Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
ReST APIs @ PyCon India, 2015
Devi
October 03, 2015
Technology
1
330
ReST APIs @ PyCon India, 2015
Devi
October 03, 2015
Tweet
Share
More Decks by Devi
See All by Devi
asldevi
2
230
asldevi
0
37
asldevi
0
140
asldevi
0
400
asldevi
0
44
asldevi
1
260
asldevi
0
82
asldevi
1
580
Other Decks in Technology
See All in Technology
cmusudakeisuke
0
270
line_developers_tw
PRO
0
200
hashitokyo
2
290
hiashisan
1
170
anatofuz
0
370
you
0
110
ozontech
0
1.9k
pojiro
2
300
keisukeyamashita
0
180
line_developers
PRO
0
310
08thse
0
110
oracle4engineer
PRO
1
200
Featured
See All Featured
revolveconf
204
10k
moore
129
22k
imathis
484
150k
michaelherold
228
9.1k
lemiorhan
634
51k
mraible
PRO
8
3.9k
danielanewman
210
20k
holman
451
140k
tmm1
64
10k
jcasabona
11
820
jacobian
264
20k
skipperchong
14
1.2k
Transcript
ReST APIs What, Why and How? A. S. L. Devi
PyCon India, 2015
What is an API programmable interface (to web services) Specifies
the request and response formats for the communication between a client and a server.
Why? • Public APIs - services through API - glues
best of several languages / technologies - AWS, Stripe, ElasticSearch, Twitter, GrapheneDB etc • Private APIs - same service offered in different UIs - a mobile app, a web app, desktop app - Slack, FaceBook etc
• Resources • URLs (Uniform Resource Locators) • HTTP -
methods and response codes ReST - Representational State Transfer
Each resource is identified by a URL. /customers /customers/5 /customers/5/orders
/customers/5/orders/42 /customers/5/orders?completed=true /customers/5/orders?completed=true&page=1 ReST - Resources
ReST - HTTP Verbs • GET - Retrieve a resource
• POST - Create a resource • PUT - Create/update a resource • DELETE - Delete a resource GET, PUT and DELETE are idempotent.
• simple • consistent across - one way of doing
things • backward compatible • HATEOS - linked documents • Well documented :) How should a ReST API be?
* taken from “Building Web APIs with Flask” with thanks
to Miguel Grinberg
$ curl -XGET http://api.x.com/v1/customers HTTP/1.1 200 OK Content-Type: application/json {
"customers": [] } $ curl -XGET http://api.x.com/v1/customers/1 { “name”: “Alice”, “links”: { “orders”: http://api.x.com/customers/1/orders “self”: http://api.x.com/customers/1 }} CRUD: Create Read Update Delete $ curl -XPOST http://api.x.com/v1/customers - d “name=Alice” HTTP/1.1 201 CREATED Content-Type: application/json Location: http://api.x.com/ customers/1 {} $ curl -XPUT http://api.x.com/v1/customers/1 -d “name=Bob” HTTP/1.1 200 OK $ http DELETE http://api.x.com/customers/1 HTTP/1.1 204 No Content
HATEOS - Linked documents $ curl -XGET http://api.x.com/v1/customers/1 { “name”:
“Alice”, “links”: { “self”: “http://api.x.com/v1/customers/1, “orders”: “http://api.x.com/v1/customers/1/orders”, } }
More HATEOS $ curl -XGET http://api.x.com/v1/customers/1/orders/10 { “links”: { “self”:
“http://api.x.com/v1/orders/10”, “customer”: “http://api.x.com/v1/customers/1” }, “orders”: [{ “date”: 2015-01-01-00:00:09Z, “items”: [ {“quantity”: 2, “product”: “XXX-1”}, {“quantity”: 3, “product”: “XYY-42”}, ] ]} }
How to choose a library to build ReST API •
Data validation • Authentication & Authorization • Not tightly coupled with ORM or database • Pagination, rate limits, filters etc.
Authentication & Authorization - no assumptions of the client side
- global authentication - Authorization header - Basic Authentication - Token-Based - HMAC based
• http://restful-api-design.readthedocs.org/en/latest/ • http://restcookbook.com/ • http://player.oreilly.com/videos/9781491911938 • http://jsonapi.org References
Questions
Thank You ! @asldevi
asldevi
cmusudakeisuke
line_developers_tw
hashitokyo
hiashisan
anatofuz
you
ozontech
pojiro
keisukeyamashita
line_developers
08thse
oracle4engineer
revolveconf
moore
imathis
michaelherold
lemiorhan
mraible
danielanewman
holman
tmm1
jcasabona
jacobian
skipperchong
