Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ReST APIs @ PyCon India, 2015

Devi
October 03, 2015

ReST APIs @ PyCon India, 2015

Devi

October 03, 2015
Tweet

More Decks by Devi

Other Decks in Technology

Transcript

  1. What is an API programmable interface (to web services) Specifies

    the request and response formats for the communication between a client and a server.
  2. Why? • Public APIs - services through API - glues

    best of several languages / technologies - AWS, Stripe, ElasticSearch, Twitter, GrapheneDB etc • Private APIs - same service offered in different UIs - a mobile app, a web app, desktop app - Slack, FaceBook etc
  3. • Resources • URLs (Uniform Resource Locators) • HTTP -

    methods and response codes ReST - Representational State Transfer
  4. Each resource is identified by a URL. /customers /customers/5 /customers/5/orders

    /customers/5/orders/42 /customers/5/orders?completed=true /customers/5/orders?completed=true&page=1 ReST - Resources
  5. ReST - HTTP Verbs • GET - Retrieve a resource

    • POST - Create a resource • PUT - Create/update a resource • DELETE - Delete a resource GET, PUT and DELETE are idempotent.
  6. • simple • consistent across - one way of doing

    things • backward compatible • HATEOS - linked documents • Well documented :) How should a ReST API be?
  7. $ curl -XGET http://api.x.com/v1/customers HTTP/1.1 200 OK Content-Type: application/json {

    "customers": [] } $ curl -XGET http://api.x.com/v1/customers/1 { “name”: “Alice”, “links”: { “orders”: http://api.x.com/customers/1/orders “self”: http://api.x.com/customers/1 }} CRUD: Create Read Update Delete $ curl -XPOST http://api.x.com/v1/customers - d “name=Alice” HTTP/1.1 201 CREATED Content-Type: application/json Location: http://api.x.com/ customers/1 {} $ curl -XPUT http://api.x.com/v1/customers/1 -d “name=Bob” HTTP/1.1 200 OK $ http DELETE http://api.x.com/customers/1 HTTP/1.1 204 No Content
  8. HATEOS - Linked documents $ curl -XGET http://api.x.com/v1/customers/1 { “name”:

    “Alice”, “links”: { “self”: “http://api.x.com/v1/customers/1, “orders”: “http://api.x.com/v1/customers/1/orders”, } }
  9. More HATEOS $ curl -XGET http://api.x.com/v1/customers/1/orders/10 { “links”: { “self”:

    “http://api.x.com/v1/orders/10”, “customer”: “http://api.x.com/v1/customers/1” }, “orders”: [{ “date”: 2015-01-01-00:00:09Z, “items”: [ {“quantity”: 2, “product”: “XXX-1”}, {“quantity”: 3, “product”: “XYY-42”}, ] ]} }
  10. How to choose a library to build ReST API •

    Data validation • Authentication & Authorization • Not tightly coupled with ORM or database • Pagination, rate limits, filters etc.
  11. Authentication & Authorization - no assumptions of the client side

    - global authentication - Authorization header - Basic Authentication - Token-Based - HMAC based