APIs in Ruby

Transcript

1. APIs in Ruby Michael Cordell SD Ruby Talk

2. Hi ๏ @mike_cordell on twitter ๏ www.mikecordell.com ๏ Raised in

   SD and working at Q-Centrix

3. GET /subjects ๏ What and Why? ๏ Libraries ๏ Practical

   Info

4. What and Why ๏ Application programming interface (API) ๏ Operations

   ๏ Inputs ๏ Outputs ๏ Data-types ๏ How does your program interact with the outside world?

5. What and Why

6. What and Why Ȑ {} {} {}

7. What and Why Ȑ {} {} {}

8. What and Why Ȑ {} {} {}

9. What and Why Ȑ {} {} {}

10. None

11. Architecture ๏ Common Pitfalls: ๏ Associated objects ๏ Authentication ๏

    Filtering/Field filtering

12. Architecture www.jsonapi.org

13. Hypermedia ๏ Do you want to include hypermedia? ๏ Discoverable

    APIs

14. Hypermedia Application Language (HAL)

15. json-schema.org ๏ JSON document that describes the structure of JSON

    data ๏ Moreover the schema itself is a JSON schema

16. json-schema.org

17. json-schema.org ๏ Dog ๏ name ๏ breed ๏ license number

18. json-schema.org { "name": "Charlie", "breed": "shepard mix", "license no": 22222222

    }

19. { "title": "Dog", "type": "object", "properties": { "name": { "type":

    "string" }, "breed": { "type": "string" }, "license-number": { "description": "Municipal license number", "type": "integer", "minimum": 8 } }, "required": ["name"] }

20. { "title": "Dog", "type": "object", "properties": { "name": { "type":

    "string" }, "breed": { "type": "string" }, "license-number": { "description": "Municipal license number", "type": "integer", "minimum": 8 } }, "required": ["name"] }

21. { "title": "Dog", "type": "object", "properties": { "name": { "type":

    "string" }, "breed": { "type": "string" }, "license-number": { "description": "Municipal license number", "type": "integer", "minimum": 8 } }, "required": ["name"] }

22. { "title": "Dog", "type": "object", "properties": { "name": { "type":

    "string" }, "breed": { "type": "string" }, "license-number": { "description": "Municipal license number", "type": "integer", "minimum": 8 } }, "required": ["name"] }

23.  {} {} Serialization Coercion Interface

24.  {} {} Serialization Coercion Interface

25. Interface Libraries ๏ Very light weight ๏ Useful for simple

    APIs Sinatra

26. Interface Libraries ๏ Slim down version of the rails stack

    ๏ Key selling points: ๏ Lessons already learned (security) ๏ Dev environment and tooling ๏ Param parsing and other routing niceties rails-api

27. Interface Libraries

28. ๏ Light weight micro-framework for APIs ๏ Rack-based ๏ DSL

    specific for building APIs

29. curl http://localhost:9292/statuses/public_timeline?apiver=v1 Version by Param curl -H “Accept-Version:v1" http://localhost:9292/v1/comments Version

    by Accept-version header curl -H Accept:application/vnd.some-v1+json http://localhost: 9292/v1/comments Version by Header curl http://localhost:9292/v1/comments Version by path

30. Parameter coercion

31. Mountable within other Grape apps Mountable within Rails apps

32. ๏ Interrogable at runtime for docs ๏ Multiple formats: json,

    xml, txt, binary ๏ can support multiple at once ๏ Fairly good eco-system of supporting gems

33.  {} {} Serialization Coercion Interface

34. Serializers

35. Serialization libraries ๏ Active Model Serializers ๏ Rabl ๏ Grape

    Entities ๏ Roar

36.  {} {} Serialization Coercion Interface

37.  {} {} Serialization Coercion Interface

38. Auth ๏ devise_token_auth ๏ ng-token-auth angular companion ๏ OAuth support

    ๏ batching ๏ per-request token invalidation

39. USE HTTPS!

40. Auth JSON Web Token (JWT) is a compact URL-safe means

    of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is digitally signed using JSON Web Signature (JWS)

41. Auth: JWT { "alg": "HS256", "typ": "JWT" } { "user":

    “Michael”, “email”: “[email protected], “admin”: 1 } Header Claims

42. Auth: JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1 c2VyIjoiTWljaGFlbCIsImVtYWlsIjoibWlrZUBta WtlY29yZGVsbC5jb20iLCJhZG1pbiI6MX0 SECRETKEY UVp0G5U80gZ0Dp2ewsA_3WHuCeSlDmbIxwdDFh8il2w HMAC encode with:

    515a741b953cd206740e9d9ec2c03fdd61ee09e4a50e66c8c 70743161f22976c Base64 encode

43. Auth: JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1 c2VyIjoiTWljaGFlbCIsImVtYWlsIjoibWlrZUBta WtlY29yZGVsbC5jb20iLCJhZG1pbiI6MX0.UVp0G5 U80gZ0Dp2ewsA_3WHuCeSlDmbIxwdDFh8il2w

44. Auth: JWT ๏ No DB call to verify user ๏

    Great for microservices ๏ Ruby library of course ๏ Hard to invalidate

45. Testing ๏ Rspec or MiniTest with rack-test ๏ airborne gem

    ๏ standard rails testing

46. Testing json-schema-rspec/json-schema

47. Testing json-schema-rspec/json-schema

48. Documentation ๏ swagger ๏ live-API demo documentation ๏ grape-swagger

49. Auto-generation ๏ Heroics ๏ json-schema -> ruby API Client ๏

    Textualize ๏ RAML -> spec/mock backend ๏ Pact ๏ Client/Service co-development & testing tool

50. Summary Architecture jsonapi.org Data JSON schema Serialization Roar Interface Grape

    Testing airborne Documentation swagger

51. Magic Night ๏ 4th Thursday of the Month ๏ LEARN

    ๏ 3803 Ray St, San Diego, CA ๏ Its on meetup.com

52. Thanks!