SlideShare a Scribd company logo

Building Awesome APIs with Lumen

Kit Brennan
Kit Brennan

An overview of how to structure your Lumen APIs to make them awesome. Topics covered: requests, responses, logging, documentation and testing. Slides assume some background in Laravel.

Technology
1 of 30
Download to read offline
Building Awesome APIs with Lumen Kit Brennan Rokk3r Labs
• Consistent • Reliable • Easy to use What makes an API awesome Overview
• Super fast out the box • If you know Laravel, you know Lumen • All of Laravel waiting to be switched on Why Lumen Overview
• Requests • Responses • Logging • Documentation • Testing Structure of the talk Overview
• Version your API using route prefixes Routing Requests
• Also, an excellent use of subdomain routing: Routing Requests
• Create an /api/1/ping route for public APIs • Don’t put any middleware in front of the route • Two reasons: • Lets clients easily check if server is up • First step of integrating with an API is just making sure your request reaches the remote server. Routing Requests
• Choose an endpoint structure and stick to it • Have awesome documentation for all endpoints 
 we will come back to this • GET is a safe method
 this should really go without saying • PUT and DELETE are idempotent
 operation should always produce same result Routing Requests
• GET https://example.com/api/1/users • POST https://example.com/api/1/users • GET https://example.com/api/1/users/1 • PUT https://example.com/api/1/users/1 • DELETE https://example.com/api/1/users/1 Routing Requests
• https://github.com/barryvdh/laravel-cors • Public APIs: allow all origins • Private APIs: allow your origins CORS Requests
• Session based authentication not appropriate • Three options: • Access token authentication
 for server-server apps - you provide token in advance • JSON web token
 for client-side apps - you provide a token at user login • Oauth
 for third party apps accessing existing user accounts on your system Authentication methods Requests
• https://github.com/tymondesigns/jwt-auth • Scales much better than other options - each server validates the token, rather than making a DB call • Frontend apps should store the token with LocalStorage • Tokens should expire
 use refresh tokens to generate new tokens Authentication - JSON web tokens Requests
• https://github.com/lucadegasperi/oauth2-server-laravel • Potentially very dangerous (so get it right): • You’re giving someone access to client data • Read the spec: http://tools.ietf.org/html/rfc6749 Authentication - Oauth Requests
• Avoid the magic controller validation • Instead create a validation class, call it and check in your controller if it fails Validation Requests
• Awesome APIs accept many date formats • Validation facades date validator uses strtotime • Carbon’s parse method uses strtotime • Combine the two and you can safely accept any date • Caveat… a unix timestamp is not parsed by strtotime Dates Requests
• Even APIs should have a view layer • Explicitly cast all types Transformers Responses
• Do not forget to transform your Carbon objects Transformers Responses
• Use a transformer package • https://github.com/salebab/larasponse
 the documentation sucks, but it’s still the best package • You provide a class with a transform method, then simply call it in any controller: Transformers Responses
• Power comes when you want to include other transforms in your transformer (transformer class)
 
 
 • Always include with a transformer (transformer class): 
 • Or optional include (controller class): Transformers Responses
• Response macros let you include additional meta data to response • Macros also ensure consistency of base response across all response statuses and all endpoints • Register in a service provider: Response Macros Responses
• Log all requests and all responses • This is 10x as true if you are making a public API • Make your logs easily accessible
 no, SSHing into a server is not easily accessible When to log Logging
• Shameless plug for today’s sponsor: www.understand.io
 probably the best option, so not such a shameless plug • Anything supported by Monolog should work out the box • https://papertrailapp.com • https://www.loggly.com • The ELK stack https://www.elastic.co
 open source Logging services Logging
• One is auto documented, one isn’t: Auto documenters Documentation
• http://readme.io/ • https://apiary.io/ • https://www.mashape.com/ • http://swagger.io/ -> popular auto documenter • GitHub/Bitbucket wikis Documentation services Documentation
• Tell developers about any breaking API changes • Give 30 days notice of breaking changes or downtime
 ideally longer • Make it super clear you won’t use the mailing list for marketing • Never use the mailing list for marketing Mailing list Documentation
• Write full end to end API tests. Lumen supports these out the box: API tests Testing
• Statically define your test expectations for a given route
 your seeder will need to have some fixtures for this Test every field Testing
• Returning a 200 when you should be returning a 403 (forbidden) is inexcusable. Test failures Testing
• In your TestCase.php JWT Override Testing
Thank You Kit Brennan Rokk3r Labs

