SlideShare a Scribd company logo

Design Web Api

Tailor Fontela
Tailor Fontela
TechnologyDesign
1 of 33
Download to read offline
Design Web APIs Tailor Fontela An brief introduction to start crafting API
@tailorfontela
mytraining.pro
Motivations Multiple Clients Browsers, Iphone and Android Apps, etc.. JavaScript Libraries Angular, Ember, Backbone, Knockout Startups and Business Core, Social Data, Marketing
“IF SOFTWARE IS EATING THE WORLD, APIS ARE EATING SOFTWARE.” Steven Willmott CEO of 3Scale, during APIdays 2012 conference in San Francisco. “SOFTWARE IS EATING THE WORLD” Marc Andreessen in 2011.
API Application Programming Interface
REST Representational State Transfer
The success of an API design is measured by how quickly developers can get up to start using your API..
Characteristics of a Good API Easy to learn Easy to use, even without documentation Well documented Easy to extend Appropriate to audience Design Web APIs
Imagine how developers will use your API
Fail Fast Mock Share Design First Design Web APIs
Design Web APIs apiary.io Collaborative design, instant API mock, generated documentation..
Design Web APIs GuruRS API Mock Server http://gururs.apiary-mock.com $ curl http://gururs.apiary-mock.com/books $ curl http://gururs.apiary-mock.com/books/2 $ curl http://gururs.apiary-mock.com/books/1/author https://gist.github.com/taylorrf/b2a3e5ffcd49c1cf4c29
Keep URL Simple and Intuitive /GetLastBook Nouns are Good. Verbs are Bad. /ListAllBooks /SetBookStateTo /ListAllAvaibleBooksOf /Books Design Web APIs
Use HTTP Verbs Properly POST - Create a new resource. PUT - Update a specific resource (by an identifier) or a collection of. GET - Read a specific resource (by an identifier) or a collection of. 
 DELETE - Delete/remove a specific resource by an identifier DELETE /books/:id GET /books/:id/delete Design Web APIs
Use HTTP Status Code Properly Over 70 HTTP status code officially registered ( http://bit.ly/1qMa7aS ) 200 - :ok - (Everthing worked) 400 - :bad_request - (The client did something wrong) 500 - :internal_server_error - (The API did something wrong) 201 :created 304 :not_modified 404 :not_found - The requested resource doesn't exist 401 : unauthorized - Not authenticated or allowed Design Web APIs
Use HTTP Status Code Properly CLI API post /books [title: "book2"] 200 {error: “Author required"} CLI API post /books [title: "book2"] 400 {error: “Author required"} Design Web APIs
Use HTTP Status Code Properly CLI API post /books [title: "book2"] CLI API post /books [title: "book2"] 400 {error: “You are not Admin"} 401 {error: “You are not Admin"} Design Web APIs 400 :bad_request 401 : unauthorized
Filtering your Data Design Web APIs Pagination offset - Initial point to consider limit/length - number of elements you need orderby - attribute to sort on sort - ASC/DESC Allow your users API to get only some parts of resources https://api.gururs.com/books/?limit=20&sort=DESC Ordering
Filtering your Data Design Web APIs Provide only the fields your client need https://api.gururs.com/books/?limit=20&sort=DESC&fields=title,url Filtering Searching https://api.gururs.com/books/?q=Design API https://api.gururs.com/books/?type=ebook
Filtering your Data Design Web APIs Aliases for common queries https://api.gururs.com/books/used https://api.gururs.com/books/free_ebooks https://api.gururs.com/books/deals
JSON format Follow some JSON format convention for your great good. Design Web APIs http://jsonapi.org/ (Steve Klabnik & Yehuda Katz) A standard for building APIs in JSON. ! If you've ever argued with your team about the way your JSON responses should be formatted, JSON API is your anti-bikeshedding weapon.
JSON format http://jsonapi.org/ Design Web APIs { "links": { "books.author": { "href": "http://api.gururs.com/users/{books.author}", "type": "users" } }, "books": [{ "id": "2", "title": "Your API is Bad", "links": { "author": "1" } }] }
Authentications Design Web APIs A RESTful API should be stateless. Each request should come with some authentication credentials. Basic HTTP Authentication over SSL SSL everywhere. Always use SSL. No exceptions.
 http://ssl.comodo.com/
Authentications Design Web APIs $ curl -IH "Authorization: Token token=16d7d60" http://api.gururs.com/books Easily expire or regenerate tokens without affecting the user’s password. Greater control for each token, different access rules can be implemented. Multiple tokens for each user to grant access to different API clients. Token Based Authentication
Errors Design Web APIs { "error" : “Something wrong.. sorry. try again.”, } { "code" : 576, "message" : "Something bad happened here..”, "description" : "More details about the error here” "url" :“http://api.gururs.com/docs/errors#576“ }
Errors Design Web APIs { "code" : "validation_failed", "message" : "Validation failed because you are stupid", "errors" : [ { "code" : "blank_field", "field" : "title", "message" : "Title cannot be blank" }, { "code" : "blank_field", "field" : "author", "message" : "Author cannot be blank" } ] }
Errors Design Web APIs
Versioning Design Web APIs https://api.gururs.com/v2/books URL Versioning https://api.gururs.com/books Custom request reader api-version: 2 http://www.troyhunt.com/2014/02/your-api-versioning-is-wrong-which-is.html https://api.gururs.com/books Content type Accept: application/vnd.gururs.v3+json
Wrapping Up • Design First
 • Keep URL Simple
 • Use HTTP Verbs Properly
 • Use HTTP Status Code Properly
 • Allow your users to filter your data
 • Follow some JSON format convention ! • Authentication ! • Errors ! • Versioning !
References Surviving API’s with Rails - CodeSchool https://www.codeschool.com/courses/surviving-apis-with-rails ! Code Samples on Rails 4 https://github.com/codeschool/SurvivingAPIsDemoApp Your API is Bad https://leanpub.com/yourapiisbad HTTP Succinctly https://www.syncfusion.com/resources/techportal/ebooks/http Web API Design: Crafting Interfaces that Developers Love
 https://pages.apigee.com/web-api-design-ebook.html
References Build the API First http://confreaks.com/videos/3362-railsconf-build-the-api-first "JSON API: convention driven API design", by Steve Klabnik APIdays Paris 2013 https://www.youtube.com/watch?v=FpS_E90-6O8 API Days Conference - YT Channel https://www.youtube.com/user/apidays/videos Traffic and Weather Podcast http://trafficandweather.io/
Thanks! @tailorfontela me@taylorrf.com Questions?

