Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
What is an API
Search
Jesse Wolgamott
February 24, 2017
Technology
0
190
What is an API
BEGINNER level on what is a (server-side JSON) API
Jesse Wolgamott
February 24, 2017
Tweet
Share
More Decks by Jesse Wolgamott
See All by Jesse Wolgamott
React vs React-Native
jwo
0
130
DIY Rails Authentication
jwo
0
210
ActionCable - For Not Another Chat App
jwo
3
1.6k
SlackBot.rb - Create You a Slack Bot
jwo
1
1.4k
react-rails: an isomorphic match made in heaven
jwo
0
1.3k
Docker - next big thing
jwo
0
950
Ruby 2.1 Overview
jwo
0
970
Rails 4: Appetizers
jwo
1
980
The Long Ball: Upgrading Rails from 1.2 -> 4.0
jwo
2
210
Other Decks in Technology
See All in Technology
デザインとエンジニアリングの架け橋を目指す OPTiMのデザインシステム「nucleus」の軌跡と広げ方
optim
0
120
プロファイルとAIエージェントによる効率的なデバッグ / Effective debugging with profiler and AI assistant
ymotongpoo
1
360
re:Invent 2025の見どころと便利アイテムをご紹介 / Highlights and Useful Items for re:Invent 2025
yuj1osm
0
220
AI時代の発信活動 ~技術者として認知してもらうための発信法~ / 20251028 Masaki Okuda
shift_evolve
PRO
1
110
MCP ✖️ Apps SDKを触ってみた
hisuzuya
0
390
AI AgentをLangflowでサクッと作って、1日働かせてみた!
yano13
1
160
ViteとTypeScriptのProject Referencesで 大規模モノレポのUIカタログのリリースサイクルを高速化する
shuta13
3
220
GraphRAG グラフDBを使ったLLM生成(自作漫画DBを用いた具体例を用いて)
seaturt1e
1
150
AIでデータ活用を加速させる取り組み / Leveraging AI to accelerate data utilization
okiyuki99
4
1.2k
20251024_TROCCO/COMETAアップデート紹介といくつかデモもやります!_#p_UG 東京:データ活用が進む組織の作り方
soysoysoyb
0
120
ラスベガスの歩き方 2025年版(re:Invent 事前勉強会)
junjikoide
0
430
会社を支える Pythonという言語戦略 ~なぜPythonを主要言語にしているのか?~
curekoshimizu
3
880
Featured
See All Featured
What’s in a name? Adding method to the madness
productmarketing
PRO
24
3.7k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
10
890
Docker and Python
trallard
46
3.6k
Git: the NoSQL Database
bkeepers
PRO
431
66k
GitHub's CSS Performance
jonrohan
1032
470k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.5k
Music & Morning Musume
bryan
46
6.9k
Testing 201, or: Great Expectations
jmmastey
45
7.7k
Bash Introduction
62gerente
615
210k
Agile that works and the tools we love
rasmusluckow
331
21k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.7k
Unsuck your backbone
ammeep
671
58k
Transcript
APIs An exploration into the past, present, and future parts
of web microservice and their place in current modern tech culture.
APIs What is an API?
Why APIs?
Mobile Devices
JS Frameworks
Email? SMS? Twitter?
