SlideShare a Scribd company logo

CakeFest 2013 - A-Z REST APIs

Download as PPTX, PDF
A
anthony_putignano
Technology
1 of 39
DATA COLLABORATION
NEW PLATFORM • Backend REST API built using CakePHP • Web client consumes the API via a thin Node.js server and a single-page AngularJS app • Mobile client consumes the API with a PhoneGap-wrapped Sencha Touch app
MISCONCEPTION: "Building a REST API will be easy! All we need to do is hook up our controllers to a bunch of CRUD actions, serve them out like they exist in the database, and figure out a way to communicate in JSON/XML format! Alright, is it happy hour yet!?”
IN REALITY… • Input/Output data purification • Permissions • Stateless authentication & authorization • Cross-Origin Resource Sharing (CORS) • Documentation … and more lurking around the corner.
API SCHEMA !== DATABASE SCHEMA • Many attribute names don’t match column names • Some attributes don’t map cleanly to columnar data • Some resources don’t map cleanly to database tables • API consumers expect a lot of related data to be accessible in a single request
MODELS AREN’T JUST FOR TABLES • In a traditional app, a model generally represents a table • In an API, a model represents a resource • New strategy • Share models when possible • Create new models for API-only resources • Set up attributes & relations for each API- accessible model
CONFIGURE MODEL ATTRIBUTES
SET UP API RELATIONS
INPUT & OUTPUT PROCESSING • We now have at least 1 model for every API resource • We now have information about the attributes each API resource outputs • We now have information about the relations each API resource relies on by default vs. by request • We use this to input & output data automagically How…?
INPUT DATA COMPONENT What does it do?
CONVERT TO COLUMNAR DATA • API request is submitted using API resource & attribute names • When processing this request, convert the request into column names that can be saved to tables
CONVERT OPTIONS TO INTEGERS • Options are friendly on the API consumer: `status` = “complete” • Integers are friendly on the database: `status` = 1 • Don’t compromise one for the other – convert on input
HONOR TYPECASTING • Use attribute configurations to determine data type • Convert ISO 8601 formatted dates • Convert “false” string to`false` for booleans • Convert “null” string to `NULL` for NULLables • etc
INTEGRATE FOREIGN KEYS • /forms  parent resource • /forms/{form.id}/records -> sub-resource • When saving a record, automatically place `form_id` in POST data based on the value in the URL path
BRING IN DENORMALIZED DATA • Form belongs to a Workspace • Record belongs to a Form • Record has a denormalized `workspace_id` column for easy reference & querying • User shouldn’t have to submit the Workspace ID if they’ve already declared the Form ID
QUERY COMPONENT What does it do?
CONVERT TO COLUMNAR DATA • API request is submitted using API resource & attribute names • When processing this request, convert the conditions into column names that the app can use with a `find`
CONVERT OPTIONS TO INTEGERS • Same `status` = “complete” -> `status` = 1 conversion happens here
INTEGRATE FOREIGN KEYS • Same integration of data happens here • A query to /forms/{form.id}/records leads to an automatic inclusion of the Form ID in the query conditions
PERMISSIONS • ACL is great for “static” permissions • It’s not so great at handling “variable” permissions … What’s the difference? How do we reconcile this?
STATIC PERMISSIONS • App-wide “groups” of users (ie. default, admin, root) • Allow or block CRUD access to an entire resource • Allow or block CRUD access to a resource’s attribute
THE ACL IS OUR FRIEND $setActions is an anonymous function which sets up resource rules that the `PermissionComponent` can understand. $setCrud is an anonymous function which sets up attribute rules. Why anonymous functions? Hack to get past tough problems, but should be improved.
DYNAMIC PERMISSIONS • Groups created by a resource (ie. workspace member, workspace owner, etc) • Allow or block CRUD access to a resource based on dynamic group member
PERMISSIONS COMPONENT • canCreate() – returns boolean • canUpdate() – returns boolean • canDelete() – returns boolean • requireConditions() – returns array of “safe” conditions based on requested query conditions + permitted access
MODEL AS THE GO-TO SOURCE • isUserAuthorizedToCreate() – returns boolean • isUserAuthorizedToUpdate() – returns boolean • isUserAuthorizedToDelete() – returns boolean • userIsAuthorizedToReadSomeFieldName() – returns array of values that the user is allowed to query by, or “*” if all
IS USER AUTHORIZED TO READ?
AUTHENTICATION & AUTHORIZATION • Various different protocols • Many costs & benefits to each • We decided on oAuth 2 because it: • is simple • accommodates many different types of clients • is being adopted by some major providers
OAUTH 2: THE SIMPLE VERSION: • Supports public (2-legged) & private (3-legged) flows • Uses an access token for 3-legged flows
WHAT ARE THE CHALLENGES? • Clients need a way to get & refresh access tokens • App needs to authenticate the user with every request (it is stateless)
OAUTH2 PLUGIN • There’s a lot to it, but basically… • The `OAuth2Controller` handles all of the client’s token getting & refreshing needs via: • authorize() • grant() • token() • The `OAuth2Authenticate` class is an authentication adapter which “logs the user in” on every request
CONFIGURATION? EASY.
CROSS-ORIGIN RESOURCE SHARING • API calls are often done from frontend apps • Browser will not less you make “cross-origin” (cross-domain) requests without extra request & response headers • Cake doesn’t have any default options for this
CORS PREFLIGHT DISPATCHER • Uses Cake 2.x dispatch filters • If CORS request headers exist, it outputs CORS response headers • Automatically stops propagation on OPTIONS requests • Complete solution; all CORS logic in one place
DOCUMENTATION • Should be as DRY as possible • Should not sacrifice usability • Interactive is better • We chose Swagger UI https://github.com/wordnik/swagger-ui
HOW TO KEEP IT DRY? • `ApiDocsShell` - uses combination of: • Routes • Models • Attribute configurations • Permissions • Validation rules to automagically build interactive documentation about resources.
HOW TO KEEP IT USER FRIENDLY? • Sometimes a resource “dictionary” isn’t enough • Users need guidance • Plain English descriptions help • Pull those in based on convention • Attribute descriptions • Files which hold resource- & operation- level descriptions
WHAT ARE WE MISSING? • JSON & XML formatting • Error handling • Routing • Versioning • Caching • Links • Rate limiting • Monetization • … it never really ends. Pick your battles wisely. Outsource functions if you can: http://www.3scale.net/
OPEN SOURCED github.com/Wizehive/cakephp-api-utils Connect with me at: about.me/anthony.putignano

