Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
BFTW: The Backend
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
José Padilla
August 13, 2014
Technology
240
4
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
BFTW: The Backend
Day 2 of Building for the Web. Discussing backend development for modern web apps.
José Padilla
August 13, 2014
More Decks by José Padilla
See All by José Padilla
Python, Government, and Contracts
jpadilla
0
74
Python, Government, and Contracts
jpadilla
0
5.1k
Python Type Hints
jpadilla
0
610
Developer Ergonomics
jpadilla
0
2.1k
DjangoCon - JSON Web Tokens
jpadilla
15
11k
eventos
jpadilla
0
220
JWT
jpadilla
2
480
Ember.js + Django
jpadilla
3
2.2k
UPRB Basic Workshop
jpadilla
2
250
Other Decks in Technology
See All in Technology
自分が詳しくない領域でAIを使う #プロヒス2026
konifar
20
8.2k
「勝手に広まる」人気 AI エージェントを爆速で作ろう!(AWS Summit Japan 2026講演資料)
minorun365
PRO
10
2.8k
はてなのサービス基盤を支える Kubernetes《足腰》
masayoshimaezawa
0
370
勉強会企画をアプリで構造化してみた 〜そこで見えた、AIとの付き合い方〜 / I've structured a study group plan using an app.
pauli
0
200
製造現場での生成AIの活用、およびエージェントAIの実装のあり方、AVEVAの取り組み
iotcomjpadmin
0
210
「軸足」は 固定しなくていい - 熱量と強みで描く、しなやかなキャリアの形
kakehashi
PRO
1
300
水を運ぶ人としてのリーダーシップ
izumii19
4
1.1k
トークン最適化のためのユーザーストーリー分析 / User Story Analysis for Token Optimization
oomatomo
0
150
そこにあるから地図ができる~位置を示す"モノ"を愉しむ~ - Interface 2026年6月号GPS特集オフ会 / interface_202606_GPS_offline
sakaik
1
150
40代で“やっとエンジニアになれた”――閉じた学びを開き、空の青さを知る / 20260628 Naoki Takahashi
shift_evolve
PRO
4
1.4k
FinOps X 2026 Recap from Engineer Side #JapanFinOps
chacco38
0
200
AWS Summit 2026で見えたSIerにとっての Amazon Quickの位置づけ
maf_0521
0
140
Featured
See All Featured
Darren the Foodie - Storyboard
khoart
PRO
3
3.4k
Optimizing for Happiness
mojombo
378
71k
End of SEO as We Know It (SMX Advanced Version)
ipullrank
3
4.2k
Rails Girls Zürich Keynote
gr2m
96
14k
Exploring anti-patterns in Rails
aemeredith
3
430
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
254
22k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
659
62k
How to train your dragon (web standard)
notwaldorf
97
6.7k
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
katarinadahlin
PRO
1
3.6k
The Pragmatic Product Professional
lauravandoore
37
7.3k
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
170
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
360
30k
Transcript
BUILDING FOR THE WEB
DAY 2
http://bit.ly/bftw-day2-qna
JOSÉ PADILLA
None
PERL
<script language="VBScript"> <!-- Set oWMP = CreateObject("WMPlayer.OCX.7") Set colCDROMs =
oWMP.cdromCollection if colCDROMs.Count >= 1 then For i = 0 to colCDROMs.Count - 1 colCDROMs.Item(i).Eject Next ' cdrom End If --> </script>
WSH & VBSCRIPT
PHP & MYSQL HTML & JAVASCRIPT
HACKER
ENTREPRENEUR
CO-FOUNDER AT BLIMP
None
None
jpadilla.com
THE BACKEND
MAKING DEVELOPERS HAPPIER, MORE PRODUCTIVE AND MORE EFFICIENT
“We allow teams to function as independently as possible. Developers
are like artists; they produce their best work if they have the freedom to do so, but they need good tools.” Werner Vogels, CTO at Amazon
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
WAYS TO WRITE WEB APPS
MONOLITHIC PATTERN
BUILDING A SINGLE COUPLED PROJECT
None
SERVICE PATTERN
BUILDING VARIOUS SMALL INDEPENDENT WEB SERVICES
None
None
None
None
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
HYPERTEXT TRANSFER PROTOCOL
None
HTTP is simple
None
1) The client sends a request
GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)
HTTP METHODS
GET /v1/cars HTTP/1.1
GET
Retrieve the resource from the server
POST
Create a resource on the server
PUT
Update the resource on the server
DELETE
Delete the resource from the server
URI
GET /v1/cars HTTP/1.1
Identifies the resource the client wants
REQUEST HEADERS
Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)
2) The server returns a response
HTTP/1.1 200 OK Date: Tue, 12 Aug 2014 09:00:00 GMT
Server: ngnix Content-Type: application/json { "message": "Hello World" }
HTTP/1.1 200 OK
STATUS CODES
HTTP/1.1 200 OK
INFORMATIONAL - 1XX 100 Continue 101 Switching Protocols
SUCCESSFUL - 2XX 200 OK 201 Created 202 Accepted 204
No Content
REDIRECTION - 3XX 301 Moved Permanently 302 Found 304 Not
Modified
CLIENT ERROR - 4XX 400 Bad Request 401 Unauthorized 403
Forbidden 404 Not Found 405 Method Not Allowed
SERVER ERROR - 5XX 500 Internal Server Error 502 Bad
Gateway 503 Service Unavailable
RESPONSE HEADERS
Date: Tue, 12 Aug 2014 09:00:00 GMT Server: ngnix Content-Type:
application/json
RESPONSE BODY
{ "message": "Hello World" }
REQUEST + RESPONSES = HTTP
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
Hypertext Transfer Protocol Secure
None
Used for secure communication
HTTP + SSL/TLS
Privacy
Data integrity
When to use HTTPS?
