Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Battle tested API design

Johannes Pichler
August 30, 2019
Programming
0
78

Battle tested API design

Well designed and performant API's are key aspects of good and reliable application systems.

Especially when kicking of an API system it is really hard to setup and define all boundaries that are necessary to build a futureproof API. Changes later on can be time consuming and of course expensive.

Therefore it is extremely important to plan the API design beforehand and to use best practices and patterns from the industry.

In this session I will guide the listeners through the creation process of an API and will introduce and explain all important parts that constitute a battle tested and robust API. Things like middleware layers, security tokens are only some key points that will be presented on stage.

Johannes Pichler

August 30, 2019
Tweet

More Decks by Johannes Pichler

See All by Johannes Pichler
Crafting Elegant APIs with Laravel
fetzi
0
66
Battle tested API Design - Laravel Edition (PHP.RUHR)
fetzi
0
60
Battle tested API design - Laracon EU Online
fetzi
0
73
Mastering CLIs
fetzi
0
38
(Understanding) OAuth2
fetzi
0
200
Decouple Everything
fetzi
0
200
Go Basics Workshop
fetzi
1
60
Getting more out of Git (german)
fetzi
0
57
Go for PHP devs
fetzi
3
100

Other Decks in Programming

See All in Programming
Boost Performance and Developer Productivity with Jakarta EE 11
ivargrimstad
0
1.5k
役立つログに取り組もう
irof
28
9.4k
推し活の ハイトラフィックに立ち向かう Railsとアーキテクチャ - Kaigi on Rails 2024
falcon8823
6
2.7k
PHP でアセンブリ言語のように書く技術
memory1994
PRO
1
160
Click-free releases & the making of a CLI app
oheyadam
2
100
Streams APIとTCPフロー制御 / Web Streams API and TCP flow control
tasshi
2
340
イベント駆動で成長して委員会
happymana
1
270
C++でシェーダを書く
fadis
6
3.9k
GCCのプラグインを作る / I Made a GCC Plugin
shouth
1
160
開発効率向上のためのリファクタリングの一歩目の選択肢 ~コード分割~ / JJUG CCC 2024 Fall
ryounasso
0
420
推し活としてのrails new/oshikatsu_ha_iizo
sakahukamaki
3
2k
Snowflake x dbtで作るセキュアでアジャイルなデータ基盤
tsoshiro
2
500

Featured

See All Featured
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.2k
What's in a price? How to price your products and services
michaelherold
243
12k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
360
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
We Have a Design System, Now What?
morganepeng
50
7.2k
Automating Front-end Workflow
addyosmani
1366
200k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
6.9k
The Language of Interfaces
destraynor
154
24k
RailsConf 2023
tenderlove
29
890
Done Done
chrislema
181
16k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
46
2.1k
Mobile First: as difficult as doing things right
swwweet
222
8.9k

Transcript

  1. Ba#le tested API design Web Summer Camp 2019

  2. Johannes Pichler • Web Developer since 2006 • PHP, .NET,

    Java • Lead Developer @ karriere.at

  3. karriere.at • biggest job platform in Austria • ~ 150

    employees • ~ 40 developers

  4. Outline • API design in general • Slim framework and

    Laravel Eloquent • Exercises Middlewares • Exercises json:api responses • Exercise json:api hydrators
  5. None

  6. The API Waterfall

  7. None

  8. The API Waterfall • Requirements & Planning • Implementation •

    Verification & Maintenance

  9. Requirements & Planning

  10. Consider the client(s)

  11. Routing • based on resources • use standard HTTP methods

    • be as explicit as possible

  12. Routing GET: /users GET: /users/{id} POST: /users PATCH: /users/{id} DELETE:

    /users/{id}

  13. Routing - API Versioning • frequency of endpoint changes •

    handling of breaking changes • use semantic versioning • use only major version in URLs

  14. Response format • no custom response format • use a

    defined standard •JSON:API •HAL

  15. Authorization • use specific client tokens • add access tokens

    for sensitive endpoints

  16. API Specification • use an API client like Postman •

    define your endpoints with edge cases • make your specification testable

  17. Selecting a Framework • PSR-7 HTTP message interface •ServerRequestInterface •ResponseInterface

    • Middleware support (PSR-15) • dependency injection • configuration management

  18. Middlewares • used for standard API logic • can be

    used globally, per route or per route group • easy way to intercept the request lifecycle
  19. None

  20. Verification & Maintenance

  21. Verification • it's all about metrics • have useful error

    logging in place • verify your assumptions during development

  22. Maintenance • be careful with breaking changes • stick to

    semantic versioning • keep your API specification up to date

  23. Exercise Information

  24. HTTP Handlers (PSR-15) interface RequestHandlerInterface { public function handle( ServerRequestInterface

    $request ): ResponseInterface; }

  25. Middlewares (PSR-7) interface MiddlewareInterface { public function process( ServerRequestInterface $request,

    RequestHandlerInterface $handler ): ResponseInterface; }

  26. json:api format { "data": { "type": "product", "id": "1", "attributes":

    { "name": "Product 1", "price": 1000 } } }

  27. json:api relationships { "data": { "type": "product", "id": "1", "attributes":

    { "name": "Product 1", "price": 1000 }, "relationships": { "product-group": { "data": { "type": "product-group", "id": "1" } } } } }

  28. Resources • https://github.com/fetzi/websummercamp-api-design • https://www.slimframework.com/ • https://jsonapi.org/

  29. Questions?

  30. THANKS @fetzi_io