Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
BFTW: The Backend
Search
José Padilla
August 13, 2014
Technology
4
200
BFTW: The Backend
Day 2 of Building for the Web. Discussing backend development for modern web apps.
José Padilla
August 13, 2014
Tweet
Share
More Decks by José Padilla
See All by José Padilla
Python, Government, and Contracts
jpadilla
0
51
Python, Government, and Contracts
jpadilla
0
5k
Python Type Hints
jpadilla
0
520
Developer Ergonomics
jpadilla
0
2.1k
DjangoCon - JSON Web Tokens
jpadilla
15
11k
eventos
jpadilla
0
170
JWT
jpadilla
2
440
Ember.js + Django
jpadilla
3
2.1k
UPRB Basic Workshop
jpadilla
2
210
Other Decks in Technology
See All in Technology
怖くない!GritQLでBiomeプラグインを作ろうよ
pal4de
1
130
ML Pipelineの開発と運用を OpenTelemetryで繋ぐ @ OpenTelemetry Meetup 2025-07
getty708
0
300
ゼロから始めるSREの事業貢献 - 生成AI時代のSRE成長戦略と実践 / Starting SRE from Day One
shinyorke
PRO
0
250
自分がLinc’wellで提供しているプロダクトを理解するためにやったこと
murabayashi
1
160
20250719_JAWS_kobe
takuyay0ne
1
160
KCD Lima: eBee in Peru!
lizrice
0
100
モバイルゲームの開発を支える基盤の歩み ~再現性のある開発ラインを量産する秘訣~
qualiarts
0
430
TypeScript 上達の道
ysknsid25
21
4.5k
少人数でも回る! DevinとPlaybookで支える運用改善
ishikawa_pro
4
1.3k
Amazon CloudWatchのメトリクスインターバルについて / Metrics interval matters
ymotongpoo
3
220
手動からの解放!!Strands Agents で実現する総合テスト自動化
ideaws
2
360
MCPに潜むセキュリティリスクを考えてみる
milix_m
1
810
Featured
See All Featured
The Straight Up "How To Draw Better" Workshop
denniskardys
235
140k
Unsuck your backbone
ammeep
671
58k
VelocityConf: Rendering Performance Case Studies
addyosmani
332
24k
Reflections from 52 weeks, 52 projects
jeffersonlam
351
21k
Rebuilding a faster, lazier Slack
samanthasiow
83
9.1k
Scaling GitHub
holman
461
140k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
110
19k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
The Pragmatic Product Professional
lauravandoore
35
6.8k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
10
990
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
Transcript
BUILDING FOR THE WEB
DAY 2
http://bit.ly/bftw-day2-qna
JOSÉ PADILLA
None
PERL
<script language="VBScript"> <!-- Set oWMP = CreateObject("WMPlayer.OCX.7") Set colCDROMs =
oWMP.cdromCollection if colCDROMs.Count >= 1 then For i = 0 to colCDROMs.Count - 1 colCDROMs.Item(i).Eject Next ' cdrom End If --> </script>
WSH & VBSCRIPT
PHP & MYSQL HTML & JAVASCRIPT
HACKER
ENTREPRENEUR
CO-FOUNDER AT BLIMP
None
None
jpadilla.com
THE BACKEND
MAKING DEVELOPERS HAPPIER, MORE PRODUCTIVE AND MORE EFFICIENT
“We allow teams to function as independently as possible. Developers
are like artists; they produce their best work if they have the freedom to do so, but they need good tools.” Werner Vogels, CTO at Amazon
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
WAYS TO WRITE WEB APPS
MONOLITHIC PATTERN
BUILDING A SINGLE COUPLED PROJECT
None
SERVICE PATTERN
BUILDING VARIOUS SMALL INDEPENDENT WEB SERVICES
None
None
None
None
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
HYPERTEXT TRANSFER PROTOCOL
None
HTTP is simple
None
1) The client sends a request
GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)
HTTP METHODS
GET /v1/cars HTTP/1.1
GET
Retrieve the resource from the server
POST
Create a resource on the server
PUT
Update the resource on the server
DELETE
Delete the resource from the server
URI
GET /v1/cars HTTP/1.1
Identifies the resource the client wants
REQUEST HEADERS
Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)
2) The server returns a response
HTTP/1.1 200 OK Date: Tue, 12 Aug 2014 09:00:00 GMT
Server: ngnix Content-Type: application/json { "message": "Hello World" }
HTTP/1.1 200 OK
STATUS CODES
HTTP/1.1 200 OK
INFORMATIONAL - 1XX 100 Continue 101 Switching Protocols
SUCCESSFUL - 2XX 200 OK 201 Created 202 Accepted 204
No Content
REDIRECTION - 3XX 301 Moved Permanently 302 Found 304 Not
Modified
CLIENT ERROR - 4XX 400 Bad Request 401 Unauthorized 403
Forbidden 404 Not Found 405 Method Not Allowed
SERVER ERROR - 5XX 500 Internal Server Error 502 Bad
Gateway 503 Service Unavailable
RESPONSE HEADERS
Date: Tue, 12 Aug 2014 09:00:00 GMT Server: ngnix Content-Type:
application/json
RESPONSE BODY
{ "message": "Hello World" }
REQUEST + RESPONSES = HTTP
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
Hypertext Transfer Protocol Secure
None
Used for secure communication
HTTP + SSL/TLS
Privacy
Data integrity
When to use HTTPS?
