Downloaded 72 times
![Mapping ExtensionsRouter::parseExtensions()RequestHandler componentSwitches layouts / viewsIncludes helpersParses incoming XML on POSTRouter::connect( "/:controller/:id”, array ("action" => "edit", "[method]" => "PUT"), array("id" => "[0-9]+”));Source: http://book.cakephp.org/view/1240/Custom-REST-Routing](https://image.slidesharecdn.com/cakefest-100905125231-phpapp02/85/Cakefest-2010-API-Development-12-320.jpg)
![JsonPP w/ paddingUses callbackCross domain<?php if ( $callbackFunc !== false ) echo $callbackFunc.'('; echo $content_for_layout; if ( $callbackFunc ) echo $callbackFunc.')'; ?>function beforeFilter(){ if ( array_key_exists('callback’, $this->params[‘url’]) ) $this->set(‘callbackFunc’, $this->params[‘url’][‘callback’]); else $this->set(‘callbackFunc’, false);}APP/views/layouts/json/default.ctpAPP/app_controller.php](https://image.slidesharecdn.com/cakefest-100905125231-phpapp02/85/Cakefest-2010-API-Development-14-320.jpg)
![Implementationfunction your_action() { … $this->_userError(404); …}APP/controllers/your_controller.phpfunction _userError( $code, $options=array() ) { $codes = array( 402 => 'Payment Required', … ); $this->header("HTTP/1.1 {$type} {$codes[$type]}"); $this->cakeError('error'.$type, array( array( 'options' => $options ) ) );}APP/app_controller.php](https://image.slidesharecdn.com/cakefest-100905125231-phpapp02/85/Cakefest-2010-API-Development-25-320.jpg)
![PaginationUses HTTP headersApp defined start with “X-”function paginate($object=NULL, $scope=array(), $whitelist=array() ) { $data = parent::paginate($object,$scope,$whitelist); // … messy code to get the object … $this->header('X-Current-Page: '.((int)$this->params['paging'][$object->alias]['page'])); $this->header('X-Page-Limit: '.((int)$this->params['paging'][$object->alias]['options']['limit'])); $this->header('X-Page-Total: '.((int)$this->params['paging'][$object->alias]['count'])); return $data;}APP/app_controller.php](https://image.slidesharecdn.com/cakefest-100905125231-phpapp02/85/Cakefest-2010-API-Development-28-320.jpg)
Uploaded byAndrew Curioso
Cakefest 2010: API Development
This document discusses how to develop an API using CakePHP for backend development. It covers basic API setup, making the API RESTful, adding different response formats like JSON and XML, implementing authentication, error handling, and pagination. The goal is to turn a web application into an open platform that can be consumed by both internal and external applications through a public API.
Cakefest 2010: API Development
- 1. API DevelopmentBecoming thePlatform(CakePHP for Back-End Developmentor Cake for Web Services)By Andrew CuriosoCakeFest2010
- 2. IntroductionYesterday: Designing CakePHPplug-ins for consuming APIsToday:Create your own APIBasic setupExtras
- 3. Become a platformBe“a” platformA blog is a platform
- 4. Become a platformInternalonly (closed)Multi-platform (consumers)ScalableExternal (open)Everything +GrowthMash-ups!InnovationEvangelists“The Platform Play”
- 5. Who’s already aplatformGoogleFacebookDiggTwitterYahoo BOSS / Flickr / Delicious / etc.SalesforceEbayAmazonGowallaFourSquareBit.lyPaypalAuthorize.netEtc…
- 6. Types of APIsPatternsRepresentationState Transfer (REST)Remote Procedure Calls (RPC)Protocols / FormatsXMLJSONYAML AMFEtc...
- 7. RESTfulRepresentational State TransferResourcebased (nouns)5 verbsGETPUTPOSTDELETEHEADEasy in CakePHP
- 8. Today’s AppURL shorteningwebsiteUser authentication (simple)Create, read, update, and delete (CRUD)
- 9.