Me
Jesse Wolgamott • Former Instructor, Back-End Engineer at TIY Houston
• Currently: Director, Back-end Engineering, The Iron Yard • Developer since 1997 • First JSON API: 2002
History
History, Quickly • API: “Application Programming Interface” • Standard input/output
for a library to be used and re-used • Computers have APIs (BIOS, Hard Drives, Operating Systems)
History, Quickly • Software worked over the “network” before the
internet • They would connect via “APIs” to a remote server. • Known as “Client/Server”
History, Quickly • The “internet” resembled this • People said,
let’s expose “data” over the internet via an “API” • It stuck
API Requests • There’s no difference between your browser requesting
facebook.com and a computer program making an “API” call • facebook.com might return HTML to your browser and JSON to the program
Headers • Both requests and responses contain “headers” • Headers
are sent/received with all requests/responses • They help browsers and computers do their thing
The Request
It’s called a Request no matter if you are requesting
data or sending data
Requests • URL • Method • Content-Type • Accepts
URL http://www.domain.com/users/56 Protocol Domain Path Resource ID
URL • Each “Entity” has one specific URL. • The
best URLs are “guessable”
Method • Each Request has an HTTP-Method • GET ->
request data • POST -> here’s new (or updated) data • DELETE -> delete data at this URL • PATCH -> here’s what to update
Content Type • Specified via a “HEADER” • When sending
data (POST/PATCH), tells server if you’re sending JSON or XML or JWOML
Accept • Specified via a “HEADER” • Tells server what
type of data you want to receive back, such as JSON, XML, or JWOML
The Response
Status Code • Specified via a “HEADER” • Tells the
client all sorts of things
OK Status Codes • 200: OK • 201: Created •
301: Over there (always) • 302: Over there (temporarily)
NotGreat Status Codes • 400: Generic Bad, but your bad
• 401: You are not authenticated • 404: Not Found • 422: Errors found in your data
RealBad Status Codes • 500: Big huge problem, it’s my
fault • 503: Service is down
General Status Codes • 200: OK • 300: Over There
• 400: [BLEEP] You • 500: [BLEEP] Me
Shape of Data • Each server will return different shapes
of data • This is dependent of whatever developer happened to code that one day they were employed there
Shape of Data • You have to exactly know the
shape of data to get anything of value out of the API • You won’t know the shape of data until making calls and manually looking at data
Exchange Rates response.rates.AUD
GitHub Repos [0].owner.login
JSON API Sample data[0].attributes.title
Shape of Data • Sometimes the base object is a
key, sometimes it’s an array • When you get this wrong, it brakes
Tools
Without JSON-View Formats JSON in Browsers
With JSON-View Formats JSON in Browsers
Postman Set headers, post data, receive data
Essential Tools • You have to exactly know the shape
of data to get anything of value out of the API • You won’t know the shape of data until making calls and manually looking at data • Sometimes you get documentation • Sometimes documentation is out of date
Authentication
Authentication Who You are
Authentication What App Are You Using?
User Authentication • User Authorization: Trade username and password for
a token • All requests then contain token. • Without request, 401 • Token can be in Header or a URL parameter.
App Authentication • Each App is given a token to
use for the App itself • ApiToken is usually a Header, but can also be a URL parameter
Authorization \What You Can See
Oauth
Way for Internet users to authorize websites or applications to
access their information on other websites but without giving them the passwords.
Way for Internet users to authorize websites or applications to
access their information on other websites but without giving them the passwords.
Two Types • Password Grant - used for me to
trade my username/password on a site for an auth token • Sign in with Facebook / Google / Spotify / GitHub, etc
It’s Just That Easy™
Oauth Difficulty • Difficult to get the “Connect” oauth right
• It is also the only responsible way to get a user’s information to your site from a second site
Standards (attempts)
JSON-API • Created by the EmberJS team, JSON-API attempts to
standardize the shape of the JSON responses • Results outside of Ember: not-great
GraphQL • “Hot Future” of JSON-APIs. • Query for what
you want, instead of returning ALL data.
PRO Tips
CORS • Helps protect information • Feels like it gets
in your way • If API protects against CORS, you use a server-side proxy to get around
JSON-P • Can cross CORS boundary • You specify a
callback to be called by server • (I’d rather just have a proxy)
More Logging • console.log() the response you actually get •
Don’t assume documentation is up to date, accurate, or nice
Great APIs Have
Great Expectations • Versioning • API Keys • Runnable Documentation
• Sample Libraries • Does just about what you’d expect
Publishing APIs
Microservices • JavaScript: Express, KOA, HAPI • Ruby: Sinatra •
C#: Nancy • Swift: Taylor
Larger Frameworks • Node: Adonis • Ruby: Rails • C#:
ASP.NET MVC • Swift: Vapor / Perfect