Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Developing RESTful Web APIs with Python, Flask ...

Nicola Iarocci
July 04, 2012
Programming
160
74k

Developing RESTful Web APIs with Python, Flask and MongoDB

Presented at EuroPython 2012. The abstract: "In the last year we have been working on a full featured, Python powered, RESTful Web API. We learned quite a few things on REST best patterns, and we got a chance to put Python’s renowned web capabilities under review, even releasing a couple Open Source projects in the process. In my talk I will share what we learned. We will consider ‘pure’ REST API design and its many hurdles. We will look at what Python as to offer in this field and finally, we will dig further down by looking at some of the code we developed. Some of the technologies/stacks I’ll cover are (in no particular order): Flask, PyMongo, MongoDB, REST, JSON, XML, Heroku. Did you know? Like it or not, there is going to be a REST API in your future."

Nicola Iarocci

July 04, 2012
Tweet

More Decks by Nicola Iarocci

See All by Nicola Iarocci
My Story With Python and Open Source
nicola
2
530
Git on the front line
nicola
3
210
Python on Windows Like a Boss
nicola
2
640
Vim for Visual Studio
nicola
0
210
Python Tools for Visual Studio
nicola
1
530
Flask web development, one drop at a time
nicola
4
1.1k
Cerberus
nicola
3
920
Real Life .NET Cross Platform
nicola
0
460
MongoDB and REST APIs A Match Made in Heaven
nicola
1
1.1k

Other Decks in Programming

See All in Programming
ComposeでのPicture in Picture
takathemax
0
120
VitestのIn-Source Testingが便利
taro28
8
2.3k
Golangci-lint v2爆誕: 君たちはどうすべきか
logica0419
1
180
AWS で実現する 安全な AI エージェントの作り方 〜 Bedrock Engineer の実装例を添えて 〜 / how-to-build-secure-ai-agents
gawa
8
890
Orleans + Sekiban + SignalR でリアルタイムWeb作ってみた
tomohisa
0
130
サービスレベルを管理してアジャイルを加速しよう!! / slm-accelerate-agility
tomoyakitaura
1
190
Unlock the Potential of Swift Code Generation
rockname
0
270
Youtube Lofier - Chrome拡張開発
ninikoko
0
2.5k
プロダクト横断分析に役立つ、事前集計しないサマリーテーブル設計
hanon52_
2
490
個人開発の学生アプリが企業譲渡されるまで
akidon0000
0
1.1k
fieldalignmentから見るGoの構造体
kuro_kurorrr
0
120
AIコーディングの理想と現実
tomohisa
33
35k

Featured

See All Featured
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
23
2.7k
StorybookのUI Testing Handbookを読んだ
zakiyama
29
5.7k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Docker and Python
trallard
44
3.3k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
40
7.2k
Facilitating Awesome Meetings
lara
54
6.3k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
5
570
Building a Scalable Design System with Sketch
lauravandoore
462
33k
Building Applications with DynamoDB
mza
94
6.3k
Typedesign – Prime Four
hannesfritz
41
2.6k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.7k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
104
19k

