SlideShare a Scribd company logo
Best Practice in Web
     Service Design

         Lorna Jane Mitchell
             February 2010
A Story




http://www.flickr.com/photos/james_michael_hill/254778578/
Aims of a Web Service

• Expose system functionality
• Assist modular application
  architecture
• Enable scalability




           Empower Users!
Web. Service. Design

• WEB - we'll talk about HTTP itself and
  how the web makes an ideal vehicle
  for conveying information
• SERVICE - understanding the service
  types and how to choose
• DESIGN - designing a robust and
  useful API, techniques for anyone
  specifying/implementing, either at high
  level or in code
Web
The Web: HTTP

• HyperText Transport Protocol: the
  "wires" that the web uses to
  communicate.
• HTTP includes meta information as
  part of the request headers
• We can use this rather than
  reinventing formats for the info
Web Request Anatomy
> GET / HTTP/1.1
> User-Agent: curl/7.19.5 (i486-pc-linux-gnu) libcurl/7.19.5 OpenSSL/0.9.8g zlib/1.2.3.3 libid
> Host: www.google.co.uk
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Tue, 29 Dec 2009 11:53:32 GMT
< Expires: -1
< Cache-Control: private, max-age=0
< Content-Type: text/html; charset=ISO-8859-1
< Set-Cookie: PREF=ID=938ea5e5be0edfd5:TM=1262087612:LM=1262087612:S=i4OvD_W
expires=Thu, 29-Dec-2011 11:53:32 GMT; path=/; domain=.google.co.uk

< Set-Cookie: NID=30=xm_tayHyAuPiERmCeIv3kiHczSQgm-Nt6DWlGVKKqTrAhT2BhqDiqsw
A46lBcfV-mS0WZGQqfq-Px5097pdZ3x4R2jRboXU5i8lU2GqM5ql7Zs7zmv3; expires=Wed, 30
GMT; path=/; domain=.google.co.uk; HttpOnly
< Server: gws
< X-XSS-Protection: 0
< Transfer-Encoding: chunked
<
HTTP Status Codes

     Code      Meaning
     200       OK
     302       Found
     301       Moved
     401       Not Authorised
     403       Forbidden
     404       Not Found
     500       Internal Server Error
Headers

•   Authorization
•   Cookie and Set-Cookie
•   Cache-Control
•   User-Agent
•   Accept
•   Content-Type
Content-Type and Accept

• Usually a common mime type, e.g:
  – text/html
  – text/xml
  – application/json
• We can parse accordingly
• Be consistent in return formats
HTTP Verbs

•   GET
•   POST
•   PUT
•   DELETE
Service
Service Types

• SOAP
• *-RPC
  – XML-RPC
  – JSON-RPC
• REST
SOAP

•   Just "soap"
•   Defined XML format
•   Also includes definition for error format
•   Wrappers available for most languages
•   Optionally uses a WSDL to describe the
    service
    – Web Service Description Language
RPC Services

•   Remote Procedure Call
•   Similar to library
•   Call function with arguments
•   Body format can change
    – XML makes XML-RPC
    – JSON makes JSON-RPC
REST

• REpresentational State Transfer
• A series of concepts
• Generally uses HTTP (HyperText
  Transfer Protocol)
• URLs are resource locations
• Verbs tell the service what to do
• Status codes indicate what the
  outcome was
Design
Tools to Make a Web Service

• Lots of options
• By hand
  – Using PHP language features
• With helper components
  – e.g. PEAR modules
• Within a framework custom module
• From an MVC system
Designing a Web Service

• Who/what will consume this?
• What service/format is appropriate?
  – multiple formats where possible
• What functionality is needed?
• Up-front design is recommended
Services and Unit Testing

• Easiest application of unit testing
• With API tests
  – be confident of spotting changes
  – update tests when making changes
• Test request/response for known
  datasets
• Could use sample database
Small APIs