Recommended

Web Apps for the Masses
Web Apps for the MassesWeb Apps for the Masses
Web Apps for the MassesDavid Tufts
 
OAuth in the new .NET world (OWIN)
OAuth in the new .NET world (OWIN)OAuth in the new .NET world (OWIN)
OAuth in the new .NET world (OWIN)Emad Alashi
 
Salesforce apex hours PayPal with Salesforce Integration
Salesforce apex hours PayPal with Salesforce IntegrationSalesforce apex hours PayPal with Salesforce Integration
Salesforce apex hours PayPal with Salesforce IntegrationAmit Singh
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Aaron Parecki
 
Gamecore
GamecoreGamecore
GamecoreCaiden2557
 
E Pi Server Easy Search Technical Overview
E Pi Server Easy Search Technical OverviewE Pi Server Easy Search Technical Overview
E Pi Server Easy Search Technical Overviewguestd9aa5
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...CA API Management
 
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Atlassian
 

Recommended

Web Apps for the Masses
Web Apps for the MassesWeb Apps for the Masses
Web Apps for the MassesDavid Tufts
 
OAuth in the new .NET world (OWIN)
OAuth in the new .NET world (OWIN)OAuth in the new .NET world (OWIN)
OAuth in the new .NET world (OWIN)Emad Alashi
 
Salesforce apex hours PayPal with Salesforce Integration
Salesforce apex hours PayPal with Salesforce IntegrationSalesforce apex hours PayPal with Salesforce Integration
Salesforce apex hours PayPal with Salesforce IntegrationAmit Singh
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Aaron Parecki
 
Gamecore
GamecoreGamecore
GamecoreCaiden2557
 
E Pi Server Easy Search Technical Overview
E Pi Server Easy Search Technical OverviewE Pi Server Easy Search Technical Overview
E Pi Server Easy Search Technical Overviewguestd9aa5
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...CA API Management
 