Recommended

CakePHP REST Plugin
CakePHP REST PluginCakePHP REST Plugin
CakePHP REST PluginKevin van Zonneveld
 
Designing CakePHP plugins for consuming APIs
Designing CakePHP plugins for consuming APIsDesigning CakePHP plugins for consuming APIs
Designing CakePHP plugins for consuming APIsNeil Crookes
 
RESTful Web Development with CakePHP
RESTful Web Development with CakePHPRESTful Web Development with CakePHP
RESTful Web Development with CakePHPAndru Weir
 
REST API with CakePHP
REST API with CakePHPREST API with CakePHP
REST API with CakePHPAnuchit Chalothorn
 
Cake fest 2012 create a restful api
Cake fest 2012 create a restful apiCake fest 2012 create a restful api
Cake fest 2012 create a restful apiceeram
 
Building RESTful applications using Spring MVC
Building RESTful applications using Spring MVCBuilding RESTful applications using Spring MVC
Building RESTful applications using Spring MVCIndicThreads
 
Web api
Web apiWeb api
Web apiudaiappa
 
REST APIs in Laravel 101
REST APIs in Laravel 101REST APIs in Laravel 101
REST APIs in Laravel 101Samantha Geitz
 

Recommended

CakePHP REST Plugin
CakePHP REST PluginCakePHP REST Plugin
CakePHP REST PluginKevin van Zonneveld
 