•   Beware adding functionality
•   Small, flexible APIs
•   Few methods as possible
•   Easy to use
Consistency

• Important to retain
  – naming conventions
  – parameter validation rules
  – parameter order
• Just as you would in library code
Statelessness

• Request alone contains all information
  needed
• No session data
• Resource does not need to be in
  known state
• Same operation performs same
  outcome
Versions and Formats

• Always include a version parameter
• Handle multiple formats
Status Codes

• Typically associated with REST – HTTP
  response codes
• Useful in other APIs too
• Headline news: success or type of
  failure
• MVC tools may not use these by
  default
• Highly recommended!
Error Handling

• Success is not the only outcome
• Users will encounter failure
  – it might be their fault
  – how you handle it is the measure of your
    service
• Failure handling = robustness
Error Feedback

•   Help users help themselves
•   Descriptive feedback
•   Stack errors
•   Use existing/similar format
Authentication Mechanisms

• Depends completely on the
  environment
• Web services are like web applications
• Application interfaces have the same
  considerations whether internal or
  external
Authentication Options

• Require authentication on every
  request
• Authenticate once and use a token
• Restrict token validity
• Application or web server
  authentication
• Just like sessions
Heartbeat Method

•   A method which does nothing
•   No authentication
•   Requires correct request format
•   Gives basic feedback
•   Shows that service is alive
Build It And They Will Come

• ... Or not!
• Users need a service to be
  – accessible
  – documented
  – robust
  – reliable
  – simple
  – predictable
Delivering A Web Service

• Like packaging software
• Give users tools to help themselves
• Avoid support calls
Documentation

•   WSDL
•   PHPDoc can help
•   Simple examples/tutorials
•   API spec
    – formats
    – variable names
    – data types
    – error information
Examples

• Tutorials with examples
• Include full request and response
  information in examples
• Troubleshooting tips and known issues
• Full API Documentation
  – simpler to generate from PHPDoc
In Summary

•   Web Services != Rocket Science
•   HTTP theory
•   Service types
•   Design considerations
•   Effective Delivery
Resources

• http://php.net
• RESTful Web Services by Leonard
  Richardson, Sam Ruby
• http://curl.haxx.se/
• http://benramsey.com
• http://lornajane.net
Questions?
Thankyou!

• Lorna Mitchell
• @lornajane




 http://joind.in/1460

More Related Content

What's hot

RESTful Web Services
RESTful Web ServicesRESTful Web Services
RESTful Web Services
Christopher Bartling
 
REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & Development
Ashok Pundit
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUD
Prem Sanil
 
Restful web services ppt
Restful web services pptRestful web services ppt
API Strategy Presentation
API Strategy PresentationAPI Strategy Presentation
API Strategy Presentation
Lawrence Coburn
 
RESTful API - Best Practices
RESTful API - Best PracticesRESTful API - Best Practices
RESTful API - Best Practices
Tricode (part of Dept)
 
REST & RESTful Web Services
REST & RESTful Web ServicesREST & RESTful Web Services
REST & RESTful Web Services
Halil Burak Cetinkaya
 
Understanding REST
Understanding RESTUnderstanding REST
Understanding REST
Nitin Pande
 
API
APIAPI
Enterprise Integration Patterns
Enterprise Integration PatternsEnterprise Integration Patterns
Enterprise Integration Patterns
Sergey Podolsky
 
REST API
REST APIREST API
REST API
Tofazzal Ahmed
 
API Presentation
API PresentationAPI Presentation
API Presentation
nityakulkarni
 
API Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation SlidesAPI Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation Slides
SlideTeam
 
API for Beginners
API for BeginnersAPI for Beginners
API for Beginners
Sébastien Saunier
 
Introduction to the Web API
Introduction to the Web APIIntroduction to the Web API
Introduction to the Web API
Brad Genereaux
 
REST API Basics
REST API BasicsREST API Basics
REST API Basics
Tharindu Weerasinghe
 
