SlideShare a Scribd company logo
1 of 36
Download to read offline
Building RESTful APIs
Vancouver Python Day
November 16, 2013

Ganesh Swami
www.silota.com
Hi
•

Programming professionally for 10+ years
•

x86 assembly, STL, boost, python-boost, python
!

•

Built emacs-­‐wiki-­‐blog: first blogging engine for
Emacs!
SILOTA
•

Search As A Service
•

•

full stack: crawling, indexing, retrieving, tag deployment

Python shop:
•
•

ansible	
  

•

sentry	
  

•

django	
  

•
•

pelican	
  

django-­‐rest-­‐framework	
  

In beta testing: love more feedback!
APIs: What & Why
What is an API?
Application Programming Interface
!

An API is the interface implemented by an
application which allows other applications to
communicate with it.
What is an API?
communicate
What is REST?
•

REpresentational State Transfer
•

logical resources manipulated with HTTP verbs

•

modern best practice

•

wide adoption

•

contrast with SOAP
Why build an API?
•

explosion of devices connected to the internet

•

can be a company’s greatest asset

•

bizdev 2.0: internal developers, consultants,
partners, customers
Sample APIs
•

aws

•

dropbox

•

instagram

•

pinterest

•

github

•

stripe

•

salesforce

•

parse

•

…
Source: Mary Meeker’s Internet Trends 2013
APIs: How
Top 3 qualities
•

Intuitive
•

•

no surprises, easy to learn

Documented
•
•

•

simple answers to simple questions
references, tutorials & quick starts

Opinionated
•

camelCase, ids, responses, pagination, etc.
Resources,
Status Codes &
Errors
Resources
•

Nouns, not verbs

•

Coarse grained, not fine grained

•

example: let’s build a document datastore!
Smells like RPC
•

/getDocument	
  

•

/getAllDocuments	
  

•

/createDocument	
  

•

/updateDocument	
  

•

/deleteDocument
Smells like RPC
•

/getDocument	
  

•

/getAllDocuments	
  

•

/createDocument	
  

•

/updateDocument	
  

•

/deleteDocument

This is a bad example. !
Don’t do this!
Embrace HTTP
•

GET,	
  POST,	
  PUT,	
  PATCH,	
  DELETE	
  
!

•

Explorable with simple tools
Embrace HTTP
GET	
  /document
GET	
  /document/19
POST	
  /document

Retrieve all documents

Retrieve a specific document #19

Create a new document

PUT	
  /document/19

Update an existing document #19

DELETE	
  /document/19

Delete an existing document #19
Bipartite graph
/documents

/documents/:id

GET
error

POST
PUT

error

PATCH

error

DELETE

…
Status Codes
2xx

OK, created, all good, carry on

4xx

User error: bad API key, malformed
data, item not found, etc.

5xx

Server error
Errors
•

Errors
•

as descriptive as possible

•

developers are your customers

•

never naked 4xx/5xx HTTP errors
Errors
<xml	
  version="1.0"?>	
  
<Error>	
  
	
  	
  	
  	
  <Message>A	
  server	
  error	
  has	
  occurred</Message>	
  
	
  	
  	
  	
  <Description>Unknown	
  Error</Description>	
  
	
  	
  	
  	
  <Id>1234</Id>	
  
</Error>

Just no.
Errors
{	
  
	
  	
  "code"	
  :	
  1234,	
  
	
  	
  "message"	
  :	
  "Unsupported	
  media	
  type	
  ‘text/html’	
  in	
  request",	
  
	
  	
  "description"	
  :	
  "Requests	
  need	
  to	
  have	
  the	
  Content-­‐Type	
  HTTP	
  
header	
  set	
  to	
  ‘application/json’"	
  
}
pip-install httpie
Best practices
security
base URLs
serialization
timestamps
versioning
caching
gzip
logging
Best practices
security

https all the way

base URLs

api.companyname.com

serialization

json

timestamps

ISO 8601 & UTC

versioning

/v1/

caching

ETag & Last-Modified

gzip

always & pretty print responses

logging

if possible
Recap
•

https + gzip + json

•

draw bipartite graph of nouns and verbs

•

great documentation

•

no surprises
django-­‐rest-­‐framework
Why use a framework?
Myths
•

roll your own

•

use a ‘lightweight’ framework

•

too tied to django

•

too slow
Features
•

pagination

•

permission

•

authentication

•

serialization

•

throttling

•

data validation

•

proper HTTP response handling
Magic formula: Mixins
Views

Authentication

Permissions

Throttling

CreateAPIView

Token

Any

SimpleRate

ListAPIView

Session

Token

AnonRate

RetrieveAPIView

OAuth

Authentication

DeleteAPIView
Four step formula
1. create the model
2. write the serializer
3. write the view
4. configure the urls
References
•