Recommended

REST API Laravel
REST API LaravelREST API Laravel
REST API Laravel
John Dave Decano
 
Rest presentation
Rest presentationRest presentation
Rest presentationsrividhyau
 
The Internet as Web Services: introduction to ReST
The Internet as Web Services: introduction to ReSTThe Internet as Web Services: introduction to ReST
The Internet as Web Services: introduction to ReST
Bruno Kessler Foundation
 
Understanding and testing restful web services
Understanding and testing restful web servicesUnderstanding and testing restful web services
Understanding and testing restful web services
mwinteringham
 
How to build a rest api.pptx
How to build a rest api.pptxHow to build a rest api.pptx
How to build a rest api.pptx
Harry Potter
 
JSON REST API for WordPress
JSON REST API for WordPressJSON REST API for WordPress
JSON REST API for WordPress
Taylor Lovett
 
40+ tips to use Postman more efficiently
40+ tips to use Postman more efficiently40+ tips to use Postman more efficiently
40+ tips to use Postman more efficiently
postmanclient
 
Understanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple StepsUnderstanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple Steps
Tessa Mero
 

Recommended

REST API Laravel
REST API LaravelREST API Laravel
REST API Laravel
John Dave Decano
 
Rest presentation
Rest presentationRest presentation
Rest presentationsrividhyau
 
The Internet as Web Services: introduction to ReST
The Internet as Web Services: introduction to ReSTThe Internet as Web Services: introduction to ReST
The Internet as Web Services: introduction to ReST
Bruno Kessler Foundation
 
Understanding and testing restful web services
Understanding and testing restful web servicesUnderstanding and testing restful web services
Understanding and testing restful web services
mwinteringham
 
How to build a rest api.pptx
How to build a rest api.pptxHow to build a rest api.pptx
How to build a rest api.pptx
Harry Potter
 
JSON REST API for WordPress
JSON REST API for WordPressJSON REST API for WordPress
JSON REST API for WordPress
Taylor Lovett
 
40+ tips to use Postman more efficiently
40+ tips to use Postman more efficiently40+ tips to use Postman more efficiently
40+ tips to use Postman more efficiently
postmanclient
 
Understanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple StepsUnderstanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple Steps
Tessa Mero
 
Best Practices in Web Service Design
Best Practices in Web Service DesignBest Practices in Web Service Design
Best Practices in Web Service DesignLorna Mitchell
 
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and PythonDEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
Cisco DevNet
 
Rest and the hypermedia constraint
Rest and the hypermedia constraintRest and the hypermedia constraint
Rest and the hypermedia constraint
Inviqa
 
Your First Scala Web Application using Play 2.1
Your First Scala Web Application using Play 2.1Your First Scala Web Application using Play 2.1
Your First Scala Web Application using Play 2.1
Matthew Barlocker
 
Rest web services
Rest web servicesRest web services
Rest web services
Paulo Gandra de Sousa
 
Design Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIsDesign Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIs
Stormpath
 
RESTful API Automation with JavaScript
RESTful API Automation with JavaScriptRESTful API Automation with JavaScript
RESTful API Automation with JavaScript
Jonathan LeBlanc
 
Postman Collection Format v2.0 (pre-draft)
Postman Collection Format v2.0 (pre-draft)Postman Collection Format v2.0 (pre-draft)
Postman Collection Format v2.0 (pre-draft)
Postman
 
REST-API introduction for developers
REST-API introduction for developersREST-API introduction for developers
REST-API introduction for developers
Patrick Savalle
 
JSON and REST
JSON and RESTJSON and REST
JSON and REST
Robert MacLean
 
Frisby Api automation
Frisby Api automationFrisby Api automation
Frisby Api automation
Dineesha Suraweera
 
REST Presentation
REST PresentationREST Presentation
REST Presentation
Alexandros Marinos
 
Understanding REST
Understanding RESTUnderstanding REST
Understanding REST
Nitin Pande
 
Building Automated REST APIs with Python
Building Automated REST APIs with PythonBuilding Automated REST APIs with Python
Building Automated REST APIs with Python
Jeff Knupp
 
Learn REST in 18 Slides
Learn REST in 18 SlidesLearn REST in 18 Slides
Learn REST in 18 Slides
Suraj Gupta
 
