Qype API - Lessons learned

Qype API: Lessons Learned A retrospec3ve on REST-‐ful API
design July 2012 MaDhias Käppler Qype GmbH

A brief history... •  Qype’s API is deployed as
a RoR 2.3 app •  Online since end of 2008 •  Primary purpose was serving the iOS app •  Strictly REST-‐ful, small feature set GET http://api.qype.com/v1/places/1

Architecture DB SOLR API app Model
Mappings Controllers Website app AR Models Search Logic Search Logic SOLR Ruby bindings Serializers

Today •  Load ~60M req/month •  ~2000 registered
consumers •  99% of traﬃc caused by 0.01% of consumers •  Consumers vastly diﬀer in requirements •  REST paradigm broken up in many places

Today (cont.) •  Over the years, complexity grew with
the requirements – More feature rich mobile apps – MORE mobile apps – More diverse API consumers •  The result?

Feature creep

Prolifera3on

What you end up with

So what’s the point?

API design is hard.

Service APIs vs. Websites •  Mistakes in API design
are not forgiven! – Client lock-‐in •  Clients can diﬀer vastly – Mobile app vs. Web mash-‐up •  Authen3ca3on and access control – An API is meant to access your core data by design •  Performance maDers (even more)

How can we ﬁx all that?

Mistakes in API design are not forgiven.
No, but...

Versioning.

Versioning •  Granularity – service vs endpoint versioning
•  Architecture/deployment – One app per version? •  E.g. qype-‐api-‐v2 – One engine per version? •  E.g. app/engines/v2 – One class per version? •  E.g. app/controllers/resource_controller_v2.rb

Versioning (cont.) •  Tes3ng? – i.e. to which version
does a test apply? •  Code sharing vs. code duplica3on? – i.e. not all routes may change with an increment •  Also aﬀects caching etc. •  Gems: – hDps://github.com/bploetz/versionist – hDps://github.com/ﬁltersquad/rocket_pants

Clients can diﬀer vastly.

Build abstrac3ons for things that change.

Modularity.

A modular architecture Core API Apps AAL
Partner AAL Standard API consumers Partner 1 Partner N App 1 App N

(Modularity.) REST.

Seriously.

Why REST? •  Keeps the interface lean and mean
•  Shared understanding of ac3ons •  Makes a system connected •  Makes responses cacheable •  It’s SIMPLE!

But: simple can be bad! •  Our apps are
not simple •  Hence, a simple API is not always suitable •  REST paradigm can be sokened on an AAL – Batch requests – { “requests”: [ { “method”: “get”, “uri”: “hDp://...” } ... ] }

(Modularity.) Resource mapping.

Resource mapping •  Qype API employs custom resource mapper
•  Goal: – Map AR models to intermediate format, then serialize – Review.ﬁrst.to_api(:hash) •  Gems: – hDps://github.com/rails/jbuilder/ – hDps://github.com/nesquena/rabl

(Modularity.) Serializa3on.

json >> xml.

Authen3ca3on & access control.

OAuth? Leave the complexity to established
Web technology.

Performance.

Caching, caching, caching.

Don’ts and Do’s.

Don’t: GET hDp://yourapi.com?consumer=x if consumer == x  ... 
end

Don’t: GET hDp://yourapi.com/resource?a=1 “resource”: {  “a+1”: 2 }

Don’t: POST hDp://yourapi.com/resource.json <error>ﬁeld missing</error>

Do: Be consistent with API status
codes.

Do: Expect bad request parameters.

Do: Support par3al updates (PATCH).

Do: PREPARE FOR CHANGE!

Outlook.

Acceptance tes3ng •  Crea3ng an acceptance test suite for
a service API is not simple •  Recommended for deep end-‐2-‐end tests •  Test set-‐up / tear-‐down •  RSpec + consumer subjects

Documenta3on •  Bad: put away in a wiki
•  Good: close to the code •  BeDer: is part of the code – Leverage REST representa3ons – Self-‐documen3ng API code

Thanks!

Qype API - Lessons learned

Qype API - Lessons learned

More Decks by Matthias Käppler

Other Decks in Technology

Featured

Transcript