Transcript

  1. RESTful Web API With Python, Flask and Mongo Nicola Iarocci

    mercoledì 4 luglio 2012

  2. Good Morning. mercoledì 4 luglio 2012

  3. @nicolaiarocci mercoledì 4 luglio 2012

  4. Full Disclosure mercoledì 4 luglio 2012

  5. I’m a .NET guy 20 years in the Microsoft ecosystem

    Scary, Yes. mercoledì 4 luglio 2012

  6. mercoledì 4 luglio 2012

  7. Still with me? Great. mercoledì 4 luglio 2012

  8. gestionaleamica.com invoicing & accounting mercoledì 4 luglio 2012

  9. Your Typical Old School Desktop App... ... now going web

    & mobile mercoledì 4 luglio 2012

  10. Enter Python Flask and Mongo mercoledì 4 luglio 2012

  11. REST So What Is REST All About? mercoledì 4 luglio

    2012

  12. REST is not a standard mercoledì 4 luglio 2012

  13. REST is not a protocol mercoledì 4 luglio 2012

  14. REST is an architectural style for networked applications mercoledì 4

    luglio 2012

  15. REST defines a set of simple principles loosely followed by

    most API implementations mercoledì 4 luglio 2012

  16. #1 resource the source of a specific information mercoledì 4

    luglio 2012

  17. A web page is not a resource rather, the representation

    of a resource mercoledì 4 luglio 2012

  18. #2 global permanent identifier every resource is uniquely identified (think

    a HTTP URI) mercoledì 4 luglio 2012

  19. #3 standard interface used to exchange representations of resources (think

    the HTTP protocol) mercoledì 4 luglio 2012

  20. #4 set of constraints separation of concerns, stateless, cacheability, layered

    system, uniform interface... we’ll get to these later mercoledì 4 luglio 2012

  21. The World Wide Web is built on REST and it

    is meant to be consumed by humans mercoledì 4 luglio 2012

  22. RESTful Web APIs are built on REST and are meant

    to be consumed by machines mercoledì 4 luglio 2012

  23. How I Explained REST to My Wife by Ryan Tomayko

    http://tomayko.com/writings/rest-to-my-wife Beginners Reading mercoledì 4 luglio 2012

  24. Representational State Transfer (REST) by Roy Thomas Fielding http://www.ics.uci.edu/~fielding/pubs/dissertation/rest_arch_style.htm The

    Real Stuff mercoledì 4 luglio 2012

  25. RESTful Web API Nuts & Bolts mercoledì 4 luglio 2012

  26. The Tools or why I picked Flask and Mongo mercoledì

    4 luglio 2012

  27. Flask web development, one drop at a time mercoledì 4

    luglio 2012

  28. Simple & Elegant from flask import Flask app = Flask(__name__)

    @app.route("/") def hello(): return "Hello World!" if __name__ == "__main__": app.run(debug=True) mercoledì 4 luglio 2012

  29. RESTful request dispacthing @app.route('/user/<username>') def show_user_profile(username): return 'User %s' %

    username @app.route('/post/<int:post_id>') def show_post(post_id): return 'Post %d' % post_id mercoledì 4 luglio 2012

  30. from flask import Flask app = Flask(__name__) @app.route("/") def hello():

    return "Hello World!" if __name__ == "__main__": app.run(debug=True) Built-in development server & debugger mercoledì 4 luglio 2012

  31. from flask import Flask app = Flask(__name__) @app.route("/") def hello():

    return "Hello World!" if __name__ == "__main__": app.run(debug=True) Explicit & passable application objects mercoledì 4 luglio 2012

  32. from flask import Flask app = Flask(__name__) @app.route("/") def hello():

    return "Hello World!" if __name__ == "__main__": app.run(debug=True) 100% WSGI Compliant e.g., response objects are WSGI applications themselves mercoledì 4 luglio 2012

