REST APIs on Rails

Transcript

1. REST APIs on Rails

2. Lucas André de Alencar Full Stack Developer, Resultados Digitais @lucasandre

3. gem 'rails-api'

4. # instead of class ApplicationController < ActionController::Base end # do

   class ApplicationController < ActionController::API include ActionController::HttpAuthentication::Token::ControllerMethods include ActionController::MimeResponds include AbstractController::Translation # Your beautiful code goes here! end
5. None

6. $ rails new long-trains --api ... $ rails g scaffold

   train type:string wagons:integer invoke active_record create db/migrate/20150907193647_create_trains.rb create app/models/train.rb invoke test_unit create test/models/train_test.rb create test/fixtures/trains.yml invoke resource_route route resources :trains create app/serializers/train_serializer.rb invoke scaffold_controller create app/controllers/trains_controller.rb invoke test_unit create test/controllers/trains_controller_test.rb

7. Versioning

8. URL Request Params HTTP Header api.longtrains.com/v1/trains api.longtrains.com/trains?version=1 Accept: application/json; version=1

9. gem 'versionist'

10. LongTrains::Application.routes.draw do api_version(:module => "V1", :path => {:value => "v1"})

    do resources :trains end end URL api.longtrains.com/v1/trains

11. LongTrains::Application.routes.draw do api_version(:module => "V1", :parameter => {:name => "version",

    :value => "1"}) do resources :trains end end Request Params api.longtrains.com/trains?version=1

12. LongTrains::Application.routes.draw do api_version(:module => "V1", :header => {:name => "Accept",

    :value => "application/json; version=1"}) do resources :trains end end HTTP Header Accept: application/json; version=1

13. Structure

14. Separate API controllers by version Keep models unified between versions

15. Serializers

16. gem 'active_model_serializers'

17. class PostSerializer < ActiveModel::Serializer attributes :title, :body has_many :comments end

    class CommentSerializer < ActiveModel::Serializer attributes :name, :body belongs_to :post end class PostPreviewSerializer < ActiveModel::Serializer attributes :title, :preview end

18. class PostsController < ApplicationController def show @post = Post.find(params[:id]) render

    json: @post end def index @posts = Post.all render json: @posts, each_serializer: PostPreviewSerializer end end

19. Security

20. Pure Rails ActionController::HttpAuthentication::Basic ActionController::HttpAuthentication::Digest ActionController::HttpAuthentication::Token

21. TDD

22. Which one to use? Functional Integration a.k.a ControllerTest

23. Integration tests ARE the right CHOICE

24. Summary rails-api versioning active_model_serializers respect HTTP response codes use integration

    tests

25. Lucas André de Alencar @lucasandre [email protected] Valeu!

26. Gems github.com/rails-api/rails-api github.com/bploetz/versionist github.com/rails-api/active_model_serializers Rails API api.rubyonrails.org/classes/ActionController/HttpAuthentication/Digest.html api.rubyonrails.org/classes/ActionController/HttpAuthentication/Basic.html api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html Railscasts

    railscasts.com/episodes/350-rest-api-versioning railscasts.com/episodes/352-securing-an-api Links

27. Links Posts www.gotealeaf.com/blog/authentication-methods-in-rails www.emilsoman.com/blog/2013/05/18/building-a-tested blog.joshsoftware.com/2014/05/08/implementing-rails-apis-like-a-professional/ stackoverflow.com/questions/3297048/403-forbidden-vs-401-unauthorized-http-responses/6937030#6937030 wyeworks.com/blog/2015/6/30/how-to-build-a-rails-5-api-only-and-ember-application/ wyeworks.com/blog/2015/6/11/how-to-build-a-rails-5-api-only-and-backbone-application