Your rest api using laravel

Your REST APIusing Laravel

@sulaeman2014 by Sulaeman

di kelon duluhttps://github.com/feelinc/Your-Laravel-Api


Postman - REST Client

http://bit.ly/1kuDLtc


Metode HTTPOPTIONS Untuk mengetahui persyaratan dan atau kemampuan server dalam menerima request maupun

memberikan response

HEAD Untuk mengetahui header yang tersedia dari HTTP server

GET Hanya digunakan untuk mengambil data

POST Hanya digunakan untuk membuat data baru

PATCH Hanya digunakan untuk memperbaharui sebagian data

PUT Hanya digunakan untuk memperbaharui data secara lengkap

DELETE Hanya untuk menghapus data


Default Response Header

Header Value

Access-Control-Allow-Credentials true

Access-Control-Allow-Origin *

Access-Control-Allow-Methods OPTIONS, HEAD, GET, POST, PUT, PATCH, DELETE

Access-Control-Allow-Headers Origin, Accept, Content-Type, Content-MD5, Content-Range, Content-Disposition, Authorization


HTTP Status● 200 OK - Respon sukses untuk metode GET, PUT, PATCH or DELETE. Bisa juga digunakan untuk metode POST yang

tidak berhasil membuat data baru.● 201 Created - Respon sukses untuk metode POST● 204 No Content - Respon sukses untuk metode DELETE● 304 Not Modified - Digunakan berhubungan dengan metode caching via HTTP header● 400 Bad Request - Request data tidak valid● 401 Unauthorized - Jika client request tidak ter-otentikasi● 403 Forbidden - Jika akses terhadap endpoint tidak diperbolehkan● 404 Not Found - You Now What● 405 Method Not Allowed - Jika request terhadap endpoint tidak diperbolehkan berdasarkan user yang ter-otentikasi● 410 Gone - Jika endpoint sudah tidak tersedia● 415 Unsupported Media Type - Jika format konten request tidak valid● 422 Unprocessable Entity - Bisa digunakan untuk validasi form● 429 Too Many Requests - Jika request ditolak berhubungan dengan limitasi request per periode


HTTP Caching

ETag & If-None-Match

ETag hash atau checksum dari konten response

If-None-Match hash atau checksum ketika melakukan request. API memberikan response 304 - Not Modified jika ETag dari konten response cocok dengan If-None-Match


Request LimiterPeriode dapat ditentukan bedasarkan per-jam atau per-hari.

Respon HTTP header untuk setiap request

Header Keterangan

X-Rate-Limit-Limit Total request yang diperbolehkan dalam periode sekarang

X-Rate-Limit-Remaining Total sisa request yang diperbolehkan dalam periode sekarang

X-Rate-Limit-Reset Sisa waktu periode sekarang, dalam detik


Versioning

api.domain.com/v1/api.domain.com/v2/


PaginationLink: <https://api.domain.com/v1/data?offset=3&limit=100>; rel="next", <https://api.domain.com/v1/data?offset=50&limit=100>; rel="last"

Available “rel” : next, last, first, prev


Otentikasibiasa nya sih nyebut “Authentication”


Otentikasi

Aplikasi = OAuth 2

User = Basic Auth + OAuth 2 Access Token


Otentikasi Aplikasi

Scope

read write


Otentikasi User

Group

Administrators Users


Otentikasi User

Permissions

user.create user.update user.viewuser.delete


POST /authorization

REQUEST

Header Content-Type: application/jsonContent-MD5: md5($stringRequestBody.$clientSecret)

Body (raw) {"grant_type":"client_credentials","client_id":"JXSb6nEzpQ0e3WAWjsSsZurCaLy0knDjzkwxRlJs","client_secret":"C4vpZLRI2kncfXJQZ9l0hdnaTCTupyqF1deCVEPf","scope":"read,write"}

RESPONSE

Header X-Rate-Limit-Limit: 5000X-Rate-Limit-Remaining: 4999X-Rate-Limit-Reset: 3600

Body { access_token: "jU5vKEBSPSVqRwEXwjIM0N1YefCG0hwqTK5i0UC3" token_type: "bearer" expires: 1399017374 expires_in: 3600}

Otorisasi Aplikasi / Client


POST /api/v1/authenticate

REQUEST

Header Authorization: Basic bWVAc3VsYWVtYW4uY29tOndoYXQ=Content-MD5: md5($stringRequestBody.$clientSecret)

Body(form-data) access_token=NMy2Q0zKwoW406DN2xEpDYUpjGX7rDAabXbadQNA

RESPONSE


Body { access_token: "qJAq492q8x2H2uZUmUN5pQPS8fOLjinDbbMCZ4DF" token_type: "bearer" expires: 1399027251 expires_in: 3600 refresh_token: "81pG21LwQVZVN1fcWWCzqLhGkNtcmxEcdXMoyeO9" user: { id: 1, email: "[email protected]" display_name: "Sulaeman Tea" last_login: "2014-05-02T16:40:51+07:00" is_activated: true registered_at: "-001-11-30T00:00:00+07:07" updated_at: "2014-05-02T16:40:51+07:00" groups: ["Administrators"] }}