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Atlassian
 
Restful api design
Restful api designRestful api design
Restful api designMizan Riqzia
 
Create great mobile apps with Xamarin, Visual Studio and Azure
Create great mobile apps with Xamarin, Visual Studio and AzureCreate great mobile apps with Xamarin, Visual Studio and Azure
Create great mobile apps with Xamarin, Visual Studio and AzureMatteo Pagani
 
Sdfc forbidden and advanced techniques
Sdfc forbidden and advanced techniquesSdfc forbidden and advanced techniques
Sdfc forbidden and advanced techniquesBohdan Dovhań
 
O365con14 - a developer jam with yammer
O365con14 - a developer jam with yammerO365con14 - a developer jam with yammer
O365con14 - a developer jam with yammerNCCOMMS
 
OAuth2 and LinkedIn
OAuth2 and LinkedInOAuth2 and LinkedIn
OAuth2 and LinkedInKamyar Mohager
 
Develop Offline Hybrid Mobile Applications with Wordrpess and Phonegap
Develop Offline Hybrid Mobile Applications with Wordrpess and PhonegapDevelop Offline Hybrid Mobile Applications with Wordrpess and Phonegap
Develop Offline Hybrid Mobile Applications with Wordrpess and PhonegapNikolaos Giannopoulos
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuthUmang Goyal
 
Mule integration with linkedin
Mule integration with linkedinMule integration with linkedin
Mule integration with linkedinKhasim Saheb
 
Power Apps community call-June 2020
Power Apps community call-June 2020Power Apps community call-June 2020
Power Apps community call-June 2020Microsoft 365 Developer
 
Effectively Testing Services - Burlington Ruby Conf
Effectively Testing Services - Burlington Ruby ConfEffectively Testing Services - Burlington Ruby Conf
Effectively Testing Services - Burlington Ruby Confneal_kemp
 
How to implement authorization in your backend with AWS IAM
How to implement authorization in your backend with AWS IAMHow to implement authorization in your backend with AWS IAM
How to implement authorization in your backend with AWS IAMProvectus
 
WordCamp GR 2012 Web Apps for the Masses
WordCamp GR 2012 Web Apps for the MassesWordCamp GR 2012 Web Apps for the Masses
WordCamp GR 2012 Web Apps for the MassesDavid Tufts
 
7 Deadly Sins in Azure AD App Development
7 Deadly Sins in Azure AD App Development7 Deadly Sins in Azure AD App Development
7 Deadly Sins in Azure AD App DevelopmentJoonas Westlin
 
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...Eric Shupps
 
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...Eric Shupps
 
AEM Client Context Customisation
AEM Client Context CustomisationAEM Client Context Customisation
AEM Client Context CustomisationAnkit Gubrani
 
Making your first alexa skills using lambda functions
Making your first alexa skills using lambda functionsMaking your first alexa skills using lambda functions
Making your first alexa skills using lambda functionsMukul Jain
 
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014Green Light for the Apps with Calaba.sh - DroidCon Paris 2014
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014Jean-Loup Yu
 
Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020Microsoft 365 Developer
 
Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Nabeel Yoosuf
 
API Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsAPI Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsTom Johnson
 
APIs REST Usables con Hypermedia por Javier Ramirez, para codemotion
APIs REST Usables con Hypermedia por Javier Ramirez, para codemotionAPIs REST Usables con Hypermedia por Javier Ramirez, para codemotion
APIs REST Usables con Hypermedia por Javier Ramirez, para codemotionjavier ramirez
 

More Related Content

What's hot

Restful api design
Restful api designRestful api design
Restful api designMizan Riqzia
 
Create great mobile apps with Xamarin, Visual Studio and Azure
Create great mobile apps with Xamarin, Visual Studio and AzureCreate great mobile apps with Xamarin, Visual Studio and Azure
Create great mobile apps with Xamarin, Visual Studio and AzureMatteo Pagani
 
Sdfc forbidden and advanced techniques
Sdfc forbidden and advanced techniquesSdfc forbidden and advanced techniques
Sdfc forbidden and advanced techniquesBohdan Dovhań
 
O365con14 - a developer jam with yammer
O365con14 - a developer jam with yammerO365con14 - a developer jam with yammer
O365con14 - a developer jam with yammerNCCOMMS
 