  33. Only 800 lines of source code Minimal Footprint mercoledì 4

    luglio 2012

  34. 1500 lines of tests Heavily Tested mercoledì 4 luglio 2012

  35. one day I will make good use of it Unittesting

    Support mercoledì 4 luglio 2012

  36. we aim for flexibility Bring Your Own Batteries mercoledì 4

    luglio 2012

  37. No built-in ORM we want to be as close to

    the bare metal as possible mercoledì 4 luglio 2012

  38. No form validation we don’t need no freaking form validation

    mercoledì 4 luglio 2012

  39. Python offers great tools to manipulate JSON, we can tinker

    something ourselves No data validation mercoledì 4 luglio 2012

  40. built on Werkzeug, Jinja2, WSGI Layered API mercoledì 4 luglio

    2012

  41. The Pocoo Team did Werkzeug, Jinja2, Sphinx, Pygments, and much

    more Built by the Pros mercoledì 4 luglio 2012

  42. Over 200 pages, lots of examples and howtos Excellent Documentation

    mercoledì 4 luglio 2012

  43. Widely adopted, extensions for everything Active Community mercoledì 4 luglio

    2012

  44. Kenneth Reitz, DjangoCon 2012 “Flask is a sharp tool for

    building sharp services” mercoledì 4 luglio 2012

  45. MongoDB scalable, high-performance, open source NoSQL database mercoledì 4 luglio

    2012

  46. made NoSQL easy to grasp (even for a dumbhead like

    me) Similarity with RDBMS mercoledì 4 luglio 2012

  47. Terminology RDBMS Mongo Database Database Table Collection Rows(s) JSON Document

    Index Index Join Embedding & Linking mercoledì 4 luglio 2012

  48. true selling point for me JSON-style data store mercoledì 4

    luglio 2012

  49. JSON & RESTful API JSON accepted media type Client JSON

    (BSON) Mongo GET maybe we can push directly to client? mercoledì 4 luglio 2012

  50. JSON & RESTful API JSON accepted media type Client JSON

    (BSON) Mongo JSON/dict maps to python dict API GET almost. mercoledì 4 luglio 2012

  51. JSON & RESTful API JSON objects Client JSON (BSON) Mongo

    JSON/dict maps to python dict (validation layer) API POST also works when posting (adding) items to the database mercoledì 4 luglio 2012

  52. Queries in MongoDB are represented as JSON-style objects What about

    Queries? // select * from things where x=3 and y="foo" db.things.find({x: 3, y: "foo”}); mercoledì 4 luglio 2012

  53. JSON & RESTful API native Mongo query syntax Client JSON

    (BSON) Mongo (very) thin parsing & validation layer API FILTERING & SORTING ?where={x: 3, y: "foo”} mercoledì 4 luglio 2012

  54. mapping to and from the database feels more natural JSON

    all along the pipeline mercoledì 4 luglio 2012

  55. dynamic objects allow for a painless evolution of our schema

    (because yes, a schema exists at any point in time) Schema-less mercoledì 4 luglio 2012

  56. Where we’re going we don’t need ORMs. ORM mercoledì 4

    luglio 2012

  57. official Python driver all we need to interact with the

    database PyMongo mercoledì 4 luglio 2012

  58. Also in MongoDB • setup is a breeze • lightweight

    • fast inserts, updates and queries • excellent documentation • great support by 10gen • great community mercoledì 4 luglio 2012

  59. The Little MongoDB Book by Karl Seguin http://openmymind.net/2011/3/28/The-Little-MongoDB-Book/ A Great

    Introduction To MongoDB mercoledì 4 luglio 2012

  60. Il Piccolo Libro di MongoDB by Karl Seguin, traduzione di

    Nicola Iarocci http://nicolaiarocci.com/il-piccolo-libro-di-mongodb-edizione-italiana/ Shameless Plug mercoledì 4 luglio 2012

  61. MongoDB Interactive Tutorial http://tutorial.mongly.com/tutorial/index mercoledì 4 luglio 2012

  62. RESTful Web APIs are really just collection of resources accesible

    through to a uniform interface mercoledì 4 luglio 2012

  63. #1 each resource is identified by a persistent identifier We

    need to properly implement Request Dispatching mercoledì 4 luglio 2012

  64. Collections API’s entry point + plural nouns http://api.example.com/v1/contacts mercoledì 4

    luglio 2012

  65. Collections Flask URL dispatcher allows for variables @app.route('/<collection>') def collection(collection):

    if collection in DOMAIN.keys(): (...) abort(404) api.example.com/contacts api.example.com/invoices etc. mercoledì 4 luglio 2012

  66. validation dictonary Collections Flask URL dispatcher allows for variables @app.route('/<collection>')

    def collection(collection): if collection in DOMAIN.keys(): (...) abort(404) mercoledì 4 luglio 2012

  67. we don’t know this collection, return a 404 Collections Flask

    URL dispatcher allows for variables @app.route('/<collection>') def collection(collection): if collection in DOMAIN.keys(): (...) abort(404) mercoledì 4 luglio 2012

