Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up
for free
ReST APIs @ PyCon India, 2015
Devi
October 03, 2015
Technology
1
290
ReST APIs @ PyCon India, 2015
Devi
October 03, 2015
Tweet
Share
More Decks by Devi
See All by Devi
asldevi
2
210
asldevi
0
31
asldevi
0
130
asldevi
0
370
asldevi
0
41
asldevi
1
250
asldevi
0
73
asldevi
1
580
Other Decks in Technology
See All in Technology
yaegashi
3
1k
zaki_lknr
0
580
emiki
2
230
picardparis
4
2.7k
limes2018
0
190
sat
1
550
nwiizo
3
2.4k
soracom
PRO
1
160
txkxyx
0
110
joytomo
2
370
hassaku63
1
910
masuda220
10
1.1k
Featured
See All Featured
nonsquared
83
3.6k
orderedlist
PRO
331
36k
lara
175
10k
3n
167
22k
jmmastey
19
4.9k
garrettdimon
291
110k
bryan
35
3.7k
chrislema
174
14k
andyhume
66
4.1k
denniskardys
222
120k
mza
82
4.3k
scottboms
253
11k
Transcript
ReST APIs What, Why and How? A. S. L. Devi
PyCon India, 2015
What is an API programmable interface (to web services) Specifies
the request and response formats for the communication between a client and a server.
Why? • Public APIs - services through API - glues
best of several languages / technologies - AWS, Stripe, ElasticSearch, Twitter, GrapheneDB etc • Private APIs - same service offered in different UIs - a mobile app, a web app, desktop app - Slack, FaceBook etc
• Resources • URLs (Uniform Resource Locators) • HTTP -
methods and response codes ReST - Representational State Transfer
Each resource is identified by a URL. /customers /customers/5 /customers/5/orders
/customers/5/orders/42 /customers/5/orders?completed=true /customers/5/orders?completed=true&page=1 ReST - Resources
ReST - HTTP Verbs • GET - Retrieve a resource
• POST - Create a resource • PUT - Create/update a resource • DELETE - Delete a resource GET, PUT and DELETE are idempotent.
• simple • consistent across - one way of doing
things • backward compatible • HATEOS - linked documents • Well documented :) How should a ReST API be?
* taken from “Building Web APIs with Flask” with thanks
to Miguel Grinberg
$ curl -XGET http://api.x.com/v1/customers HTTP/1.1 200 OK Content-Type: application/json {
"customers": [] } $ curl -XGET http://api.x.com/v1/customers/1 { “name”: “Alice”, “links”: { “orders”: http://api.x.com/customers/1/orders “self”: http://api.x.com/customers/1 }} CRUD: Create Read Update Delete $ curl -XPOST http://api.x.com/v1/customers - d “name=Alice” HTTP/1.1 201 CREATED Content-Type: application/json Location: http://api.x.com/ customers/1 {} $ curl -XPUT http://api.x.com/v1/customers/1 -d “name=Bob” HTTP/1.1 200 OK $ http DELETE http://api.x.com/customers/1 HTTP/1.1 204 No Content
HATEOS - Linked documents $ curl -XGET http://api.x.com/v1/customers/1 { “name”:
“Alice”, “links”: { “self”: “http://api.x.com/v1/customers/1, “orders”: “http://api.x.com/v1/customers/1/orders”, } }
More HATEOS $ curl -XGET http://api.x.com/v1/customers/1/orders/10 { “links”: { “self”:
“http://api.x.com/v1/orders/10”, “customer”: “http://api.x.com/v1/customers/1” }, “orders”: [{ “date”: 2015-01-01-00:00:09Z, “items”: [ {“quantity”: 2, “product”: “XXX-1”}, {“quantity”: 3, “product”: “XYY-42”}, ] ]} }
How to choose a library to build ReST API •
Data validation • Authentication & Authorization • Not tightly coupled with ORM or database • Pagination, rate limits, filters etc.
Authentication & Authorization - no assumptions of the client side
- global authentication - Authorization header - Basic Authentication - Token-Based - HMAC based
• http://restful-api-design.readthedocs.org/en/latest/ • http://restcookbook.com/ • http://player.oreilly.com/videos/9781491911938 • http://jsonapi.org References
Questions
Thank You ! @asldevi
asldevi
yaegashi
zaki_lknr
emiki
picardparis
limes2018
sat
nwiizo
soracom
txkxyx
joytomo
hassaku63
masuda220
nonsquared
orderedlist
lara
3n
jmmastey
garrettdimon
bryan
chrislema
andyhume
denniskardys
mza
scottboms