RESTful services
RESTful servicesRESTful services
RESTful servicesgouthamrv
 
A python web service
A python web serviceA python web service
A python web service
Temian Vlad
 
Implementation advantages of rest
Implementation advantages of restImplementation advantages of rest
Implementation advantages of restBalamurugan Easwaran
 
ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web api
Tiago Knoch
 
REST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in CodeigniterREST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in Codeigniter
Sachin G Kulkarni
 
POS Malware: Is your Debit/Credit Transcations Secure?
POS Malware: Is your Debit/Credit Transcations Secure?POS Malware: Is your Debit/Credit Transcations Secure?
POS Malware: Is your Debit/Credit Transcations Secure?
Cysinfo Cyber Security Community
 
Five pillars of Infrastructure Monitoring
Five pillars of Infrastructure MonitoringFive pillars of Infrastructure Monitoring
Five pillars of Infrastructure Monitoring
Daniel Koller
 

More Related Content

What's hot

Best Practices in Web Service Design
Best Practices in Web Service DesignBest Practices in Web Service Design
Best Practices in Web Service DesignLorna Mitchell
 
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and PythonDEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
Cisco DevNet
 
Rest and the hypermedia constraint
Rest and the hypermedia constraintRest and the hypermedia constraint
Rest and the hypermedia constraint
Inviqa
 
Your First Scala Web Application using Play 2.1
Your First Scala Web Application using Play 2.1Your First Scala Web Application using Play 2.1
Your First Scala Web Application using Play 2.1
Matthew Barlocker
 
Rest web services
Rest web servicesRest web services
Rest web services
Paulo Gandra de Sousa
 
Design Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIsDesign Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIs
Stormpath
 
RESTful API Automation with JavaScript
RESTful API Automation with JavaScriptRESTful API Automation with JavaScript
RESTful API Automation with JavaScript
Jonathan LeBlanc
 
Postman Collection Format v2.0 (pre-draft)
Postman Collection Format v2.0 (pre-draft)Postman Collection Format v2.0 (pre-draft)
Postman Collection Format v2.0 (pre-draft)
Postman
 
REST-API introduction for developers
REST-API introduction for developersREST-API introduction for developers
REST-API introduction for developers
Patrick Savalle
 
JSON and REST
JSON and RESTJSON and REST
JSON and REST
Robert MacLean
 
Frisby Api automation
Frisby Api automationFrisby Api automation
Frisby Api automation
Dineesha Suraweera
 
REST Presentation
REST PresentationREST Presentation
REST Presentation
Alexandros Marinos
 
Understanding REST
Understanding RESTUnderstanding REST
Understanding REST
Nitin Pande
 
Building Automated REST APIs with Python
Building Automated REST APIs with PythonBuilding Automated REST APIs with Python
Building Automated REST APIs with Python
Jeff Knupp
 
Learn REST in 18 Slides
Learn REST in 18 SlidesLearn REST in 18 Slides
Learn REST in 18 Slides
Suraj Gupta
 
RESTful services
RESTful servicesRESTful services
RESTful servicesgouthamrv
 
A python web service
A python web serviceA python web service
A python web service
Temian Vlad
 
ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web api
Tiago Knoch
 
REST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in CodeigniterREST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in Codeigniter
Sachin G Kulkarni
 

What's hot (20)

Best Practices in Web Service Design
Best Practices in Web Service DesignBest Practices in Web Service Design
Best Practices in Web Service Design
 
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and PythonDEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
 
Rest and the hypermedia constraint
Rest and the hypermedia constraintRest and the hypermedia constraint
Rest and the hypermedia constraint
 
Your First Scala Web Application using Play 2.1
Your First Scala Web Application using Play 2.1Your First Scala Web Application using Play 2.1
Your First Scala Web Application using Play 2.1
 
Rest web services
Rest web servicesRest web services
Rest web services
 
Design Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIsDesign Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIs
 
RESTful API Automation with JavaScript
RESTful API Automation with JavaScriptRESTful API Automation with JavaScript
RESTful API Automation with JavaScript
 
Postman Collection Format v2.0 (pre-draft)
Postman Collection Format v2.0 (pre-draft)Postman Collection Format v2.0 (pre-draft)
Postman Collection Format v2.0 (pre-draft)
 
REST-API introduction for developers
REST-API introduction for developersREST-API introduction for developers
REST-API introduction for developers
 