  68. @app.route('/<regex("[\w]*[Ss]"):collection>') def collection(collection): if collection in DOMAIN.keys(): (...) abort(404) regular

    expressions can be used to better narrow a variable part URL. However... RegEx by design, collection URLs are plural nouns mercoledì 4 luglio 2012

  69. RegEx We need to build our own Custom Converter class

    RegexConverter(BaseConverter): def __init__(self, url_map, *items): super(RegexConverter, self).__init__(url_map) self.regex = items[0] app.url_map.converters['regex'] = RegexConverter subclass BaseConverter and pass the new converter to the url_map mercoledì 4 luglio 2012

  70. And eventually by an alternative lookup value Document http://api.example.com/v1/contacts/CUST12345 Documents

    are identified by ObjectID http://api.example.com/v1/contacts/4f46445fc88e201858000000 mercoledì 4 luglio 2012

  71. @app.route('/<regex("[\w]*[Ss]"):collection>/<lookup>') @app.route('/<regex("[\w]*[Ss]"):collection>' '/<regex("[a-f0-9]{24}"):object_id>') def document(collection, lookup=None, object_id=None): (...) URL dispatcher

    handles multiple variables http://api.example.com/v1/contacts/CUST12345 Document mercoledì 4 luglio 2012

  72. Document and of course it also handles multiple RegEx variables

    http://api.example.com/v1/contacts/4f46445fc88e201858000000 @app.route('/<regex("[\w]*[Ss]"):collection>/<lookup>') @app.route('/<regex("[\w]*[Ss]"):collection>' '/<regex("[a-f0-9]{24}"):object_id>') def document(collection, lookup=None, object_id=None): (...) mercoledì 4 luglio 2012

  73. Document Different URLs can be dispatched to the same function

    just by piling up @app.route decorators. @app.route('/<regex("[\w]*[Ss]"):collection>/<lookup>') @app.route('/<regex("[\w]*[Ss]"):collection>' '/<regex("[a-f0-9]{24}"):object_id>') def document(collection, lookup=None, object_id=None): (...) mercoledì 4 luglio 2012

  74. #2 representation of resources via media types JSON, XML or

    any other valid internet media type depends on the request and not the identifier mercoledì 4 luglio 2012

  75. Accepted Media Types mapping supported media types to corresponding renderer

    functions mime_types = {'json_renderer': ('application/json',), 'xml_renderer': ('application/xml', 'text/xml', 'application/x-xml',)} JSON rendering function mercoledì 4 luglio 2012

  76. Accepted Media Types mime_types = {'json_renderer': ('application/json',), 'xml_renderer': ('application/xml', 'text/xml',

    'application/x-xml',)} corresponding JSON internet media type mapping supported media types to corresponding renderer functions mercoledì 4 luglio 2012

  77. Accepted Media Types mime_types = {'json_renderer': ('application/json',), 'xml_renderer': ('application/xml', 'text/xml',

    'application/x-xml',)} XML rendering function mapping supported media types to corresponding renderer functions mercoledì 4 luglio 2012

  78. Accepted Media Types mime_types = {'json_renderer': ('application/json',), 'xml_renderer': ('application/xml', 'text/xml',

    'application/x-xml',)} corresponding XML internet media types mapping supported media types to corresponding renderer functions mercoledì 4 luglio 2012

  79. JSON Render datetimes and ObjectIDs call for further tinkering renderer

    function mapped to the appication/json media type class APIEncoder(json.JSONEncoder): def default(self, obj): if isinstance(obj, datetime.datetime): return date_to_str(obj) elif isinstance(obj, ObjectId): return str(obj) return json.JSONEncoder.default(self, obj) def json_renderer(**data): return json.dumps(data, cls=APIEncoder) mercoledì 4 luglio 2012

  80. JSON Render datetimes and ObjectIDs call for further tinkering standard

    json encoding is not enough, we need a specialized JSONEncoder class APIEncoder(json.JSONEncoder): def default(self, obj): if isinstance(obj, datetime.datetime): return date_to_str(obj) elif isinstance(obj, ObjectId): return str(obj) return json.JSONEncoder.default(self, obj) def json_renderer(**data): return json.dumps(data, cls=APIEncoder) mercoledì 4 luglio 2012

