François-Guillaume Ribreau, profile picture
Uploaded byFrançois-Guillaume Ribreau
2,816 views

Choisir entre une API RPC, SOAP, REST, GraphQL? 
Et si le problème était ailleurs ?

The document discusses different API architectures such as RPC, SOAP, REST, and GraphQL, outlining their histories, principles, and use cases. It emphasizes the importance of choosing the right API for data persistence and provides insights on managing various aspects of application development, including authentication, authorization, and performance optimization. The content is geared towards developers and architects, exploring how to build effective data APIs using technologies like PostgreSQL and PostgREST.

Embed presentation

Downloaded 51 times
Choisir entre une API RPC, SOAP, REST, GraphQL? 
 Et si le problème était ailleurs ?
François-Guillaume Ribreau — Architect & Head of development @Ouest-France 🌟 SaaS founder of _______ ____ MotionDynamic, Mailpopin 🚀 Trainer @EPSI_Nantes @UnivNantes 📢 Twitter/Github: @FGRibreau
<quick> <history>
- pattern: procedure(arguments...): [result] - ~1980 - principle: simplest form of API interaction - goal: run a task on another address space - often requires an IDL (Interface Definition Language) - well-known implementations: - XML-RPC (XML to encode calls & HTTP as transport) - JSON-RPC (JSON to encode calls & HTTP as transport) - Thrift, gRPC, Avro... and *lots* of other implementation RPC - Remote Procedure Call client api procedure(arguments...) result
- ~successor of XML-RPC - XML-based messaging framework - can work with any transport protocol (just need XML) - XML everywhere - IDL: WSDL, a schema of every available operations - 1998 (+18 yrs after RPC principle) - Spec WG closed on 10 July 2009 (+11 yrs) SOAP - Simple Object Access Protocol client api envelope(message(call)) envelope(message(response))
- Roy Fielding, 2000 (20 yrs after RPC) - based on the uniform and predefined set of stateless operations from HTTP protocol - request/response - server-side data are made available through representations of data in simple formats (e.g. JSON, XML) - IDL: no schema required (state-of-the-art: OpenAPI) REST - Representational State Transfer client api HTTP request HTTP response
More power on the client-side at request time GET /ressources/?fields=property1,property2 GET /ressources/:ressource_id?fields=property1,property2 (e.g. Google APIs, Facebook APIs) REST - Representational State Transfer client api HTTP request HTTP response
GET /fql? q=SELECT+uid2+FROM+friend+WHERE+uid1=me()&a ccess_token=… FQL @ Facebook (2007) https://query.yahooapis.com/v1/public/yql? q=select title, link from rss where url='https://engt.co/2JyTaQP' &format=json &env=store://datatables.org/alltableswithkeys YQL @ Yahoo (2008)
- Another RPC protocol (not a Graph db) - 3 verbs (in the REST sense): - fetch (implicit, read requests) - subscription (explicit, read streams) - mutation (writes requests) - introduce inversion of control between client & server - client only request needed data GraphQL client api HTTP request HTTP response
</history> </quick>
Wow much work so specifications client api
Current State of the art
3-tier Database API Client
3-tier Database (Tables / Views) API (Models) Client
Validation Database (Schema (constraint)) API (Models (validation)) Client (validation)
Authorization Database (Users/roles, policies) API (Authorization middleware) Client
Etc… 🕰 Database … API … Client
Only for data persistence Without data persistence Mostly for data persistence (+ some MQueing) What kind of API do you write the most? ~90% of the time it's. just. CRUD.
effort => data api client user
data api client user effort =>
Let's build a persistence API
api.motiondynamic.tech Fast highly dynamic video generation at scale 🚀
api SQLHTTP data (PostgreSQL) • HTTP request handling • Authentication • Authorization • Request Parsing • Request Validation • Database Communication • Database Response Handling (deserialization) • Output format serialization • HTTP Response Building Persistence API our job
api SQLHTTP Persistence API TL;DR: HTTP <-> SQL mapping … with a lot of space for potential mistakes. our job data (PostgreSQL)
Database Modelling 101 v1_0 schema authentication schema theme schema video schema …. view schemastored fn generations signIn signUp themes
api (PostgREST) data (PostgreSQL) Persistence API <= our job #SSoT #DRY v1_0 schema client HTTP / REST / (JSON,CSV)
Are we serious?
Schema modelling public private v1_0 schema authentication schema theme schema video schema …. view schemastored fn projects signIn signUp Postgrest videos generations startVideoGeneration
Read / Write requests (read, view) GET /themes (read, view) GET /videos (read, view) GET /generations (write, stored function) POST /rpc/signUp (write, stored function) POST /rpc/signIn (write, stored function) POST /rpc/startVideoGeneration DBv1_0 schema api (PostgREST)
GET /themes?downloads=gte.1000&isMine=is.true GET /themes?select=downloads::text,name,description GET /stuff?metadata->a->>b=eq.2 GET /themes?select=id,name,generations{createdAt} &order=name.asc&generations.order=createdAt.desc How do you manage projection, filtering, ordering?
Read / Write requests (read, view) GET /themes (read, view) GET /videos (read, view) GET /generations (write, stored function) POST /rpc/signUp (write, stored function) POST /rpc/signIn (write, stored function) POST /rpc/startVideoGeneration (write) POST /generations