Rest api and-crud-api
Rest api and-crud-apiRest api and-crud-api
Rest api and-crud-api
F(x) Data Labs Pvt Ltd
 
Postman.ppt
Postman.pptPostman.ppt
Postman.ppt
ParrotBAD
 
Rest web services
Rest web servicesRest web services
Rest web services
Paulo Gandra de Sousa
 
The Architecture of an API Platform
The Architecture of an API PlatformThe Architecture of an API Platform
The Architecture of an API Platform
Johannes Ridderstedt
 

What's hot (20)

RESTful Web Services
RESTful Web ServicesRESTful Web Services
RESTful Web Services
 
REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & Development
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUD
 
Restful web services ppt
Restful web services pptRestful web services ppt
Restful web services ppt
 
API Strategy Presentation
API Strategy PresentationAPI Strategy Presentation
API Strategy Presentation
 
RESTful API - Best Practices
RESTful API - Best PracticesRESTful API - Best Practices
RESTful API - Best Practices
 
REST & RESTful Web Services
REST & RESTful Web ServicesREST & RESTful Web Services
REST & RESTful Web Services
 
Understanding REST
Understanding RESTUnderstanding REST
Understanding REST
 
API
APIAPI
API
 
Enterprise Integration Patterns
Enterprise Integration PatternsEnterprise Integration Patterns
Enterprise Integration Patterns
 
REST API
REST APIREST API
REST API
 
API Presentation
API PresentationAPI Presentation
API Presentation
 
API Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation SlidesAPI Management Solution Powerpoint Presentation Slides
API Management Solution Powerpoint Presentation Slides
 
API for Beginners
API for BeginnersAPI for Beginners
API for Beginners
 
Introduction to the Web API
Introduction to the Web APIIntroduction to the Web API
Introduction to the Web API
 
REST API Basics
REST API BasicsREST API Basics
REST API Basics
 
Rest api and-crud-api
Rest api and-crud-apiRest api and-crud-api
Rest api and-crud-api
 
Postman.ppt
Postman.pptPostman.ppt
Postman.ppt
 
Rest web services
Rest web servicesRest web services
Rest web services
 
The Architecture of an API Platform
The Architecture of an API PlatformThe Architecture of an API Platform
The Architecture of an API Platform
 

Viewers also liked

Best practices for RESTful web service design
Best practices for RESTful web service designBest practices for RESTful web service design
Best practices for RESTful web service design
Ramin Orujov
 
Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.
Mario Cardinal
 
Design Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIsDesign Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIs
Stormpath
 
Web Service Presentation
Web Service PresentationWeb Service Presentation
Web Service Presentation
guest0df6b0
 
RESTful API Design, Second Edition
RESTful API Design, Second EditionRESTful API Design, Second Edition
RESTful API Design, Second Edition
Apigee | Google Cloud
 
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Cesare Pautasso
 
Introduction to Web Service
Introduction to Web Service Introduction to Web Service
Introduction to Web Service
Tanya Sattaya-aphitan
 
Web service introduction
Web service introductionWeb service introduction
Web service introduction
Sagara Gunathunga
 
REST to RESTful Web Service
REST to RESTful Web ServiceREST to RESTful Web Service
REST to RESTful Web Service
家弘 周
 
Web Services (SOAP, WSDL, UDDI)
Web Services (SOAP, WSDL, UDDI)Web Services (SOAP, WSDL, UDDI)
Web Services (SOAP, WSDL, UDDI)
Peter R. Egli
 
Webservices Overview : XML RPC, SOAP and REST
Webservices Overview : XML RPC, SOAP and RESTWebservices Overview : XML RPC, SOAP and REST
Webservices Overview : XML RPC, SOAP and REST
Pradeep Kumar
 