JSON and REST
JSON and RESTJSON and REST
JSON and REST
 
Frisby Api automation
Frisby Api automationFrisby Api automation
Frisby Api automation
 
REST Presentation
REST PresentationREST Presentation
REST Presentation
 
Understanding REST
Understanding RESTUnderstanding REST
Understanding REST
 
Building Automated REST APIs with Python
Building Automated REST APIs with PythonBuilding Automated REST APIs with Python
Building Automated REST APIs with Python
 
Learn REST in 18 Slides
Learn REST in 18 SlidesLearn REST in 18 Slides
Learn REST in 18 Slides
 
RESTful services
RESTful servicesRESTful services
RESTful services
 
A python web service
A python web serviceA python web service
A python web service
 
Implementation advantages of rest
Implementation advantages of restImplementation advantages of rest
Implementation advantages of rest
 
ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web api
 
REST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in CodeigniterREST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in Codeigniter
 

Viewers also liked

POS Malware: Is your Debit/Credit Transcations Secure?
POS Malware: Is your Debit/Credit Transcations Secure?POS Malware: Is your Debit/Credit Transcations Secure?
POS Malware: Is your Debit/Credit Transcations Secure?
Cysinfo Cyber Security Community
 
Five pillars of Infrastructure Monitoring
Five pillars of Infrastructure MonitoringFive pillars of Infrastructure Monitoring
Five pillars of Infrastructure Monitoring
Daniel Koller
 
Tech Chat – What's New in Sumo Logic
Tech Chat – What's New in Sumo LogicTech Chat – What's New in Sumo Logic
Tech Chat – What's New in Sumo Logic
Sumo Logic
 
Hadoop / Spark on Malware Expression
Hadoop / Spark on Malware ExpressionHadoop / Spark on Malware Expression
Hadoop / Spark on Malware Expression
MapR Technologies
 
Composite çelik
Composite çelikComposite çelik
Composite çelik
Abdullah ÇELİK
 
Ahg microsoft stream_insight_queries
Ahg microsoft stream_insight_queriesAhg microsoft stream_insight_queries
Ahg microsoft stream_insight_queriesSteve Xu
 
Game Over - HTML5 Games
Game Over - HTML5 GamesGame Over - HTML5 Games
Game Over - HTML5 GamesGuido Garcia
 
Book of Fauna and Flora
Book of Fauna and FloraBook of Fauna and Flora
Book of Fauna and Flora
moisesrodriguezmateo
 
Marian Marinov, 1H Ltd.
Marian Marinov, 1H Ltd.Marian Marinov, 1H Ltd.
Marian Marinov, 1H Ltd.
Ontico
 
AppSensor Near Real-Time Event Detection and Response - DevNexus 2016
AppSensor Near Real-Time Event Detection and Response - DevNexus 2016AppSensor Near Real-Time Event Detection and Response - DevNexus 2016
AppSensor Near Real-Time Event Detection and Response - DevNexus 2016
jtmelton
 
George Park Workshop 1 - Cosumnes CSD
George Park Workshop 1 - Cosumnes CSDGeorge Park Workshop 1 - Cosumnes CSD
George Park Workshop 1 - Cosumnes CSDCosumnes CSD
 
Introduction to ICS/SCADA security
Introduction to ICS/SCADA securityIntroduction to ICS/SCADA security
Introduction to ICS/SCADA security
Cysinfo Cyber Security Community
 
Chicago AWS user group meetup - May 2014 at Cohesive
Chicago AWS user group meetup - May 2014 at CohesiveChicago AWS user group meetup - May 2014 at Cohesive
Chicago AWS user group meetup - May 2014 at Cohesive
CloudCamp Chicago
 
Urban legends - PJ Hagerty - Codemotion Amsterdam 2017
Urban legends - PJ Hagerty - Codemotion Amsterdam 2017Urban legends - PJ Hagerty - Codemotion Amsterdam 2017
Urban legends - PJ Hagerty - Codemotion Amsterdam 2017
Codemotion
 
Answers in environmental education @kaye
Answers in environmental education @kayeAnswers in environmental education @kaye
Answers in environmental education @kayeCee Saliendrez
 
Free - Chris Anderson
Free - Chris AndersonFree - Chris Anderson
Free - Chris Anderson
schooldialoog
 