INSTEAD OF create trigger generations_mutation INSTEAD OF INSERT OR UPDATE OR DELETE ON v1_0.generations for each row execute procedure video.mutation_generations_trigger()
Trigger create or replace function video.mutation_generations_trigger() returns trigger as $$ declare begin if (tg_op = 'DELETE') then -- delete generation return new; elsif (tg_op = 'UPDATE') then -- update generation return new; elsif (tg_op = 'INSERT') then -- create generation return new; end if; end; $$ security definer language plpgsql; pl/pgsql ? It's 2018: pl/v8 (javascript) - pl/python - pl/java - pl/tcl
State-of-the-art API performance api data (PostgreSQL) client HTTP / REST / JSON deserialize db response serialize http JSON response serialize to internal representation
API performance 🚀 api (PostgREST) data (PostgreSQL) client HTTP / REST / JSON serialize result to JSON “PostgreSQL JSON encoder is fast, it’s C fast. For a large JSON object graph PostgreSQL JSON generation can offer well over 12x the throughput. It can be 2x/10x faster than ActiveRecord or even 160x for large responses” https://hashrocket.com/blog/posts/faster-json-generation-with-postgresql
Versioning public private v1_0 schema v2_0 schema authentication schema theme schema video schema …. view schemastored fn videos signIn signUp generations logIn signUp
How do you manage authentication?
How do you manage authorization? CREATE ROLE authenticator NOINHERIT LOGIN; CREATE ROLE anonymous; CREATE ROLE authenticated_user; GRANT anonymous, authenticated_user TO authenticator;
How do you manage authorization? Row Level Security (PG 9.5+) ALTER TABLE video.generation ENABLE ROW LEVEL SECURITY; create policy generation_access_policy on video.generation to api -- a user can only see its own generations, admin can see everything using ( (request.user_role() = 'videoRequester' and user_id = request.user_id()) or request.user_role() = 'admin') -- only admin can change anyone generation data with check (request.user_role() = 'admin'); 3 lines of SQL Reliable security model (closed by default) Declarative Expressive
Imperative Programming "how to do" %📺' Declarative Programming "what to do" (🚀)
How do you manage emails/3rd parties? pg_notify (PG 9.2+) http://bit.ly/2oNbaKy
How do you manage emails/3rd parties? pg_notify (PG 9.2+) http://bit.ly/2JDCsQu
Rate-limiting? Headers? Monitoring? Tracing? Custom-logic ? Respect the separation of concerns (that's what Service Mesh is all about btw) data api client user proxy (nginx/openresty | istio proxy | ...)
How to manage documentation? OpenAPI (Swagger) format automatically extracted from schema
How to manage code-reviews, tests? It’s just SQL. SQL unit test: pgTAP Functional tests: Supertest / Jest
How to manage migrations? Full migration management sqitch/apgdiff
How to build & deploy? local env. + docker 🐳 (watch + SQL auto-reload) Cloud (PostgreSQL + PostgREST + OpenResty) apply migrations rolling deploy PostgREST/OpenResty run unit & functional tests test migrations
One more thing
REST & GraphQL api (PostgREST + SubZero) data (PostgreSQL) <= our job #SSoT #DRY v1_0 schema client GraphQL ?
subZero ❤ GraphQL & REST (PostgREST) API for your database
This philosophy is gaining traction
PostgraphQL - A GraphQL API created by reflection over a PostgreSQL schema: NodeJS + PostgreSQL Prisma - Prisma turns your database into a realtime GraphQL API: Scala + MySQL/Postgres (upcoming: MongoDB, ElasticSearch) Graphql-engine - Instant GraphQL APIs on Postgres with fine grained access control: NodeJS + PostgreSQL
Et si le problème était ailleurs ? API data (BDD) v1_0 schema client REST GraphQL Tomorrow?
Free plans for Redis administration & monitoring at redsmin.com We are looking for Front-end Developers twitter.com/iadvizetech Questions? @FGRibreau No more server-side rendering pain, 1 url = 1 chart image-charts.com
https://apple.github.io/foundationdb/transaction-manifesto.html Performance and scalability? We know of no practical limits to the scalability or performance of systems supporting transactions. When the movement toward NoSQL databases began, early systems, such as Google Bigtable, adopted minimal designs tightly focused on the scalability and performance. Features familiar from relational databases had been aggressively shed and the supposition was that the abandoned features were unnecessary or even harmful for scalability and performance goals. Those suppositions were wrong. It is becoming clear that supporting transactions is a matter of engineering effort, not a fundamental tradeoff in the design space. Algorithms for maintaining transactional integrity can be distributed and scale out like many other problems. Transactional integrity does come at a CPU cost, but in our experience that cost is less than 10% of total system CPU. This is a small price to pay for transactional integrity and can easily be made up elsewhere.
I am quite convinced that in fact computing will become a very important science. (🐶💩) But at the moment we are in a very primitive state of development; we don't know the basic principles yet and we must learn them first. 
 If universities spend their time teaching the state of the art, they will not discover these principles and that, surely, is what academics should be doing. — Christopher Strachey, 1969 (49 yrs ago) (quote by Edsger W. Dijkstra) https://bit.ly/2pMI7aJ “ ”