Best Practices for Interoperable XML Databinding with JAXB
Best Practices for Interoperable XML Databinding with JAXBBest Practices for Interoperable XML Databinding with JAXB
Best Practices for Interoperable XML Databinding with JAXB
Martin Grebac
 
Best Practice in Web Service Design
Best Practice in Web Service DesignBest Practice in Web Service Design
Best Practice in Web Service Design
Lorna Mitchell
 
Layer 7: Understanding XML & Web Services Performance
Layer 7: Understanding  XML & Web Services PerformanceLayer 7: Understanding  XML & Web Services Performance
Layer 7: Understanding XML & Web Services Performance
CA API Management
 
CSS Reset
CSS ResetCSS Reset
CSS Reset
Russ Weakley
 
Why HATEOAS
Why HATEOASWhy HATEOAS
Why HATEOAS
Lee Wayne
 
Web Service and Mobile Integrated Day I
Web Service and Mobile Integrated Day IWeb Service and Mobile Integrated Day I
Web Service and Mobile Integrated Day I
Anuchit Chalothorn
 
Introduction to XML
Introduction to XMLIntroduction to XML
Introduction to XML
Abhra Basak
 
Web service
Web serviceWeb service
Develop ASP.Net Web Service
Develop ASP.Net Web Service Develop ASP.Net Web Service
Develop ASP.Net Web Service
Safaa Farouk
 

Viewers also liked (20)

Best practices for RESTful web service design
Best practices for RESTful web service designBest practices for RESTful web service design
Best practices for RESTful web service design
 
Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.
 
Design Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIsDesign Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIs
 
Web Service Presentation
Web Service PresentationWeb Service Presentation
Web Service Presentation
 
RESTful API Design, Second Edition
RESTful API Design, Second EditionRESTful API Design, Second Edition
RESTful API Design, Second Edition
 
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
 
Introduction to Web Service
Introduction to Web Service Introduction to Web Service
Introduction to Web Service
 
Web service introduction
Web service introductionWeb service introduction
Web service introduction
 
REST to RESTful Web Service
REST to RESTful Web ServiceREST to RESTful Web Service
REST to RESTful Web Service
 
Web Services (SOAP, WSDL, UDDI)
Web Services (SOAP, WSDL, UDDI)Web Services (SOAP, WSDL, UDDI)
Web Services (SOAP, WSDL, UDDI)
 
Webservices Overview : XML RPC, SOAP and REST
Webservices Overview : XML RPC, SOAP and RESTWebservices Overview : XML RPC, SOAP and REST
Webservices Overview : XML RPC, SOAP and REST
 
Best Practices for Interoperable XML Databinding with JAXB
Best Practices for Interoperable XML Databinding with JAXBBest Practices for Interoperable XML Databinding with JAXB
Best Practices for Interoperable XML Databinding with JAXB
 
Best Practice in Web Service Design
Best Practice in Web Service DesignBest Practice in Web Service Design
Best Practice in Web Service Design
 
Layer 7: Understanding XML & Web Services Performance
Layer 7: Understanding  XML & Web Services PerformanceLayer 7: Understanding  XML & Web Services Performance
Layer 7: Understanding XML & Web Services Performance
 
CSS Reset
CSS ResetCSS Reset
CSS Reset
 
Why HATEOAS
Why HATEOASWhy HATEOAS
Why HATEOAS
 
Web Service and Mobile Integrated Day I
Web Service and Mobile Integrated Day IWeb Service and Mobile Integrated Day I
Web Service and Mobile Integrated Day I
 
Introduction to XML
Introduction to XMLIntroduction to XML
Introduction to XML
 
Web service
Web serviceWeb service
Web service
 
Develop ASP.Net Web Service
Develop ASP.Net Web Service Develop ASP.Net Web Service
Develop ASP.Net Web Service
 

Similar to Best Practices in Web Service Design

CNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesCNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application Technologies
Sam Bowne
 
CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application Technologies
Sam Bowne
 
