi/
OAuth 2.0 - Why Bother? Remember: Platform as a service! ● Hosted solutions ● Hosted CMS ● Self-hosted on a development platform Simplify where we can: ● If you created it, you get full access to it and we can skip the OAuth Dance
Client Code $resp = $client->get( $api_home_page, null, $display->getHeaders() ); $display->displayResult('Home Page',$client); $useful_links['create_client'] = $client->getLink('create_client'); $resp = $client->post( $useful_links['create_client'], $data, $display->getHeaders() );
REST is easy, right? (Nope) ● Should every resource have a custom media type? ● How should Hypermedia be represented in JSON (Collection+JSON, HAL, Siren, etc)? ● Link header exclusively or links as part of the body? ● To embedded sub resources? ● PATCH/PUT or POST? (X-HTTP-Method- Override) ● Where to put the version number?
REST is easy, right? (Nope) ● Include the full resource response when creating or use a 204? ● How do you avoid one PATCH stomping another? ○ ETags and Preconditions ○ "If-None-Match: W/"9f55f4d0f19b152a6e7c6ddeb4107e486fd7727c"" ○ "If-Modified-Since: Wed, 15 Feb 2012 12:53:52 -0800" ● How do you make hypermedia useful to the client and end user? ● Forms?
YOU NEED TESTS! Functional tests are critical ● Ensures your changes haven't broken anything old or new ● Speeds up prototyping Tests are NOT a substitute for your eyeballs
The Future Reliable platforms Consistent functionality Known, shared resources Notes: http://bestoked.blogspot.com/2012/02/restful- resources-required-reading.html http://wiki.foxycart.com/v/0.0.0/hypermedia_api

Recommended

PHP
PHPPHP
PHPJawhar Ali
 
PHP on Windows
PHP on WindowsPHP on Windows
PHP on Windowsguest60c7659
 
Web services tutorial
Web services tutorialWeb services tutorial
Web services tutorialLorna Mitchell
 
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con Innomatic
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con InnomaticCostruire applicazioni multi-tenant e piattaforme SaaS in PHP con Innomatic
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con InnomaticInnoteam Srl
 
PHP Project PPT
PHP Project PPTPHP Project PPT
PHP Project PPTPankil Agrawal
 
Tech talk php_cms
Tech talk php_cmsTech talk php_cms
Tech talk php_cmsShehrevar Davierwala
 
php
phpphp
phpbhuvana553
 
Php Ppt
Php PptPhp Ppt
Php Pptvsnmurthy
 

Recommended

PHP
PHPPHP
PHPJawhar Ali
 
PHP on Windows
PHP on WindowsPHP on Windows
PHP on Windowsguest60c7659
 
Web services tutorial
Web services tutorialWeb services tutorial
Web services tutorialLorna Mitchell
 
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con Innomatic
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con InnomaticCostruire applicazioni multi-tenant e piattaforme SaaS in PHP con Innomatic
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con InnomaticInnoteam Srl
 
PHP Project PPT
PHP Project PPTPHP Project PPT
PHP Project PPTPankil Agrawal
 
Tech talk php_cms
Tech talk php_cmsTech talk php_cms
Tech talk php_cmsShehrevar Davierwala
 
php
phpphp
phpbhuvana553
 
Php Ppt
Php PptPhp Ppt
Php Pptvsnmurthy
 
Presentation php
Presentation phpPresentation php
Presentation phpMuhammad Saqib Malik
 
Webform Server 351 Architecture and Overview
Webform Server 351 Architecture and OverviewWebform Server 351 Architecture and Overview
Webform Server 351 Architecture and Overviewddrschiw
 
Send, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script codeSend, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script codeNoushadur Shoukhin
 
Java Rest
Java Rest Java Rest
Java Rest AathikaJava
 
Lotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & ArchitectureLotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & Architectureddrschiw
 
Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)Stefan Koopmanschap
 
Java web services
Java web servicesJava web services
Java web serviceskumar gaurav
 
Up to Speed on HTML 5 and CSS 3
Up to Speed on HTML 5 and CSS 3Up to Speed on HTML 5 and CSS 3
Up to Speed on HTML 5 and CSS 3M. Jackson Wilkinson
 
The Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIThe Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIEyal Vardi
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...Maarten Balliauw
 