More Related Content

PDF
API Design, A Quick Guide to REST, SOAP, gRPC, and GraphQL, By Vahid Rahimian
byVahid Rahimian
 
PPTX
Python/Flask Presentation
byParag Mujumdar
 
PPTX
Php
byShagufta shaheen
 
ODP
Spring Mvc,Java, Spring
byifnu bima
 
PDF
Golang Channels
byJoris Bonnefoy
 
PDF
[NDC07] 게임 개발에서의 클라이언트 보안 - 송창규
byChangKyu Song
 
PDF
Collections in Java Notes
byShalabh Chaudhary
 
PPTX
Java String Handling
byInfoviaan Technologies
 
API Design, A Quick Guide to REST, SOAP, gRPC, and GraphQL, By Vahid Rahimian
byVahid Rahimian
 
Python/Flask Presentation
byParag Mujumdar
 
Php
byShagufta shaheen
 
Spring Mvc,Java, Spring
byifnu bima
 
Golang Channels
byJoris Bonnefoy
 
[NDC07] 게임 개발에서의 클라이언트 보안 - 송창규
byChangKyu Song
 
Collections in Java Notes
byShalabh Chaudhary
 
Java String Handling
byInfoviaan Technologies
 

What's hot

PPTX
Java Server Pages(jsp)
byManisha Keim
 
PDF
Intro to Asynchronous Javascript
byGarrett Welson
 
PDF
Nodejs presentation
byArvind Devaraj
 
PDF
Node.js Tutorial for Beginners | Node.js Web Application Tutorial | Node.js T...
byEdureka!
 
PPT
Java Networking
bySunil OS
 
PDF
Callback Function
byRoland San Nicolas
 
PPTX
Nodejs functions & modules
bymonikadeshmane
 
PPT
Javascript by geetanjali
byGeetanjali Bhosale
 
PDF
Multiplayer Game Sync Techniques through CAP theorem
bySeungmo Koo
 
PPTX
Java web application development
byRitikRathaur
 
PPTX
jQuery PPT
byDominic Arrojado
 
PPT
C# basics
byDinesh kumar
 
PPT
Java servlet life cycle - methods ppt
bykamal kotecha
 
PDF
Java Serialization
byimypraz
 
PDF
개발자 이승우 이력서 (2016)
bySeungWoo Lee
 
PPTX
Operator overloading
byRamish Suleman
 
PPTX
6-Python-Recursion PPT.pptx
byVenkateswara Babu Ravipati
 
PPT
Web Standards
byChrisF1502010
 
PPTX
[NDC 2018] 신입 개발자가 알아야 할 윈도우 메모리릭 디버깅
byDongMin Choi
 
PDF
Python programming : Arrays
byEmertxe Information Technologies Pvt Ltd
 
Java Server Pages(jsp)
byManisha Keim
 
Intro to Asynchronous Javascript
byGarrett Welson
 
Nodejs presentation
byArvind Devaraj
 
Node.js Tutorial for Beginners | Node.js Web Application Tutorial | Node.js T...
byEdureka!
 