EMC World 2015 - The Devops Toolkit
EMC World 2015 - The Devops ToolkitEMC World 2015 - The Devops Toolkit
EMC World 2015 - The Devops Toolkit
Jonas Rosland
 
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
OpenWhisk
 
Zero to Hero: Getting started with DVCS
Zero to Hero: Getting started with DVCSZero to Hero: Getting started with DVCS
Zero to Hero: Getting started with DVCSAtlassian
 

Viewers also liked (20)

POS Malware: Is your Debit/Credit Transcations Secure?
POS Malware: Is your Debit/Credit Transcations Secure?POS Malware: Is your Debit/Credit Transcations Secure?
POS Malware: Is your Debit/Credit Transcations Secure?
 
Five pillars of Infrastructure Monitoring
Five pillars of Infrastructure MonitoringFive pillars of Infrastructure Monitoring
Five pillars of Infrastructure Monitoring
 
Tech Chat – What's New in Sumo Logic
Tech Chat – What's New in Sumo LogicTech Chat – What's New in Sumo Logic
Tech Chat – What's New in Sumo Logic
 
Hadoop / Spark on Malware Expression
Hadoop / Spark on Malware ExpressionHadoop / Spark on Malware Expression
Hadoop / Spark on Malware Expression
 
Composite çelik
Composite çelikComposite çelik
Composite çelik
 
Ahg microsoft stream_insight_queries
Ahg microsoft stream_insight_queriesAhg microsoft stream_insight_queries
Ahg microsoft stream_insight_queries
 
Game Over - HTML5 Games
Game Over - HTML5 GamesGame Over - HTML5 Games
Game Over - HTML5 Games
 
Book of Fauna and Flora
Book of Fauna and FloraBook of Fauna and Flora
Book of Fauna and Flora
 
Setex Brochure by Matrax Bulgaria
Setex Brochure by Matrax BulgariaSetex Brochure by Matrax Bulgaria
Setex Brochure by Matrax Bulgaria
 
Marian Marinov, 1H Ltd.
Marian Marinov, 1H Ltd.Marian Marinov, 1H Ltd.
Marian Marinov, 1H Ltd.
 
AppSensor Near Real-Time Event Detection and Response - DevNexus 2016
AppSensor Near Real-Time Event Detection and Response - DevNexus 2016AppSensor Near Real-Time Event Detection and Response - DevNexus 2016
AppSensor Near Real-Time Event Detection and Response - DevNexus 2016
 
George Park Workshop 1 - Cosumnes CSD
George Park Workshop 1 - Cosumnes CSDGeorge Park Workshop 1 - Cosumnes CSD
George Park Workshop 1 - Cosumnes CSD
 
Introduction to ICS/SCADA security
Introduction to ICS/SCADA securityIntroduction to ICS/SCADA security
Introduction to ICS/SCADA security
 
Chicago AWS user group meetup - May 2014 at Cohesive
Chicago AWS user group meetup - May 2014 at CohesiveChicago AWS user group meetup - May 2014 at Cohesive
Chicago AWS user group meetup - May 2014 at Cohesive
 
Urban legends - PJ Hagerty - Codemotion Amsterdam 2017
Urban legends - PJ Hagerty - Codemotion Amsterdam 2017Urban legends - PJ Hagerty - Codemotion Amsterdam 2017
Urban legends - PJ Hagerty - Codemotion Amsterdam 2017
 
Answers in environmental education @kaye
Answers in environmental education @kayeAnswers in environmental education @kaye
Answers in environmental education @kaye
 
Free - Chris Anderson
Free - Chris AndersonFree - Chris Anderson
Free - Chris Anderson
 
EMC World 2015 - The Devops Toolkit
EMC World 2015 - The Devops ToolkitEMC World 2015 - The Devops Toolkit
EMC World 2015 - The Devops Toolkit
 
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
 
Zero to Hero: Getting started with DVCS
Zero to Hero: Getting started with DVCSZero to Hero: Getting started with DVCS
Zero to Hero: Getting started with DVCS
 

Similar to Building Awesome APIs with Lumen

Redundant devops
Redundant devopsRedundant devops
Redundant devops
Szabolcs Szabolcsi-Tóth
 
AWS Lambda Function with Kotlin
AWS Lambda Function with KotlinAWS Lambda Function with Kotlin
AWS Lambda Function with Kotlin
Troy Miles
 