Rest APIs Training
Rest APIs TrainingRest APIs Training
Rest APIs Training
Shekhar Kumar
 
RESTful Services
RESTful ServicesRESTful Services
RESTful Services
Jason Gerard
 
Overview of java web services
Overview of java web servicesOverview of java web services
REST API Recommendations
REST API RecommendationsREST API Recommendations
REST API Recommendations
Jeelani Shaik
 
Mini-Training: Let's have a rest
Mini-Training: Let's have a restMini-Training: Let's have a rest
Mini-Training: Let's have a rest
Betclic Everest Group Tech Team
 
Rest WebAPI with OData
Rest WebAPI with ODataRest WebAPI with OData
Rest WebAPI with OData
Mahek Merchant
 
www | HTTP | HTML - Tutorial
www | HTTP | HTML - Tutorialwww | HTTP | HTML - Tutorial
www | HTTP | HTML - Tutorial
MSA Technosoft
 
Ch 3: Web Application Technologies
Ch 3: Web Application TechnologiesCh 3: Web Application Technologies
Ch 3: Web Application Technologies
Sam Bowne
 
APIs and Services: One Platform or Two?
APIs and Services: One Platform or Two?APIs and Services: One Platform or Two?
APIs and Services: One Platform or Two?
Akana
 
Portal and Intranets
Portal and Intranets Portal and Intranets
Portal and Intranets
Redar Ismail
 
Алексей Веркеенко "Symfony2 & REST API"
Алексей Веркеенко "Symfony2 & REST API" Алексей Веркеенко "Symfony2 & REST API"
Алексей Веркеенко "Symfony2 & REST API"
Fwdays
 
Introduction to Restful Web Services
Introduction to Restful Web ServicesIntroduction to Restful Web Services
Introduction to Restful Web Services
weili_at_slideshare
 
API Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNGAPI Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNG
Siddharth Sharma
 
Api crash
Api crashApi crash
Api crash
Tony Nguyen
 
Api crash
Api crashApi crash
Api crash
Hoang Nguyen
 
Api crash
Api crashApi crash
Api crash
Fraboni Ec
 
Api crash
Api crashApi crash
Api crash
James Wong
 
Api crash
Api crashApi crash
Api crash
Luis Goldster
 

Similar to Best Practices in Web Service Design (20)

CNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesCNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application Technologies
 
CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application Technologies
 
Rest APIs Training
Rest APIs TrainingRest APIs Training
Rest APIs Training
 
RESTful Services
RESTful ServicesRESTful Services
RESTful Services
 
Overview of java web services
Overview of java web servicesOverview of java web services
Overview of java web services
 
REST API Recommendations
REST API RecommendationsREST API Recommendations
REST API Recommendations
 
Mini-Training: Let's have a rest
Mini-Training: Let's have a restMini-Training: Let's have a rest
Mini-Training: Let's have a rest
 
Rest WebAPI with OData
Rest WebAPI with ODataRest WebAPI with OData
Rest WebAPI with OData
 
www | HTTP | HTML - Tutorial
www | HTTP | HTML - Tutorialwww | HTTP | HTML - Tutorial
www | HTTP | HTML - Tutorial
 
Ch 3: Web Application Technologies
Ch 3: Web Application TechnologiesCh 3: Web Application Technologies
Ch 3: Web Application Technologies
 
APIs and Services: One Platform or Two?
APIs and Services: One Platform or Two?APIs and Services: One Platform or Two?
APIs and Services: One Platform or Two?
 