- 10. Making it RESTfulAPP/config/routes.phpRouter::mapResource(‘users’)Source:http://book.cakephp.org/view/1239/The-Simple-Setup
- 11. Security PitfallOnly youcan prevent CSRFOnly POST and PUT should write dataOnly POST and DELETE should delete data
- 12. Mapping ExtensionsRouter::parseExtensions()RequestHandler componentSwitcheslayouts / viewsIncludes helpersParses incoming XML on POSTRouter::connect( "/:controller/:id”, array ("action" => "edit", "[method]" => "PUT"), array("id" => "[0-9]+”));Source: http://book.cakephp.org/view/1240/Custom-REST-Routing
- 13. Json ViewSimpleFastWide-spread<?php echo json_encode( $url );?>APP/views/urls/json/view.ctp
- 14. JsonPP w/ paddingUsescallbackCross domain<?php if ( $callbackFunc !== false ) echo $callbackFunc.'('; echo $content_for_layout; if ( $callbackFunc ) echo $callbackFunc.')'; ?>function beforeFilter(){ if ( array_key_exists('callback’, $this->params[‘url’]) ) $this->set(‘callbackFunc’, $this->params[‘url’][‘callback’]); else $this->set(‘callbackFunc’, false);}APP/views/layouts/json/default.ctpAPP/app_controller.php
- 15. XML ViewStrongly TypedHumanreadableLots of existing tools<? echo ‘<url>’; echo $xml->serialize( $url ); echo ‘<url>’;?>APP/views/urls/xml/view.ctp
- 16. Other ViewsHuman ReadableXMLJson/ JsonPHTMLYAMLCSVSerialized PHPEtc…BinaryAMFMicrosoft ExcelPDFJPEG / PNGEtc…
- 17. Testing It OutUsing cURLCreatecurl –d “url=www.example.com” http://tinyr.me/urls.jsonReadcurl http://tinyr.me/urls/123.jsonUpdatecurl –d “url=www.example.com/foo” http://tinyr.me/urls/123.jsonDeletecurl –X DELETE http://tinyr.me/urls/123.json
- 18. Done?We haveMVC filesRESTfulViewsXMLJson / JsonPWe’re missingError handlingPaginationAuthenticationAuthorizationDocumentation
- 19. Status CodesSuccess200 OK*201 Created *303 See Other *Error401 Unauthorized *402 Payment Required403 Forbidden *404 Not Found *Error (continued)405 Method Not Allowed *409 Conflict410 Gone500 Internal Server Error501 Not Implemented503 Service Unavailable
- 20. Add MethodIf nota POST request405 Method Not AllowedAlready existed303 See OtherSave success201 CreatedFailure 200 OK with explanation
- 21. Edit MethodIf nota POST or PUT request405 Method Not AllowedInvalid ID404 File Not FoundSuccess200 OKFailure200 OK with explanation
- 22. Delete MethodIf nota POST or DELETE request405 Method Not AllowedInvalid ID404 File Not FoundSuccess200 OKFailure200 OK with explanation
- 23. GlobalUser is notallowed to access resource403 Forbidden User is not logged in401 Unauthorized
- 24.
- 25. Implementationfunction your_action() { … $this->_userError(404); …}APP/controllers/your_controller.phpfunction _userError( $code, $options=array() ) { $codes = array( 402 => 'Payment Required', … ); $this->header("HTTP/1.1 {$type} {$codes[$type]}"); $this->cakeError('error'.$type, array( array( 'options' => $options ) ) );}APP/app_controller.php
- 26. Implementation{"Error": { "code" : 404, "description" : "File Not Found"}}APP/views/errors/error404.ctp
- 27. HTTP HeadersReturn meta-informationRatelimitingPaginationEtc.
- 28. PaginationUses HTTP headersAppdefined start with “X-”function paginate($object=NULL, $scope=array(), $whitelist=array() ) { $data = parent::paginate($object,$scope,$whitelist); // … messy code to get the object … $this->header('X-Current-Page: '.((int)$this->params['paging'][$object->alias]['page'])); $this->header('X-Page-Limit: '.((int)$this->params['paging'][$object->alias]['options']['limit'])); $this->header('X-Page-Total: '.((int)$this->params['paging'][$object->alias]['count'])); return $data;}APP/app_controller.php
- 29. Multi-Platform DevUse aUI that makes senseBring something to the table
- 30. Platform SupportWeb BrowsersDonot support:DELETEPUTFortunately Cake…Let’s you do this:_method=DELETE
- 31. Platform SupportDELETE /urls/123.jsonHTTP1.1Host: www.example.comPOST /urls/123.json HTTP1.1Host: www.example.com_method=DELETE
- 32.
- 33. AuthorizationThere is nomagicOne or more:user_idAdministratorModerator
- 34. DocumentationVocabularies / SchemasDTDor schema filesExamplesCodeI/OCommunityFeedback
- 35. What about SOAPand AMF?CakePHP rocks with RESTSOAP is heavyAMF is light but requires FlashBut, if you still want to, you can
- 36. Flow for SOAPand AMF
- 37.