Designing CakePHP plugins for consuming APIs
Designing CakePHP plugins for consuming APIsDesigning CakePHP plugins for consuming APIs
Designing CakePHP plugins for consuming APIsNeil Crookes
 
RESTful Web Development with CakePHP
RESTful Web Development with CakePHPRESTful Web Development with CakePHP
RESTful Web Development with CakePHPAndru Weir
 
REST API with CakePHP
REST API with CakePHPREST API with CakePHP
REST API with CakePHPAnuchit Chalothorn
 
Cake fest 2012 create a restful api
Cake fest 2012 create a restful apiCake fest 2012 create a restful api
Cake fest 2012 create a restful apiceeram
 
Building RESTful applications using Spring MVC
Building RESTful applications using Spring MVCBuilding RESTful applications using Spring MVC
Building RESTful applications using Spring MVCIndicThreads
 
Web api
Web apiWeb api
Web apiudaiappa
 
REST APIs in Laravel 101
REST APIs in Laravel 101REST APIs in Laravel 101
REST APIs in Laravel 101Samantha Geitz
 
Javascript laravel's friend
Javascript laravel's friendJavascript laravel's friend
Javascript laravel's friendBart Van Den Brande
 
CakeFest 2013 - A-Z REST APIs
CakeFest 2013 - A-Z REST APIsCakeFest 2013 - A-Z REST APIs
CakeFest 2013 - A-Z REST APIsanthony_putignano
 
Slim Framework
Slim FrameworkSlim Framework
Slim FrameworkPramod Raghav
 
RESTful API development in Laravel 4 - Christopher Pecoraro
RESTful API development in Laravel 4 - Christopher PecoraroRESTful API development in Laravel 4 - Christopher Pecoraro
RESTful API development in Laravel 4 - Christopher PecoraroChristopher Pecoraro
 
Web service with Laravel
Web service with LaravelWeb service with Laravel
Web service with LaravelAbuzer Firdousi
 
AngularJS with Slim PHP Micro Framework
AngularJS with Slim PHP Micro FrameworkAngularJS with Slim PHP Micro Framework
AngularJS with Slim PHP Micro FrameworkBackand Cohen
 
Web services with laravel
Web services with laravelWeb services with laravel
Web services with laravelConfiz
 
Spring Mvc Rest
Spring Mvc RestSpring Mvc Rest
Spring Mvc RestCraig Walls
 
Laravel Restful API and AngularJS
Laravel Restful API and AngularJSLaravel Restful API and AngularJS
Laravel Restful API and AngularJSBlake Newman
 
Request dispacther interface ppt
Request dispacther interface pptRequest dispacther interface ppt
Request dispacther interface pptTaha Malampatti
 
SFDC UI - Advanced Visualforce
SFDC UI - Advanced VisualforceSFDC UI - Advanced Visualforce
SFDC UI - Advanced VisualforceSujit Kumar
 
Eclipse Day India 2015 - Rest with Java (jax rs) and jersey
Eclipse Day India 2015 - Rest with Java (jax rs) and jerseyEclipse Day India 2015 - Rest with Java (jax rs) and jersey
Eclipse Day India 2015 - Rest with Java (jax rs) and jerseyEclipse Day India
 
Burlington, VT PHP Users Group Subversion Presentation
Burlington, VT PHP Users Group Subversion PresentationBurlington, VT PHP Users Group Subversion Presentation
Burlington, VT PHP Users Group Subversion PresentationBradley Holt
 
Request-Response Cycle of Ruby on Rails App
Request-Response Cycle of Ruby on Rails AppRequest-Response Cycle of Ruby on Rails App
Request-Response Cycle of Ruby on Rails AppNathalie Steinmetz
 
4 introduction-php-mvc-cakephp-m4-controllers-slides
4 introduction-php-mvc-cakephp-m4-controllers-slides4 introduction-php-mvc-cakephp-m4-controllers-slides
4 introduction-php-mvc-cakephp-m4-controllers-slidesMasterCode.vn
 