How to Design a Good API and Why it Matters:
•

•

Best Practices for Designing a Pragmatic RESTful API
•

•

http://www.vinaysahni.com/best-practices-for-a-pragmaticrestful-api

REST worst practices:
•

•

http://lcsd05.cs.tamu.edu/slides/keynote.pdf

http://jacobian.org/writing/rest-worst-practices/

http://django-rest-framework.org/
Keep in touch!
Ganesh Swami!
www.silota.com
ganesh@silota.com
@gane5h

More Related Content

What's hot

Build Your Own CMS with Apache Sling
Build Your Own CMS with Apache SlingBuild Your Own CMS with Apache Sling
Build Your Own CMS with Apache Sling
Bob Paulin
 
PowerShell for SharePoint Admins
PowerShell for SharePoint AdminsPowerShell for SharePoint Admins
PowerShell for SharePoint Admins
Rick Taylor
 
MEAN Stack Workshop at Node Philly, 4/9/14
MEAN Stack Workshop at Node Philly, 4/9/14MEAN Stack Workshop at Node Philly, 4/9/14
MEAN Stack Workshop at Node Philly, 4/9/14
Valeri Karpov
 

What's hot (20)

Unlocking the Magical Powers of WP_Query
Unlocking the Magical Powers of WP_QueryUnlocking the Magical Powers of WP_Query
Unlocking the Magical Powers of WP_Query
 
Drupal, Android and iPhone
Drupal, Android and iPhoneDrupal, Android and iPhone
Drupal, Android and iPhone
 
In-browser storage and me
In-browser storage and meIn-browser storage and me
In-browser storage and me
 
Middleware in Golang: InVision's Rye
Middleware in Golang: InVision's RyeMiddleware in Golang: InVision's Rye
Middleware in Golang: InVision's Rye
 
RESTFul development with Apache sling
RESTFul development with Apache slingRESTFul development with Apache sling
RESTFul development with Apache sling
 
Making Watir and Cucumber an efficient tool for Web UI Automation
Making Watir and Cucumber an efficient tool for Web UI AutomationMaking Watir and Cucumber an efficient tool for Web UI Automation
Making Watir and Cucumber an efficient tool for Web UI Automation
 
Build Your Own CMS with Apache Sling
Build Your Own CMS with Apache SlingBuild Your Own CMS with Apache Sling
Build Your Own CMS with Apache Sling
 
WordPress APIs
WordPress APIsWordPress APIs
WordPress APIs
 
PowerShell for SharePoint Admins
PowerShell for SharePoint AdminsPowerShell for SharePoint Admins
PowerShell for SharePoint Admins
 
Euroclojure2014: Schema & Swagger - making your Clojure web APIs more awesome
Euroclojure2014: Schema & Swagger - making your Clojure web APIs more awesomeEuroclojure2014: Schema & Swagger - making your Clojure web APIs more awesome
Euroclojure2014: Schema & Swagger - making your Clojure web APIs more awesome
 
TDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDBTDD a REST API With Node.js and MongoDB
TDD a REST API With Node.js and MongoDB
 
2017 Codemotion OWASP ZAP in CI/CD
2017 Codemotion OWASP ZAP in CI/CD2017 Codemotion OWASP ZAP in CI/CD
2017 Codemotion OWASP ZAP in CI/CD
 
Two scoops of Django - Deployment
Two scoops of Django - DeploymentTwo scoops of Django - Deployment
Two scoops of Django - Deployment
 
JCR and Sling Quick Dive
JCR and Sling Quick DiveJCR and Sling Quick Dive
JCR and Sling Quick Dive
 
MEAN Stack Workshop at Node Philly, 4/9/14
MEAN Stack Workshop at Node Philly, 4/9/14MEAN Stack Workshop at Node Philly, 4/9/14
MEAN Stack Workshop at Node Philly, 4/9/14
 
Ci of js and apex using jasmine, phantom js and drone io df14
Ci of js and apex using jasmine, phantom js and drone io   df14Ci of js and apex using jasmine, phantom js and drone io   df14
Ci of js and apex using jasmine, phantom js and drone io df14
 
Case study: JBoss Developer Studio, an IDE for Web, Mobile and Cloud applicat...
Case study: JBoss Developer Studio, an IDE for Web, Mobile and Cloud applicat...Case study: JBoss Developer Studio, an IDE for Web, Mobile and Cloud applicat...
Case study: JBoss Developer Studio, an IDE for Web, Mobile and Cloud applicat...
 