Portal and Intranets
Portal and Intranets Portal and Intranets
Portal and Intranets
 
Алексей Веркеенко "Symfony2 & REST API"
Алексей Веркеенко "Symfony2 & REST API" Алексей Веркеенко "Symfony2 & REST API"
Алексей Веркеенко "Symfony2 & REST API"
 
Introduction to Restful Web Services
Introduction to Restful Web ServicesIntroduction to Restful Web Services
Introduction to Restful Web Services
 
API Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNGAPI Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNG
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 

More from Lorna Mitchell

OAuth: Trust Issues
OAuth: Trust IssuesOAuth: Trust Issues
OAuth: Trust Issues
Lorna Mitchell
 
Web Services PHP Tutorial
Web Services PHP TutorialWeb Services PHP Tutorial
Web Services PHP Tutorial
Lorna Mitchell
 
Best Practice in API Design
Best Practice in API DesignBest Practice in API Design
Best Practice in API Design
Lorna Mitchell
 
Git, GitHub and Open Source
Git, GitHub and Open SourceGit, GitHub and Open Source
Git, GitHub and Open Source
Lorna Mitchell
 
Business 101 for Developers: Time and Money
Business 101 for Developers: Time and MoneyBusiness 101 for Developers: Time and Money
Business 101 for Developers: Time and Money
Lorna Mitchell
 
Things I wish web graduates knew
Things I wish web graduates knewThings I wish web graduates knew
Things I wish web graduates knew
Lorna Mitchell
 
Teach a Man To Fish (phpconpl edition)
Teach a Man To Fish (phpconpl edition)Teach a Man To Fish (phpconpl edition)
Teach a Man To Fish (phpconpl edition)
Lorna Mitchell
 
Web services tutorial
Web services tutorialWeb services tutorial
Web services tutorial
Lorna Mitchell
 
Join In With Joind.In
Join In With Joind.InJoin In With Joind.In
Join In With Joind.In
Lorna Mitchell
 
Tool Up Your LAMP Stack
Tool Up Your LAMP StackTool Up Your LAMP Stack
Tool Up Your LAMP Stack
Lorna Mitchell
 
Going Freelance
Going FreelanceGoing Freelance
Going Freelance
Lorna Mitchell
 
Understanding Distributed Source Control
Understanding Distributed Source ControlUnderstanding Distributed Source Control
Understanding Distributed Source Control
Lorna Mitchell
 
Coaching Development Teams: Teach A Man To Fish
Coaching Development Teams: Teach A Man To FishCoaching Development Teams: Teach A Man To Fish
Coaching Development Teams: Teach A Man To Fish
Lorna Mitchell
 
Zend Certification Preparation Tutorial
Zend Certification Preparation TutorialZend Certification Preparation Tutorial
Zend Certification Preparation Tutorial
Lorna Mitchell
 
Implementing OAuth with PHP
Implementing OAuth with PHPImplementing OAuth with PHP
Implementing OAuth with PHP
Lorna Mitchell
 
Web Services Tutorial
Web Services TutorialWeb Services Tutorial
Web Services Tutorial
Lorna Mitchell
 
Object Oriented Programming in PHP
Object Oriented Programming in PHPObject Oriented Programming in PHP
Object Oriented Programming in PHP
Lorna Mitchell
 
Example Presentation
Example PresentationExample Presentation
Example Presentation
Lorna Mitchell
 
Could You Telecommute?
Could You Telecommute?Could You Telecommute?
Could You Telecommute?
Lorna Mitchell
 
Design Patterns
Design PatternsDesign Patterns
Design Patterns
Lorna Mitchell
 

More from Lorna Mitchell (20)

OAuth: Trust Issues
OAuth: Trust IssuesOAuth: Trust Issues
OAuth: Trust Issues
 
Web Services PHP Tutorial
Web Services PHP TutorialWeb Services PHP Tutorial
Web Services PHP Tutorial
 
Best Practice in API Design
Best Practice in API DesignBest Practice in API Design
Best Practice in API Design
 
Git, GitHub and Open Source
Git, GitHub and Open SourceGit, GitHub and Open Source
Git, GitHub and Open Source
 
Business 101 for Developers: Time and Money
Business 101 for Developers: Time and MoneyBusiness 101 for Developers: Time and Money
Business 101 for Developers: Time and Money
 
