Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Building APIs
Search
Justin Yost
July 03, 2015
Programming
1
7.1k
Building APIs
Justin Yost
July 03, 2015
Tweet
Share
More Decks by Justin Yost
See All by Justin Yost
Laravel 6, 7 and Other Goodies
justinyost
2
74
PHP and Databases
justinyost
2
36
Ansible: What Is It and What Is It Good For?
justinyost
0
24
Generators: All About the Yield
justinyost
0
11
Laravel 6: What's New and What's Changed
justinyost
0
200
Middleware: Between the Framework and the Browser
justinyost
2
68
Caching and You and You and You and You...
justinyost
0
41
Git: The Pain and the Gain
justinyost
0
100
Generators: All About the Yield
justinyost
0
160
Other Decks in Programming
See All in Programming
ソースコードを美しくたもつために ~コードレビューの認知限界を突破し、年間400リリースを達成する~
kotauchisunsun
1
770
TypeScriptとGraphQLで実現する 型安全なAPI実装 / TSKaigi 2024
hokaccha
5
2.8k
TCAとKMPを用いた新規動画配信アプリ 「ABEMA Live」の設計
tomu28
2
140
TypeScriptでもLLMアプリケーション開発 / LLM Application In Typescript
rkaga
5
1.3k
TypeScriptの型とパフォーマンス (TSKaigi 2024)
ypresto
14
4.6k
Exploring Type-Informed Lint Rules in Rust based TypeScript Linters
unvalley
3
640
TypeScriptから始める VR生活
tamagokakeg
2
120
freeeのエンジニアが 就活で出そうな コーディングテストを 解説してみる
freee
1
170
How to implement a RubyVM with PHP?
memory1994
PRO
2
450
How to improve maintainability and readability of your automated tests? ( #scrumniigata )
teyamagu
PRO
1
130
地方こそサーバーレス、その意義に迫るサーバーレスPHP / Serverless PHP: The Rural Areas, and Why Serverless PHP Matters
seike460
PRO
2
110
2024 コーディング研修
ckazu
2
660
Featured
See All Featured
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
323
20k
StorybookのUI Testing Handbookを読んだ
zakiyama
13
4.7k
Statistics for Hackers
jakevdp
790
220k
Done Done
chrislema
178
15k
[RailsConf 2023] Rails as a piece of cake
palkan
28
4.1k
The Invisible Side of Design
smashingmag
294
49k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
15
1.6k
Into the Great Unknown - MozCon
thekraken
15
1.1k
It's Worth the Effort
3n
180
27k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
34
6.1k
Intergalactic Javascript Robots from Outer Space
tanoku
266
26k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
26
2.3k
Transcript
Building APIs Justin Yost Web Developer at Loadsys 4 twitter.com/jtyost2
4 github.com/jtyost2 4 yostivanich.com
What is an API 4 API - Application Programming Interface
4 One thing talks to another thing. 4 Twitter, Facebook, AWS, all have APIs.
Why do you need an API 4 JS Front End
Framework? 4 An app? 4 Talk to other servers than the ones you own/ provision?
Design 4 APIs are for developers 4 APIs are for
in-house developers 4 APS are for outside developers 4 APIs are for possibly all level of developers
https://stripe.com/docs/ api
APIs are hard
Key Tips For Designing an API 4 Consistency 4 Standards
(REST, HTTP, OAuth) 4 Versioning 4 Documentation (API Blueprint) 4 Don't just present the database
Consistency 4 Endpoints /people and /people/15 vs /person and /person/15
Consistency 4 Output { "people": { {"name": "First"}, {"name": "Second"}
} } vs { "person": { "name": "First" } }
Standards 4 REST 4 OAuth 2.0 4 JSON (JSON API
hit 1.0 recently)
REST Uniform Interface 4 System of endpoints 4 Provides enough
information to be self describing 4 Provides enough information to manipulate 4 The interface is HTTP itself
REST Stateless 4 HTTP is Stateless by design 4 Web
apps though tend to care about state 4 State is what stored information do I already know when you make the request (Session is State)
REST Cacheable 4 API should respond with Cache Headers as
appropriate 4 API Clients should respect Cache Headers
REST Client-Server 4 Separation of Concerns 4 Client - presents
data, protects user state 4 Server - stores data
REST Layered System 4 Clients may not always talk directly
to the API server 4 Talk to an Auth Server, then a caching server, then API server
Design REST 4 REST enforces a pattern
Design REST 4 REST is HTTP 4 HTTP is more
than GET, POST, PUT, DELETE 4 OPTIONS and HEAD 4 Idempotent Methods (GET, HEAD, DELETE, PUT) 4 Return Correct and Valid Headers
Design OAuth 2.0 4 http://oauth.net/2/ 4 https://aaronparecki.com/articles/2012/07/29/1/ oauth2-simplified 4 Short
URL: http://jty.me/1dEQyge 4 Support for a variety of authentication schemes 4 Tons of pre-existing libraries and packages
Design JSON 4 Use JSON 1st and primarily 4 Maybe
XML - are you a bank or law firm or Google? 4 Consider JSON API (Like really really consider it)
Design Versioning 4 /api/v1/foo 4 /api/foo HEADERS: {'api-v': '1.0'} 4
/api/foo HEADERS: {'Accept': 'application/ vnd.domain.v2+json'} 4 https://v1.domain.com/api/foo
Design Documentation 4 Clear 4 Complete 4 Examples (CURL, PHP,
Java, Ruby, Node, Go, etc)
Design Documentation 4 API Blueprint: https://apiblueprint.org/ # GET /message +
Response 200 (text/plain) Hello World!
Design Documentation 4 Dredd: https://github.com/apiaryio/dredd
Design Don't just present the Database 4 Database and API
are different and unique 4 Think through the complex pieces of the API 4 APIs can make thins simpler in the final view
This stuff is really hard 4 You'll mess up 4
You'll forget something 4 You'll build it weird 4 That's why we version things
Some other tips 4 SSL 4 Build stuff with your
API, that'll tell you how hard it is 4 Read other API docs and build with their API 4 Provide Libraries
Questions?