Successfully reported this slideshow.

More Related Content

Related Books

Free with a 14 day trial from Scribd

See all

NEPHP '13: Pragmatic API Development

  1. 1. Andrew Curioso Twitter: @AndrewCurioso #nephp Pragmatic API Development Andrew Curioso
  2. 2. What is an API? ● Application Programming Interface ● Web Service ● Contract
  3. 3. Business Case ● Mobile API First
  4. 4. Business Case ● Multiple Devices Your API
  5. 5. Become a Platform ● Internal – Multi-platform – Scalable ● Semi-Public – Partner Integration ● Public – Everything+ – Growth ● Mashups ● Innovation ● Evangelism – “The Platform Play”
  6. 6. Types of APIs ● Representation StateTransfer (REST) ● Remote Procedure Call (RPC) ● Realtime Streaming
  7. 7. What is REST? ● Nouns ● Verbs ● HTTP is inherently RESTful
  8. 8. Why REST ● Intuitive ● Easy to implement in PHP ● Widely accepted
  9. 9. Nouns ● Resources – Blog post – User – Etc. ● Unique URIs – Example: http://www.example.com/users/1234.json
  10. 10. Verbs ● 5 most common – GET – POST – PUT – DELETE – HEAD
  11. 11. Verbs ● Uses – GET – Read data – POST and PUT write data – DELETE and POST delete data
  12. 12. CSRF ● Cross Site Request Forgery ● Vectors: – Embedded resources (<img>, <script>, etc) – Hidden forms security
  13. 13. CSRF ● Never edit data with GET – Ajax Same origin policy→ ● Forms – Single use tokens – Referrer check security
  14. 14. Response Formats ● Json – Very common for REST APIs – Simple – Fast – Multi-platform
  15. 15. Response Formats ● JsonP – P Padding→ – Allows reading data cross origin – GET only
  16. 16. Response Formats ● XML – Heavy and verbose – Strictly typed – Lots of existing tools
  17. 17. Response Formats ● Text – Json / JsonP – XML – HTML – YAML – CSV – Serialized PHP – Etc. ● Binary – Microsoft Excel – PDF – JPG / PNG / GIF – MP3 – Etc.
  18. 18. Status Codes ● Success – 200 OK – 201 Created – 301 Permanent Redirect – 302 Found – 303 See Other
  19. 19. Status Codes ● Error – 401 Unauthorized – 402 Payment Required – 403 Forbidden – 404 Not Found – 405 Method NotAllowed – 409 Conflict – 410 Gone – 500 Internal Server Error – 501 Not Implemented – 503 Service Unavailable
  20. 20. Status Codes ● Novelty – 418 I Am ATeapot – 415 Unavailable For Legal Reasons
  21. 21. Putting it together ● Getting – Anything but GET ● 405 Method Not Allowed – Resource not found ● 404 Not Found – Success ● 200 OK – Moved ● 301 Permanent Redirect or 302 Found
  22. 22. Putting it together ● Adding – Anything but POST ● 405 Method Not Allowed – Resource already existed ● 303 See Other – Success ● 201 Created – Error ● 500 Internal Server Error with description
  23. 23. Putting it together ● Editing – Anything but PUT or POST ● 405 Method Not Allowed – Resource does not exist ● 404 Not Found – Success ● 200 OK – Error ● 500 Internal Server Error with description
  24. 24. Putting it together ● Deleting – Anything but DELETE or POST ● 405 Method Not Allowed – Resource does not exist ● 404 Not Found – Success ● 200 OK or 204 No Content – Error ● 500 Internal Server Error with description
  25. 25. Putting it together ● Everything – Not logged in ● 401 Unauthorized – Logged in but permission denied ● 403 Forbidden
  26. 26. Putting it together ● Why POST or DELETE/PUT – Client support – _method=VERB ● /users.json?_method=POST
  27. 27. Example ● Past bin ● Simple – No security
  28. 28. Example ● Making it RESTful 1) Identify nouns 2) Write down URI structure 3) Map verbs to the URIs
  29. 29. Example ● GET /documents.json ● POST /documents.json ● GET /documents/{id}.json ● DELETE /documents/{id}.json ● PUT /documents/{id}.json
  30. 30. HATEOAS ● Hypermedia as the Engine of Application State – Next state – Content Negotiation ● Accepts header
  31. 31. Versioning ● URI ● Custom header ● Accepts header
  32. 32. Pagination ● Meta info – URI to next/prev page (HATEOAS) – Total count – Current page ● Methods – Header – Document
  33. 33. Errors ● Same format ● Descriptive { "error" : { "code" : 404, "description" : "The resource could not be found", "name" : "Not Found" } }
  34. 34. Testing ● GET Web Browser→ ● OS X / Linux – curl – Example: curl -X DELETE “ http://www.example.com/document/123.json” ● Automated UnitTests
  35. 35. Authentication ● Who am I? ● Types: – Basic – Digest – OAuth 1 & 2 – No 3rd party password sharing! – Cookies – API keys ● 401 Unauthorized
  36. 36. Authorization ● Can I do that? ● 403 Forbidden
  37. 37. Documentation ● Vocabularies / schemas ● Examples: – Input – Output – Code ● Feedback ● WSDL 2.0
  38. 38. OtherTypes ● RPC ● Streaming
  39. 39. Checklist ✔ Design schema upfront ✔ Identify nouns ✔ Design URI structure ✔ Errors in same format ✔ Proper status codes ✔ Server-side validation ✔ Testing ✔ Documentation
  40. 40. Predictions ● Internet ofThings ● API Economy ● Success
  41. 41. Andrew Curioso  Contact:  www.AndrewCurioso.com/contact  @AndrewCurioso onTwitter

Editor's Notes

  • Thank you _____________
    Today I’m going to be talking about creating a RESTful API with PHP. Not just any RESTful API, but an Epic one.
    &amp;lt;number&amp;gt;
  • ×