Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

Rails API-only considerations

Rails API-only considerations

How to use the --api flag in Rails and what to consider when migrating a Rails application to an API-only version of it.

I gave this talk at the Ruby Frankfurt Meetup: https://www.meetup.com/de-DE/Frankfurt-Ruby-Meetup/events/256159202

Christian Bäuerlein

November 15, 2018
Tweet

More Decks by Christian Bäuerlein

Other Decks in Programming

Transcript

  1. WHAT THIS TALK IS WHAT THIS TALK IS NOT NOT

    ABOUT ABOUT Are SPAs a good idea? 4 . 1
  2. WHAT THIS TALK IS WHAT THIS TALK IS NOT NOT

    ABOUT ABOUT Are SPAs a good idea? Are Microservices a good idea? 4 . 1
  3. WHAT THIS TALK IS WHAT THIS TALK IS NOT NOT

    ABOUT ABOUT Are SPAs a good idea? Are Microservices a good idea? API best practices 4 . 1
  4. WHAT THIS TALK WHAT THIS TALK IS IS ABOUT ABOUT

    How to use the api flag 5 . 1
  5. WHAT THIS TALK WHAT THIS TALK IS IS ABOUT ABOUT

    How to use the api flag Considerations when going API-only 5 . 1
  6. WHAT THIS TALK WHAT THIS TALK IS IS ABOUT ABOUT

    How to use the api flag Considerations when going API-only Create more questions than answers 5 . 1
  7. WHY RAILS WHY RAILS Middleware, Logging, Instrumentation, Caching Code-reloading, Environments

    Security Parameters, Error handling Rails console! Convention over Configuration 7 . 1
  8. WHAT IS WHAT IS --api --api? ? Since Rails 5.0

    rails new --api Sane defaults for API-only applications 8 . 1
  9. WHAT DOES WHAT DOES --api --api? ? No Views/Assets incl.

    configured Generators Adjust Controller modules 9 . 1
  10. WHAT DOES WHAT DOES --api --api? ? No Views/Assets incl.

    configured Generators Adjust Controller modules ActionController::API instead of ActionController::Base 9 . 1
  11. WHAT DOES WHAT DOES --api --api? ? No Views/Assets incl.

    configured Generators Adjust Controller modules ActionController::API instead of ActionController::Base Adjust Rack Middleware 9 . 1
  12. SELECTED MIDDLEWARES SELECTED MIDDLEWARES Rack::Sendfile, ActionDispatch::Static AD::Executor, AD::Reloader AD::RemoteIp AD::ShowExceptions,

    AD::DebugExceptions ActiveRecord::Migration::CheckPending Rails::Rack::Logger, Rack::Runtime, AD::RequestId Rack::ConditionalGet, Rack::ETag … 10 . 1
  13. SHOULD I USE SHOULD I USE --api --api? ? Guide:

    Using Rails for API-only Applications 14 . 1
  14. SHOULD I USE SHOULD I USE --api --api? ? Guide:

    Opinion: The guide provides more value than the actual cli flag Using Rails for API-only Applications 14 . 1
  15. SHOULD I USE SHOULD I USE --api --api? ? Guide:

    Opinion: The guide provides more value than the actual cli flag Use flag or not: Manual config work is necessary! Example: remove SendFile, add Translation Using Rails for API-only Applications 14 . 1
  16. SHOULD I USE SHOULD I USE --api --api? ? Guide:

    Opinion: The guide provides more value than the actual cli flag Use flag or not: Manual config work is necessary! Example: remove SendFile, add Translation Easy reverse-engineering: No need to generate a new app to use it! Using Rails for API-only Applications 14 . 1
  17. MORE OPTIONS FOR MORE OPTIONS FOR rails new rails new

    --skip-yarn --skip-sprockets --skip-action-mailer --skip-active-storage --skip-action-cable --skip-active-record … 15 . 1
  18. EXAMPLE FOR EXAMPLE FOR rails new rails new rails new

    --api --skip-active-storage --skip-action-mailer --skip-active- record --skip-action-cable ApiExample Pro tip: Evaluating the Middleware, Controller-includes and building blocks makes sense for every kind of Rails app! 16 . 1
  19. THE SACRED DREAM OF THE THE SACRED DREAM OF THE

    HTTP-ONLY LEAN, MEAN REST HTTP-ONLY LEAN, MEAN REST API SERVER. API SERVER. 17 . 1
  20. LIVING THE BACKEND DEV LIVING THE BACKEND DEV DREAM DREAM

    Stateless Unaware about the rest of the world Pure data channelled through HTTP 18 . 1
  21. THE REAL SCOPE OF YOUR THE REAL SCOPE OF YOUR

    APPLICATION APPLICATION Your app is usually more than a public facing API. 19 . 1
  22. CONSIDER FOR BROWSER CLIENTS CONSIDER FOR BROWSER CLIENTS You might

    need CORS. Do you need it for every route? What does this mean for SEO, your crawl budget? 20 . 1
  23. WHICH KIND OF AUTH FOR THE WHICH KIND OF AUTH

    FOR THE BROWSER? BROWSER? Session, e.g. via wildcard cookies Good: HTTP only, SSL only Bad: Danger of Request Forgery, not suitable for mobile API Tokens: Good: No CSRF attacks Bad: Accessible via JS, offloads some Security to SPA, no more session store 21 . 1
  24. STATIC PAGES - STATIC PAGES - PagesController#home PagesController#home Do you

    need to host static pages? e.g. for mobile clients, imprint for app stores Are your current static pages really static? Where will this content come from? A CMS? Static from the SPA? Is it really independent from the API platform? 22 . 1
  25. ADMIN UI ADMIN UI Productivity: Ransack, Kaminari, Devise, SimpleForm, etc.

    Its own SPA? Admin API? Admin API Docs? Another Rails app as a client? (ActiveResource-style) 23 . 1
  26. EMBEDDED OTHER WEB APPS? EMBEDDED OTHER WEB APPS? Mail preview

    renderings Sidekiq/Resque web interfaces Keep authentication in mind! 24 . 1
  27. MORE COMPLICATED WORKFLOWS MORE COMPLICATED WORKFLOWS OAuth provider Email workflow

    (confirmation) API Server must know URL of SPA? 25 . 1
  28. WILL THIS PAY OFF? WILL THIS PAY OFF? Rails is

    not only easy to configure… 27 . 1
  29. WILL THIS PAY OFF? WILL THIS PAY OFF? Rails is

    not only easy to configure… …it is also easy to tear apart! 27 . 1
  30. WILL THIS PAY OFF? WILL THIS PAY OFF? Rails is

    not only easy to configure… …it is also easy to tear apart! Startup, testing, will be much faster. 27 . 1
  31. WILL THIS PAY OFF? WILL THIS PAY OFF? Rails is

    not only easy to configure… …it is also easy to tear apart! Startup, testing, will be much faster. But: Really important to determine the scope of necessary changes. 27 . 1
  32. WILL THIS PAY OFF? WILL THIS PAY OFF? Rails is

    not only easy to configure… …it is also easy to tear apart! Startup, testing, will be much faster. But: Really important to determine the scope of necessary changes. Check not only technical effort, but also your workflow. 27 . 1
  33. SOURCES SOURCES Using Rails for API-only Applications Rails CSRF protection

    for SPA How to Build Rails APIs Following the json:api Spec Building a JSON API with Rails 5 Building the Perfect Rails 5 API Only App Master Ruby Web APIs - Devblast 29 . 1