Things I wish web graduates knew
Things I wish web graduates knewThings I wish web graduates knew
Things I wish web graduates knew
 
Teach a Man To Fish (phpconpl edition)
Teach a Man To Fish (phpconpl edition)Teach a Man To Fish (phpconpl edition)
Teach a Man To Fish (phpconpl edition)
 
Web services tutorial
Web services tutorialWeb services tutorial
Web services tutorial
 
Join In With Joind.In
Join In With Joind.InJoin In With Joind.In
Join In With Joind.In
 
Tool Up Your LAMP Stack
Tool Up Your LAMP StackTool Up Your LAMP Stack
Tool Up Your LAMP Stack
 
Going Freelance
Going FreelanceGoing Freelance
Going Freelance
 
Understanding Distributed Source Control
Understanding Distributed Source ControlUnderstanding Distributed Source Control
Understanding Distributed Source Control
 
Coaching Development Teams: Teach A Man To Fish
Coaching Development Teams: Teach A Man To FishCoaching Development Teams: Teach A Man To Fish
Coaching Development Teams: Teach A Man To Fish
 
Zend Certification Preparation Tutorial
Zend Certification Preparation TutorialZend Certification Preparation Tutorial
Zend Certification Preparation Tutorial
 
Implementing OAuth with PHP
Implementing OAuth with PHPImplementing OAuth with PHP
Implementing OAuth with PHP
 
Web Services Tutorial
Web Services TutorialWeb Services Tutorial
Web Services Tutorial
 
Object Oriented Programming in PHP
Object Oriented Programming in PHPObject Oriented Programming in PHP
Object Oriented Programming in PHP
 
Example Presentation
Example PresentationExample Presentation
Example Presentation
 
Could You Telecommute?
Could You Telecommute?Could You Telecommute?
Could You Telecommute?
 
Design Patterns
Design PatternsDesign Patterns
Design Patterns
 

Recently uploaded

National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
FODUU
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 

Recently uploaded (20)