Rest hello world_tutorial
Rest hello world_tutorialRest hello world_tutorial
Rest hello world_tutorialAravindharamanan S
 
Very Brief Intro to Catalyst
Very Brief Intro to CatalystVery Brief Intro to Catalyst
Very Brief Intro to CatalystZachary Blair
 
Day01 api
Day01 apiDay01 api
Day01 apiABDEL RAHMAN KARIM
 
Rest API
Rest APIRest API
Rest APIRohana K Amarakoon
 
Building a Backend with Flask
Building a Backend with FlaskBuilding a Backend with Flask
Building a Backend with FlaskMake School
 
9 Awesome cake php tutorials and resources
9 Awesome cake php tutorials and resources9 Awesome cake php tutorials and resources
9 Awesome cake php tutorials and resourcesiScripts
 
Cakephp 3
Cakephp 3 Cakephp 3
Cakephp 3 Amilkar Shegrid
 

More Related Content

What's hot

CakeFest 2013 - A-Z REST APIs
CakeFest 2013 - A-Z REST APIsCakeFest 2013 - A-Z REST APIs
CakeFest 2013 - A-Z REST APIsanthony_putignano
 
RESTful API development in Laravel 4 - Christopher Pecoraro
RESTful API development in Laravel 4 - Christopher PecoraroRESTful API development in Laravel 4 - Christopher Pecoraro
RESTful API development in Laravel 4 - Christopher PecoraroChristopher Pecoraro
 
Web service with Laravel
Web service with LaravelWeb service with Laravel
Web service with LaravelAbuzer Firdousi
 
AngularJS with Slim PHP Micro Framework
AngularJS with Slim PHP Micro FrameworkAngularJS with Slim PHP Micro Framework
AngularJS with Slim PHP Micro FrameworkBackand Cohen
 
Web services with laravel
Web services with laravelWeb services with laravel
Web services with laravelConfiz
 
Laravel Restful API and AngularJS
Laravel Restful API and AngularJSLaravel Restful API and AngularJS
Laravel Restful API and AngularJSBlake Newman
 
Request dispacther interface ppt
Request dispacther interface pptRequest dispacther interface ppt
Request dispacther interface pptTaha Malampatti
 
SFDC UI - Advanced Visualforce
SFDC UI - Advanced VisualforceSFDC UI - Advanced Visualforce
SFDC UI - Advanced VisualforceSujit Kumar
 
Eclipse Day India 2015 - Rest with Java (jax rs) and jersey
Eclipse Day India 2015 - Rest with Java (jax rs) and jerseyEclipse Day India 2015 - Rest with Java (jax rs) and jersey
Eclipse Day India 2015 - Rest with Java (jax rs) and jerseyEclipse Day India
 
Burlington, VT PHP Users Group Subversion Presentation
Burlington, VT PHP Users Group Subversion PresentationBurlington, VT PHP Users Group Subversion Presentation
Burlington, VT PHP Users Group Subversion PresentationBradley Holt
 
Request-Response Cycle of Ruby on Rails App
Request-Response Cycle of Ruby on Rails AppRequest-Response Cycle of Ruby on Rails App
Request-Response Cycle of Ruby on Rails AppNathalie Steinmetz
 
4 introduction-php-mvc-cakephp-m4-controllers-slides
4 introduction-php-mvc-cakephp-m4-controllers-slides4 introduction-php-mvc-cakephp-m4-controllers-slides
4 introduction-php-mvc-cakephp-m4-controllers-slidesMasterCode.vn
 
Very Brief Intro to Catalyst
Very Brief Intro to CatalystVery Brief Intro to Catalyst
Very Brief Intro to CatalystZachary Blair
 
Building a Backend with Flask
Building a Backend with FlaskBuilding a Backend with Flask
Building a Backend with FlaskMake School
 

What's hot (20)

Javascript laravel's friend
Javascript laravel's friendJavascript laravel's friend
Javascript laravel's friend
 