Java Networking
bySunil OS
 
Callback Function
byRoland San Nicolas
 
Nodejs functions & modules
bymonikadeshmane
 
Javascript by geetanjali
byGeetanjali Bhosale
 
Multiplayer Game Sync Techniques through CAP theorem
bySeungmo Koo
 
Java web application development
byRitikRathaur
 
jQuery PPT
byDominic Arrojado
 
C# basics
byDinesh kumar
 
Java servlet life cycle - methods ppt
bykamal kotecha
 
Java Serialization
byimypraz
 
개발자 이승우 이력서 (2016)
bySeungWoo Lee
 
Operator overloading
byRamish Suleman
 
6-Python-Recursion PPT.pptx
byVenkateswara Babu Ravipati
 
Web Standards
byChrisF1502010
 
[NDC 2018] 신입 개발자가 알아야 할 윈도우 메모리릭 디버깅
byDongMin Choi
 
Python programming : Arrays
byEmertxe Information Technologies Pvt Ltd
 

Similar to Choisir entre une API RPC, SOAP, REST, GraphQL? 
Et si le problème était ailleurs ?

PPTX
gRPC, GraphQL, REST - Which API Tech to use - API Conference Berlin oct 20
byPhil Wilkins
 
PPTX
Http and REST APIs.
byRahul Tanwani
 
PPTX
API_CorporateAPIs: Driving Digital Connectivity Today_Detailed.pptx
bylokerocky245
 
PDF
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
byWSO2
 
PPTX
Designing API: REST | gRPC | GraphQL, which one should you pick? - Cedrick Lu...
byShift Conference
 
PDF
zendframework2 restful
bytom_li
 
PDF
Hpc lunch and learn
byJohn D Almon
 
PPTX
The Right Kind of API – How To Choose Appropriate API Protocols and Data Form...
byNordic APIs
 
PPTX
PostgREST Design Philosophy
bybegriffs
 
PDF
[BreizhCamp, format 15min] Une api rest et GraphQL sans code grâce à PostgR...
byFrançois-Guillaume Ribreau
 
PPTX
Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655
byGetting value from IoT, Integration and Data Analytics
 
PDF
Modern Architectures with Spring and JavaScript
bymartinlippert
 
PPTX
INTERFACE by apidays_What's your Type? Understanding API Types and Choosing t...
byapidays
 
PDF
APIdays Paris 2018 - Secure & Manage APIs with GraphQL, Ozair Sheikh, Directo...
byapidays
 
PDF
IRJET- Rest API for E-Commerce Site
byIRJET Journal
 
PDF
apidays LIVE Paris 2021 - Stargate.io, An OSS Api Layer for your Cassandra by...
byapidays
 
PPTX
The API Journey: from REST to GraphQL
byHaci Murat Yaman
 
PDF
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
byapidays
 
PPTX
Day 9 - PostgreSQL Application Architecture
byBarry Jones
 
PPTX
Digging deeper into service stack
bycyberzeddk
 
gRPC, GraphQL, REST - Which API Tech to use - API Conference Berlin oct 20
byPhil Wilkins
 
Http and REST APIs.
byRahul Tanwani
 
API_CorporateAPIs: Driving Digital Connectivity Today_Detailed.pptx
bylokerocky245
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
byWSO2
 
Designing API: REST | gRPC | GraphQL, which one should you pick? - Cedrick Lu...
byShift Conference
 
zendframework2 restful
bytom_li
 
Hpc lunch and learn
byJohn D Almon
 
The Right Kind of API – How To Choose Appropriate API Protocols and Data Form...
byNordic APIs
 
PostgREST Design Philosophy
bybegriffs
 
[BreizhCamp, format 15min] Une api rest et GraphQL sans code grâce à PostgR...
byFrançois-Guillaume Ribreau
 
Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655
byGetting value from IoT, Integration and Data Analytics
 
Modern Architectures with Spring and JavaScript
bymartinlippert
 
INTERFACE by apidays_What's your Type? Understanding API Types and Choosing t...
byapidays
 
APIdays Paris 2018 - Secure & Manage APIs with GraphQL, Ozair Sheikh, Directo...
byapidays
 
IRJET- Rest API for E-Commerce Site
byIRJET Journal
 
apidays LIVE Paris 2021 - Stargate.io, An OSS Api Layer for your Cassandra by...
byapidays
 
The API Journey: from REST to GraphQL
byHaci Murat Yaman
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
byapidays
 
Day 9 - PostgreSQL Application Architecture
byBarry Jones
 
Digging deeper into service stack
bycyberzeddk
 

More from François-Guillaume Ribreau

PDF
REX LEAN- Créer un SaaS et être rentable après 6 mois
byFrançois-Guillaume Ribreau
 
PDF
Une plateforme moderne pour le groupe SIPA/Ouest-France 
byFrançois-Guillaume Ribreau
 
PDF
⛳️ Votre API passe-t-elle le contrôle technique ?
byFrançois-Guillaume Ribreau
 
