Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
BFTW: The Backend
Search
José Padilla
August 13, 2014
Technology
4
210
BFTW: The Backend
Day 2 of Building for the Web. Discussing backend development for modern web apps.
José Padilla
August 13, 2014
Tweet
Share
More Decks by José Padilla
See All by José Padilla
Python, Government, and Contracts
jpadilla
0
57
Python, Government, and Contracts
jpadilla
0
5k
Python Type Hints
jpadilla
0
570
Developer Ergonomics
jpadilla
0
2.1k
DjangoCon - JSON Web Tokens
jpadilla
15
11k
eventos
jpadilla
0
190
JWT
jpadilla
2
450
Ember.js + Django
jpadilla
3
2.1k
UPRB Basic Workshop
jpadilla
2
220
Other Decks in Technology
See All in Technology
Jakarta Agentic AI Specification - Status and Future
reza_rahman
0
110
SREには開発組織全体で向き合う
koh_naga
0
390
打 造 A I 驅 動 的 G i t H u b ⾃ 動 化 ⼯ 作 流 程
appleboy
0
370
文字列の並び順 / Unicode Collation
tmtms
3
620
AlmaLinux + KVM + Cockpit で始めるお手軽仮想化基盤 ~ 開発環境などでの利用を想定して ~
koedoyoshida
0
120
大企業でもできる!ボトムアップで拡大させるプラットフォームの作り方
findy_eventslides
1
860
ハッカソンから社内プロダクトへ AIエージェント「ko☆shi」開発で学んだ4つの重要要素
sonoda_mj
5
860
SQLだけでマイグレーションしたい!
makki_d
0
1.1k
AWS CLIの新しい認証情報設定方法aws loginコマンドの実態
wkm2
7
770
子育てで想像してなかった「見えないダメージ」 / Unforeseen "hidden burdens" of raising children.
pauli
2
300
Fashion×AI「似合う」を届けるためのWEARのAI戦略
zozotech
PRO
2
980
【ServiceNow SNUG Meetup LT deck】WorkFlow Editorの廃止と Flow Designerへの移行戦略
niwato
0
100
Featured
See All Featured
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
1
250
Bash Introduction
62gerente
615
210k
Impact Scores and Hybrid Strategies: The future of link building
tamaranovitovic
0
170
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
47
7.9k
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
akashhashmi
0
180
Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa
akademiya2063
PRO
0
26
Practical Orchestrator
shlominoach
190
11k
Information Architects: The Missing Link in Design Systems
soysaucechin
0
700
From Legacy to Launchpad: Building Startup-Ready Communities
dugsong
0
110
Joys of Absence: A Defence of Solitary Play
codingconduct
1
250
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
39
Transcript
BUILDING FOR THE WEB
DAY 2
http://bit.ly/bftw-day2-qna
JOSÉ PADILLA
None
PERL
<script language="VBScript"> <!-- Set oWMP = CreateObject("WMPlayer.OCX.7") Set colCDROMs =
oWMP.cdromCollection if colCDROMs.Count >= 1 then For i = 0 to colCDROMs.Count - 1 colCDROMs.Item(i).Eject Next ' cdrom End If --> </script>
WSH & VBSCRIPT
PHP & MYSQL HTML & JAVASCRIPT
HACKER
ENTREPRENEUR
CO-FOUNDER AT BLIMP
None
None
jpadilla.com
THE BACKEND
MAKING DEVELOPERS HAPPIER, MORE PRODUCTIVE AND MORE EFFICIENT
“We allow teams to function as independently as possible. Developers
are like artists; they produce their best work if they have the freedom to do so, but they need good tools.” Werner Vogels, CTO at Amazon
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
WAYS TO WRITE WEB APPS
MONOLITHIC PATTERN
BUILDING A SINGLE COUPLED PROJECT
None
SERVICE PATTERN
BUILDING VARIOUS SMALL INDEPENDENT WEB SERVICES
None
None
None
None
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
HYPERTEXT TRANSFER PROTOCOL
None
HTTP is simple
None
1) The client sends a request
GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)
HTTP METHODS
GET /v1/cars HTTP/1.1
GET
Retrieve the resource from the server
POST
Create a resource on the server
PUT
Update the resource on the server
DELETE
Delete the resource from the server
URI
GET /v1/cars HTTP/1.1
Identifies the resource the client wants
REQUEST HEADERS
Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)
2) The server returns a response
HTTP/1.1 200 OK Date: Tue, 12 Aug 2014 09:00:00 GMT
Server: ngnix Content-Type: application/json { "message": "Hello World" }
HTTP/1.1 200 OK
STATUS CODES
HTTP/1.1 200 OK
INFORMATIONAL - 1XX 100 Continue 101 Switching Protocols
SUCCESSFUL - 2XX 200 OK 201 Created 202 Accepted 204
No Content
REDIRECTION - 3XX 301 Moved Permanently 302 Found 304 Not
Modified
CLIENT ERROR - 4XX 400 Bad Request 401 Unauthorized 403
Forbidden 404 Not Found 405 Method Not Allowed
SERVER ERROR - 5XX 500 Internal Server Error 502 Bad
Gateway 503 Service Unavailable
RESPONSE HEADERS
Date: Tue, 12 Aug 2014 09:00:00 GMT Server: ngnix Content-Type:
application/json
RESPONSE BODY
{ "message": "Hello World" }
REQUEST + RESPONSES = HTTP
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
Hypertext Transfer Protocol Secure
None
Used for secure communication
HTTP + SSL/TLS
Privacy
Data integrity
When to use HTTPS?