ASP.NET WEB API
ASP.NET WEB APIASP.NET WEB API
ASP.NET WEB APIThang Chung
 
Introduccion a HTML5
Introduccion a HTML5Introduccion a HTML5
Introduccion a HTML5Pablo Garaizar
 
Architecture of the Web browser
Architecture of the Web browserArchitecture of the Web browser
Architecture of the Web browserSabin Buraga
 
Intro to web services
Intro to web servicesIntro to web services
Intro to web servicesNeil Ghosh
 
58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-services58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-serviceshomeworkping3
 
PHP presentation - Com 585
PHP presentation - Com 585PHP presentation - Com 585
PHP presentation - Com 585jstout007
 
Php
PhpPhp
PhpSaket Shukla
 
Cgi
CgiCgi
CgiAbhishek Kesharwani
 
Web Services
Web ServicesWeb Services
Web ServicesKrish
 
IN LIVING CODING
IN LIVING CODINGIN LIVING CODING
IN LIVING CODINGkdhicks2
 
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013Luke Stokes
 
Drupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practicesDrupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practicesMayflower GmbH
 

More Related Content

What's hot

Webform Server 351 Architecture and Overview
Webform Server 351 Architecture and OverviewWebform Server 351 Architecture and Overview
Webform Server 351 Architecture and Overviewddrschiw
 
Send, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script codeSend, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script codeNoushadur Shoukhin
 
Lotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & ArchitectureLotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & Architectureddrschiw
 
Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)Stefan Koopmanschap
 
The Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIThe Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIEyal Vardi
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...Maarten Balliauw
 
Architecture of the Web browser
Architecture of the Web browserArchitecture of the Web browser
Architecture of the Web browserSabin Buraga
 
Intro to web services
Intro to web servicesIntro to web services
Intro to web servicesNeil Ghosh
 
58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-services58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-serviceshomeworkping3
 
PHP presentation - Com 585
PHP presentation - Com 585PHP presentation - Com 585
PHP presentation - Com 585jstout007
 
Web Services
Web ServicesWeb Services
Web ServicesKrish
 
IN LIVING CODING
IN LIVING CODINGIN LIVING CODING
IN LIVING CODINGkdhicks2
 

What's hot (20)

Presentation php
Presentation phpPresentation php
Presentation php
 
Webform Server 351 Architecture and Overview
Webform Server 351 Architecture and OverviewWebform Server 351 Architecture and Overview
Webform Server 351 Architecture and Overview
 
Send, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script codeSend, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script code
 
Java Rest
Java Rest Java Rest
Java Rest
 
Lotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & ArchitectureLotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & Architecture
 
Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)
 
Java web services
Java web servicesJava web services
Java web services
 
Up to Speed on HTML 5 and CSS 3
Up to Speed on HTML 5 and CSS 3Up to Speed on HTML 5 and CSS 3
Up to Speed on HTML 5 and CSS 3
 
The Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIThe Full Power of ASP.NET Web API
The Full Power of ASP.NET Web API
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
 
ASP.NET WEB API
ASP.NET WEB APIASP.NET WEB API
ASP.NET WEB API
 
Introduccion a HTML5
Introduccion a HTML5Introduccion a HTML5
Introduccion a HTML5
 
Architecture of the Web browser
Architecture of the Web browserArchitecture of the Web browser
Architecture of the Web browser
 
Intro to web services
Intro to web servicesIntro to web services
Intro to web services
 
58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-services58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-services
 
PHP presentation - Com 585
PHP presentation - Com 585PHP presentation - Com 585
PHP presentation - Com 585
 
Php
PhpPhp
Php
 
Cgi
CgiCgi
Cgi
 
Web Services
Web ServicesWeb Services
Web Services
 
IN LIVING CODING
IN LIVING CODINGIN LIVING CODING
IN LIVING CODING
 

Viewers also liked

Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013Luke Stokes
 
Drupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practicesDrupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practicesMayflower GmbH
 
iPhone Apps with HTML5
iPhone Apps with HTML5iPhone Apps with HTML5
iPhone Apps with HTML5Mayflower GmbH
 
Fast & Furious: Speed in the Opera browser
Fast & Furious: Speed in the Opera browserFast & Furious: Speed in the Opera browser
Fast & Furious: Speed in the Opera browserAndreas Bovens
 

Viewers also liked (6)

Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
 
Drupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practicesDrupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practices
 