PDF
Introduction to Redis
byFrançois-Guillaume Ribreau
 
PDF
How I monitor SaaS products
byFrançois-Guillaume Ribreau
 
PDF
He stopped using for/while loops, you won't believe what happened next!
byFrançois-Guillaume Ribreau
 
PDF
RedisConf 2016 - Redis usage and ecosystem
byFrançois-Guillaume Ribreau
 
PDF
Development Principles & Philosophy
byFrançois-Guillaume Ribreau
 
PDF
[BreizhCamp, format 15min] Construire et automatiser l'ecosystème de son Saa...
byFrançois-Guillaume Ribreau
 
PDF
Implementing pattern-matching in JavaScript (short version)
byFrançois-Guillaume Ribreau
 
PDF
Continous Integration of (JS) projects & check-build philosophy
byFrançois-Guillaume Ribreau
 
PDF
Découverte HTML5/CSS3
byFrançois-Guillaume Ribreau
 
PDF
Automatic constraints as a team maturity accelerator for startups
byFrançois-Guillaume Ribreau
 
PDF
Approfondissement CSS3
byFrançois-Guillaume Ribreau
 
PDF
Implementing pattern-matching in JavaScript (full version)
byFrançois-Guillaume Ribreau
 
PDF
Les enjeux de l'information et de l'algorithmique dans notre société
byFrançois-Guillaume Ribreau
 
REX LEAN- Créer un SaaS et être rentable après 6 mois
byFrançois-Guillaume Ribreau
 
Une plateforme moderne pour le groupe SIPA/Ouest-France 
byFrançois-Guillaume Ribreau
 
⛳️ Votre API passe-t-elle le contrôle technique ?
byFrançois-Guillaume Ribreau
 
Introduction to Redis
byFrançois-Guillaume Ribreau
 
How I monitor SaaS products
byFrançois-Guillaume Ribreau
 
He stopped using for/while loops, you won't believe what happened next!
byFrançois-Guillaume Ribreau
 
RedisConf 2016 - Redis usage and ecosystem
byFrançois-Guillaume Ribreau
 
Development Principles & Philosophy
byFrançois-Guillaume Ribreau
 
[BreizhCamp, format 15min] Construire et automatiser l'ecosystème de son Saa...
byFrançois-Guillaume Ribreau
 
Implementing pattern-matching in JavaScript (short version)
byFrançois-Guillaume Ribreau
 
Continous Integration of (JS) projects & check-build philosophy
byFrançois-Guillaume Ribreau
 
Découverte HTML5/CSS3
byFrançois-Guillaume Ribreau
 
Automatic constraints as a team maturity accelerator for startups
byFrançois-Guillaume Ribreau
 
Approfondissement CSS3
byFrançois-Guillaume Ribreau
 
Implementing pattern-matching in JavaScript (full version)
byFrançois-Guillaume Ribreau
 
Les enjeux de l'information et de l'algorithmique dans notre société
byFrançois-Guillaume Ribreau
 

Recently uploaded

PPTX
Presentation on AWS Cloud RDS Deep dive
byBimal Jain
 
PDF
DSD-INT 2025 Delft3D FM Suite 2026.01 2D3D - New features + Improvements - Sp...
byDeltares
 
PDF
Data Integration with Salesforce Bootcamp
byDele Amefo
 
PDF
How Device, OS, and Network Variability Affects App Experience - And How to T...
bykalichargn70th171
 
PDF
Microservices Architecture Benefits For Mobile Development.pdf
bydavidjohansen1597
 
PPTX
operating sys about shells and terminals commands .pptx
byYazeedAbdullah6
 
PDF
SCORM Cloud: The 5 categories of content distribution
byRustici Software
 
PPTX
Boost Productivity the Smart Way with AI Automation Solutions
byEllocent Labs
 
PDF
BCA 1st Semester Fundamentals Solved Question Paper 44121
byKuvempu University
 
PDF
Presentation Empowerment Technology in ICT
byoryoseiii
 
PDF
Fundamental of Information Systems introduction.pdf
byYeabsraLakew
 
PPTX
wAIred_LearnwithoutAI_KotlinDevDay_27112025.pptx
bySimonedeGijt
 
PDF
Custom Software Development Presentation.pdf
byssuser9c7131
 
PDF
DSD-INT 2025 Next-Generation Flood Inundation Mapping for Taiwan - Challenges...
byDeltares
 
PDF
DSD-INT 2025 Validation of SFINCS on Historical River Floods at the Global Sc...
byDeltares
 
PDF
DSD-INT 2025 Climate and impact attribution of compound flooding induced by t...
byDeltares
 
PDF
DSD-INT 2025 3D-modelling of salt intrusion into Germany’s busiest waterway -...
byDeltares
 