Develop Offline Hybrid Mobile Applications with Wordrpess and Phonegap
Develop Offline Hybrid Mobile Applications with Wordrpess and PhonegapDevelop Offline Hybrid Mobile Applications with Wordrpess and Phonegap
Develop Offline Hybrid Mobile Applications with Wordrpess and PhonegapNikolaos Giannopoulos
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuthUmang Goyal
 
Mule integration with linkedin
Mule integration with linkedinMule integration with linkedin
Mule integration with linkedinKhasim Saheb
 
Effectively Testing Services - Burlington Ruby Conf
Effectively Testing Services - Burlington Ruby ConfEffectively Testing Services - Burlington Ruby Conf
Effectively Testing Services - Burlington Ruby Confneal_kemp
 
How to implement authorization in your backend with AWS IAM
How to implement authorization in your backend with AWS IAMHow to implement authorization in your backend with AWS IAM
How to implement authorization in your backend with AWS IAMProvectus
 
WordCamp GR 2012 Web Apps for the Masses
WordCamp GR 2012 Web Apps for the MassesWordCamp GR 2012 Web Apps for the Masses
WordCamp GR 2012 Web Apps for the MassesDavid Tufts
 
7 Deadly Sins in Azure AD App Development
7 Deadly Sins in Azure AD App Development7 Deadly Sins in Azure AD App Development
7 Deadly Sins in Azure AD App DevelopmentJoonas Westlin
 
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...Eric Shupps
 
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...Eric Shupps
 
AEM Client Context Customisation
AEM Client Context CustomisationAEM Client Context Customisation
AEM Client Context CustomisationAnkit Gubrani
 
Making your first alexa skills using lambda functions
Making your first alexa skills using lambda functionsMaking your first alexa skills using lambda functions
Making your first alexa skills using lambda functionsMukul Jain
 
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014Green Light for the Apps with Calaba.sh - DroidCon Paris 2014
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014Jean-Loup Yu
 
Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020Microsoft 365 Developer
 
Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Nabeel Yoosuf
 

What's hot (20)

Restful api design
Restful api designRestful api design
Restful api design
 
Create great mobile apps with Xamarin, Visual Studio and Azure
Create great mobile apps with Xamarin, Visual Studio and AzureCreate great mobile apps with Xamarin, Visual Studio and Azure
Create great mobile apps with Xamarin, Visual Studio and Azure
 
Sdfc forbidden and advanced techniques
Sdfc forbidden and advanced techniquesSdfc forbidden and advanced techniques
Sdfc forbidden and advanced techniques
 
O365con14 - a developer jam with yammer
O365con14 - a developer jam with yammerO365con14 - a developer jam with yammer
O365con14 - a developer jam with yammer
 
OAuth2 and LinkedIn
OAuth2 and LinkedInOAuth2 and LinkedIn
OAuth2 and LinkedIn
 
Develop Offline Hybrid Mobile Applications with Wordrpess and Phonegap
Develop Offline Hybrid Mobile Applications with Wordrpess and PhonegapDevelop Offline Hybrid Mobile Applications with Wordrpess and Phonegap
Develop Offline Hybrid Mobile Applications with Wordrpess and Phonegap
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuth
 
Mule integration with linkedin
Mule integration with linkedinMule integration with linkedin
Mule integration with linkedin
 
Power Apps community call-June 2020
Power Apps community call-June 2020Power Apps community call-June 2020
Power Apps community call-June 2020
 
Effectively Testing Services - Burlington Ruby Conf
Effectively Testing Services - Burlington Ruby ConfEffectively Testing Services - Burlington Ruby Conf
Effectively Testing Services - Burlington Ruby Conf
 
How to implement authorization in your backend with AWS IAM
How to implement authorization in your backend with AWS IAMHow to implement authorization in your backend with AWS IAM
How to implement authorization in your backend with AWS IAM
 
WordCamp GR 2012 Web Apps for the Masses
WordCamp GR 2012 Web Apps for the MassesWordCamp GR 2012 Web Apps for the Masses
WordCamp GR 2012 Web Apps for the Masses
 
7 Deadly Sins in Azure AD App Development
7 Deadly Sins in Azure AD App Development7 Deadly Sins in Azure AD App Development
7 Deadly Sins in Azure AD App Development
 