CakeFest 2013 - A-Z REST APIs
CakeFest 2013 - A-Z REST APIsCakeFest 2013 - A-Z REST APIs
CakeFest 2013 - A-Z REST APIs
 
Slim Framework
Slim FrameworkSlim Framework
Slim Framework
 
RESTful API development in Laravel 4 - Christopher Pecoraro
RESTful API development in Laravel 4 - Christopher PecoraroRESTful API development in Laravel 4 - Christopher Pecoraro
RESTful API development in Laravel 4 - Christopher Pecoraro
 
Web service with Laravel
Web service with LaravelWeb service with Laravel
Web service with Laravel
 
AngularJS with Slim PHP Micro Framework
AngularJS with Slim PHP Micro FrameworkAngularJS with Slim PHP Micro Framework
AngularJS with Slim PHP Micro Framework
 
Web services with laravel
Web services with laravelWeb services with laravel
Web services with laravel
 
Spring Mvc Rest
Spring Mvc RestSpring Mvc Rest
Spring Mvc Rest
 
Laravel Restful API and AngularJS
Laravel Restful API and AngularJSLaravel Restful API and AngularJS
Laravel Restful API and AngularJS
 
Request dispacther interface ppt
Request dispacther interface pptRequest dispacther interface ppt
Request dispacther interface ppt
 
SFDC UI - Advanced Visualforce
SFDC UI - Advanced VisualforceSFDC UI - Advanced Visualforce
SFDC UI - Advanced Visualforce
 
Eclipse Day India 2015 - Rest with Java (jax rs) and jersey
Eclipse Day India 2015 - Rest with Java (jax rs) and jerseyEclipse Day India 2015 - Rest with Java (jax rs) and jersey
Eclipse Day India 2015 - Rest with Java (jax rs) and jersey
 
Burlington, VT PHP Users Group Subversion Presentation
Burlington, VT PHP Users Group Subversion PresentationBurlington, VT PHP Users Group Subversion Presentation
Burlington, VT PHP Users Group Subversion Presentation
 
Request-Response Cycle of Ruby on Rails App
Request-Response Cycle of Ruby on Rails AppRequest-Response Cycle of Ruby on Rails App
Request-Response Cycle of Ruby on Rails App
 
4 introduction-php-mvc-cakephp-m4-controllers-slides
4 introduction-php-mvc-cakephp-m4-controllers-slides4 introduction-php-mvc-cakephp-m4-controllers-slides
4 introduction-php-mvc-cakephp-m4-controllers-slides
 
Rest hello world_tutorial
Rest hello world_tutorialRest hello world_tutorial
Rest hello world_tutorial
 
Very Brief Intro to Catalyst
Very Brief Intro to CatalystVery Brief Intro to Catalyst
Very Brief Intro to Catalyst
 
Day01 api
Day01 apiDay01 api
Day01 api
 
Rest API
Rest APIRest API
Rest API
 
Building a Backend with Flask
Building a Backend with FlaskBuilding a Backend with Flask
Building a Backend with Flask
 

Viewers also liked

9 Awesome cake php tutorials and resources
9 Awesome cake php tutorials and resources9 Awesome cake php tutorials and resources
9 Awesome cake php tutorials and resourcesiScripts
 
REST API testing with SpecFlow
REST API testing with SpecFlowREST API testing with SpecFlow
REST API testing with SpecFlowAiste Stikliute
 

Viewers also liked (6)

9 Awesome cake php tutorials and resources
9 Awesome cake php tutorials and resources9 Awesome cake php tutorials and resources
9 Awesome cake php tutorials and resources
 
Cakephp 3
Cakephp 3 Cakephp 3
Cakephp 3
 
Full-Stack CakePHP Deployment
Full-Stack CakePHP DeploymentFull-Stack CakePHP Deployment
Full-Stack CakePHP Deployment
 
PPT - A slice of cake php
PPT - A slice of cake phpPPT - A slice of cake php
PPT - A slice of cake php
 