PDF
Internship Project Training Report-3.pdf
byPawank36
 
PDF
DSD-INT 2025 The Sinterklaas Storm in the Southwest of the Netherlands - Wope...
byDeltares
 
PDF
DSD-INT 2025 Reviving a Lost Meander - Deen
byDeltares
 
Presentation on AWS Cloud RDS Deep dive
byBimal Jain
 
DSD-INT 2025 Delft3D FM Suite 2026.01 2D3D - New features + Improvements - Sp...
byDeltares
 
Data Integration with Salesforce Bootcamp
byDele Amefo
 
How Device, OS, and Network Variability Affects App Experience - And How to T...
bykalichargn70th171
 
Microservices Architecture Benefits For Mobile Development.pdf
bydavidjohansen1597
 
operating sys about shells and terminals commands .pptx
byYazeedAbdullah6
 
SCORM Cloud: The 5 categories of content distribution
byRustici Software
 
Boost Productivity the Smart Way with AI Automation Solutions
byEllocent Labs
 
BCA 1st Semester Fundamentals Solved Question Paper 44121
byKuvempu University
 
Presentation Empowerment Technology in ICT
byoryoseiii
 
Fundamental of Information Systems introduction.pdf
byYeabsraLakew
 
wAIred_LearnwithoutAI_KotlinDevDay_27112025.pptx
bySimonedeGijt
 
Custom Software Development Presentation.pdf
byssuser9c7131
 
DSD-INT 2025 Next-Generation Flood Inundation Mapping for Taiwan - Challenges...
byDeltares
 
DSD-INT 2025 Validation of SFINCS on Historical River Floods at the Global Sc...
byDeltares
 
DSD-INT 2025 Climate and impact attribution of compound flooding induced by t...
byDeltares
 
DSD-INT 2025 3D-modelling of salt intrusion into Germany’s busiest waterway -...
byDeltares
 
Internship Project Training Report-3.pdf
byPawank36
 
DSD-INT 2025 The Sinterklaas Storm in the Southwest of the Netherlands - Wope...
byDeltares
 
DSD-INT 2025 Reviving a Lost Meander - Deen
byDeltares
 
In this document
Powered by AI

Discusses the types of APIs: RPC, SOAP, REST, GraphQL and hints at deeper issues in selecting APIs.

Introduces François-Guillaume Ribreau, architect at Ouest-France, SaaS founder and trainer.

Outlines the historical development of APIs: RPC, SOAP, REST, GraphQL along with their specific characteristics.

Discusses current trends in software architecture focusing on 3-tier models involving Database, API, and Client.

Highlights that approximately 90% of API applications focus primarily on CRUD operations.

Discusses building a persistence API, focusing on effort and process related to data and user interactions.

Introduces motiondynamic.tech's API, focusing on its functionalities like HTTP request handling, authentication, and database interactions.

Reviews initial database schemas for user authentication, themes, and video generation.

Examines how to structure read/write requests for themes, videos, and user sign-up functionalities.

Describes the implementation of triggers in a PostgreSQL environment for handling data mutations.

Discusses state-of-the-art API performance focusing on the efficiency of PostgreSQL in processing requests.

Explains management of user authentication and authorization, including role permissions and security policies.

Contrasts imperative vs. declarative programming styles, emphasizing the 'how' vs 'what' approach.

Suggests methods for managing external services and notifications in the application ecosystem.

Discusses documentation, code reviews, migrations, and deployment strategies for APIs.

Explores the philosophy of integrating REST and GraphQL in a new API setup for effective data management.

Looks at the evolution of API technologies, performance considerations, and historical insights into computing.

Concluding thoughts on the scientific development of computing and the importance of foundational principles.

Choisir entre une API RPC, SOAP, REST, GraphQL? 
Et si le problème était ailleurs ?