  81. class APIEncoder(json.JSONEncoder): def default(self, obj): if isinstance(obj, datetime.datetime): return date_to_str(obj)

    elif isinstance(obj, ObjectId): return str(obj) return json.JSONEncoder.default(self, obj) def json_renderer(**data): return json.dumps(data, cls=APIEncoder) JSON Render Python datetimes are encoded as RFC 1123 strings: “Wed, 06 Jun 2012 14:19:53 UTC” datetimes and ObjectIDs call for further tinkering mercoledì 4 luglio 2012

  82. JSON Render class APIEncoder(json.JSONEncoder): def default(self, obj): if isinstance(obj, datetime.datetime):

    return date_to_str(obj) elif isinstance(obj, ObjectId): return str(obj) return json.JSONEncoder.default(self, obj) def json_renderer(**data): return json.dumps(data, cls=APIEncoder) Mongo ObjectId data types are encoded as strings: “4f46445fc88e201858000000” datetimes and ObjectIDs call for further tinkering mercoledì 4 luglio 2012

  83. JSON Render we let json/simplejson handle the other data types

    class APIEncoder(json.JSONEncoder): def default(self, obj): if isinstance(obj, datetime.datetime): return date_to_str(obj) elif isinstance(obj, ObjectId): return str(obj) return json.JSONEncoder.default(self, obj) def json_renderer(**data): return json.dumps(data, cls=APIEncoder) datetimes and ObjectIDs call for further tinkering mercoledì 4 luglio 2012

  84. Rendering Render to JSON or XML and get WSGI response

    object best match between request Accept header and media types supported by the service def prep_response(dct, status=200): mime, render = get_best_mime() rendered = globals()[render](**dct) resp = make_response(rendered, status) resp.mimetype = mime return resp mercoledì 4 luglio 2012

  85. Rendering Render to JSON or XML and get WSGI response

    object call the appropriate render function and retrieve the encoded JSON or XML def prep_response(dct, status=200): mime, render = get_best_mime() rendered = globals()[render](**dct) resp = make_response(rendered, status) resp.mimetype = mime return resp mercoledì 4 luglio 2012

  86. Rendering Render to JSON or XML and get WSGI response

    object flask’s make_response() returns a WSGI response object wich we can use to attach headers def prep_response(dct, status=200): mime, render = get_best_mime() rendered = globals()[render](**dct) resp = make_response(rendered, status) resp.mimetype = mime return resp mercoledì 4 luglio 2012

  87. Rendering Render to JSON or XML and get WSGI response

    object and finally, we set the appropriate mime type in the response header def prep_response(dct, status=200): mime, render = get_best_mime() rendered = globals()[render](**dct) resp = make_response(rendered, status) resp.mimetype = mime return resp mercoledì 4 luglio 2012

  88. Flask-MimeRender “Python module for RESTful resource representation using MIME Media-Types

    and the Flask Microframework” !"!#"$%&'((#)('%*+,",-.-$/-. mercoledì 4 luglio 2012

  89. Flask-MimeRender Render Functions render_json = jsonify render_xml = lambda message:

    '<message>%s</message>' % message render_txt = lambda message: message render_html = lambda message: '<html><body>%s</body></html>' % \ message mercoledì 4 luglio 2012

  90. Flask-MimeRender then you just decorate your end-point function @app.route('/') @mimerender(

    default = 'html', html = render_html, xml = render_xml, json = render_json, txt = render_txt ) def index(): if request.method == 'GET': return {'message': 'Hello, World!'} mercoledì 4 luglio 2012

  91. Flask-MimeRender Requests $ curl -H "Accept: application/html" example.com/ <html><body>Hello, World!</body></html>

    $ curl -H "Accept: application/xml" example.com/ <message>Hello, World!</message> $ curl -H "Accept: application/json" example.com/ {'message':'Hello, World!'} $ curl -H "Accept: text/plain" example.com/ Hello, World! mercoledì 4 luglio 2012

