Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Ambitious APIs with Ruby

Dan Gebhardt
August 04, 2013
Programming
22
1.6k

Building Ambitious APIs with Ruby

Presented at the Burlington Ruby Conference 2013. Covers active_model_serializers, the JSON API project, hypermedia APIs and general API design.

Dan Gebhardt

August 04, 2013
Tweet

More Decks by Dan Gebhardt

See All by Dan Gebhardt
An Introduction to the JSON:API Specification
dgeb
5
660
Worker power!
dgeb
0
450
Modern Ember
dgeb
0
130
The Future of Data in Ember
dgeb
0
400
Give Apps Online Superpowers by Optimizing them for Offline
dgeb
2
180
Overview of Orbit.js
dgeb
0
84
Introducing Ember Engines
dgeb
4
3.4k
Introducing JSON API
dgeb
5
670
Fault Tolerant UX
dgeb
4
900

Other Decks in Programming

See All in Programming
Streams APIとTCPフロー制御 / Web Streams API and TCP flow control
tasshi
1
300
アジャイルを支えるテストアーキテクチャ設計/Test Architecting for Agile
goyoki
7
2.8k
From Subtype Polymorphism To Typeclass-based Ad hoc Polymorphism - An Example
philipschwarz
PRO
0
170
Importmapを使ったJavaScriptの 読み込みとブラウザアドオンの影響
swamp09
4
1.3k
GCCのプラグインを作る / I Made a GCC Plugin
shouth
1
150
Modern Angular: Renovation for Your Applications
manfredsteyer
PRO
0
210
僕がつくった48個のWebサービス達
yusukebe
18
17k
Pinia Colada が実現するスマートな非同期処理
naokihaba
2
160
[PyCon Korea 2024 Keynote] 커뮤니티와 파이썬, 그리고 우리
beomi
0
110
カスタムしながら理解するGraphQL Connection
yanagii
1
1.2k
Dev ContainersとGitHub Codespacesの素敵な関係
ymd65536
1
130
推し活の ハイトラフィックに立ち向かう Railsとアーキテクチャ - Kaigi on Rails 2024
falcon8823
6
2.3k

Featured

See All Featured
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
Docker and Python
trallard
40
3.1k
Producing Creativity
orderedlist
PRO
341
39k
Designing for Performance
lara
604
68k
Code Review Best Practice
trishagee
64
17k
A Philosophy of Restraint
colly
203
16k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Building Applications with DynamoDB
mza
90
6.1k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
290
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
7.9k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
355
29k

Transcript

  1. BUILDING AMBITIOUS APIS WITH RUBY Dan Gebhardt @dgeb Burlington Ruby

    2013

  2. DO YOU NEED AN API?

  3. CLIENT-SIDE JS APPLICATION?

  4. CLIENT-SIDE JS APPLICATION? YOU NEED AN API

  5. NATIVE APPLICATION?

  6. NATIVE APPLICATION? YOU NEED AN API

  7. 3RD PARTY INTEGRATION? Creative Commons image courtesy of Kamil Porembiński

  8. 3RD PARTY INTEGRATION? YOU NEED AN API Image credit: http://up1ter.deviantart.com/art/Twilight-Sparkle-is-flying-286029311

  9. SCRIPTABLE?

  10. SCRIPTABLE? YOU NEED AN API @devops_borat @hipsterhacker @neckbeardhacker

  11. SO DO YOU NEED AN API?

  12. SO DO YOU NEED AN API? *PROBABLY*

  13. LET'S BUILD SOMETHING THAT DOES

  14. RubyPets!

  15. RubyPets!

  16. EMBER UI

  17. ANDROID & IOS APPS EMBER UI

  18. ANDROID & IOS APPS EMBER UI LOLCATS INTEGRATION

  19. ANDROID & IOS APPS LOLCATS INTEGRATION EMBER UI NEEDS AN

    API

  20. "WE NEED A RESTFUL API"

  21. "...AFTER YOU FEED ME!"

  22. RESTFUL API BASICS

  23. Your application's NOUNS are modeled as RESOURCES

  24. OUR RESOURCES Pets

  25. OUR RESOURCES People

  26. Every RESOURCE has a URI

  27. OUR RESOURCES # all pets /pets # each pet /pets/123

  28. OUR RESOURCES # all people /people # each person /people/123

  29. Resources are acted upon with HTTP METHODS

  30. POST GET UPDATE PATCH DELETE /pets/123 /pets/ /pets/123 /pets/123 /pets/123

  31. POST GET UPDATE PATCH DELETE /pets/123 /pets/ /pets/123 /pets/123 /pets/123

  32. POST GET UPDATE PATCH DELETE /pets/123 /pets/ /pets/123 /pets/123 /pets/123

  33. POST GET UPDATE PATCH DELETE /pets/123 /pets/ /pets/123 /pets/123 /pets/123

  34. POST GET UPDATE PATCH DELETE /pets/123 /pets/ /pets/123 /pets/123 /pets/123

  35. POST GET UPDATE PATCH DELETE /pets/123 /pets/ /pets/123 /pets/123 /pets/123

    + MORE

  36. "WE NEED AN AMBITIOUS RESTFUL API!"