Credit card details? Use HTTPS
Users/Passwords? Use HTTPS
USE HTTPS. ALWAYS.
WARNING
HTTPS is not a security silver bullet
Price: $10+ RapidSSL, StartSSL, Thawte...
TIPS
ssllabs.com
None
Redirect HTTP to HTTPS
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • CODE EXAMPLE
None
None
None
JavaScript
XMLHttpRequest
Asynchronous JavaScript and XML
None
None
SERVER
GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)
X-Requested-With: XMLHttpRequest
X-Requested-With: XMLHttpRequest
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
None
GET ws://websocket.example.com/ HTTP/1.1 Origin: http://example.com Connection: Upgrade Host: websocket.example.com Upgrade:
websocket
HTTP/1.1 101 WebSocket Protocol Handshake Date: Wed, 16 Oct 2013
10:07:34 GMT Connection: Upgrade Upgrade: WebSocket
USE CASES
Real-time data/feeds
None
Instant messaging and chat
None
Collaborative editing
None
Multiplayer games
None
None
None
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
SQL DATABASES
NOSQL DATABASES
HOW TO CHOOSE?
HOW I CHOSE?
BREAK!
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
try finding the Monthly Report in the cache if the
data is in the cache: return the cached Monthly Report else: execute complex and time-consuming queries save the generated Monthly Report return the cached Monthly Report
WHEN TO IMPLEMENT CACHING?
MEMCACHED
REDIS
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
None
STATSD
None
NEW RELIC
None
LOGGLY
None
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
DON'T REINVENT THE WHEEL
None
UNFILTERED INPUT, UNESCAPED OUTPUT
CROSS-SITE SCRIPTING (XSS)
SQL INJECTION
None
CROSS-SITE REQUEST FORGERY (CSRF)
DON'T STORE PASSWORDS IN PLAIN TEXT
DON'T EMAIL A USER'S PASSWORD
HASH PASSWORDS WITH PBKDF2
OWASP
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
THE TWELVE- FACTOR APP
DECLARATIVE
MAXIMUM PORTABILITY
DEPLOY TO CLOUD
DEV/PROD PARITY
SCALABLE
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
None
<?xml version="1.0"?> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Header> </soap:Header> <soap:Body> <m:GetStockPrice xmlns:m="http://www.example.org/stock"> <m:StockName>IBM</m:StockName>
</m:GetStockPrice> </soap:Body> </soap:Envelope>
None
REPRESENTATIONAL STATE TRANSFER
RESOURCE-BASED
Verbs (Don't) POST /GetSongs HTTP/1.1
Nouns (Do) GET /songs HTTP/1.1
REPRESENTATIONS
{ "id": 1, "name": "Pretty When You Cry", "album": 1,
"favorite": false }
<song> <id>1</id> <name>Pretty When You Cry</name> <album>1</album> <favorite>false</favorite> </song>
STATELESS
UNIFORM INTERFACE
TIPS
API = DEV'S UI
USE RESTFUL URLS AND ACTIONS
GET /songs HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json
[{ "id": 1, "name": "Pretty When You Cry" }, { "id": 1, "name": "Money Power Glory" }]
GET /songs/1 HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json
{ "id": 1, "name": "Pretty When You Cry" }
POST /songs HTTP/1.1 Accept: application/json { "name": "West Coast" }
HTTP/1.1 201 CREATED Content-Type: application/json { "id": 3, "name": "West Coast" }
PUT /songs/3 HTTP/1.1 Accept: application/json { "name": "West Coast (Updated)"
} HTTP/1.1 200 OK Content-Type: application/json { "id": 3, "name": "West Coast (Updated)" }
DELETE /songs/3 HTTP/1.1 Accept: application/json HTTP/1.1 204 NO CONTENT Content-Type:
application/json
USE SSL. ALWAYS.
VERSIONING
GET /v1/songs
FILTERING, SORTING & SEARCHING
GET /songs?sort=-name GET /songs?favorite=true GET /songs?q=ritmo
ALLOW LIMITING FIELDS
GET /songs?fields=id,name
USE JSON
PAGINATION
UPDATES/CREATE SHOULD RETURN REPRESENTATION
CONSUMABLE ERROR PAYLOAD
{ "errors": { "email": "Email is required.", "password": "Password is
required." } }
AUTHENTICATION
COOKIE-BASED
TOKEN-BASED
EFFECTIVELY USE HTTTP STATUS CODES
CHECK OUT JSONAPI.ORG
LANGUAGES & FRAMEWORKS
NODE.JS EXPRESS SAILS.JS METEOR
RUBY SINATRA RUBY ON RAILS
GO REVEL MARTINI
PYTHON DJANGO FLASK
Q&A