NEPHP '13: Pragmatic API Development
•1 like•2,717 views
Report
Share
Download to read offline
More Related Content
Viewers also liked
Viewers also liked(18)
Similar to NEPHP '13: Pragmatic API Development
Similar to NEPHP '13: Pragmatic API Development(20)
Recently uploaded
Recently uploaded(9)
NEPHP '13: Pragmatic API Development
- 1. Andrew Curioso Twitter: @AndrewCurioso #nephp Pragmatic API Development Andrew Curioso
- 2. What is an API? ● Application Programming Interface ● Web Service ● Contract
- 3. Business Case ● Mobile API First
- 4. Business Case ● Multiple Devices Your API
- 5. Become a Platform ● Internal – Multi-platform – Scalable ● Semi-Public – Partner Integration ● Public – Everything+ – Growth ● Mashups ● Innovation ● Evangelism – “The Platform Play”
- 6. Types of APIs ● Representation StateTransfer (REST) ● Remote Procedure Call (RPC) ● Realtime Streaming
- 7. What is REST? ● Nouns ● Verbs ● HTTP is inherently RESTful
- 8. Why REST ● Intuitive ● Easy to implement in PHP ● Widely accepted
- 9. Nouns ● Resources – Blog post – User – Etc. ● Unique URIs – Example: http://www.example.com/users/1234.json
- 10. Verbs ● 5 most common – GET – POST – PUT – DELETE – HEAD
- 11. Verbs ● Uses – GET – Read data – POST and PUT write data – DELETE and POST delete data
- 12. CSRF ● Cross Site Request Forgery ● Vectors: – Embedded resources (<img>, <script>, etc) – Hidden forms security
- 13. CSRF ● Never edit data with GET – Ajax Same origin policy→ ● Forms – Single use tokens – Referrer check security
- 14. Response Formats ● Json – Very common for REST APIs – Simple – Fast – Multi-platform
- 15. Response Formats ● JsonP – P Padding→ – Allows reading data cross origin – GET only
- 16. Response Formats ● XML – Heavy and verbose – Strictly typed – Lots of existing tools
- 17. Response Formats ● Text – Json / JsonP – XML – HTML – YAML – CSV – Serialized PHP – Etc. ● Binary – Microsoft Excel – PDF – JPG / PNG / GIF – MP3 – Etc.
- 18. Status Codes ● Success – 200 OK – 201 Created – 301 Permanent Redirect – 302 Found – 303 See Other
- 19. Status Codes ● Error – 401 Unauthorized – 402 Payment Required – 403 Forbidden – 404 Not Found – 405 Method NotAllowed – 409 Conflict – 410 Gone – 500 Internal Server Error – 501 Not Implemented – 503 Service Unavailable
- 20. Status Codes ● Novelty – 418 I Am ATeapot – 415 Unavailable For Legal Reasons
- 21. Putting it together ● Getting – Anything but GET ● 405 Method Not Allowed – Resource not found ● 404 Not Found – Success ● 200 OK – Moved ● 301 Permanent Redirect or 302 Found
- 22. Putting it together ● Adding – Anything but POST ● 405 Method Not Allowed – Resource already existed ● 303 See Other – Success ● 201 Created – Error ● 500 Internal Server Error with description
- 23. Putting it together ● Editing – Anything but PUT or POST ● 405 Method Not Allowed – Resource does not exist ● 404 Not Found – Success ● 200 OK – Error ● 500 Internal Server Error with description
- 24. Putting it together ● Deleting – Anything but DELETE or POST ● 405 Method Not Allowed – Resource does not exist ● 404 Not Found – Success ● 200 OK or 204 No Content – Error ● 500 Internal Server Error with description
- 25. Putting it together ● Everything – Not logged in ● 401 Unauthorized – Logged in but permission denied ● 403 Forbidden
- 26. Putting it together ● Why POST or DELETE/PUT – Client support – _method=VERB ● /users.json?_method=POST
- 27. Example ● Past bin ● Simple – No security
- 28. Example ● Making it RESTful 1) Identify nouns 2) Write down URI structure 3) Map verbs to the URIs
- 29. Example ● GET /documents.json ● POST /documents.json ● GET /documents/{id}.json ● DELETE /documents/{id}.json ● PUT /documents/{id}.json
- 30. HATEOAS ● Hypermedia as the Engine of Application State – Next state – Content Negotiation ● Accepts header
- 31. Versioning ● URI ● Custom header ● Accepts header
- 32. Pagination ● Meta info – URI to next/prev page (HATEOAS) – Total count – Current page ● Methods – Header – Document
- 33. Errors ● Same format ● Descriptive { "error" : { "code" : 404, "description" : "The resource could not be found", "name" : "Not Found" } }
- 34. Testing ● GET Web Browser→ ● OS X / Linux – curl – Example: curl -X DELETE “ http://www.example.com/document/123.json” ● Automated UnitTests
- 35. Authentication ● Who am I? ● Types: – Basic – Digest – OAuth 1 & 2 – No 3rd party password sharing! – Cookies – API keys ● 401 Unauthorized
- 36. Authorization ● Can I do that? ● 403 Forbidden
- 37. Documentation ● Vocabularies / schemas ● Examples: – Input – Output – Code ● Feedback ● WSDL 2.0
- 39. Checklist ✔ Design schema upfront ✔ Identify nouns ✔ Design URI structure ✔ Errors in same format ✔ Proper status codes ✔ Server-side validation ✔ Testing ✔ Documentation
- 40. Predictions ● Internet ofThings ● API Economy ● Success
- 41. Andrew Curioso Contact: www.AndrewCurioso.com/contact @AndrewCurioso onTwitter
Editor's Notes
- Thank you _____________ Today I’m going to be talking about creating a RESTful API with PHP. Not just any RESTful API, but an Epic one. &lt;number&gt;