  37. DEFINE AMBITIOUS

  38. DEFINE AMBITIOUS •Flexible

  39. DEFINE AMBITIOUS •Flexible •Consistent

  40. DEFINE AMBITIOUS •Flexible •Consistent •Efficient

  41. DEFINE AMBITIOUS •Flexible •Consistent •Efficient •Secure

  42. DEFINE AMBITIOUS •Flexible •Consistent •Efficient •Secure •Discoverable

  43. IS THERE ANYTHING WE WON'T DO?

  44. LET'S STICK WITH JSON ... AND SKIP XML

  45. OK, LET'S GET STARTED!

  46. OK, LET'S GET STARTED!

  47. LET'S START SIMPLE $ rails new rubypets $ cd rubypets

    $ rails g scaffold pet name:string $ rails g scaffold toy name:string pet:references $ rake db:migrate # set a default route, define relationships, etc ...

  48. LET'S START SIMPLE $ rails new rubypets $ cd rubypets

    $ rails g scaffold pet name:string $ rails g scaffold toy name:string pet:references $ rake db:migrate # set a default route, define relationships, etc ...

  49. LET'S START SIMPLE $ rails new rubypets $ cd rubypets

    $ rails g scaffold pet name:string $ rails g scaffold toy name:string pet:references $ rake db:migrate # set a default route, define relationships, etc ...

  50. LET'S START SIMPLE $ rails new rubypets $ cd rubypets

    $ rails g scaffold pet name:string $ rails g scaffold toy name:string pet:references $ rake db:migrate # set a default route, define relationships, etc ...

  51. LET'S START SIMPLE $ rails new rubypets $ cd rubypets

    $ rails g scaffold pet name:string $ rails g scaffold toy name:string pet:references $ rake db:migrate # set a default route, define relationships, etc ...

  52. LET'S START SIMPLE $ rails new rubypets $ cd rubypets

    $ rails g scaffold pet name:string $ rails g scaffold toy name:string pet:references $ rake db:migrate # set a default route, define relationships, etc ...

  53. MODELS # /app/models/pet.rb class Pet < ActiveRecord::Base has_many :toys end

    # /app/models/toy.rb class Toy < ActiveRecord::Base belongs_to :pet end

  54. CONTROLLERS class PetsController < ApplicationController before_action :set_pet, only: [:show, :edit,

    :update, :destroy] # GET /pets # GET /pets.json def index @pets = Pet.all end # GET /pets/1 # GET /pets/1.json def show end ..... end

  55. JBUILDER VIEWS # pets/index.json.jbuilder json.array!(@pets) do |pet| json.extract! pet, :name

    json.url pet_url(pet, format: :json) end # pets/show.json.jbuilder json.extract! @pet, :name, :created_at, :updated_at

  56. OUTPUT # /pets.json [ {"name":"Cashew", "url":"http://localhost:3000/pets/1.json"}, {"name":"Ginkgo", "url":"http://localhost:3000/pets/2.json"} ] #

    /pets/2.json {"name":"Ginkgo", "created_at":"2013-08-02T04:03:06.958Z", "updated_at":"2013-08-02T04:03:06.958Z"} JSON

  57. OUTPUT # /pets.json [ {"name":"Cashew", "url":"http://localhost:3000/pets/1.json"}, {"name":"Ginkgo", "url":"http://localhost:3000/pets/2.json"} ] #

    /pets/2.json {"name":"Ginkgo", "created_at":"2013-08-02T04:03:06.958Z", "updated_at":"2013-08-02T04:03:06.958Z"} JSON

  58. OUTPUT # /pets.json [ {"name":"Cashew", "url":"http://localhost:3000/pets/1.json"}, {"name":"Ginkgo", "url":"http://localhost:3000/pets/2.json"} ] #

    /pets/2.json {"name":"Ginkgo", "created_at":"2013-08-02T04:03:06.958Z", "updated_at":"2013-08-02T04:03:06.958Z"} "WE NEED CONSISTENCY !!!" JSON