Javascript Ttesting
Javascript TtestingJavascript Ttesting
Javascript Ttesting
 
PaaSing Your Code Around
PaaSing Your Code AroundPaaSing Your Code Around
PaaSing Your Code Around
 
iPhone Apps with HTML5
iPhone Apps with HTML5iPhone Apps with HTML5
iPhone Apps with HTML5
 
Fast & Furious: Speed in the Opera browser
Fast & Furious: Speed in the Opera browserFast & Furious: Speed in the Opera browser
Fast & Furious: Speed in the Opera browser
 

Similar to POX to HATEOAS: Our Company's Journey Building a Hypermedia API

Using the new WordPress REST API
Using the new WordPress REST APIUsing the new WordPress REST API
Using the new WordPress REST APICaldera Labs
 
Microservice Websites – Micro CPH
Microservice Websites – Micro CPHMicroservice Websites – Micro CPH
Microservice Websites – Micro CPHGustaf Nilsson Kotte
 
High quality ap is with api platform
High quality ap is with api platformHigh quality ap is with api platform
High quality ap is with api platformNelson Kopliku
 
CharlesSweetResume06155122015
CharlesSweetResume06155122015CharlesSweetResume06155122015
CharlesSweetResume06155122015Charlie Sweet
 
WordPress and Client Side Web Applications WCTO
WordPress and Client Side Web Applications WCTOWordPress and Client Side Web Applications WCTO
WordPress and Client Side Web Applications WCTORoy Sivan
 
REST Development made Easy with ColdFusion Aether
REST Development made Easy with ColdFusion AetherREST Development made Easy with ColdFusion Aether
REST Development made Easy with ColdFusion AetherPavan Kumar
 
Rails missing features
Rails missing featuresRails missing features
Rails missing featuresAstrails
 
Simplify your professional web development with symfony
Simplify your professional web development with symfonySimplify your professional web development with symfony
Simplify your professional web development with symfonyFrancois Zaninotto
 
Wordcamp Toronto Presentation
Wordcamp Toronto PresentationWordcamp Toronto Presentation
Wordcamp Toronto PresentationRoy Sivan
 
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?Wong Hoi Sing Edison
 
Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB WSO2
 
Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...
Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...
Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...valcker
 
PHP on Windows and on Azure
PHP on Windows and on AzurePHP on Windows and on Azure
PHP on Windows and on AzureMaarten Balliauw
 
CONTENT MANAGEMENT SYSTEM
CONTENT MANAGEMENT SYSTEMCONTENT MANAGEMENT SYSTEM
CONTENT MANAGEMENT SYSTEMANAND PRAKASH
 
Making Of PHP Based Web Application
Making Of PHP Based Web ApplicationMaking Of PHP Based Web Application
Making Of PHP Based Web ApplicationSachin Walvekar
 
Introduction to PHP - SDPHP
Introduction to PHP - SDPHPIntroduction to PHP - SDPHP
Introduction to PHP - SDPHPEric Johnson
 

Similar to POX to HATEOAS: Our Company's Journey Building a Hypermedia API (20)

PHP on Windows
PHP on WindowsPHP on Windows
PHP on Windows
 
Using the new WordPress REST API
Using the new WordPress REST APIUsing the new WordPress REST API
Using the new WordPress REST API
 
Microservice Websites – Micro CPH
Microservice Websites – Micro CPHMicroservice Websites – Micro CPH
Microservice Websites – Micro CPH
 
Crafting APIs
Crafting APIsCrafting APIs
Crafting APIs
 
High quality ap is with api platform
High quality ap is with api platformHigh quality ap is with api platform
High quality ap is with api platform
 
CharlesSweetResume06155122015
CharlesSweetResume06155122015CharlesSweetResume06155122015
CharlesSweetResume06155122015
 
unit1 part 1 sem4 php.docx
unit1 part 1 sem4 php.docxunit1 part 1 sem4 php.docx
unit1 part 1 sem4 php.docx
 
WordPress and Client Side Web Applications WCTO
WordPress and Client Side Web Applications WCTOWordPress and Client Side Web Applications WCTO
WordPress and Client Side Web Applications WCTO
 
REST Development made Easy with ColdFusion Aether
REST Development made Easy with ColdFusion AetherREST Development made Easy with ColdFusion Aether
REST Development made Easy with ColdFusion Aether
 
Rails missing features
Rails missing featuresRails missing features
Rails missing features
 
Simplify your professional web development with symfony
Simplify your professional web development with symfonySimplify your professional web development with symfony
Simplify your professional web development with symfony
 
Wordcamp Toronto Presentation
Wordcamp Toronto PresentationWordcamp Toronto Presentation
Wordcamp Toronto Presentation
 
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
 
Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB
 
Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...
Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...
Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...
 