  • 1.
    Choisir entre uneAPI RPC, SOAP, REST, GraphQL? 
 Et si le problème était ailleurs ?
  • 2.
    François-Guillaume Ribreau — Architect &Head of development @Ouest-France 🌟 SaaS founder of _______ ____ MotionDynamic, Mailpopin 🚀 Trainer @EPSI_Nantes @UnivNantes 📢 Twitter/Github: @FGRibreau
  • 3.
  • 4.
    - pattern: procedure(arguments...):[result] - ~1980 - principle: simplest form of API interaction - goal: run a task on another address space - often requires an IDL (Interface Definition Language) - well-known implementations: - XML-RPC (XML to encode calls & HTTP as transport) - JSON-RPC (JSON to encode calls & HTTP as transport) - Thrift, gRPC, Avro... and *lots* of other implementation RPC - Remote Procedure Call client api procedure(arguments...) result
  • 5.
    - ~successor ofXML-RPC - XML-based messaging framework - can work with any transport protocol (just need XML) - XML everywhere - IDL: WSDL, a schema of every available operations - 1998 (+18 yrs after RPC principle) - Spec WG closed on 10 July 2009 (+11 yrs) SOAP - Simple Object Access Protocol client api envelope(message(call)) envelope(message(response))
  • 6.
    - Roy Fielding,2000 (20 yrs after RPC) - based on the uniform and predefined set of stateless operations from HTTP protocol - request/response - server-side data are made available through representations of data in simple formats (e.g. JSON, XML) - IDL: no schema required (state-of-the-art: OpenAPI) REST - Representational State Transfer client api HTTP request HTTP response
  • 7.
    More power onthe client-side at request time GET /ressources/?fields=property1,property2 GET /ressources/:ressource_id?fields=property1,property2 (e.g. Google APIs, Facebook APIs) REST - Representational State Transfer client api HTTP request HTTP response
  • 8.
    GET /fql? q=SELECT+uid2+FROM+friend+WHERE+uid1=me()&a ccess_token=… FQL @Facebook (2007) https://query.yahooapis.com/v1/public/yql? q=select title, link from rss where url='https://engt.co/2JyTaQP' &format=json &env=store://datatables.org/alltableswithkeys YQL @ Yahoo (2008)
  • 9.
    - Another RPCprotocol (not a Graph db) - 3 verbs (in the REST sense): - fetch (implicit, read requests) - subscription (explicit, read streams) - mutation (writes requests) - introduce inversion of control between client & server - client only request needed data GraphQL client api HTTP request HTTP response
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
    Only for data persistence Without data persistence Mostly for data persistence (+some MQueing) What kind of API do you write the most? ~90% of the time it's. just. CRUD.
  • 19.
  • 20.
  • 21.
  • 22.
    api.motiondynamic.tech Fast highly dynamicvideo generation at scale 🚀
  • 23.
    api SQLHTTP data (PostgreSQL) • HTTP requesthandling • Authentication • Authorization • Request Parsing • Request Validation • Database Communication • Database Response Handling (deserialization) • Output format serialization • HTTP Response Building Persistence API our job
  • 24.
    api SQLHTTP Persistence API TL;DR: HTTP<-> SQL mapping … with a lot of space for potential mistakes. our job data (PostgreSQL)
  • 25.
    Database Modelling 101 v1_0schema authentication schema theme schema video schema …. view schemastored fn generations signIn signUp themes
  • 26.
    api (PostgREST) data (PostgreSQL) Persistence API <= ourjob #SSoT #DRY v1_0 schema client HTTP / REST / (JSON,CSV)
  • 27.
  • 28.
    Schema modelling public private v1_0schema authentication schema theme schema video schema …. view schemastored fn projects signIn signUp Postgrest videos generations startVideoGeneration
  • 29.
    Read / Writerequests (read, view) GET /themes (read, view) GET /videos (read, view) GET /generations (write, stored function) POST /rpc/signUp (write, stored function) POST /rpc/signIn (write, stored function) POST /rpc/startVideoGeneration DBv1_0 schema api (PostgREST)
  • 30.
    GET /themes?downloads=gte.1000&isMine=is.true GET /themes?select=downloads::text,name,description GET/stuff?metadata->a->>b=eq.2 GET /themes?select=id,name,generations{createdAt} &order=name.asc&generations.order=createdAt.desc How do you manage projection, filtering, ordering?
  • 31.
    Read / Writerequests (read, view) GET /themes (read, view) GET /videos (read, view) GET /generations (write, stored function) POST /rpc/signUp (write, stored function) POST /rpc/signIn (write, stored function) POST /rpc/startVideoGeneration (write) POST /generations
  • 32.
    INSTEAD OF create triggergenerations_mutation INSTEAD OF INSERT OR UPDATE OR DELETE ON v1_0.generations for each row execute procedure video.mutation_generations_trigger()
  • 33.
    Trigger create or replacefunction video.mutation_generations_trigger() returns trigger as $$ declare begin if (tg_op = 'DELETE') then -- delete generation return new; elsif (tg_op = 'UPDATE') then -- update generation return new; elsif (tg_op = 'INSERT') then -- create generation return new; end if; end; $$ security definer language plpgsql; pl/pgsql ? It's 2018: pl/v8 (javascript) - pl/python - pl/java - pl/tcl