  92. “GET, POST, PUT, DELETE and all that mess” #3 resource

    manipulation through HTTP verbs mercoledì 4 luglio 2012

  93. HTTP Methods Verbs are handled along with URL routing @app.route('/<collection>',

    methods=['GET', 'POST']) def collection(collection): if collection in DOMAIN.keys(): if request.method == 'GET': return get_collection(collection) elif request.method == 'POST': return post(collection) abort(404) accepted HTTP verbs a PUT will throw a 405 Command Not Allowed mercoledì 4 luglio 2012

  94. @app.route('/<collection>', methods=['GET', 'POST']) def collection(collection): if collection in DOMAIN.keys(): if

    request.method == 'GET': return get_collection(collection) elif request.method == 'POST': return post(collection) abort(404) HTTP Methods Verbs are handled along with URL routing the global request object provides access to clients’ request headers mercoledì 4 luglio 2012

  95. @app.route('/<collection>', methods=['GET', 'POST']) def collection(collection): if collection in DOMAIN.keys(): if

    request.method == 'GET': return get_collection(collection) elif request.method == 'POST': return post(collection) abort(404) HTTP Methods Verbs are handled along with URL routing we respond to a GET request for a ‘collection’ resource mercoledì 4 luglio 2012

  96. @app.route('/<collection>', methods=['GET', 'POST']) def collection(collection): if collection in DOMAIN.keys(): if

    request.method == 'GET': return get_collection(collection) elif request.method == 'POST': return post(collection) abort(404) HTTP Methods Verbs are handled along with URL routing and here we respond to a POST request. Handling HTTP methods is easy! mercoledì 4 luglio 2012

  97. CRUD via REST Acttion HTTP Verb Context Get GET Collection/

    Document Create POST Collection Update PATCH* Document Delete DELETE Document * WTF? mercoledì 4 luglio 2012

  98. Retrieve Multiple Documents (accepting Queries) http://api.example.com/v1/contacts?where={“age”: {“$gt”: 20}} GET mercoledì

    4 luglio 2012

  99. Collection GET def get_collection(collection): where = request.args.get('where') if where: args['spec']

    = json.loads(where, object_hook=datetime_parser) (...) response = {} documents = [] cursor = db(collection).find(**args) for document in cursor: documents.append(document) response[collection] = documents return prep_response(response) request.args returns the original URI’s query definition, in our example: where = {“age”: {“$gt”: 20}} http://api.example.com/v1/contacts?where={“age”: {“$gt”: 20}} mercoledì 4 luglio 2012

  100. Collection GET def get_collection(collection): where = request.args.get('where') if where: args['spec']

    = json.loads(where, object_hook=datetime_parser) (...) response = {} documents = [] cursor = db(collection).find(**args) for document in cursor: documents.append(document) response[collection] = documents return prep_response(response) as the query already comes in as a Mongo expression: {“age”: {“$gt”: 20}} we simply convert it to JSON. http://api.example.com/v1/contacts?where={“age”: {“$gt”: 20}} mercoledì 4 luglio 2012

  101. Collection GET def get_collection(collection): where = request.args.get('where') if where: args['spec']

    = json.loads(where, object_hook=datetime_parser) (...) response = {} documents = [] cursor = db(collection).find(**args) for document in cursor: documents.append(document) response[collection] = documents return prep_response(response) String-to-datetime conversion is obtained via the object_hook mechanism http://api.example.com/v1/contacts?where={“age”: {“$gt”: 20}} mercoledì 4 luglio 2012

  102. Collection GET def get_collection(collection): where = request.args.get('where') if where: args['spec']

    = json.loads(where, object_hook=datetime_parser) (...) response = {} documents = [] cursor = db(collection).find(**args) for document in cursor: documents.append(document) response[collection] = documents return prep_response(response) find() accepts a python dict as query expression, and returns a cursor we can iterate http://api.example.com/v1/contacts?where={“age”: {“$gt”: 20}} mercoledì 4 luglio 2012

