APIs in Ruby

APIs in Ruby

Explores the landscape of API tooling in Ruby. Presented at SDRuby

1633e2784d925ea41167b45bccddcd19?s=128

Michael Cordell

June 04, 2015
Tweet

Transcript

  1. APIs in Ruby Michael Cordell SD Ruby Talk

  2. Hi ๏ @mike_cordell on twitter ๏ www.mikecordell.com ๏ Raised in

    SD and working at Q-Centrix
  3. GET /subjects ๏ What and Why? ๏ Libraries ๏ Practical

    Info
  4. What and Why ๏ Application programming interface (API) ๏ Operations

    ๏ Inputs ๏ Outputs ๏ Data-types ๏ How does your program interact with the outside world?
  5. What and Why

  6. What and Why Ȑ {} {} {}

  7. What and Why Ȑ {} {} {}

  8. What and Why Ȑ {} {} {}

  9. What and Why Ȑ {} {} {}

  10. None
  11. Architecture ๏ Common Pitfalls: ๏ Associated objects ๏ Authentication ๏

    Filtering/Field filtering
  12. Architecture www.jsonapi.org

  13. Hypermedia ๏ Do you want to include hypermedia? ๏ Discoverable

    APIs
  14. Hypermedia Application Language (HAL)

  15. json-schema.org ๏ JSON document that describes the structure of JSON

    data ๏ Moreover the schema itself is a JSON schema
  16. json-schema.org

  17. json-schema.org ๏ Dog ๏ name ๏ breed ๏ license number

  18. json-schema.org { "name": "Charlie", "breed": "shepard mix", "license no": 22222222

    }
  19. { "title": "Dog", "type": "object", "properties": { "name": { "type":

    "string" }, "breed": { "type": "string" }, "license-number": { "description": "Municipal license number", "type": "integer", "minimum": 8 } }, "required": ["name"] }
  20. { "title": "Dog", "type": "object", "properties": { "name": { "type":

    "string" }, "breed": { "type": "string" }, "license-number": { "description": "Municipal license number", "type": "integer", "minimum": 8 } }, "required": ["name"] }
  21. { "title": "Dog", "type": "object", "properties": { "name": { "type":

    "string" }, "breed": { "type": "string" }, "license-number": { "description": "Municipal license number", "type": "integer", "minimum": 8 } }, "required": ["name"] }
  22. { "title": "Dog", "type": "object", "properties": { "name": { "type":

    "string" }, "breed": { "type": "string" }, "license-number": { "description": "Municipal license number", "type": "integer", "minimum": 8 } }, "required": ["name"] }
  23.  {} {} Serialization Coercion Interface

  24.  {} {} Serialization Coercion Interface

  25. Interface Libraries ๏ Very light weight ๏ Useful for simple

    APIs Sinatra
  26. Interface Libraries ๏ Slim down version of the rails stack

    ๏ Key selling points: ๏ Lessons already learned (security) ๏ Dev environment and tooling ๏ Param parsing and other routing niceties rails-api
  27. Interface Libraries

  28. ๏ Light weight micro-framework for APIs ๏ Rack-based ๏ DSL

    specific for building APIs
  29. curl http://localhost:9292/statuses/public_timeline?apiver=v1 Version by Param curl -H “Accept-Version:v1" http://localhost:9292/v1/comments Version

    by Accept-version header curl -H Accept:application/vnd.some-v1+json http://localhost: 9292/v1/comments Version by Header curl http://localhost:9292/v1/comments Version by path
  30. Parameter coercion

  31. Mountable within other Grape apps Mountable within Rails apps

  32. ๏ Interrogable at runtime for docs ๏ Multiple formats: json,

    xml, txt, binary ๏ can support multiple at once ๏ Fairly good eco-system of supporting gems
  33.  {} {} Serialization Coercion Interface

  34. Serializers

  35. Serialization libraries ๏ Active Model Serializers ๏ Rabl ๏ Grape

    Entities ๏ Roar
  36.  {} {} Serialization Coercion Interface

  37.  {} {} Serialization Coercion Interface

  38. Auth ๏ devise_token_auth ๏ ng-token-auth angular companion ๏ OAuth support

    ๏ batching ๏ per-request token invalidation
  39. USE HTTPS!

  40. Auth JSON Web Token (JWT) is a compact URL-safe means

    of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is digitally signed using JSON Web Signature (JWS)
  41. Auth: JWT { "alg": "HS256", "typ": "JWT" } { "user":

    “Michael”, “email”: “mike@mikecordell.com, “admin”: 1 } Header Claims
  42. Auth: JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1 c2VyIjoiTWljaGFlbCIsImVtYWlsIjoibWlrZUBta WtlY29yZGVsbC5jb20iLCJhZG1pbiI6MX0 SECRETKEY UVp0G5U80gZ0Dp2ewsA_3WHuCeSlDmbIxwdDFh8il2w HMAC encode with:

    515a741b953cd206740e9d9ec2c03fdd61ee09e4a50e66c8c 70743161f22976c Base64 encode
  43. Auth: JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1 c2VyIjoiTWljaGFlbCIsImVtYWlsIjoibWlrZUBta WtlY29yZGVsbC5jb20iLCJhZG1pbiI6MX0.UVp0G5 U80gZ0Dp2ewsA_3WHuCeSlDmbIxwdDFh8il2w

  44. Auth: JWT ๏ No DB call to verify user ๏

    Great for microservices ๏ Ruby library of course ๏ Hard to invalidate
  45. Testing ๏ Rspec or MiniTest with rack-test ๏ airborne gem

    ๏ standard rails testing
  46. Testing json-schema-rspec/json-schema

  47. Testing json-schema-rspec/json-schema

  48. Documentation ๏ swagger ๏ live-API demo documentation ๏ grape-swagger

  49. Auto-generation ๏ Heroics ๏ json-schema -> ruby API Client ๏

    Textualize ๏ RAML -> spec/mock backend ๏ Pact ๏ Client/Service co-development & testing tool
  50. Summary Architecture jsonapi.org Data JSON schema Serialization Roar Interface Grape

    Testing airborne Documentation swagger
  51. Magic Night ๏ 4th Thursday of the Month ๏ LEARN

    ๏ 3803 Ray St, San Diego, CA ๏ Its on meetup.com
  52. Thanks!