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
 
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
 
AEM Client Context Customisation
AEM Client Context CustomisationAEM Client Context Customisation
AEM Client Context Customisation
 
Making your first alexa skills using lambda functions
Making your first alexa skills using lambda functionsMaking your first alexa skills using lambda functions
Making your first alexa skills using lambda functions
 
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014Green Light for the Apps with Calaba.sh - DroidCon Paris 2014
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014
 
Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020
 
Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2
 

Similar to Design Web Api

API Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsAPI Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsTom Johnson
 
APIs REST Usables con Hypermedia por Javier Ramirez, para codemotion
APIs REST Usables con Hypermedia por Javier Ramirez, para codemotionAPIs REST Usables con Hypermedia por Javier Ramirez, para codemotion
APIs REST Usables con Hypermedia por Javier Ramirez, para codemotionjavier ramirez
 
RefCard RESTful API Design
RefCard RESTful API DesignRefCard RESTful API Design
RefCard RESTful API DesignOCTO Technology
 
Developing Apps with Azure AD
Developing Apps with Azure ADDeveloping Apps with Azure AD
Developing Apps with Azure ADSharePointRadi
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management
 
Создание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружениеСоздание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружениеSQALab
 
Survival Strategies for API Documentation: Presentation to Southwestern Ontar...
Survival Strategies for API Documentation: Presentation to Southwestern Ontar...Survival Strategies for API Documentation: Presentation to Southwestern Ontar...
Survival Strategies for API Documentation: Presentation to Southwestern Ontar...Tom Johnson
 
アプリで簡単にスタンプを販売するためのAPI開発
アプリで簡単にスタンプを販売するためのAPI開発アプリで簡単にスタンプを販売するためのAPI開発
アプリで簡単にスタンプを販売するためのAPI開発LINE Corporation
 
SharePoint and Office Development Workshop
SharePoint and Office Development WorkshopSharePoint and Office Development Workshop
SharePoint and Office Development WorkshopEric Shupps
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack CA API Management
 
Creating a World-Class RESTful Web Services API
Creating a World-Class RESTful Web Services APICreating a World-Class RESTful Web Services API
Creating a World-Class RESTful Web Services APIDavid Keener
 
Building RESTful APIs
Building RESTful APIsBuilding RESTful APIs
Building RESTful APIsSilota Inc.
 
Creating Rich Server API’s for your Mobile Apps - Best Practices and Guidelines
Creating Rich Server API’s for your Mobile Apps - Best Practices and GuidelinesCreating Rich Server API’s for your Mobile Apps - Best Practices and Guidelines
Creating Rich Server API’s for your Mobile Apps - Best Practices and GuidelinesJonathan Guthrie
 
Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformAntonio Peric-Mazar
 
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Anna Klepacka
 
Telerik AppBuilder Presentation for TelerikNEXT Conference
Telerik AppBuilder Presentation for TelerikNEXT ConferenceTelerik AppBuilder Presentation for TelerikNEXT Conference
Telerik AppBuilder Presentation for TelerikNEXT ConferenceJen Looper
 
Web Development Presentation
Web Development PresentationWeb Development Presentation
Web Development PresentationTurnToTech
 
Play Your API with MuleSoft API Notebook
Play Your API with MuleSoft API NotebookPlay Your API with MuleSoft API Notebook
Play Your API with MuleSoft API NotebookRakesh Kumar Jha
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersInon Shkedy
 

Similar to Design Web Api (20)

API Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsAPI Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIs
 
APIs REST Usables con Hypermedia por Javier Ramirez, para codemotion
APIs REST Usables con Hypermedia por Javier Ramirez, para codemotionAPIs REST Usables con Hypermedia por Javier Ramirez, para codemotion
APIs REST Usables con Hypermedia por Javier Ramirez, para codemotion
 
RefCard RESTful API Design
RefCard RESTful API DesignRefCard RESTful API Design
RefCard RESTful API Design
 
Developing Apps with Azure AD
Developing Apps with Azure ADDeveloping Apps with Azure AD
Developing Apps with Azure AD
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
 
Создание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружениеСоздание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружение
 
Survival Strategies for API Documentation: Presentation to Southwestern Ontar...
Survival Strategies for API Documentation: Presentation to Southwestern Ontar...Survival Strategies for API Documentation: Presentation to Southwestern Ontar...
Survival Strategies for API Documentation: Presentation to Southwestern Ontar...
 