PHP on Windows and on Azure
PHP on Windows and on AzurePHP on Windows and on Azure
PHP on Windows and on Azure
 
CONTENT MANAGEMENT SYSTEM
CONTENT MANAGEMENT SYSTEMCONTENT MANAGEMENT SYSTEM
CONTENT MANAGEMENT SYSTEM
 
Switch to Backend 2023
Switch to Backend 2023Switch to Backend 2023
Switch to Backend 2023
 
Making Of PHP Based Web Application
Making Of PHP Based Web ApplicationMaking Of PHP Based Web Application
Making Of PHP Based Web Application
 
Introduction to PHP - SDPHP
Introduction to PHP - SDPHPIntroduction to PHP - SDPHP
Introduction to PHP - SDPHP
 

Recently uploaded

Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureFemke de Vroome
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...marcuskenyatta275
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfFIDO Alliance
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Patrick Viafore
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfFIDO Alliance
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfFIDO Alliance
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfFIDO Alliance
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireExakis Nelite
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?Mark Billinghurst
 

Recently uploaded (20)

Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 

POX to HATEOAS: Our Company's Journey Building a Hypermedia API

  • 1. From POX to HATEOAS Our Company's Journey Building a Hypermedia API
  • 2. Who... Luke Stokes Co-Founder, Developer of FoxyCart luke.stokes@foxycart.com @lukestokes http://bestoked.blogspot.com
  • 3. What... FoxyCart ● ecommerce shopping cart system ● Started by Brett Florio and myself in 2005/2006, incorporated in 2007. ● SaaS (soon to be PaaS) ● Built to integrate using your css/html (we're not a CMS) ● No duplication of data
  • 4. Why... No duplication? Expose our data! POX: Plain Old XML ● Confusing API actions ○ transaction_get, transaction_list, attribute_save, attribute_delete, transaction_modify, store_includes_get, etc ● Confusing request/response model ● Tight coupling between the client and server
  • 5. APIs and the Internet ● Middleware ($$$) ● RPC ● SOAP ● WSDL ● Web Services (the WS-* stack) Tight Coupling! Does your browser do this?
  • 6. REST to the rescue CRUD can be standardized via HTTP methods: POST/PUT = create GET = read PATCH/PUT = update DELETE = delete (goodbye *_list, *_save, *_modify, etc methods)
  • 7. REST to the rescue Agreed upon response codes ● 1xx: Informational ● 2xx: Success ● 3xx: Redirection ● 4xx: Client Error (You Screwed Up) ● 5xx: Server Error (We Screwed Up) http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
  • 8. But... where do we start? What's a perfect example of a REST API?
  • 9. What is REST anyway? Six Constraints: ● Client-server ● Stateless ● Cacheable ● Layered system ● Code on demand (optional) ● Uniform interface ○ Identification of resources ○ Manipulation of resources through these representations ○ Self-descriptive messages ○ Hypermedia as the engine of application state
  • 10. REST Client Need-to-Know ● Homepage ● Hypermedia Format ● Rel tags ● Known media types (and possibly versions) ● Bonus stuff: ○ ?limit=5&offset=10 ○ ?order=<field> desc (or asc) ○ ?fields=<field>,<field>,<field> ○ ?<field>=<value> ○ ?<field>=<some * partial value>
  • 11. What's a media type? Examples: application/json application/xml application/hal+json Originally defined as MIME types (RFC 2046) Also referred to as Content-Types
  • 12. Platform = Will Not Break Ecommerce site broken at 4am and you changed nothing? No one wants that phone call.
  • 14. Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json See: http://www.foxycart.com/blog/the-hypermedia-debate
  • 15. Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to.
  • 16. Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to. link: <https://example.com/users/2>; rel="https://example.com/rels/user"
  • 17. Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to. link: <https://example.com/users/2>; rel="https://example.com/rels/user" link: <https://example.com/customers/2>; rel="https://example.com/rels/customer"