- 38.
- 39.
- 40. API Developers ChecklistDocumentationExamplecodeDefinition files (if applicable)Unit tests
- 41. Finding the codeMITLicensehttp://tinyr.me
- 42. Happy AniversaryHappy anniversary,Laura.1 year: Sept. 5, 2010
- 43.
Editor's Notes
- #2 Who am I.Introduce myVBO.About this presentation.What I’ll talk about.
- #3 Neil – plugins to consumeNot much code.Overview.All the slides will be online right after lunch.
- #4 Raise your hand up if you use CakePHP to handle some kind of data.Now put your hand down if you don’t have an API.If you have info why not be a platform?It doesn’t matter if the platform is very simple. A blog is a platform. It has an API for posting new articles and it has an RSS feed for syndicating them.Now that I simplified it.That’s my take.
- #5 Even if you are developing a closed API…I hope everyone considers open APIs.All this roles up into one concept. “The platform play.” So if you need something to go back to your boss or your investors with… that’s the thing. You’re making a platform play.
- #6 If this was five years ago...But the strategy works pretty well. TwitterFacebookBit.lyAmazonandSalesforceNow it is almost a necessity to have an API of some sort.
- #7 There are multiple patterns for APIs. There are a couple more lesser used ones but the two big ones are REST and RPC.Within those patterns you can use one or more formats to transfer your data.
- #8 Rest stands for Representational State Transfer incase you missed it in Neal’s presentation. As mentioned yesterday, the largest example of REST in the wild is HTTP.Luckily for us, CakePHP is usually layered on-top of HTTP so it inherits all the RESTful mechanisms.REST has a concept called resources (a specific user or comment are two examples).They are also called nouns which are acted on by verbs.There are five verbs in HTTP. We will focus on three.Finally, one last important thing… CakePHP makes REST easy.
- #9 The app that I will be using as an example today is the simplest app that I could think of.It is a URL shortening services that allows you to authenticate and thus be able to delete and edit URLs that you yourself shortened, and also basic CRUD.
- #10 There are two models. The user model, which is pretty standard for a CakePHP project, and the urls model which I have on the screen.A full URL shortened can, of course, get much more complicated than that. But for today I’m keeping it basic.
- #11 Once you’ve baked your model and what not you can open up your router and map the resource. This will register all the routes you need for REST in one call.You can still do it manually if you want but you don’t have to.These are the six routes registered when you map a resource.
- #12 One rule to live by is to never write or delete data on anything that is not a POST, PUT, or DELETE request.The main purpose of this rule is to protect against Cross Site Request Forgeries or CSRF attacks which are every difficult to defend against otherwise.Say that the add method accepted GET requests. Someone could then simply embed an image on a page with the add URL as a source and execute a add() as any user who visits the site.
- #13 Before we begin developing views we’ll haveto tell PHP to recognize file extensions and switch the views and layouts accordingly.We do this by turning on parseExtensions in the routes.php file and including the RequestHandler component in the app_controller.The RequestHandler component is what actually switches the views. It also includes helpers automatically in the view if a helper has the same name as the extension (like XML) and parses incoming POSTed XML and assigns it to the data property of the controller.
- #14 We now need to create a couple views.The Json view is the first and the one that I like the most. Because it is simple and easy to understand.It is fast thanks to native PHP support, and also very wide-spread.What you see here is the entire view for the view action in the urls controller.Notice the path to the view. The RequestHandler will tell Cake to look in the json folder for the appropriate view.
- #15 We can also easily support JsonP or Json with padding.JsonP specifies a Javascript callback function to execute with the results of a request.It allows for cross domain requests because you can trigger it via a simple script-include and function calls works across domains so the callback will work just fine.One important note is that it is only for GET requests. So, as I said earlier, it shouldn’t be able to write or delete data.JsonP can be handle generically in the layout. Notice the layout path.A JsonP request always takes the callback via a query parameter. So your app controller can read in the callback then set it for use in the view. The layout then reads it sand wraps the output in it is necessary.
- #16 Now for the XML view. And I can hear the boos now.XML does have some benefits. It is strongly typed, human readable, and has lots of existing tools available.Like Json, the view is pretty self-explanatory. Note the xml sub-directory in the view path.
- #17 One of the best parts about using parseExtensions and RequestHandler is you can literally have as many views as you want into the data.I listed just some of them here.
- #22 Erik’s talk.
- #24 If you did the ACL stuff Erik was talking about…Little difficult. Default behavior is redirectController, model, and object
- #28 Maintenance mode