REST APIs
REST APIsREST APIs
REST APIs
Arthur De Magalhaes
 
Building real time applications with Symfony2
Building real time applications with Symfony2Building real time applications with Symfony2
Building real time applications with Symfony2
Antonio Peric-Mazar
 
RESTful web
RESTful webRESTful web
RESTful web
Alvin Qi
 
Middleware in Golang: InVision's Rye
Middleware in Golang: InVision's RyeMiddleware in Golang: InVision's Rye
Middleware in Golang: InVision's Rye
Cale Hoopes
 
CNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesCNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application Technologies
Sam Bowne
 
MEAN Stack WeNode Barcelona Workshop
MEAN Stack WeNode Barcelona WorkshopMEAN Stack WeNode Barcelona Workshop
MEAN Stack WeNode Barcelona WorkshopValeri Karpov
 
(ATS6-PLAT04) Query service
(ATS6-PLAT04) Query service (ATS6-PLAT04) Query service
(ATS6-PLAT04) Query service
BIOVIA
 
CNIT 129S: 10: Attacking Back-End Components
CNIT 129S: 10: Attacking Back-End ComponentsCNIT 129S: 10: Attacking Back-End Components
CNIT 129S: 10: Attacking Back-End Components
Sam Bowne
 
Restful风格ž„web服务架构
Restful风格ž„web服务架构Restful风格ž„web服务架构
Restful风格ž„web服务架构
Benjamin Tan
 
Api crash
Api crashApi crash
Api crash
Hoang Nguyen
 
Ch 3: Web Application Technologies
Ch 3: Web Application TechnologiesCh 3: Web Application Technologies
Ch 3: Web Application Technologies
Sam Bowne
 
Metrics are Not Enough: Monitoring Apache Kafka / Gwen Shapira (Confluent)
Metrics are Not Enough: Monitoring Apache Kafka / Gwen Shapira (Confluent)Metrics are Not Enough: Monitoring Apache Kafka / Gwen Shapira (Confluent)
Metrics are Not Enough: Monitoring Apache Kafka / Gwen Shapira (Confluent)
Ontico
 

Similar to Building Awesome APIs with Lumen (20)

Redundant devops
Redundant devopsRedundant devops
Redundant devops
 
AWS Lambda Function with Kotlin
AWS Lambda Function with KotlinAWS Lambda Function with Kotlin
AWS Lambda Function with Kotlin
 
REST APIs
REST APIsREST APIs
REST APIs
 
Building real time applications with Symfony2
Building real time applications with Symfony2Building real time applications with Symfony2
Building real time applications with Symfony2
 
RESTful web
RESTful webRESTful web
RESTful web
 
Middleware in Golang: InVision's Rye
Middleware in Golang: InVision's RyeMiddleware in Golang: InVision's Rye
Middleware in Golang: InVision's Rye
 
CNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesCNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application Technologies
 
MEAN Stack WeNode Barcelona Workshop
MEAN Stack WeNode Barcelona WorkshopMEAN Stack WeNode Barcelona Workshop
MEAN Stack WeNode Barcelona Workshop
 
(ATS6-PLAT04) Query service
(ATS6-PLAT04) Query service (ATS6-PLAT04) Query service
(ATS6-PLAT04) Query service
 
CNIT 129S: 10: Attacking Back-End Components
CNIT 129S: 10: Attacking Back-End ComponentsCNIT 129S: 10: Attacking Back-End Components
CNIT 129S: 10: Attacking Back-End Components
 
Restful风格ž„web服务架构
Restful风格ž„web服务架构Restful风格ž„web服务架构
Restful风格ž„web服务架构
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Ch 3: Web Application Technologies
Ch 3: Web Application TechnologiesCh 3: Web Application Technologies
Ch 3: Web Application Technologies
 
Metrics are Not Enough: Monitoring Apache Kafka / Gwen Shapira (Confluent)
Metrics are Not Enough: Monitoring Apache Kafka / Gwen Shapira (Confluent)Metrics are Not Enough: Monitoring Apache Kafka / Gwen Shapira (Confluent)
Metrics are Not Enough: Monitoring Apache Kafka / Gwen Shapira (Confluent)
 

Recently uploaded

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
Globus
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 

Recently uploaded (20)