  • 18. Flexible Versioning Header: FOXYCART-API-VERSION: 1 Add "awesome_sauce" field: ... "store_name":"My Store", "awesome_sauce":"pixie dust", "store_domain":"example", ... Additions? No problem!
  • 19. Flexible Versioning Header: FOXYCART-API-VERSION: 1 Remove "awesome_sauce" field... Uh Oh. Option 1: rel="https://example.com/store_v2" Option 2: FOXYCART-API-VERSION: 2
  • 20. XML Accepts Header HEADERS: Array ( [0] => Accept: application/hal+xml [1] => FOXYCART-API-VERSION: 1 ) curl -X GET -H "Accept: application/hal+xml" -H "FOXYCART-API-VERSION: 1" https://api-sandbox. foxycart.com/
  • 21. Next...? <link rel="self" href="https://api-sandbox.foxycart.com/" title="Your API starting point."/> <link rel="https://api.foxycart.com/rels/create_client" href="https://api- sandbox.foxycart.com/clients" title="Create a client via POST."/> HATEOAS: Hypermedia as the Engine of Application State
  • 22. Next...? OPTIONS curl -i -X OPTIONS -H "Authorization: Bearer cae3c0c261fc71512428d612c1d2fd2a" -H "FOXYCART-API-VERSION: 1" -H "Accept: application/hal+xml" "https://api-sandbox.foxycart.com/stores/2" HTTP/1.1 200 OK .. Allow: HEAD,GET,PUT,PATCH,DELETE ...
  • 23. Next...? POST: /clients HEADERS: Array ( [0] => Accept: application/hal+xml [1] => FOXYCART-API-VERSION: 1 ) curl -X POST -H "Accept: application/hal+xml" -H "FOXYCART-API-VERSION: 1" https://api-sandbox. foxycart.com/clients
  • 24. Error Handling HTTP/1.1 400 Bad Request Date: Fri, 30 Mar 2012 21:39:50 GMT Connection: close cache-control: private, must-revalidate Content-Type: application/vnd.error+xml Content-Length: 546 https://github.com/blongden/vnd.error
  • 25. Error Handling <errors xml:lang="en"> <error logref=42> <message>Validation failed</message> <link rel='help' href='http://...' title='Error information'/> <link rel='describes' href='http://...' title='Error description'/> </error> </errors>
  • 26. Examples! Let's take a look at the HAL Browser! Hal Talk: http://haltalk.herokuapp.com/explorer/hal_browser.html#/ Foxy Cart: http://wiki.foxycart.com/v/0.0.0/hypermedia_api https://api-sandbox.foxycart.com/hal-browser/hal_browser.html#/ https://api-sandbox.foxycart.com/hal-browser/
  • 27. What's all this token stuff? * image credit: http://www.ibm.com/developerworks/library/x-androidfacebookapi/
  • 28. OAuth 2.0 - Why Bother? Remember: Platform as a service! ● Hosted solutions ● Hosted CMS ● Self-hosted on a development platform Simplify where we can: ● If you created it, you get full access to it and we can skip the OAuth Dance
  • 29. Client Code $resp = $client->get( $api_home_page, null, $display->getHeaders() ); $display->displayResult('Home Page',$client); $useful_links['create_client'] = $client->getLink('create_client'); $resp = $client->post( $useful_links['create_client'], $data, $display->getHeaders() );
  • 30. REST is easy, right? (Nope) ● Should every resource have a custom media type? ● How should Hypermedia be represented in JSON (Collection+JSON, HAL, Siren, etc)? ● Link header exclusively or links as part of the body? ● To embedded sub resources? ● PATCH/PUT or POST? (X-HTTP-Method- Override) ● Where to put the version number?
  • 31. REST is easy, right? (Nope) ● Include the full resource response when creating or use a 204? ● How do you avoid one PATCH stomping another? ○ ETags and Preconditions ○ "If-None-Match: W/"9f55f4d0f19b152a6e7c6ddeb4107e486fd7727c"" ○ "If-Modified-Since: Wed, 15 Feb 2012 12:53:52 -0800" ● How do you make hypermedia useful to the client and end user? ● Forms?
  • 32. YOU NEED TESTS! Functional tests are critical ● Ensures your changes haven't broken anything old or new ● Speeds up prototyping Tests are NOT a substitute for your eyeballs
  • 33. The Future Reliable platforms Consistent functionality Known, shared resources Notes: http://bestoked.blogspot.com/2012/02/restful- resources-required-reading.html http://wiki.foxycart.com/v/0.0.0/hypermedia_api