Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Crafting REST APIs Mobile Devs Will Love

matto1990
December 09, 2015
Technology
0
120

Crafting REST APIs Mobile Devs Will Love

This talk will cover best practices for creating REST APIs that don't make mobile developers want to cry.

We'll start with an overview of what it means to create a RESTful API, and then go through some best practices on encryption and versioning. We'll then show how your documentation can be used to validate input and test the responses your API gives, meaning the documentation becomes the source of truth for the API. No more outdated documentation and frustrated developers!

Matt is a developer at ribot who has worked on Android, iOS and API servers.

matto1990

December 09, 2015
Tweet

More Decks by matto1990

See All by matto1990
Delight and Surprise - Making the most of user data on Android
matto1990
2
330
HTML5 - The Bleeding Edge
matto1990
2
190

Other Decks in Technology

See All in Technology
M5stackで使用できるpHセンサの開発
shinrinakamura
0
170
How to Lead? Testimonial of a Lead Android Engineer
oleur
1
110
R3のコードから見る実践LINQ実装最適化・コンカレントプログラミング実例
neuecc
3
2.6k
Google Cloud Next '24でブログを10本書いた方法と勉強会を沸かせた方法
yasumuusan
0
330
【SORACOM UG 東海】あらゆるモノがつながる社会へ、IoT と SORACOM
soracom
PRO
1
140
データベース02: データベースの概念
trycycle
0
180
生成AIの変革の時代に、 直近1年で直面した課題とその解決策
ktc_wada
0
650
チームでロジカルシンキングに改めて向き合っている話 〜学習環境と実践⽅法〜
sansantech
PRO
3
3.3k
TechFeed Experts Night#27 〜 フロントエンドフレームワーク最前線 (Svelte)
baseballyama
2
590
AOAI をきっかけに​ 社内の Azure 管理を見直した話​
recruitengineers
PRO
1
450
今年のRubyKaigiはProfiler Year🤘
osyoyu
0
360
Cracking the KubeCon CfP
inductor
2
270

Featured

See All Featured
What's in a price? How to price your products and services
michaelherold
238
11k
Why Our Code Smells
bkeepers
PRO
331
56k
How to Ace a Technical Interview
jacobian
273
22k
StorybookのUI Testing Handbookを読んだ
zakiyama
13
4.6k
Stop Working from a Prison Cell
hatefulcrawdad
267
19k
A Tale of Four Properties
chriscoyier
152
22k
How GitHub Uses GitHub to Build GitHub
holman
468
290k
Robots, Beer and Maslow
schacon
PRO
155
7.9k
Practical Orchestrator
shlominoach
183
9.7k
Facilitating Awesome Meetings
lara
43
5.6k
Creatively Recalculating Your Daily Design Routine
revolveconf
211
11k
Producing Creativity
orderedlist
PRO
338
39k

Transcript

  1. Crafting REST APIs REST APIs Mobile Developers Will Love Matt

    Oakes

  2. Talk Overview

  3. About Me

  4. What is REST?

  5. Resources

  6. None

  7. Requests

  8. HTTP Verbs • GET • Gets resource • POST •

    Create a new resource • PUT • Update a resource • PATCH • Update part of a resource • DELETE • Deletes a resource

  9. Resource URIs • GET /games • Retrieves a collection of

    games • GET /games/11 • Retrieves a specific game • POST /games • Creates a new game • DELETE /games/11 • Deletes game #11 • PUT /games/11 • Updates game #11 • PATCH /games/11 • Partially updates game #11

  10. Sub-resources • GET /games/11/rounds • Retrieves collection of rounds for

    game #11 • GET /games/11/rounds/4 • Retrieves round #4 for game #11 • POST /games/11/rounds • Creates a new round in game #11
  11. None

  12. Responses

  13. HTTP Status Codes • 200 OK • Response was successful

    • 201 Created • Response to a POST that results in a creation • 204 No Content • Response to a successful request that won't be returning a body (like a DELETE request) • 400 Bad Request • The request is malformed, such as if the body does not parse or there are validation errors • 404 Not Found • When a non-existent resource is requested • 401 Unauthorized • When no or invalid authentication details are provided • 403 Forbidden • When authentication succeeded but authenticated user doesn't have access to the resource

  14. Response Body • JSON • Human and machine readable •

    Widely supported

  15. Best Practices

  16. Best Practices • TLS/SSL everywhere • Documentation • Testing

  17. TLS/SSL Everywhere

  18. iOS 9 Requires TLS for all connections http://j.mp/apptransportsecurity

  19. HTTPS Is Not Enough Secure certificate & correct server settings

    Test at: http://j.mp/ssllabtest Documentation at: http://j.mp/ssllabsdocs
  20. None
  21. None

  22. Documentation

  23. List All Resource URIs Yes… Really…

  24. Request & Response Format • Exactly what you expect in

    • What property name? • Which properties are required? • What types are they? • Exactly what you’ll send back • What are the property names? • Which ones may not be sent back (and why)? • What types are they?

  25. Document Errors

  26. API Blueprint A language and set of tools to describe

    your API https://apiblueprint.org/

  27. ribot API Example

  28. None
  29. None
  30. None

  31. JSON Schemas A language to describe the structure and content

    types of JSON http://json-schema.org/
  32. None
  33. None

  34. Request Validation Middleware

  35. None
  36. None
  37. None

  38. Testing

  39. Test Using the Documentation The documentation is the source of

    truth
  40. None
  41. None
  42. None
  43. None
  44. None

  45. Test-Driven Development

  46. Summary

  47. Thank You! Any Questions? @matto1990