  59. JBUILDER VIEWS # pets/index.json.jbuilder json.array!(@pets) do |pet| json.extract! pet, :name

    json.url pet_url(pet, format: :json) end # pets/show.json.jbuilder json.extract! @pet, :name, :created_at, :updated_at

  60. "CUSTOM" ISN'T ALWAYS A GOOD THING

  61. WE NEED MORE CONVENTION AND LESS CONFIGURATION

  62. None
  63. None
  64. None
  65. None
  66. None
  67. None
  68. None
  69. None
  70. None
  71. None
  72. None

  73. LET'S TRY IT OUT # Gemfile # gem 'jbuilder', '~>

    1.2' gem 'active_model_serializers'

  74. LET'S TRY IT OUT # Gemfile # gem 'jbuilder', '~>

    1.2' gem 'active_model_serializers' $ bundle install $ rails g serializer pet $ rails g serializer toy

  75. LET'S TRY IT OUT # Gemfile # gem 'jbuilder', '~>

    1.2' gem 'active_model_serializers' $ bundle install $ rails g serializer pet $ rails g serializer toy

  76. LET'S TRY IT OUT # Gemfile # gem 'jbuilder', '~>

    1.2' gem 'active_model_serializers' $ bundle install $ rails g serializer pet $ rails g serializer toy

  77. SERIALIZERS # app/serializers/pet_serializer.rb class PetSerializer < ActiveModel::Serializer attributes :id, :name,

    :created_at, :updated_at end # app/serializers/toy_serializer.rb class ToySerializer < ActiveModel::Serializer attributes :id, :name, :created_at, :updated_at end

  78. CONTROLLERS class PetsController < ApplicationController before_action :set_pet, only: [:show, :edit,

    :update, :destroy] # GET /pets # GET /pets.json def index render json: Pet.all end # GET /pets/1 # GET /pets/1.json def show render json: @pet end ..... end

  79. OUTPUT # /pets.json {"pets": [{"id":1, "name":"Cashew", "created_at":"2013-08-02T04:02:58.467Z", "updated_at":"2013-08-02T04:02:58.467Z"}, {"id":2, "name":"Ginkgo",

    "created_at":"2013-08-02T04:03:06.958Z", "updated_at":"2013-08-02T04:03:06.958Z"}]} # /pets/2.json {"pet": {"id":2, "name":"Ginkgo", "created_at":"2013-08-02T04:03:06.958Z", "updated_at":"2013-08-02T04:03:06.958Z"}} JSON

  80. OUTPUT # /pets.json {"pets": [{"id":1, "name":"Cashew", "created_at":"2013-08-02T04:02:58.467Z", "updated_at":"2013-08-02T04:02:58.467Z"}, {"id":2, "name":"Ginkgo",

    "created_at":"2013-08-02T04:03:06.958Z", "updated_at":"2013-08-02T04:03:06.958Z"}]} # /pets/2.json {"pet": {"id":2, "name":"Ginkgo", "created_at":"2013-08-02T04:03:06.958Z", "updated_at":"2013-08-02T04:03:06.958Z"}} JSON

  81. OUTPUT # /pets.json {"pets": [{"id":1, "name":"Cashew", "created_at":"2013-08-02T04:02:58.467Z", "updated_at":"2013-08-02T04:02:58.467Z"}, {"id":2, "name":"Ginkgo",

    "created_at":"2013-08-02T04:03:06.958Z", "updated_at":"2013-08-02T04:03:06.958Z"}]} # /pets/2.json {"pet": {"id":2, "name":"Ginkgo", "created_at":"2013-08-02T04:03:06.958Z", "updated_at":"2013-08-02T04:03:06.958Z"}} "THAT'S BETTER, BUT..." JSON

  82. CUSTOM FIELDS # app/serializers/base_serializer.rb class PetSerializer < ActiveModel::Serializer attributes :id,

    :created_at, :updated_at # allow custom inclusion of a single field def include_created_at? if @options.key?(:fields) return @options[:fields][:created_at] end true end end

  83. CUSTOM FIELDS # app/serializers/base_serializer.rb class PetSerializer < ActiveModel::Serializer attributes :id,

    :created_at, :updated_at # allow custom inclusion of a single field def include_created_at? if @options.key?(:fields) return @options[:fields][:created_at] end true end end "THAT'S BETTER, BUT..."

