Api pain points

928 views

Published on

I've been building APIs for a long time now and it is becoming ever more common for server-side developer thanks to the rise of front-end JavaScript frameworks, iPhone applications and generally API-centric architectures. On one hand you're just grabbing stuff from a data source and shoving it out as JSON, but surviving changes in business logic, database schema updates, new or deprecated etc gets super difficult.

This talk will outline the common pitfalls developers get trapped in when building APIs and outline methods to avoid them, including naming stuff badly then having to rename everything, when and how to use POST/PUT/PATCH, data structures, DDoSing yourself because pagination, picking your authentication system and all sorts of other stuff.

1 Comment
4 Likes
Statistics
Notes
  • Great presentation, really enjoyed reading your slides although I never had a chance to see the actual talk. Maybe we can lure you to LA one of these days to do a talk for LAPHP.

    BTW, one hint there - for ID hashes obfuscation I really like the hashids library (http://hashids.org) rather than tiny-php. It does the exactly the same thing, but for tiny-php you need to manually random reshuffle the initial alphabet while hashids reshuffle it for your using the salt string.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
928
On SlideShare
0
From Embeds
0
Number of Embeds
26
Actions
Shares
0
Downloads
8
Comments
1
Likes
4
Embeds 0
No embeds

No notes for slide

Api pain points

  1. 1. API PAIN-POINTS GETTING THINGS WRONG FOR FUN AND PROFIT @PHILSTURGEON #PHPJOBURG14
  2. 2. http://girlsgotsole.com/blog/thankful-thursday-rest-days/
  3. 3. DATABASE SEEDING LEAVE YOUR CUSTOMERS ALONE
  4. 4. ENDPOINT THEORY NAMING THINGS IS HARD
  5. 5. PLURAL V SINGULAR? CONSISTENCY IS KING /user/23 /users
  6. 6. PLURAL V SINGULAR? CONSISTENCY IS KING /opportunity/43 /opportunities
  7. 7. PLURAL V SINGULAR? CONSISTENCY IS KING /places /places/12 /places/12/checkins /places/12/checkins/34 /checkins/34
  8. 8. NO NEED FOR SEO QUERY STRINGS ARE FINE /users/active/true /users?active=true
  9. 9. AUTO-INCREMENT = BAD CTRL + S YOUR WEBSITE /checkins/1 /checkins/2 /checkins/2369 … /checkins/3
  10. 10. AUTO-INCREMENT = BAD CTRL + S YOUR WEBSITE https://github.com/zackkitzmiller/tiny-php https://github.com/ramsey/uuid
  11. 11. WHICH METHODS VERB SOUP List GET /users Create POST /users Read GET /users/X Update PUT /users/X Delete DELETE /users/X Image PUT /users/X/image Image POST /users/X/images Favorites GET /users/X/favorites Checkins GET /users/X/checkins
  12. 12. FORM PAYLOADS JUST SEND JSON foo=something&bar[baz]=thing &bar[stuff]=junk&bar=true22
  13. 13. HACKY PAYLOADS NOT LIKE THAT
  14. 14. REAL JSON PAYLOADS THNX!
  15. 15. 200 = OK
  16. 16. 2xx is all about success 3xx is all about redirection 4xx is all about client errors 5xx is all about service errors
  17. 17. 200 - Generic everything is OK 201 - Created something OK 202 - Accepted but is being processed async 400 - Bad Request (Validation?) 401 - Unauthorized 403 - Current user is forbidden 404 - That URL is not a valid route 410 - Data has been deleted, deactivated, suspended, etc 405 - Method Not Allowed 500 - Something unexpected happened and it is the APIs fault 503 - API is not here right now, please try again later
  18. 18. SUPPLEMENT HTTP CODES WHAT HAPPENED { "error": { "type": "OAuthException", "message": "Session has expired at unix time 1385243766. The current unix time is 1385848532" } }
  19. 19. SUPPLEMENT HTTP CODES WHAT HAPPENED { "error": { "type": "OAuthException", "code": “ERR-1012“, "message": "Session has expired at unix time 1385243766. The current unix time is 1385848532" } }
  20. 20. AUTHENTICATION STRATEGY HOW MUCH DO YOU CARE HTTP Basic HTTP Digest OAuth 1.0a OAuth 2.0
  21. 21. OAUTH 2.0 thephpleague.com github.com/thephpleague/oauth2-server
  22. 22. USE SSL
  23. 23. OAUTH 2 CAN DO A LOT PASSWORDS, IMPLICIT, SOCIAL LOGINS…
  24. 24. TRANSFORMERS… ASSEMBLE!
  25. 25. FLEXIBLE RESPONSES STOP YOUR IPHONE DEV COMPLAINING GET /checkins/dsfXte ? include=place,user,activity
  26. 26. PAGINATE DATA GROWS FAST { "data": [ ... ], "cursors": { "after": "MTI=", "next_url": "https://api.example.com/places ?cursor=MTI%3&number=12" } }
  27. 27. DEFINE A MAXIMUM PAGINATION DDOS if ($limit > 100) { $limit = 100; }
  28. 28. PHPUNIT + BEHAT http://www.bil- jac.com/bestfriendsclub.php
  29. 29. AUTOMATE TESTING IF YOU LOVE YOUR JOB
  30. 30. Scenario: Find a merchant When I request "GET /moments/1" Then I get a "200" response And scope into the "data" property And the properties exist: """ id … created_at """
  31. 31. Scenario: Try to find an invalid checkin When I request "GET /checkins/nope" Then I get a "404" response
  32. 32. Scenario:Wrong Arguments for user follow Given I have the payload: """ {"is_following": "foo"} """ When I request "PUT /users/1” Then I get a "400" response
  33. 33. apiblueprint.org
  34. 34. ARCHITECTURE OLD SCHOOL

×