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 

Building Awesome APIs with Lumen

  • 1. Building Awesome APIs with Lumen Kit Brennan Rokk3r Labs
  • 2. • Consistent • Reliable • Easy to use What makes an API awesome Overview
  • 3. • Super fast out the box • If you know Laravel, you know Lumen • All of Laravel waiting to be switched on Why Lumen Overview
  • 4. • Requests • Responses • Logging • Documentation • Testing Structure of the talk Overview
  • 5. • Version your API using route prefixes Routing Requests
  • 6. • Also, an excellent use of subdomain routing: Routing Requests
  • 7. • Create an /api/1/ping route for public APIs • Don’t put any middleware in front of the route • Two reasons: • Lets clients easily check if server is up • First step of integrating with an API is just making sure your request reaches the remote server. Routing Requests
  • 8. • Choose an endpoint structure and stick to it • Have awesome documentation for all endpoints 
 we will come back to this • GET is a safe method
 this should really go without saying • PUT and DELETE are idempotent
 operation should always produce same result Routing Requests
  • 9. • GET https://example.com/api/1/users • POST https://example.com/api/1/users • GET https://example.com/api/1/users/1 • PUT https://example.com/api/1/users/1 • DELETE https://example.com/api/1/users/1 Routing Requests
  • 10. • https://github.com/barryvdh/laravel-cors • Public APIs: allow all origins • Private APIs: allow your origins CORS Requests
  • 11. • Session based authentication not appropriate • Three options: • Access token authentication
 for server-server apps - you provide token in advance • JSON web token
 for client-side apps - you provide a token at user login • Oauth
 for third party apps accessing existing user accounts on your system Authentication methods Requests
  • 12. • https://github.com/tymondesigns/jwt-auth • Scales much better than other options - each server validates the token, rather than making a DB call • Frontend apps should store the token with LocalStorage • Tokens should expire
 use refresh tokens to generate new tokens Authentication - JSON web tokens Requests
  • 13. • https://github.com/lucadegasperi/oauth2-server-laravel • Potentially very dangerous (so get it right): • You’re giving someone access to client data • Read the spec: http://tools.ietf.org/html/rfc6749 Authentication - Oauth Requests
  • 14. • Avoid the magic controller validation • Instead create a validation class, call it and check in your controller if it fails Validation Requests
  • 15. • Awesome APIs accept many date formats • Validation facades date validator uses strtotime • Carbon’s parse method uses strtotime • Combine the two and you can safely accept any date • Caveat… a unix timestamp is not parsed by strtotime Dates Requests
  • 16. • Even APIs should have a view layer • Explicitly cast all types Transformers Responses
  • 17. • Do not forget to transform your Carbon objects Transformers Responses
  • 18. • Use a transformer package • https://github.com/salebab/larasponse
 the documentation sucks, but it’s still the best package • You provide a class with a transform method, then simply call it in any controller: Transformers Responses
  • 19. • Power comes when you want to include other transforms in your transformer (transformer class)
 
 
 • Always include with a transformer (transformer class): 
 • Or optional include (controller class): Transformers Responses
  • 20. • Response macros let you include additional meta data to response • Macros also ensure consistency of base response across all response statuses and all endpoints • Register in a service provider: Response Macros Responses
  • 21. • Log all requests and all responses • This is 10x as true if you are making a public API • Make your logs easily accessible
 no, SSHing into a server is not easily accessible When to log Logging
  • 22. • Shameless plug for today’s sponsor: www.understand.io
 probably the best option, so not such a shameless plug • Anything supported by Monolog should work out the box • https://papertrailapp.com • https://www.loggly.com • The ELK stack https://www.elastic.co
 open source Logging services Logging
  • 23. • One is auto documented, one isn’t: Auto documenters Documentation
  • 24. • http://readme.io/ • https://apiary.io/ • https://www.mashape.com/ • http://swagger.io/ -> popular auto documenter • GitHub/Bitbucket wikis Documentation services Documentation
  • 25. • Tell developers about any breaking API changes • Give 30 days notice of breaking changes or downtime
 ideally longer • Make it super clear you won’t use the mailing list for marketing • Never use the mailing list for marketing Mailing list Documentation
  • 26. • Write full end to end API tests. Lumen supports these out the box: API tests Testing
  • 27. • Statically define your test expectations for a given route
 your seeder will need to have some fixtures for this Test every field Testing
  • 28. • Returning a 200 when you should be returning a 403 (forbidden) is inexcusable. Test failures Testing
  • 29. • In your TestCase.php JWT Override Testing