アプリで簡単にスタンプを販売するためのAPI開発
アプリで簡単にスタンプを販売するためのAPI開発アプリで簡単にスタンプを販売するためのAPI開発
アプリで簡単にスタンプを販売するためのAPI開発
 
SharePoint and Office Development Workshop
SharePoint and Office Development WorkshopSharePoint and Office Development Workshop
SharePoint and Office Development Workshop
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
 
Creating a World-Class RESTful Web Services API
Creating a World-Class RESTful Web Services APICreating a World-Class RESTful Web Services API
Creating a World-Class RESTful Web Services API
 
Building RESTful APIs
Building RESTful APIsBuilding RESTful APIs
Building RESTful APIs
 
Creating Rich Server API’s for your Mobile Apps - Best Practices and Guidelines
Creating Rich Server API’s for your Mobile Apps - Best Practices and GuidelinesCreating Rich Server API’s for your Mobile Apps - Best Practices and Guidelines
Creating Rich Server API’s for your Mobile Apps - Best Practices and Guidelines
 
Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API Platform
 
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
 
Telerik AppBuilder Presentation for TelerikNEXT Conference
Telerik AppBuilder Presentation for TelerikNEXT ConferenceTelerik AppBuilder Presentation for TelerikNEXT Conference
Telerik AppBuilder Presentation for TelerikNEXT Conference
 
API SECURITY
API SECURITYAPI SECURITY
API SECURITY
 
Web Development Presentation
Web Development PresentationWeb Development Presentation
Web Development Presentation
 
Play Your API with MuleSoft API Notebook
Play Your API with MuleSoft API NotebookPlay Your API with MuleSoft API Notebook
Play Your API with MuleSoft API Notebook
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentesters
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 