Credit card details? Use HTTPS
Users/Passwords? Use HTTPS
USE HTTPS. ALWAYS.
WARNING
HTTPS is not a security silver bullet
Price: $10+ RapidSSL, StartSSL, Thawte...
TIPS
ssllabs.com
None
Redirect HTTP to HTTPS
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • CODE EXAMPLE
None
None
None
JavaScript
XMLHttpRequest
Asynchronous JavaScript and XML
None
None
SERVER
GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)
X-Requested-With: XMLHttpRequest
X-Requested-With: XMLHttpRequest
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
None
GET ws://websocket.example.com/ HTTP/1.1 Origin: http://example.com Connection: Upgrade Host: websocket.example.com Upgrade:
websocket
HTTP/1.1 101 WebSocket Protocol Handshake Date: Wed, 16 Oct 2013
10:07:34 GMT Connection: Upgrade Upgrade: WebSocket
USE CASES
Real-time data/feeds
None
Instant messaging and chat
None
Collaborative editing
None
Multiplayer games
None
None
None
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
SQL DATABASES
NOSQL DATABASES
HOW TO CHOOSE?
HOW I CHOSE?
BREAK!
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
try finding the Monthly Report in the cache if the
data is in the cache: return the cached Monthly Report else: execute complex and time-consuming queries save the generated Monthly Report return the cached Monthly Report
WHEN TO IMPLEMENT CACHING?
MEMCACHED
REDIS
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
None
STATSD
None
NEW RELIC
None
LOGGLY
None
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
DON'T REINVENT THE WHEEL
None
UNFILTERED INPUT, UNESCAPED OUTPUT
CROSS-SITE SCRIPTING (XSS)
SQL INJECTION
None
CROSS-SITE REQUEST FORGERY (CSRF)
DON'T STORE PASSWORDS IN PLAIN TEXT
DON'T EMAIL A USER'S PASSWORD
HASH PASSWORDS WITH PBKDF2
OWASP
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
THE TWELVE- FACTOR APP
DECLARATIVE
MAXIMUM PORTABILITY
DEPLOY TO CLOUD
DEV/PROD PARITY
SCALABLE
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
None
<?xml version="1.0"?> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Header> </soap:Header> <soap:Body> <m:GetStockPrice xmlns:m="http://www.example.org/stock"> <m:StockName>IBM</m:StockName>
</m:GetStockPrice> </soap:Body> </soap:Envelope>
None
REPRESENTATIONAL STATE TRANSFER
RESOURCE-BASED
Verbs (Don't) POST /GetSongs HTTP/1.1
Nouns (Do) GET /songs HTTP/1.1
REPRESENTATIONS
{ "id": 1, "name": "Pretty When You Cry", "album": 1,
"favorite": false }
<song> <id>1</id> <name>Pretty When You Cry</name> <album>1</album> <favorite>false</favorite> </song>
STATELESS
UNIFORM INTERFACE
TIPS
API = DEV'S UI
USE RESTFUL URLS AND ACTIONS
GET /songs HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json
[{ "id": 1, "name": "Pretty When You Cry" }, { "id": 1, "name": "Money Power Glory" }]
GET /songs/1 HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json
{ "id": 1, "name": "Pretty When You Cry" }
POST /songs HTTP/1.1 Accept: application/json { "name": "West Coast" }
HTTP/1.1 201 CREATED Content-Type: application/json { "id": 3, "name": "West Coast" }
PUT /songs/3 HTTP/1.1 Accept: application/json { "name": "West Coast (Updated)"
} HTTP/1.1 200 OK Content-Type: application/json { "id": 3, "name": "West Coast (Updated)" }
DELETE /songs/3 HTTP/1.1 Accept: application/json HTTP/1.1 204 NO CONTENT Content-Type:
application/json
USE SSL. ALWAYS.
VERSIONING
GET /v1/songs
FILTERING, SORTING & SEARCHING
GET /songs?sort=-name GET /songs?favorite=true GET /songs?q=ritmo
ALLOW LIMITING FIELDS
GET /songs?fields=id,name
USE JSON
PAGINATION
UPDATES/CREATE SHOULD RETURN REPRESENTATION
CONSUMABLE ERROR PAYLOAD
{ "errors": { "email": "Email is required.", "password": "Password is
required." } }
AUTHENTICATION
COOKIE-BASED
TOKEN-BASED
EFFECTIVELY USE HTTTP STATUS CODES
CHECK OUT JSONAPI.ORG
LANGUAGES & FRAMEWORKS
NODE.JS EXPRESS SAILS.JS METEOR
RUBY SINATRA RUBY ON RAILS
GO REVEL MARTINI
PYTHON DJANGO FLASK
Q&A
jpadilla
reza_rahman
.JPG){kind=avatar}
koh_naga
appleboy
tmtms
koedoyoshida
findy_eventslides
sonoda_mj
makki_d
wkm2
pauli
zozotech
niwato
jct
62gerente
tamaranovitovic
keithpitt
eileencodes
akashhashmi
akademiya2063
shlominoach
soysaucechin
dugsong
codingconduct
marketingsoph