  84. BASE SERIALIZER # app/serializers/base_serializer.rb class BaseSerializer < ActiveModel::Serializer attributes :id,

    :created_at, :updated_at end # app/serializers/pet_serializer.rb class PetSerializer < BaseSerializer attributes :name end # app/serializers/toy_serializer.rb class ToySerializer < BaseSerializer attributes :name end

  85. CUSTOM FIELDS + # app/serializers/base_serializer.rb class BaseSerializer < ActiveModel::Serializer attributes

    :id, :created_at, :updated_at # allow custom inclusion of ANY field # via options passed in from the controller def include?(field) if @options.key?(:fields) return @options[:fields][field] end super(field) end end

  86. ONE-TO-MANY # /app/models/pet.rb class Pet < ActiveRecord::Base has_many :toys end

    # app/serializers/pet_serializer.rb class PetSerializer < BaseSerializer attributes :name has_many :toys end

  87. OUTPUT JSON # /pets/2.json {"pet": {"id":2, "name":"Ginkgo", "toys":[ {"id":3, "name":"Busy

    Bee"}, {"id":4, "name":"Dan's sock"}]}}

  88. ONE-TO-ONE # /app/models/pet.rb class Pet < ActiveRecord::Base has_many :toys belongs_to

    :person end # app/serializers/pet_serializer.rb class PetSerializer < BaseSerializer attributes :name has_many :toys has_one :person end

  89. OUTPUT JSON # /pets/2.json {"pet": {"id":2, "name":"Ginkgo", "toys":[ {"id":3, "name":"Busy

    Bee"}, {"id":4, "name":"Dan's sock"}] "person": {"id":1,"name":"Dan"}}}

  90. OUTPUT JSON # /pets.json {"pets": [{"id":1, "name":"Cashew", "toys":[...], "person":{"id":1,"name":"Dan"}}, {"id":2,

    "name":"Ginkgo", "toys":[...], "person":{"id":1,"name":"Dan"}}]}

  91. OUTPUT JSON # /pets.json {"pets": [{"id":1, "name":"Cashew", "toys":[...], "person":{"id":1,"name":"Dan"}}, {"id":2,

    "name":"Ginkgo", "toys":[...], "person":{"id":1,"name":"Dan"}}]} "DUPLICATION!"

  92. BASE SERIALIZER # app/serializers/base_serializer.rb class BaseSerializer < ActiveModel::Serializer # sideload

    related data by default embed :ids, include: true attributes :id, :created_at, :updated_at end

  93. OUTPUT JSON # /pets.json {"toys":[ {"id":1, "name":"BTVRuby catnip"}, {"id":2, "name":"Mr

    Smoochums"}, {"id":3, "name":"Busy Bee"}, {"id":4, "name":"Dan's sock"}], "people":[ {"id":1, "name":"Dan"}], "pets":[ {"id":1, "name":"Cashew", "toy_ids":[1,2], "person_id":1}, {"id":2, "name":"Ginkgo", "toy_ids":[3,4], "person_id":1}]}

  94. OUTPUT JSON # /pets.json {"toys":[ {"id":1, "name":"BTVRuby catnip"}, {"id":2, "name":"Mr

    Smoochums"}, {"id":3, "name":"Busy Bee"}, {"id":4, "name":"Dan's sock"}], "people":[ {"id":1, "name":"Dan"}], "pets":[ {"id":1, "name":"Cashew", "toy_ids":[1,2], "person_id":1}, {"id":2, "name":"Ginkgo", "toy_ids":[3,4], "person_id":1}]}

  95. OUTPUT JSON # /pets.json {"toys":[ {"id":1, "name":"BTVRuby catnip"}, {"id":2, "name":"Mr

    Smoochums"}, {"id":3, "name":"Busy Bee"}, {"id":4, "name":"Dan's sock"}], "people":[ {"id":1, "name":"Dan"}], "pets":[ {"id":1, "name":"Cashew", "toy_ids":[1,2], "person_id":1}, {"id":2, "name":"Ginkgo", "toy_ids":[3,4], "person_id":1}]}

  96. OUTPUT JSON # /pets.json {"toys":[ {"id":1, "name":"BTVRuby catnip"}, {"id":2, "name":"Mr

    Smoochums"}, {"id":3, "name":"Busy Bee"}, {"id":4, "name":"Dan's sock"}], "people":[ {"id":1, "name":"Dan"}], "pets":[ {"id":1, "name":"Cashew", "toy_ids":[1,2], "person_id":1}, {"id":2, "name":"Ginkgo", "toy_ids":[3,4], "person_id":1}]} "NO DUPLICATION... I APPROVE."