CakePHP
CakePHPCakePHP
CakePHP
 
REST API testing with SpecFlow
REST API testing with SpecFlowREST API testing with SpecFlow
REST API testing with SpecFlow
 

Similar to CakeFest 2013 - A-Z REST APIs

REST API Recommendations
REST API RecommendationsREST API Recommendations
REST API RecommendationsJeelani Shaik
 
Frame - Feature Management for Productive Machine Learning
Frame - Feature Management for Productive Machine LearningFrame - Feature Management for Productive Machine Learning
Frame - Feature Management for Productive Machine LearningDavid Stein
 
API Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNGAPI Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNGSiddharth Sharma
 
(ATS6-PLAT04) Query service
(ATS6-PLAT04) Query service (ATS6-PLAT04) Query service
(ATS6-PLAT04) Query service BIOVIA
 
Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformAntonio Peric-Mazar
 
Overview of REST - Raihan Ullah
Overview of REST - Raihan UllahOverview of REST - Raihan Ullah
Overview of REST - Raihan UllahCefalo
 
RESTful HATEOAS standards using Java based Katharsis
RESTful HATEOAS standards using Java based KatharsisRESTful HATEOAS standards using Java based Katharsis
RESTful HATEOAS standards using Java based KatharsisKeith Moore
 
RESTful HATEOAS standards using Java based Katharsis
RESTful HATEOAS standards using Java based KatharsisRESTful HATEOAS standards using Java based Katharsis
RESTful HATEOAS standards using Java based KatharsisKeith Moore
 
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...apidays
 
Intro to API Design Principles
Intro to API Design PrinciplesIntro to API Design Principles
Intro to API Design PrinciplesVictor Osimitz
 
The never-ending REST API design debate
The never-ending REST API design debateThe never-ending REST API design debate
The never-ending REST API design debateRestlet
 
Lessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptxLessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptxapidays
 
Designing your API Server for mobile apps
Designing your API Server for mobile appsDesigning your API Server for mobile apps
Designing your API Server for mobile appsMugunth Kumar
 
An Overview of Web Services: SOAP and REST
An Overview of Web Services: SOAP and REST An Overview of Web Services: SOAP and REST
An Overview of Web Services: SOAP and REST Ram Awadh Prasad, PMP
 

Similar to CakeFest 2013 - A-Z REST APIs (20)

REST APIs
REST APIsREST APIs
REST APIs
 
REST API Recommendations
REST API RecommendationsREST API Recommendations
REST API Recommendations
 
Frame - Feature Management for Productive Machine Learning
Frame - Feature Management for Productive Machine LearningFrame - Feature Management for Productive Machine Learning
Frame - Feature Management for Productive Machine Learning
 
API Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNGAPI Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNG
 
(ATS6-PLAT04) Query service
(ATS6-PLAT04) Query service (ATS6-PLAT04) Query service
(ATS6-PLAT04) Query service
 
Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API Platform
 
Overview of REST - Raihan Ullah
Overview of REST - Raihan UllahOverview of REST - Raihan Ullah
Overview of REST - Raihan Ullah
 
RESTful HATEOAS standards using Java based Katharsis
RESTful HATEOAS standards using Java based KatharsisRESTful HATEOAS standards using Java based Katharsis
RESTful HATEOAS standards using Java based Katharsis
 
RESTful HATEOAS standards using Java based Katharsis
RESTful HATEOAS standards using Java based KatharsisRESTful HATEOAS standards using Java based Katharsis
RESTful HATEOAS standards using Java based Katharsis
 
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
 
RESTful Services
RESTful ServicesRESTful Services
RESTful Services
 
Intro to API Design Principles
Intro to API Design PrinciplesIntro to API Design Principles
Intro to API Design Principles
 
APITalkMeetupSharable
APITalkMeetupSharableAPITalkMeetupSharable
APITalkMeetupSharable
 
Rest APIs Training
Rest APIs TrainingRest APIs Training
Rest APIs Training
 
Andrei shakirin rest_cxf
Andrei shakirin rest_cxfAndrei shakirin rest_cxf
Andrei shakirin rest_cxf
 
