NEPHP '13: Pragmatic API Development

2,105 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,105
On SlideShare
0
From Embeds
0
Number of Embeds
38
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Thank you _____________
    Today I’m going to be talking about creating a RESTful API with PHP. Not just any RESTful API, but an Epic one.
    <number>
  • NEPHP '13: Pragmatic API Development

    1. 1. Andrew Curioso Twitter: @AndrewCurioso #nephp Pragmatic API Development Andrew Curioso
    2. 2. What is an API? ● Application Programming Interface ● Web Service ● Contract
    3. 3. Business Case ● Mobile API First
    4. 4. Business Case ● Multiple Devices Your API
    5. 5. Become a Platform ● Internal – Multi-platform – Scalable ● Semi-Public – Partner Integration ● Public – Everything+ – Growth ● Mashups ● Innovation ● Evangelism – “The Platform Play”
    6. 6. Types of APIs ● Representation StateTransfer (REST) ● Remote Procedure Call (RPC) ● Realtime Streaming
    7. 7. What is REST? ● Nouns ● Verbs ● HTTP is inherently RESTful
    8. 8. Why REST ● Intuitive ● Easy to implement in PHP ● Widely accepted
    9. 9. Nouns ● Resources – Blog post – User – Etc. ● Unique URIs – Example: http://www.example.com/users/1234.json
    10. 10. Verbs ● 5 most common – GET – POST – PUT – DELETE – HEAD
    11. 11. Verbs ● Uses – GET – Read data – POST and PUT write data – DELETE and POST delete data
    12. 12. CSRF ● Cross Site Request Forgery ● Vectors: – Embedded resources (<img>, <script>, etc) – Hidden forms security
    13. 13. CSRF ● Never edit data with GET – Ajax Same origin policy→ ● Forms – Single use tokens – Referrer check security
    14. 14. Response Formats ● Json – Very common for REST APIs – Simple – Fast – Multi-platform
    15. 15. Response Formats ● JsonP – P Padding→ – Allows reading data cross origin – GET only
    16. 16. Response Formats ● XML – Heavy and verbose – Strictly typed – Lots of existing tools
    17. 17. Response Formats ● Text – Json / JsonP – XML – HTML – YAML – CSV – Serialized PHP – Etc. ● Binary – Microsoft Excel – PDF – JPG / PNG / GIF – MP3 – Etc.
    18. 18. Status Codes ● Success – 200 OK – 201 Created – 301 Permanent Redirect – 302 Found – 303 See Other
    19. 19. Status Codes ● Error – 401 Unauthorized – 402 Payment Required – 403 Forbidden – 404 Not Found – 405 Method NotAllowed – 409 Conflict – 410 Gone – 500 Internal Server Error – 501 Not Implemented – 503 Service Unavailable
    20. 20. Status Codes ● Novelty – 418 I Am ATeapot – 415 Unavailable For Legal Reasons
    21. 21. Putting it together ● Getting – Anything but GET ● 405 Method Not Allowed – Resource not found ● 404 Not Found – Success ● 200 OK – Moved ● 301 Permanent Redirect or 302 Found
    22. 22. Putting it together ● Adding – Anything but POST ● 405 Method Not Allowed – Resource already existed ● 303 See Other – Success ● 201 Created – Error ● 500 Internal Server Error with description
    23. 23. Putting it together ● Editing – Anything but PUT or POST ● 405 Method Not Allowed – Resource does not exist ● 404 Not Found – Success ● 200 OK – Error ● 500 Internal Server Error with description
    24. 24. Putting it together ● Deleting – Anything but DELETE or POST ● 405 Method Not Allowed – Resource does not exist ● 404 Not Found – Success ● 200 OK or 204 No Content – Error ● 500 Internal Server Error with description
    25. 25. Putting it together ● Everything – Not logged in ● 401 Unauthorized – Logged in but permission denied ● 403 Forbidden
    26. 26. Putting it together ● Why POST or DELETE/PUT – Client support – _method=VERB ● /users.json?_method=POST
    27. 27. Example ● Past bin ● Simple – No security
    28. 28. Example ● Making it RESTful 1) Identify nouns 2) Write down URI structure 3) Map verbs to the URIs
    29. 29. Example ● GET /documents.json ● POST /documents.json ● GET /documents/{id}.json ● DELETE /documents/{id}.json ● PUT /documents/{id}.json
    30. 30. HATEOAS ● Hypermedia as the Engine of Application State – Next state – Content Negotiation ● Accepts header
    31. 31. Versioning ● URI ● Custom header ● Accepts header
    32. 32. Pagination ● Meta info – URI to next/prev page (HATEOAS) – Total count – Current page ● Methods – Header – Document
    33. 33. Errors ● Same format ● Descriptive { "error" : { "code" : 404, "description" : "The resource could not be found", "name" : "Not Found" } }
    34. 34. Testing ● GET Web Browser→ ● OS X / Linux – curl – Example: curl -X DELETE “ http://www.example.com/document/123.json” ● Automated UnitTests
    35. 35. Authentication ● Who am I? ● Types: – Basic – Digest – OAuth 1 & 2 – No 3rd party password sharing! – Cookies – API keys ● 401 Unauthorized
    36. 36. Authorization ● Can I do that? ● 403 Forbidden
    37. 37. Documentation ● Vocabularies / schemas ● Examples: – Input – Output – Code ● Feedback ● WSDL 2.0
    38. 38. OtherTypes ● RPC ● Streaming
    39. 39. Checklist ✔ Design schema upfront ✔ Identify nouns ✔ Design URI structure ✔ Errors in same format ✔ Proper status codes ✔ Server-side validation ✔ Testing ✔ Documentation
    40. 40. Predictions ● Internet ofThings ● API Economy ● Success
    41. 41. Andrew Curioso  Contact:  www.AndrewCurioso.com/contact  @AndrewCurioso onTwitter

    ×