Design Web Api

  • 1. Design Web APIs Tailor Fontela An brief introduction to start crafting API
  • 4. Motivations Multiple Clients Browsers, Iphone and Android Apps, etc.. JavaScript Libraries Angular, Ember, Backbone, Knockout Startups and Business Core, Social Data, Marketing
  • 5. “IF SOFTWARE IS EATING THE WORLD, APIS ARE EATING SOFTWARE.” Steven Willmott CEO of 3Scale, during APIdays 2012 conference in San Francisco. “SOFTWARE IS EATING THE WORLD” Marc Andreessen in 2011.
  • 8. The success of an API design is measured by how quickly developers can get up to start using your API..
  • 9. Characteristics of a Good API Easy to learn Easy to use, even without documentation Well documented Easy to extend Appropriate to audience Design Web APIs
  • 10. Imagine how developers will use your API
  • 12. Design Web APIs apiary.io Collaborative design, instant API mock, generated documentation..
  • 13. Design Web APIs GuruRS API Mock Server http://gururs.apiary-mock.com $ curl http://gururs.apiary-mock.com/books $ curl http://gururs.apiary-mock.com/books/2 $ curl http://gururs.apiary-mock.com/books/1/author https://gist.github.com/taylorrf/b2a3e5ffcd49c1cf4c29
  • 14. Keep URL Simple and Intuitive /GetLastBook Nouns are Good. Verbs are Bad. /ListAllBooks /SetBookStateTo /ListAllAvaibleBooksOf /Books Design Web APIs
  • 15. Use HTTP Verbs Properly POST - Create a new resource. PUT - Update a specific resource (by an identifier) or a collection of. GET - Read a specific resource (by an identifier) or a collection of. 
 DELETE - Delete/remove a specific resource by an identifier DELETE /books/:id GET /books/:id/delete Design Web APIs
  • 16. Use HTTP Status Code Properly Over 70 HTTP status code officially registered ( http://bit.ly/1qMa7aS ) 200 - :ok - (Everthing worked) 400 - :bad_request - (The client did something wrong) 500 - :internal_server_error - (The API did something wrong) 201 :created 304 :not_modified 404 :not_found - The requested resource doesn't exist 401 : unauthorized - Not authenticated or allowed Design Web APIs
  • 17. Use HTTP Status Code Properly CLI API post /books [title: "book2"] 200 {error: “Author required"} CLI API post /books [title: "book2"] 400 {error: “Author required"} Design Web APIs
  • 18. Use HTTP Status Code Properly CLI API post /books [title: "book2"] CLI API post /books [title: "book2"] 400 {error: “You are not Admin"} 401 {error: “You are not Admin"} Design Web APIs 400 :bad_request 401 : unauthorized
  • 19. Filtering your Data Design Web APIs Pagination offset - Initial point to consider limit/length - number of elements you need orderby - attribute to sort on sort - ASC/DESC Allow your users API to get only some parts of resources https://api.gururs.com/books/?limit=20&sort=DESC Ordering
  • 20. Filtering your Data Design Web APIs Provide only the fields your client need https://api.gururs.com/books/?limit=20&sort=DESC&fields=title,url Filtering Searching https://api.gururs.com/books/?q=Design API https://api.gururs.com/books/?type=ebook
  • 21. Filtering your Data Design Web APIs Aliases for common queries https://api.gururs.com/books/used https://api.gururs.com/books/free_ebooks https://api.gururs.com/books/deals
  • 22. JSON format Follow some JSON format convention for your great good. Design Web APIs http://jsonapi.org/ (Steve Klabnik & Yehuda Katz) A standard for building APIs in JSON. ! If you've ever argued with your team about the way your JSON responses should be formatted, JSON API is your anti-bikeshedding weapon.
  • 23. JSON format http://jsonapi.org/ Design Web APIs { "links": { "books.author": { "href": "http://api.gururs.com/users/{books.author}", "type": "users" } }, "books": [{ "id": "2", "title": "Your API is Bad", "links": { "author": "1" } }] }
  • 24. Authentications Design Web APIs A RESTful API should be stateless. Each request should come with some authentication credentials. Basic HTTP Authentication over SSL SSL everywhere. Always use SSL. No exceptions.
 http://ssl.comodo.com/
  • 25. Authentications Design Web APIs $ curl -IH "Authorization: Token token=16d7d60" http://api.gururs.com/books Easily expire or regenerate tokens without affecting the user’s password. Greater control for each token, different access rules can be implemented. Multiple tokens for each user to grant access to different API clients. Token Based Authentication
  • 26. Errors Design Web APIs { "error" : “Something wrong.. sorry. try again.”, } { "code" : 576, "message" : "Something bad happened here..”, "description" : "More details about the error here” "url" :“http://api.gururs.com/docs/errors#576“ }
  • 27. Errors Design Web APIs { "code" : "validation_failed", "message" : "Validation failed because you are stupid", "errors" : [ { "code" : "blank_field", "field" : "title", "message" : "Title cannot be blank" }, { "code" : "blank_field", "field" : "author", "message" : "Author cannot be blank" } ] }
  • 29. Versioning Design Web APIs https://api.gururs.com/v2/books URL Versioning https://api.gururs.com/books Custom request reader api-version: 2 http://www.troyhunt.com/2014/02/your-api-versioning-is-wrong-which-is.html https://api.gururs.com/books Content type Accept: application/vnd.gururs.v3+json
  • 30. Wrapping Up • Design First
 • Keep URL Simple
 • Use HTTP Verbs Properly
 • Use HTTP Status Code Properly
 • Allow your users to filter your data
 • Follow some JSON format convention ! • Authentication ! • Errors ! • Versioning !
  • 31. References Surviving API’s with Rails - CodeSchool https://www.codeschool.com/courses/surviving-apis-with-rails ! Code Samples on Rails 4 https://github.com/codeschool/SurvivingAPIsDemoApp Your API is Bad https://leanpub.com/yourapiisbad HTTP Succinctly https://www.syncfusion.com/resources/techportal/ebooks/http Web API Design: Crafting Interfaces that Developers Love
 https://pages.apigee.com/web-api-design-ebook.html
  • 32. References Build the API First http://confreaks.com/videos/3362-railsconf-build-the-api-first "JSON API: convention driven API design", by Steve Klabnik APIdays Paris 2013 https://www.youtube.com/watch?v=FpS_E90-6O8 API Days Conference - YT Channel https://www.youtube.com/user/apidays/videos Traffic and Weather Podcast http://trafficandweather.io/