  97. API DESIGN

  98. FILTERING DATA /pets/cats /pets/dogs

  99. FILTERING DATA /pets/cats /pets/dogs ~ VS. ~ /pets?type=cats /pets?type=dogs

  100. FILTERING DATA /pets/cats /pets/dogs ~ VS. ~ /pets?type=cats /pets?type=dogs /pets?type=cats,dogs

  101. FILTERING DATA /pets/cats /pets/dogs ~ VS. ~ /pets?type=cats /pets?type=dogs /pets?type=cats,dogs

    /pets?type=cats,dogs&color=red

  102. INCLUDING RELATIONSHIPS Best guess inclusions (e.g. always include toys with

    pets)

  103. INCLUDING RELATIONSHIPS /pets?include=toys,people Best guess inclusions (e.g. always include toys

    with pets) ~ VS. ~ No inclusions by default. Custom inclusions as requested.

  104. EMBEDDING RELATIONSHIPS Always embed any related data (i.e. JBuilder approach)

  105. EMBEDDING RELATIONSHIPS Always embed any related data (i.e. JBuilder approach)

    ~ VS. ~ Favor "side-loading" and embed data very selectively (and only when it won't be shared)

  106. VERSIONING One version that's never broken

  107. VERSIONING One version that's never broken ~ VS. ~ Version

    by host or path api.rubypets.org v1.api.rubypets.org rubypets.org/api/v1

  108. SPARSE FIELDSETS Include all fields

  109. SPARSE FIELDSETS Include all fields ~ VS. ~ Allow for

    custom inclusion of fields: /pets?fields=id,name,age

  110. SPARSE FIELDSETS Include all fields ~ VS. ~ Allow for

    custom inclusion of fields: /pets?fields=id,name,age /pets?include=toys,people& pet_fields=id,name,age& people_fields=id,name& toy_fields=name

  111. SORTING Default sort order only

  112. SORTING Default sort order only ~ VS. ~ Allow for

    custom sort order: /pets?sort=name # ascending /pets?sort=-name # descending

  113. PAGINATION No limits on resources

  114. PAGINATION No limits on resources ~ VS. ~ Provide a

    default page size, a max page size, and allow custom requests: /pets?page=2&per_page=100

  115. PAGINATION No limits on resources ~ VS. ~ Provide a

    default page size, a max page size, and allow custom requests: /pets?page=2&per_page=100 Opinion! JSON API should separate the primary resource from its related resources when "side-loading" in order to clarify issues of primacy like pagination.

  116. PAGINATION, CONT. As per RFC 5988, return a LINK header

    to allow for navigation: Link: <https://v1.api.rubypets.org/pets?page=3&per_page=100>; rel="next", <https://v1.api.rubypets.org/pets?page=9&per_page=100>; rel="last" Possible values for `rel`: first, last, next, prev

  117. TL;DR A Hypermedia API makes full use of HTTP and

    a hypermedia content type to be as as navigable as the web itself. REST was a term originally invented by Roy Fielding, but since most "REST" APIs aren't in line with his definition, the term "Hypermedia API" was created. HYPERMEDIA APIS

  118. HYPERMEDIA APIS Designing Hypermedia APIs by Steve Klabnik designinghypermediaapis.com Recommendation:

    It's not TL, so there's no reason for DR !

  119. HYPERMEDIA APIS "Hypermedia designs promote scalability, allow resilience towards future

    changes, and promote decoupling and encapsulation, with all the benefits those things bring. On the downside, it is not necessarily the most latency-tolerant design, and caches can get stale if you’re not careful. It may not be as efficient on an individual request level as other designs." Steve Klabnik Designing Hypermedia APIs designinghypermediaapis.com

  120. SECURITY

  121. SECURITY A Brief History of OAuth

  122. SECURITY A Brief History of OAuth

  123. *BASIC* SECURITY RECOMMENDATIONS • Restrict access to particular users (e.g.

    non-admins) as needed in your controller and serializer layers

  124. *BASIC* SECURITY RECOMMENDATIONS • Restrict access to particular users (e.g.

    non-admins) as needed in your controller and serializer layers • HTTPS for all the things

  125. *BASIC* SECURITY RECOMMENDATIONS • Restrict access to particular users (e.g.

    non-admins) as needed in your controller and serializer layers • HTTPS for all the things • Use token-based security

  126. *BASIC* SECURITY RECOMMENDATIONS • Restrict access to particular users (e.g.

    non-admins) as needed in your controller and serializer layers • HTTPS for all the things • Use token-based security • If you want to build an OAuth provider, don't go it alone. Use a gem like James Coglan's oauth2-provider: https://github.com/songkick/oauth2-provider
  127. None

  128. THANKS! @dgeb Burlington Ruby 2013