NEPHP '13: Pragmatic API Development
-
Upload
andrew-curioso -
Category
Investor Relations
-
view
2.096 -
download
1
Transcript of NEPHP '13: Pragmatic API Development
Andrew Curioso
Twitter: @AndrewCurioso
#nephp
Pragmatic API Development
Andrew Curioso
Thank you _____________
Today Im going to be talking about creating a RESTful API with PHP. Not just any RESTful API, but an Epic one.
What is an API?
Application Programming Interface
Web Service
Contract
Business Case
Mobile API First
Business Case
Multiple Devices
Your API
Become a Platform
InternalMulti-platform
Scalable
Semi-PublicPartner Integration
PublicEverything+
GrowthMashups
Innovation
Evangelism
The Platform Play
Types of APIs
Representation State Transfer (REST)
Remote Procedure Call (RPC)
Realtime Streaming
What is REST?
Nouns
Verbs
HTTP is inherently RESTful
Why REST
Intuitive
Easy to implement in PHP
Widely accepted
Nouns
ResourcesBlog post
User
Etc.
Unique URIsExample: http://www.example.com/users/1234.json
Verbs
5 most commonGET
POST
PUT
DELETE
HEAD
Verbs
UsesGET Read data
POST and PUT write data
DELETE and POST delete data
CSRF
Cross Site Request Forgery
Vectors:Embedded resources (, , etc)
Hidden forms
security
CSRF
Never edit data with GETAjax Same origin policy
FormsSingle use tokens
Referrer check
security
Response Formats
JsonVery common for REST APIs
Simple
Fast
Multi-platform
Response Formats
JsonPP Padding
Allows reading data cross origin
GET only
Response Formats
XMLHeavy and verbose
Strictly typed
Lots of existing tools
Response Formats
TextJson / JsonP
XML
HTML
YAML
CSV
Serialized PHP
Etc.
BinaryMicrosoft Excel
JPG / PNG / GIF
MP3
Etc.
Status Codes
Success200 OK
201 Created
301 Permanent Redirect
302 Found
303 See Other
Status Codes
Error401 Unauthorized
402 Payment Required
403 Forbidden
404 Not Found
405 Method Not Allowed
409 Conflict
410 Gone
500 Internal Server Error
501 Not Implemented
503 Service Unavailable
Status Codes
Novelty418 I Am A Teapot
415 Unavailable For Legal Reasons
Putting it together
GettingAnything but GET405 Method Not Allowed
Resource not found404 Not Found
Success200 OK
Moved301 Permanent Redirect or 302 Found
Putting it together
AddingAnything but POST405 Method Not Allowed
Resource already existed303 See Other
Success201 Created
Error500 Internal Server Error with description
Putting it together
EditingAnything but PUT or POST405 Method Not Allowed
Resource does not exist404 Not Found
Success200 OK
Error500 Internal Server Error with description
Putting it together
DeletingAnything but DELETE or POST405 Method Not Allowed
Resource does not exist404 Not Found
Success200 OK or 204 No Content
Error500 Internal Server Error with description
Putting it together
EverythingNot logged in401 Unauthorized
Logged in but permission denied403 Forbidden
Putting it together
Why POST or DELETE/PUTClient support
_method=VERB/users.json?_method=POST
Example
Past bin
SimpleNo security
Example
Making it RESTful
Identify nouns
Write down URI structure
Map verbs to the URIs
Example
GET /documents.json
POST /documents.json
GET /documents/{id}.json
DELETE /documents/{id}.json
PUT /documents/{id}.json
HATEOAS
Hypermedia as the Engine of Application StateNext state
Content NegotiationAccepts header
Versioning
URI
Custom header
Accepts header
Pagination
Meta infoURI to next/prev page (HATEOAS)
Total count
Current page
MethodsHeader
Document
Errors
Same format
Descriptive
{ "error" : { "code" : 404, "description" : "The resource could not be found", "name" : "Not Found" } }
Testing
GET Web Browser
OS X / Linuxcurl
Example:
curl -X DELETE http://www.example.com/document/123.json
Automated Unit Tests
Authentication
Who am I?
Types:Basic
Digest
OAuth 1 & 2 No 3rd party password sharing!
Cookies
API keys
401 Unauthorized
Authorization
Can I do that?
403 Forbidden
Documentation
Vocabularies / schemas
Examples:Input
Output
Code
Feedback
WSDL 2.0
Other Types
RPC
Streaming
Checklist
Design schema upfrontIdentify nouns
Design URI structure
Errors in same format
Proper status codes
Server-side validation
Testing
Documentation
Predictions
Internet of Things
API Economy
Success
Andrew Curioso
Contact:
www.AndrewCurioso.com/contact
@AndrewCurioso on Twitter
Click to edit the title text formatClick to edit Master title style
8/17/13
Click to edit the title text formatClick to edit Master title style
Click to edit the outline text formatSecond Outline LevelThird Outline LevelFourth Outline LevelFifth Outline LevelSixth Outline LevelSeventh Outline LevelEighth Outline Level
Ninth Outline LevelClick to edit Master text styles
Second level
Third level
Fourth level
Fifth level
8/17/13
Click to edit the title text formatClick to edit Master title style
Click to edit the outline text formatSecond Outline LevelThird Outline LevelFourth Outline LevelFifth Outline LevelSixth Outline LevelSeventh Outline LevelEighth Outline Level
Ninth Outline LevelClick to edit Master text styles
Second level
Third level
Fourth level
Fifth level
Click to edit the outline text formatSecond Outline LevelThird Outline LevelFourth Outline LevelFifth Outline LevelSixth Outline LevelSeventh Outline LevelEighth Outline Level
Ninth Outline LevelClick to edit Master text styles
Second level
Third level
Fourth level
Fifth level
8/17/13
Click to edit the title text formatClick to edit Master title style
Click to edit the outline text formatSecond Outline LevelThird Outline LevelFourth Outline LevelFifth Outline LevelSixth Outline LevelSeventh Outline LevelEighth Outline Level
Ninth Outline LevelClick to edit Master text styles
Click to edit the outline text formatSecond Outline LevelThird Outline LevelFourth Outline LevelFifth Outline LevelSixth Outline LevelSeventh Outline LevelEighth Outline Level
Ninth Outline LevelClick to edit Master text styles
Second level
Third level
Fourth level
Fifth level
Click to edit the outline text formatSecond Outline LevelThird Outline LevelFourth Outline LevelFifth Outline LevelSixth Outline LevelSeventh Outline LevelEighth Outline Level
Ninth Outline LevelClick to edit Master text styles
Click to edit the outline text formatSecond Outline LevelThird Outline LevelFourth Outline LevelFifth Outline LevelSixth Outline LevelSeventh Outline LevelEighth Outline Level
Ninth Outline LevelClick to edit Master text styles
Second level
Third level
Fourth level
Fifth level
8/17/13