The never-ending REST API design debate
The never-ending REST API design debateThe never-ending REST API design debate
The never-ending REST API design debate
 
Angular js 1.0-fundamentals
Angular js 1.0-fundamentalsAngular js 1.0-fundamentals
Angular js 1.0-fundamentals
 
Lessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptxLessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptx
 
Designing your API Server for mobile apps
Designing your API Server for mobile appsDesigning your API Server for mobile apps
Designing your API Server for mobile apps
 
An Overview of Web Services: SOAP and REST
An Overview of Web Services: SOAP and REST An Overview of Web Services: SOAP and REST
An Overview of Web Services: SOAP and REST
 

Recently uploaded

WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024Lorenzo Miniero
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfalexjohnson7307
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewDianaGray10
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform EngineeringMarcus Vechiato
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGDSC PJATK
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...FIDO Alliance
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxFIDO Alliance
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)Wonjun Hwang
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data SciencePaolo Missier
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfAnubhavMangla3
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireExakis Nelite
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch TuesdayIvanti
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...marcuskenyatta275
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxjbellis
 

Recently uploaded (20)

WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)CORS (Kitworks Team Study 양다윗 발표자료 240510)
CORS (Kitworks Team Study 양다윗 발표자료 240510)
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 

CakeFest 2013 - A-Z REST APIs

  • 1.
  • 3. NEW PLATFORM • Backend REST API built using CakePHP • Web client consumes the API via a thin Node.js server and a single-page AngularJS app • Mobile client consumes the API with a PhoneGap-wrapped Sencha Touch app
  • 4. MISCONCEPTION: "Building a REST API will be easy! All we need to do is hook up our controllers to a bunch of CRUD actions, serve them out like they exist in the database, and figure out a way to communicate in JSON/XML format! Alright, is it happy hour yet!?”
  • 5. IN REALITY… • Input/Output data purification • Permissions • Stateless authentication & authorization • Cross-Origin Resource Sharing (CORS) • Documentation … and more lurking around the corner.
  • 6. API SCHEMA !== DATABASE SCHEMA • Many attribute names don’t match column names • Some attributes don’t map cleanly to columnar data • Some resources don’t map cleanly to database tables • API consumers expect a lot of related data to be accessible in a single request
  • 7. MODELS AREN’T JUST FOR TABLES • In a traditional app, a model generally represents a table • In an API, a model represents a resource • New strategy • Share models when possible • Create new models for API-only resources • Set up attributes & relations for each API- accessible model
  • 9. SET UP API RELATIONS
  • 10. INPUT & OUTPUT PROCESSING • We now have at least 1 model for every API resource • We now have information about the attributes each API resource outputs • We now have information about the relations each API resource relies on by default vs. by request • We use this to input & output data automagically How…?
  • 12. CONVERT TO COLUMNAR DATA • API request is submitted using API resource & attribute names • When processing this request, convert the request into column names that can be saved to tables
  • 13. CONVERT OPTIONS TO INTEGERS • Options are friendly on the API consumer: `status` = “complete” • Integers are friendly on the database: `status` = 1 • Don’t compromise one for the other – convert on input
  • 14. HONOR TYPECASTING • Use attribute configurations to determine data type • Convert ISO 8601 formatted dates • Convert “false” string to`false` for booleans • Convert “null” string to `NULL` for NULLables • etc
  • 15. INTEGRATE FOREIGN KEYS • /forms  parent resource • /forms/{form.id}/records -> sub-resource • When saving a record, automatically place `form_id` in POST data based on the value in the URL path
