Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How (not) to build APIs

Denis Yagofarov
September 20, 2014
Programming
2
470

How (not) to build APIs

Stop shooting your feet by making same old mistakes in API development. Contains fails and my advices how to avoid them.

Denis Yagofarov

September 20, 2014
Tweet

More Decks by Denis Yagofarov

See All by Denis Yagofarov
How do I review the code
denyago
0
170
Ruby for WebBots
denyago
0
150
Arel. Why do we need it?
denyago
1
110
Как не лишиться здоровья и клиентов в процессе миграции
denyago
0
67

Other Decks in Programming

See All in Programming
try!Swift Tokyo 2024 参加報告 LT
akidon0000
1
220
if constexpr文はテンプレート世界のラムダ式である
faithandbrave
3
640
dbtのドメイン分割による データ基盤の改善とDigdagとの連携
sakama
0
120
Tailwind CSSを本気でカスタマイズする方法
fsubal
13
5.2k
VSCodeでのDatabricks開発もお勧めしたい/I would also recommend Databricks development with VSCode.
kazumain
0
250
Rethinking UI building strategies @ SFI 2024
letelete
0
270
はてなにおける CSS Modules、及び CSS Modules に足りないもの / CSS Modules in Hatena, and CSS Modules missing parts
mizdra
7
920
OpenAPIを中心に考えるAPI開発入門 / Introduction to API Development with a Focus on OpenAPI
seike460
PRO
2
170
Zero Waste, Radical Magic, and Italian Graft – Quarkus Efficiency Secrets
hollycummins
0
230
"config" ってなんだ? / What is "config"?
okashoi
0
240
冗長なエラーログを削減し、スタックトレースを手に入れる / Reducing Verbose Error Logs and Obtaining Stack Traces
upamune
0
500
Random\Randomizer クラスで日常のあれこれを解決しよう! / Random\Randomizer class solves familiar trouble
cocoeyes02
0
220

Featured

See All Featured
How to Ace a Technical Interview
jacobian
272
22k
Pencils Down: Stop Designing & Start Developing
hursman
117
11k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
244
20k
Happy Clients
brianwarren
92
6.4k
The Language of Interfaces
destraynor
151
23k
Building Effective Engineering Teams - LeadDev
addyosmani
28
1.8k
Gamification - CAS2011
davidbonilla
76
4.6k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
60
14k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
9
8.3k
Faster Mobile Websites
deanohume
299
30k
Code Review Best Practice
trishagee
55
15k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
21
1.6k

Transcript

  1. How (not) to build APIs Denys Yahofarov senior developer

  2. denyago@ wherever

  3. API == HTTP API* * at least in this talk

  4. Development process is pleasure Credits: https://flic.kr/p/9Ep15Y

  5. Alien code is pain Credits: http://i.iscute.com/7j7

  6. How to cook?

  7. How to cook? 5340 results

  8. I’ll show how NOT to build APIs

  9. … as I had a lot of mistakes

  10. Building app from scratch … client wants to have a

    dog adoption app … and gives us as much time as we need Credits: https://flic.kr/p/8rw6vC

  11. #1. Let’s get to work!!!

  12. None
  13. None
  14. None
  15. None
  16. None
  17. None
  18. None
  19. None
  20. None
  21. None
  22. None
  23. None

  24. What’s wrong? • No design made • No tests written

    • No documentation

  25. How do I do it now? • Design Driven Development

    • API Blueprints • Behavior and Test Driven Development • Documentation is auto-generated • … and built from tests

  26. Tools

  27. Credits: https://flic.kr/p/4ZUEPV, https://flic.kr/p/8gRAdg, https://flic.kr/p/5vGNkE

  28. http://apiblueprint.org http://apiary.io API mock servers Blueprint tools http://www.mocky.io http://www.mockable.io

  29. BDD and TDD • RSpec • RSpecApiDocumentation

  30. Swagger

  31. RSpecAPIDocumentation

  32. #2. Add everything useful

  33. None
  34. None
  35. None
  36. None
  37. None
  38. None
  39. None
  40. None
  41. None

  42. What’s wrong? • Add a “cool” gem • Test only

    required behavior • … and frontend team can be smart in using ALL the gem’s features This is not wrong

  43. Credits: http://www.amusement.net/2012/02/20/primary-bug/

  44. Tools You Ain’t Gonna Need It

  45. #3. It’s not gonna change

  46. None
  47. None
  48. None
  49. None
  50. None
  51. None
  52. None

  53. jq is a lightweight and flexible command-line JSON processor

  54. What’s wrong? • Presumption, that nothing gonna change • Changes

    not backward compatible • No API version

  55. How do I do it now? • Always start with

    ‘v1’ • Never delete or change anything in production versions • Maintain “v_current_” and “v_previouos_” • While developing “v_new_” • … and have tests for both

  56. One of ways

  57. bploetz/versionist … or

  58. #4. We need strong SECURITY!!1

  59. None

  60. some Voodoo Magic

  61. None
  62. None
  63. None

  64. What’s wrong? • Custom algorithm to verify messages • Clients

    need to implement it on their own • The secret key can’t be revoked from single client

  65. How do I do it now? • HTTPs • oAuth

    2.0, Resource Owner Password Credentials Grant • Sending token as a header • Rails MessageVerifier for sharing “one-time” or “time-limited” links • … or just simple HTTP Authentication
  66. None

  67. #5. JSON as a data source

  68. None
  69. None
  70. None

  71. oO WAT?

  72. None

  73. What was wrong? • Different fields in index and show

    • “Magic numbers” in JSON • empty (could be ‘date not in ISO8601 format’)

  74. How do I do it now? • All “Magic numbers”

    in databases are mapped to user-readable names • Use Serializers instead of templates • Use ‘partial request’ to specify the set of fields I want to get • Time is always in UTC and ISO8601 format

  75. #6. Querying and filtering

  76. None
  77. None
  78. None

  79. 3 sec

  80. None
  81. None
  82. None
  83. None

  84. Imagine your client app … as a hamster Credits: https://flic.kr/p/bGWME

  85. What was wrong? • No default limit • Parser of

    parameters needs an array to find all those IDs • I used to have a count for all the results. Sometimes there were millions of results

  86. How do I do it now? • Default limit •

    If limit loo big - return 4xx error • Put filtering under a common name (q[]= or search[]=) • Have a toggle parameters for HTTP clients with quirks

  87. So… • Have API documentation (auto-generated) • Do only things

    required from you • Use versioning • Don’t re-invent authentication flows • Let JSONs be verbose and consistent • Limit data, returned to client

  88. What is it? Credits: https://flic.kr/p/6nei23

  89. Dog food Would you eat the one, you produce? Credits:

    https://flic.kr/p/6nei23

  90. Eat your own dog food

  91. Fortumo • Most of APIs used by us internally •

    Cloud on top of several other clouds • Many internal products, never seen by customers

  92. Eating lot of own ‘dog food’

  93. Read books

  94. Play and experiment

  95. None

  96. Look for new challenges* * yes, we are hiring too

  97. Questions?

  98. What is your favorite design or programming fail?

  99. Thank you!