  103. Collection GET def get_collection(collection): where = request.args.get('where') if where: args['spec']

    = json.loads(where, object_hook=datetime_parser) (...) response = {} documents = [] cursor = db(collection).find(**args) for document in cursor: documents.append(document) response[collection] = documents return prep_response(response) finally, we encode the response dict with the requested MIME media-type http://api.example.com/v1/contacts?where={“age”: {“$gt”: 20}} mercoledì 4 luglio 2012

  104. On encoding JSON dates Interlude mercoledì 4 luglio 2012

  105. On encoding JSON dates • We don’t want to force

    metadata into JSON representation: (“updated”: “$date: Thu 1, ..”) • Likewise, epochs are not an option • We are aiming for a broad solution not relying on the knoweldge of the current domain mercoledì 4 luglio 2012

  106. Because, you know the guy behind Redis mercoledì 4 luglio

    2012

  107. Parsing JSON dates object_hook is usually used to deserialize JSON

    to classes (rings a ORM bell?) >>> source = '{"updated": "Thu, 1 Mar 2012 10:00:49 UTC"}' >>> dct = json.loads(source, object_hook=datetime_parser) >>> dct {u'updated': datetime.datetime(2012, 3, 1, 10, 0, 49)} def datetime_parser(dct): for k, v in dct.items(): if isinstance(v, basestring) and re.search("\ UTC", v): try: dct[k] = datetime.datetime.strptime(v, DATE_FORMAT) except: pass return dct this is what I came out with mercoledì 4 luglio 2012

  108. Parsing JSON dates the resulting dct now has datetime values

    instead of string representations of dates >>> source = '{"updated": "Thu, 1 Mar 2012 10:00:49 UTC"}' >>> dct = json.loads(source, object_hook=datetime_parser) >>> dct {u'updated': datetime.datetime(2012, 3, 1, 10, 0, 49)} def datetime_parser(dct): for k, v in dct.items(): if isinstance(v, basestring) and re.search("\ UTC", v): try: dct[k] = datetime.datetime.strptime(v, DATE_FORMAT) except: pass return dct this is what I came out with mercoledì 4 luglio 2012

  109. Parsing JSON dates the function receives a dict representing the

    decoded JSON >>> source = '{"updated": "Thu, 1 Mar 2012 10:00:49 UTC"}' >>> dct = json.loads(source, object_hook=datetime_parser) >>> dct {u'updated': datetime.datetime(2012, 3, 1, 10, 0, 49)} def datetime_parser(dct): for k, v in dct.items(): if isinstance(v, basestring) and re.search("\ UTC", v): try: dct[k] = datetime.datetime.strptime(v, DATE_FORMAT) except: pass return dct this is what I came out with mercoledì 4 luglio 2012

  110. Parsing JSON dates strings matching the RegEx (which probably should

    be better defined)... >>> source = '{"updated": "Thu, 1 Mar 2012 10:00:49 UTC"}' >>> dct = json.loads(source, object_hook=datetime_parser) >>> dct {u'updated': datetime.datetime(2012, 3, 1, 10, 0, 49)} def datetime_parser(dct): for k, v in dct.items(): if isinstance(v, basestring) and re.search("\ UTC", v): try: dct[k] = datetime.datetime.strptime(v, DATE_FORMAT) except: pass return dct this is what I came out with mercoledì 4 luglio 2012

  111. Parsing JSON dates ...are converted to datetime values >>> source

    = '{"updated": "Thu, 1 Mar 2012 10:00:49 UTC"}' >>> dct = json.loads(source, object_hook=datetime_parser) >>> dct {u'updated': datetime.datetime(2012, 3, 1, 10, 0, 49)} def datetime_parser(dct): for k, v in dct.items(): if isinstance(v, basestring) and re.search("\ UTC", v): try: dct[k] = datetime.datetime.strptime(v, DATE_FORMAT) except: pass return dct this is what I came out with mercoledì 4 luglio 2012