2017 DevSecCon ZAP Scripting Workshop
2017 DevSecCon ZAP Scripting Workshop2017 DevSecCon ZAP Scripting Workshop
2017 DevSecCon ZAP Scripting Workshop
 
SANS DFIR Prague: PowerShell & WMI
SANS DFIR Prague: PowerShell & WMISANS DFIR Prague: PowerShell & WMI
SANS DFIR Prague: PowerShell & WMI
 
Configuration As Code - Adoption of the Job DSL Plugin at Netflix
Configuration As Code - Adoption of the Job DSL Plugin at NetflixConfiguration As Code - Adoption of the Job DSL Plugin at Netflix
Configuration As Code - Adoption of the Job DSL Plugin at Netflix
 

Viewers also liked

Maak Kennis Met Finchline 110207
Maak Kennis Met Finchline 110207Maak Kennis Met Finchline 110207
Maak Kennis Met Finchline 110207
Fred van Dijk
 
Mobile api test approach
Mobile api test approachMobile api test approach
Mobile api test approach
Indium Software
 

Viewers also liked (20)

RESTful APIs: Promises & lies
RESTful APIs: Promises & liesRESTful APIs: Promises & lies
RESTful APIs: Promises & lies
 
RESTful API Design, Second Edition
RESTful API Design, Second EditionRESTful API Design, Second Edition
RESTful API Design, Second Edition
 
Linux Composite Communication
Linux Composite CommunicationLinux Composite Communication
Linux Composite Communication
 
12 tips on Django Best Practices
12 tips on Django Best Practices12 tips on Django Best Practices
12 tips on Django Best Practices
 
Maak Kennis Met Finchline 110207
Maak Kennis Met Finchline 110207Maak Kennis Met Finchline 110207
Maak Kennis Met Finchline 110207
 
Mobile api test approach
Mobile api test approachMobile api test approach
Mobile api test approach
 
Introduction to Big Data Infrastructure
Introduction to Big Data InfrastructureIntroduction to Big Data Infrastructure
Introduction to Big Data Infrastructure
 
Are RESTful APIs Well-designed? Detection of their Linguistic (Anti)Patterns
Are RESTful APIs Well-designed? Detection of their Linguistic (Anti)PatternsAre RESTful APIs Well-designed? Detection of their Linguistic (Anti)Patterns
Are RESTful APIs Well-designed? Detection of their Linguistic (Anti)Patterns
 
All you need to know when designing RESTful APIs
All you need to know when designing RESTful APIsAll you need to know when designing RESTful APIs
All you need to know when designing RESTful APIs
 
API Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementAPI Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API Management
 
RESTFul API Design and Documentation - an Introduction
RESTFul API Design and Documentation - an IntroductionRESTFul API Design and Documentation - an Introduction
RESTFul API Design and Documentation - an Introduction
 
Open-E DSS V7 Active-Active Load Balanced iSCSI HA Cluster (with bonding)
Open-E DSS V7 Active-Active Load Balanced iSCSI HA Cluster (with bonding)Open-E DSS V7 Active-Active Load Balanced iSCSI HA Cluster (with bonding)
Open-E DSS V7 Active-Active Load Balanced iSCSI HA Cluster (with bonding)
 
Pycon 2008: Python Command-line Tools *Nix
Pycon 2008:  Python Command-line Tools *NixPycon 2008:  Python Command-line Tools *Nix
Pycon 2008: Python Command-line Tools *Nix
 
Securing Your API
Securing Your APISecuring Your API
Securing Your API
 
Red Hat Storage Day Seattle: Why Software-Defined Storage Matters
Red Hat Storage Day Seattle: Why Software-Defined Storage MattersRed Hat Storage Day Seattle: Why Software-Defined Storage Matters
Red Hat Storage Day Seattle: Why Software-Defined Storage Matters
 
Swift Architecture and Practice, by Alex Yang
Swift Architecture and Practice, by Alex YangSwift Architecture and Practice, by Alex Yang
Swift Architecture and Practice, by Alex Yang
 
Software Defined presentation
Software Defined presentationSoftware Defined presentation
Software Defined presentation
 
Microservices with Swagger, Flask and Docker
Microservices with Swagger, Flask and DockerMicroservices with Swagger, Flask and Docker
Microservices with Swagger, Flask and Docker
 
Core Concept: Software Defined Everything
Core Concept: Software Defined EverythingCore Concept: Software Defined Everything
Core Concept: Software Defined Everything
 