National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 

Best Practices in Web Service Design

  • 1. Best Practice in Web Service Design Lorna Jane Mitchell February 2010
  • 3. Aims of a Web Service • Expose system functionality • Assist modular application architecture • Enable scalability Empower Users!
  • 4. Web. Service. Design • WEB - we'll talk about HTTP itself and how the web makes an ideal vehicle for conveying information • SERVICE - understanding the service types and how to choose • DESIGN - designing a robust and useful API, techniques for anyone specifying/implementing, either at high level or in code
  • 5. Web
  • 6. The Web: HTTP • HyperText Transport Protocol: the "wires" that the web uses to communicate. • HTTP includes meta information as part of the request headers • We can use this rather than reinventing formats for the info
  • 7. Web Request Anatomy > GET / HTTP/1.1 > User-Agent: curl/7.19.5 (i486-pc-linux-gnu) libcurl/7.19.5 OpenSSL/0.9.8g zlib/1.2.3.3 libid > Host: www.google.co.uk > Accept: */* > < HTTP/1.1 200 OK < Date: Tue, 29 Dec 2009 11:53:32 GMT < Expires: -1 < Cache-Control: private, max-age=0 < Content-Type: text/html; charset=ISO-8859-1 < Set-Cookie: PREF=ID=938ea5e5be0edfd5:TM=1262087612:LM=1262087612:S=i4OvD_W expires=Thu, 29-Dec-2011 11:53:32 GMT; path=/; domain=.google.co.uk < Set-Cookie: NID=30=xm_tayHyAuPiERmCeIv3kiHczSQgm-Nt6DWlGVKKqTrAhT2BhqDiqsw A46lBcfV-mS0WZGQqfq-Px5097pdZ3x4R2jRboXU5i8lU2GqM5ql7Zs7zmv3; expires=Wed, 30 GMT; path=/; domain=.google.co.uk; HttpOnly < Server: gws < X-XSS-Protection: 0 < Transfer-Encoding: chunked <
  • 8. HTTP Status Codes Code Meaning 200 OK 302 Found 301 Moved 401 Not Authorised 403 Forbidden 404 Not Found 500 Internal Server Error
  • 9. Headers • Authorization • Cookie and Set-Cookie • Cache-Control • User-Agent • Accept • Content-Type
  • 10. Content-Type and Accept • Usually a common mime type, e.g: – text/html – text/xml – application/json • We can parse accordingly • Be consistent in return formats
  • 11. HTTP Verbs • GET • POST • PUT • DELETE
  • 13. Service Types • SOAP • *-RPC – XML-RPC – JSON-RPC • REST
  • 14. SOAP • Just "soap" • Defined XML format • Also includes definition for error format • Wrappers available for most languages • Optionally uses a WSDL to describe the service – Web Service Description Language
  • 15. RPC Services • Remote Procedure Call • Similar to library • Call function with arguments • Body format can change – XML makes XML-RPC – JSON makes JSON-RPC
  • 16. REST • REpresentational State Transfer • A series of concepts • Generally uses HTTP (HyperText Transfer Protocol) • URLs are resource locations • Verbs tell the service what to do • Status codes indicate what the outcome was
  • 18. Tools to Make a Web Service • Lots of options • By hand – Using PHP language features • With helper components – e.g. PEAR modules • Within a framework custom module • From an MVC system
  • 19. Designing a Web Service • Who/what will consume this? • What service/format is appropriate? – multiple formats where possible • What functionality is needed? • Up-front design is recommended
  • 20. Services and Unit Testing • Easiest application of unit testing • With API tests – be confident of spotting changes – update tests when making changes • Test request/response for known datasets • Could use sample database
  • 21. Small APIs • Beware adding functionality • Small, flexible APIs • Few methods as possible • Easy to use
  • 22. Consistency • Important to retain – naming conventions – parameter validation rules – parameter order • Just as you would in library code
  • 23. Statelessness • Request alone contains all information needed • No session data • Resource does not need to be in known state • Same operation performs same outcome
  • 24. Versions and Formats • Always include a version parameter • Handle multiple formats
  • 25. Status Codes • Typically associated with REST – HTTP response codes • Useful in other APIs too • Headline news: success or type of failure • MVC tools may not use these by default • Highly recommended!
  • 26. Error Handling • Success is not the only outcome • Users will encounter failure – it might be their fault – how you handle it is the measure of your service • Failure handling = robustness
  • 27. Error Feedback • Help users help themselves • Descriptive feedback • Stack errors • Use existing/similar format
  • 28. Authentication Mechanisms • Depends completely on the environment • Web services are like web applications • Application interfaces have the same considerations whether internal or external
  • 29. Authentication Options • Require authentication on every request • Authenticate once and use a token • Restrict token validity • Application or web server authentication • Just like sessions
  • 30. Heartbeat Method • A method which does nothing • No authentication • Requires correct request format • Gives basic feedback • Shows that service is alive
  • 31. Build It And They Will Come • ... Or not! • Users need a service to be – accessible – documented – robust – reliable – simple – predictable
  • 32. Delivering A Web Service • Like packaging software • Give users tools to help themselves • Avoid support calls
  • 33. Documentation • WSDL • PHPDoc can help • Simple examples/tutorials • API spec – formats – variable names – data types – error information
  • 34. Examples • Tutorials with examples • Include full request and response information in examples • Troubleshooting tips and known issues • Full API Documentation – simpler to generate from PHPDoc
  • 35. In Summary • Web Services != Rocket Science • HTTP theory • Service types • Design considerations • Effective Delivery
  • 36. Resources • http://php.net • RESTful Web Services by Leonard Richardson, Sam Ruby • http://curl.haxx.se/ • http://benramsey.com • http://lornajane.net
  • 38. Thankyou! • Lorna Mitchell • @lornajane http://joind.in/1460