  • 34.
    State-of-the-art API performance api data (PostgreSQL) client HTTP/ REST / JSON deserialize db response serialize http JSON response serialize to internal representation
  • 35.
    API performance 🚀 api (PostgREST) data (PostgreSQL) client HTTP/ REST / JSON serialize result to JSON “PostgreSQL JSON encoder is fast, it’s C fast. For a large JSON object graph PostgreSQL JSON generation can offer well over 12x the throughput. It can be 2x/10x faster than ActiveRecord or even 160x for large responses” https://hashrocket.com/blog/posts/faster-json-generation-with-postgresql
  • 36.
    Versioning public private v1_0 schema v2_0schema authentication schema theme schema video schema …. view schemastored fn videos signIn signUp generations logIn signUp
  • 37.
    How do youmanage authentication?
  • 38.
    How do youmanage authorization? CREATE ROLE authenticator NOINHERIT LOGIN; CREATE ROLE anonymous; CREATE ROLE authenticated_user; GRANT anonymous, authenticated_user TO authenticator;
  • 39.
    How do youmanage authorization? Row Level Security (PG 9.5+) ALTER TABLE video.generation ENABLE ROW LEVEL SECURITY; create policy generation_access_policy on video.generation to api -- a user can only see its own generations, admin can see everything using ( (request.user_role() = 'videoRequester' and user_id = request.user_id()) or request.user_role() = 'admin') -- only admin can change anyone generation data with check (request.user_role() = 'admin'); 3 lines of SQL Reliable security model (closed by default) Declarative Expressive
  • 40.
  • 41.
    How do youmanage emails/3rd parties? pg_notify (PG 9.2+) http://bit.ly/2oNbaKy
  • 42.
    How do youmanage emails/3rd parties? pg_notify (PG 9.2+) http://bit.ly/2JDCsQu
  • 43.
    Rate-limiting? Headers? Monitoring? Tracing?Custom-logic ? Respect the separation of concerns (that's what Service Mesh is all about btw) data api client user proxy (nginx/openresty | istio proxy | ...)
  • 45.
    How to managedocumentation? OpenAPI (Swagger) format automatically extracted from schema
  • 46.
    How to manage code-reviews,tests? It’s just SQL. SQL unit test: pgTAP Functional tests: Supertest / Jest
  • 47.
    How to managemigrations? Full migration management sqitch/apgdiff
  • 48.
    How to build& deploy? local env. + docker 🐳 (watch + SQL auto-reload) Cloud (PostgreSQL + PostgREST + OpenResty) apply migrations rolling deploy PostgREST/OpenResty run unit & functional tests test migrations
  • 49.
  • 50.
    REST & GraphQLapi (PostgREST + SubZero) data (PostgreSQL) <= our job #SSoT #DRY v1_0 schema client GraphQL ?
  • 51.
    subZero ❤ GraphQL &REST (PostgREST) API for your database
  • 52.
  • 53.
    PostgraphQL - AGraphQL API created by reflection over a PostgreSQL schema: NodeJS + PostgreSQL Prisma - Prisma turns your database into a realtime GraphQL API: Scala + MySQL/Postgres (upcoming: MongoDB, ElasticSearch) Graphql-engine - Instant GraphQL APIs on Postgres with fine grained access control: NodeJS + PostgreSQL
  • 54.
    Et si leproblème était ailleurs ? API data (BDD) v1_0 schema client REST GraphQL Tomorrow?
  • 55.
    Free plans forRedis administration & monitoring at redsmin.com We are looking for Front-end Developers twitter.com/iadvizetech Questions? @FGRibreau No more server-side rendering pain, 1 url = 1 chart image-charts.com
  • 56.
    https://apple.github.io/foundationdb/transaction-manifesto.html Performance and scalability? Weknow of no practical limits to the scalability or performance of systems supporting transactions. When the movement toward NoSQL databases began, early systems, such as Google Bigtable, adopted minimal designs tightly focused on the scalability and performance. Features familiar from relational databases had been aggressively shed and the supposition was that the abandoned features were unnecessary or even harmful for scalability and performance goals. Those suppositions were wrong. It is becoming clear that supporting transactions is a matter of engineering effort, not a fundamental tradeoff in the design space. Algorithms for maintaining transactional integrity can be distributed and scale out like many other problems. Transactional integrity does come at a CPU cost, but in our experience that cost is less than 10% of total system CPU. This is a small price to pay for transactional integrity and can easily be made up elsewhere.
  • 57.
    I am quiteconvinced that in fact computing will become a very important science. (🐶💩) But at the moment we are in a very primitive state of development; we don't know the basic principles yet and we must learn them first. 
 If universities spend their time teaching the state of the art, they will not discover these principles and that, surely, is what academics should be doing. — Christopher Strachey, 1969 (49 yrs ago) (quote by Edsger W. Dijkstra) https://bit.ly/2pMI7aJ “ ”