  • 16. BRING IN DENORMALIZED DATA • Form belongs to a Workspace • Record belongs to a Form • Record has a denormalized `workspace_id` column for easy reference & querying • User shouldn’t have to submit the Workspace ID if they’ve already declared the Form ID
  • 18. CONVERT TO COLUMNAR DATA • API request is submitted using API resource & attribute names • When processing this request, convert the conditions into column names that the app can use with a `find`
  • 19. CONVERT OPTIONS TO INTEGERS • Same `status` = “complete” -> `status` = 1 conversion happens here
  • 20. INTEGRATE FOREIGN KEYS • Same integration of data happens here • A query to /forms/{form.id}/records leads to an automatic inclusion of the Form ID in the query conditions
  • 21. PERMISSIONS • ACL is great for “static” permissions • It’s not so great at handling “variable” permissions … What’s the difference? How do we reconcile this?
  • 22. STATIC PERMISSIONS • App-wide “groups” of users (ie. default, admin, root) • Allow or block CRUD access to an entire resource • Allow or block CRUD access to a resource’s attribute
  • 23. THE ACL IS OUR FRIEND $setActions is an anonymous function which sets up resource rules that the `PermissionComponent` can understand. $setCrud is an anonymous function which sets up attribute rules. Why anonymous functions? Hack to get past tough problems, but should be improved.
  • 24. DYNAMIC PERMISSIONS • Groups created by a resource (ie. workspace member, workspace owner, etc) • Allow or block CRUD access to a resource based on dynamic group member
  • 25. PERMISSIONS COMPONENT • canCreate() – returns boolean • canUpdate() – returns boolean • canDelete() – returns boolean • requireConditions() – returns array of “safe” conditions based on requested query conditions + permitted access
  • 26. MODEL AS THE GO-TO SOURCE • isUserAuthorizedToCreate() – returns boolean • isUserAuthorizedToUpdate() – returns boolean • isUserAuthorizedToDelete() – returns boolean • userIsAuthorizedToReadSomeFieldName() – returns array of values that the user is allowed to query by, or “*” if all
  • 27. IS USER AUTHORIZED TO READ?
  • 28. AUTHENTICATION & AUTHORIZATION • Various different protocols • Many costs & benefits to each • We decided on oAuth 2 because it: • is simple • accommodates many different types of clients • is being adopted by some major providers
  • 29. OAUTH 2: THE SIMPLE VERSION: • Supports public (2-legged) & private (3-legged) flows • Uses an access token for 3-legged flows
  • 30. WHAT ARE THE CHALLENGES? • Clients need a way to get & refresh access tokens • App needs to authenticate the user with every request (it is stateless)
  • 31. OAUTH2 PLUGIN • There’s a lot to it, but basically… • The `OAuth2Controller` handles all of the client’s token getting & refreshing needs via: • authorize() • grant() • token() • The `OAuth2Authenticate` class is an authentication adapter which “logs the user in” on every request
  • 33. CROSS-ORIGIN RESOURCE SHARING • API calls are often done from frontend apps • Browser will not less you make “cross-origin” (cross-domain) requests without extra request & response headers • Cake doesn’t have any default options for this
  • 34. CORS PREFLIGHT DISPATCHER • Uses Cake 2.x dispatch filters • If CORS request headers exist, it outputs CORS response headers • Automatically stops propagation on OPTIONS requests • Complete solution; all CORS logic in one place
  • 35. DOCUMENTATION • Should be as DRY as possible • Should not sacrifice usability • Interactive is better • We chose Swagger UI https://github.com/wordnik/swagger-ui
  • 36. HOW TO KEEP IT DRY? • `ApiDocsShell` - uses combination of: • Routes • Models • Attribute configurations • Permissions • Validation rules to automagically build interactive documentation about resources.
  • 37. HOW TO KEEP IT USER FRIENDLY? • Sometimes a resource “dictionary” isn’t enough • Users need guidance • Plain English descriptions help • Pull those in based on convention • Attribute descriptions • Files which hold resource- & operation- level descriptions
  • 38. WHAT ARE WE MISSING? • JSON & XML formatting • Error handling • Routing • Versioning • Caching • Links • Rate limiting • Monetization • … it never really ends. Pick your battles wisely. Outsource functions if you can: http://www.3scale.net/