"FCoE vs. iSCSI - Making the Choice" from Interop Las Vegas 2011
"FCoE vs. iSCSI - Making the Choice" from Interop Las Vegas 2011"FCoE vs. iSCSI - Making the Choice" from Interop Las Vegas 2011
"FCoE vs. iSCSI - Making the Choice" from Interop Las Vegas 2011
 

Similar to Building RESTful APIs

Similar to Building RESTful APIs (20)

Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API Platform
 
Создание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружениеСоздание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружение
 
Survival Strategies for API Documentation: Presentation to Southwestern Ontar...
Survival Strategies for API Documentation: Presentation to Southwestern Ontar...Survival Strategies for API Documentation: Presentation to Southwestern Ontar...
Survival Strategies for API Documentation: Presentation to Southwestern Ontar...
 
Developing Brilliant and Powerful APIs in Ruby & Python
Developing Brilliant and Powerful APIs in Ruby & PythonDeveloping Brilliant and Powerful APIs in Ruby & Python
Developing Brilliant and Powerful APIs in Ruby & Python
 
Rapid Web Development with Python for Absolute Beginners
Rapid Web Development with Python for Absolute BeginnersRapid Web Development with Python for Absolute Beginners
Rapid Web Development with Python for Absolute Beginners
 
M meijer api management - tech-days 2015
M meijer   api management - tech-days 2015M meijer   api management - tech-days 2015
M meijer api management - tech-days 2015
 
Building a Great Web API - Evan Cooke - QCON 2011
Building a Great Web API - Evan Cooke - QCON 2011Building a Great Web API - Evan Cooke - QCON 2011
Building a Great Web API - Evan Cooke - QCON 2011
 
Documenting an API for the First Time? Quick-Start Tips for Your First API Do...
Documenting an API for the First Time? Quick-Start Tips for Your First API Do...Documenting an API for the First Time? Quick-Start Tips for Your First API Do...
Documenting an API for the First Time? Quick-Start Tips for Your First API Do...
 
Code first in the cloud: going serverless with Azure
Code first in the cloud: going serverless with AzureCode first in the cloud: going serverless with Azure
Code first in the cloud: going serverless with Azure
 
MongoDB.local Dallas 2019: Pissing Off IT and Delivery: A Tale of 2 ODS's
MongoDB.local Dallas 2019: Pissing Off IT and Delivery: A Tale of 2 ODS'sMongoDB.local Dallas 2019: Pissing Off IT and Delivery: A Tale of 2 ODS's
MongoDB.local Dallas 2019: Pissing Off IT and Delivery: A Tale of 2 ODS's
 
API Conference 2021
API Conference 2021API Conference 2021
API Conference 2021
 
Building a REST API for Longevity
Building a REST API for LongevityBuilding a REST API for Longevity
Building a REST API for Longevity
 
Building A Great API - Evan Cooke, Cloudstock, December 2010
Building A Great API - Evan Cooke, Cloudstock, December 2010Building A Great API - Evan Cooke, Cloudstock, December 2010
Building A Great API - Evan Cooke, Cloudstock, December 2010
 
Decoupled Architecture and WordPress
Decoupled Architecture and WordPressDecoupled Architecture and WordPress
Decoupled Architecture and WordPress
 
API workshop: Introduction to APIs (TC Camp)
API workshop: Introduction to APIs (TC Camp)API workshop: Introduction to APIs (TC Camp)
API workshop: Introduction to APIs (TC Camp)
 
Docs as Part of the Product - Open Source Summit North America 2018
Docs as Part of the Product - Open Source Summit North America 2018Docs as Part of the Product - Open Source Summit North America 2018
Docs as Part of the Product - Open Source Summit North America 2018
 
Microservices and the Art of Taming the Dependency Hell Monster
Microservices and the Art of Taming the Dependency Hell MonsterMicroservices and the Art of Taming the Dependency Hell Monster
Microservices and the Art of Taming the Dependency Hell Monster
 
Content Strategy and Developer Engagement for DevPortals
Content Strategy and Developer Engagement for DevPortalsContent Strategy and Developer Engagement for DevPortals
Content Strategy and Developer Engagement for DevPortals
 
Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API Platform
 
A Snapshot of API Design Trends In 2019
A Snapshot of API Design Trends In 2019A Snapshot of API Design Trends In 2019
A Snapshot of API Design Trends In 2019
 

Recently uploaded

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)
Wonjun Hwang
 

Recently uploaded (20)

Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Navigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi DaparthiNavigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi Daparthi
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptxCyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
Cyber Insurance - RalphGilot - Embry-Riddle Aeronautical University.pptx
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 

Building RESTful APIs