Otentikasi User

POST /authorization

REQUEST

Header Content-Type: application/jsonContent-MD5: md5($stringRequestBody.$clientSecret)

Body (raw) {"grant_type":"refresh_token","refresh_token":"81pG21LwQVZVN1fcWWCzqLhGkNtcmxEcdXMoyeO9","client_id":"JXSb6nEzpQ0e3WAWjsSsZurCaLy0knDjzkwxRlJs","client_secret":"C4vpZLRI2kncfXJQZ9l0hdnaTCTupyqF1deCVEPf","state":3438732984782937489}

RESPONSE


Body { access_token: "H6MUOmYSAUG2nmOrvPXQvFWMJFXOELwP34kjPsza" token_type: "bearer" expires: 1399027533 expires_in: 3600}

Refresh Token Aplikasi / Client


POST /api/v1/authenticate

REQUEST

Header Authorization: Basic d3JvbmdAdXNlci5jb206d2hhdA==Content-MD5: md5($stringRequestBody.$clientSecret)

Body(form-data) access_token=H6MUOmYSAUG2nmOrvPXQvFWMJFXOELwP34kjPsza

RESPONSE

Status 401 Unauthorized


Body {"message":"User was not found."}

Otentikasi User

Gunakan user credential yang salah


Resourcesagak enak baca nya? ato malah buka google translate?


POST /api/v1/users Membuat / Mendaftarkan User

REQUEST

Header Authorization: Bearer 7E81Ojh0pSLgqtbHAHfYRrcfJ2HWNNYrNL4CqjEMContent-Type: application/jsonContent-MD5: md5($stringRequestBody.$clientSecret)

Body (raw) {"email":"[email protected]","password":"abcabc","group":"Users","activated":true,"first_name":"Neneng","last_name":""}

RESPONSE

Status 201 Created


Body { id: 2, email: "[email protected]" first_name: "Neneng" last_name: "" display_name: "Neneng" last_login: null is_activated: true registered_at: "2014-05-03T04:29:34+07:00" updated_at: "2014-05-03T04:29:34+07:00" groups: ["Users"]}

GET /api/v1/users/:id Mengambil User

REQUEST Header Authorization: Bearer 7E81Ojh0pSLgqtbHAHfYRrcfJ2HWNNYrNL4CqjEM

RESPONSE


Body { id: 2, email: "[email protected]" first_name: "Neneng" last_name: "" display_name: "Neneng" last_login: null is_activated: true registered_at: "2014-05-03T04:29:34+07:00" updated_at: "2014-05-03T04:29:34+07:00" groups: ["Users"]}


PATCH /api/v1/users/:id Memperbaharui Data User (sebagian)

REQUEST


Body (raw) {"first_name":"Neneng","last_name":"Caur"}

RESPONSE


Body { id: 2, email: "[email protected]" first_name: "Neneng" last_name: "Caur" display_name: "Neneng Caur" last_login: null is_activated: true registered_at: "2014-05-03T04:29:34+07:00" updated_at: "2014-05-03T04:29:34+07:00" groups: ["Users"]}

PUT /api/v1/users/:id Memperbaharui Data User

REQUEST


Body (raw) {"email":"[email protected]","password":"abcabc","group":"Users","activated":false,"first_name":"Neneng","last_name":"Caur"}

RESPONSE


Body { id: 2, email: "[email protected]" first_name: "Neneng" last_name: "Caur" display_name: "Neneng Caur" last_login: null is_activated: false registered_at: "2014-05-03T04:29:34+07:00" updated_at: "2014-05-03T04:29:34+07:00" groups: ["Users"]}

DELETE /api/v1/users/:id Menghapus Data User

REQUEST Header Authorization: Bearer 7E81Ojh0pSLgqtbHAHfYRrcfJ2HWNNYrNL4CqjEM

RESPONSE

Status 204 No Content


Body


GET /api/v1/users Mengambil Daftar User

REQUESTHeader Authorization: Bearer 7E81Ojh0pSLgqtbHAHfYRrcfJ2HWNNYrNL4CqjEM

Param offset=1&limit=1

RESPONSE


Body [ { id: 1 email: "[email protected]" first_name: "Neneng" last_name: "" display_name: "Neneng" last_login: null is_activated: true registered_at: "2014-05-03T12:07:50+07:00" updated_at: "2014-05-03T12:07:50+07:00" }]


PROBLEMASEM!


Apache Web ServerCGI/Fast CGI

HTTP Basic AuthServer variable PHP_AUTH_USER dan PHP_AUTH_PW nyasar entah kemana :P

SOLUSI.htaccess

# Fix the HTTP basic authRewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]


Nginx Web ServerHTTP “Authorization” header

Server variable HTTP_AUTHORIZATION nyasar entah kemana :P

SOLUSIKonfigurasi Nginx server

ignore_invalid_headers off;


Terima KasihSulaeman

@sulaemanhttp://id.linkedin.com/in/sulaeman

Your rest api using laravel

Technology

Transcript of Your rest api using laravel