Credit card details? Use HTTPS
Users/Passwords? Use HTTPS
USE HTTPS. ALWAYS.
WARNING
HTTPS is not a security silver bullet
Price: $10+ RapidSSL, StartSSL, Thawte...
TIPS
ssllabs.com
None
Redirect HTTP to HTTPS
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • CODE EXAMPLE
None
None
None
JavaScript
XMLHttpRequest
Asynchronous JavaScript and XML
None
None
SERVER
GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)
X-Requested-With: XMLHttpRequest
X-Requested-With: XMLHttpRequest
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
None
GET ws://websocket.example.com/ HTTP/1.1 Origin: http://example.com Connection: Upgrade Host: websocket.example.com Upgrade:
websocket
HTTP/1.1 101 WebSocket Protocol Handshake Date: Wed, 16 Oct 2013
10:07:34 GMT Connection: Upgrade Upgrade: WebSocket
USE CASES
Real-time data/feeds
None
Instant messaging and chat
None
Collaborative editing
None
Multiplayer games
None
None
None
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
SQL DATABASES
NOSQL DATABASES
HOW TO CHOOSE?
HOW I CHOSE?
BREAK!
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
try finding the Monthly Report in the cache if the
data is in the cache: return the cached Monthly Report else: execute complex and time-consuming queries save the generated Monthly Report return the cached Monthly Report
WHEN TO IMPLEMENT CACHING?
MEMCACHED
REDIS
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
None
STATSD
None
NEW RELIC
None
LOGGLY
None
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
DON'T REINVENT THE WHEEL
None
UNFILTERED INPUT, UNESCAPED OUTPUT
CROSS-SITE SCRIPTING (XSS)
SQL INJECTION
None
CROSS-SITE REQUEST FORGERY (CSRF)
DON'T STORE PASSWORDS IN PLAIN TEXT
DON'T EMAIL A USER'S PASSWORD
HASH PASSWORDS WITH PBKDF2
OWASP
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
THE TWELVE- FACTOR APP
DECLARATIVE
MAXIMUM PORTABILITY
DEPLOY TO CLOUD
DEV/PROD PARITY
SCALABLE
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
None
<?xml version="1.0"?> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Header> </soap:Header> <soap:Body> <m:GetStockPrice xmlns:m="http://www.example.org/stock"> <m:StockName>IBM</m:StockName>
</m:GetStockPrice> </soap:Body> </soap:Envelope>
None
REPRESENTATIONAL STATE TRANSFER
RESOURCE-BASED
Verbs (Don't) POST /GetSongs HTTP/1.1
Nouns (Do) GET /songs HTTP/1.1
REPRESENTATIONS
{ "id": 1, "name": "Pretty When You Cry", "album": 1,
"favorite": false }
<song> <id>1</id> <name>Pretty When You Cry</name> <album>1</album> <favorite>false</favorite> </song>
STATELESS
UNIFORM INTERFACE
TIPS
API = DEV'S UI
USE RESTFUL URLS AND ACTIONS
GET /songs HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json
[{ "id": 1, "name": "Pretty When You Cry" }, { "id": 1, "name": "Money Power Glory" }]
GET /songs/1 HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json
{ "id": 1, "name": "Pretty When You Cry" }
POST /songs HTTP/1.1 Accept: application/json { "name": "West Coast" }
HTTP/1.1 201 CREATED Content-Type: application/json { "id": 3, "name": "West Coast" }
PUT /songs/3 HTTP/1.1 Accept: application/json { "name": "West Coast (Updated)"
} HTTP/1.1 200 OK Content-Type: application/json { "id": 3, "name": "West Coast (Updated)" }
DELETE /songs/3 HTTP/1.1 Accept: application/json HTTP/1.1 204 NO CONTENT Content-Type:
application/json
USE SSL. ALWAYS.
VERSIONING
GET /v1/songs
FILTERING, SORTING & SEARCHING
GET /songs?sort=-name GET /songs?favorite=true GET /songs?q=ritmo
ALLOW LIMITING FIELDS
GET /songs?fields=id,name
USE JSON
PAGINATION
UPDATES/CREATE SHOULD RETURN REPRESENTATION
CONSUMABLE ERROR PAYLOAD
{ "errors": { "email": "Email is required.", "password": "Password is
required." } }
AUTHENTICATION
COOKIE-BASED
TOKEN-BASED
EFFECTIVELY USE HTTTP STATUS CODES
CHECK OUT JSONAPI.ORG
LANGUAGES & FRAMEWORKS
NODE.JS EXPRESS SAILS.JS METEOR
RUBY SINATRA RUBY ON RAILS
GO REVEL MARTINI
PYTHON DJANGO FLASK
Q&A