  112. Parsing JSON dates if conversion fails we assume that we

    are dealing a normal, legit string >>> source = '{"updated": "Thu, 1 Mar 2012 10:00:49 UTC"}' >>> dct = json.loads(source, object_hook=datetime_parser) >>> dct {u'updated': datetime.datetime(2012, 3, 1, 10, 0, 49)} def datetime_parser(dct): for k, v in dct.items(): if isinstance(v, basestring) and re.search("\ UTC", v): try: dct[k] = datetime.datetime.strptime(v, DATE_FORMAT) except: pass return dct this is what I came out with mercoledì 4 luglio 2012

  113. Editing a Resource PATCH mercoledì 4 luglio 2012

  114. Why not PUT? • PUT means resource creation or replacement

    at a given URL • PUT does not allow for partial updates of a resource • 99% of the time we are updating just one or two fields • We don’t want to send complete representations of the document we are updating • Mongo allows for atomic updates and we want to take advantage of that mercoledì 4 luglio 2012

  115. ‘atomic’ PUT updates are ok when each field is itself

    a resource http://api.example.com/v1/contacts/<id>/address mercoledì 4 luglio 2012

  116. Enter PATCH “This specification defines the new method, PATCH, which

    is used to apply partial modifications to a resource.” RFC5789 mercoledì 4 luglio 2012

  117. PATCH • send a “patch document” with just the changes

    to be applied to the document • saves bandwidth and reduces traffic • it’s been around since 1995 • it is a RFC Proposed Standard • Widely adopted (will replace PUT in Rails 4.0) • clients not supporting it can fallback to POST with ‘X-HTTP-Method-Override: PATCH’ header tag mercoledì 4 luglio 2012

  118. PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) >

    1: abort(400) key, value = docs.popitem() response_item = {} object_id = original[ID_FIELD] # Validation validate(value, collection, object_id) response_item['validation'] = value['validation'] if value['validation']['response'] != VALIDATION_ERROR: # Perform the update updates = {"$set": value['doc']} db(collection).update({"_Id": ObjectId(object_id)}, updates) response_item[ID_FIELD] = object_id return prep_response(response_item) request.form returns a dict with request form data. mercoledì 4 luglio 2012

  119. PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) >

    1: abort(400) key, value = docs.popitem() response_item = {} object_id = original[ID_FIELD] # Validation validate(value, collection, object_id) response_item['validation'] = value['validation'] if value['validation']['response'] != VALIDATION_ERROR: # Perform the update updates = {"$set": value['doc']} db(collection).update({"_Id": ObjectId(object_id)}, updates) response_item[ID_FIELD] = object_id return prep_response(response_item) we aren’t going to accept more than one document here mercoledì 4 luglio 2012

  120. PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) >

    1: abort(400) key, value = docs.popitem() response_item = {} object_id = original[ID_FIELD] # Validation validate(value, collection, object_id) response_item['validation'] = value['validation'] if value['validation']['response'] != VALIDATION_ERROR: # Perform the update updates = {"$set": value['doc']} db(collection).update({"_Id": ObjectId(object_id)}, updates) response_item[ID_FIELD] = object_id return prep_response(response_item) retrieve the original document ID, will be used by the update command mercoledì 4 luglio 2012

  121. PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) >

    1: abort(400) key, value = docs.popitem() response_item = {} object_id = original[ID_FIELD] # Validation validate(value, collection, object_id) response_item['validation'] = value['validation'] if value['validation']['response'] != VALIDATION_ERROR: # Perform the update updates = {"$set": value['doc']} db(collection).update({"_Id": ObjectId(object_id)}, updates) response_item[ID_FIELD] = object_id return prep_response(response_item) validate the updates mercoledì 4 luglio 2012

  122. PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) >

    1: abort(400) key, value = docs.popitem() response_item = {} object_id = original[ID_FIELD] # Validation validate(value, collection, object_id) response_item['validation'] = value['validation'] if value['validation']['response'] != VALIDATION_ERROR: # Perform the update updates = {"$set": value['doc']} db(collection).update({"_Id": ObjectId(object_id)}, updates) response_item[ID_FIELD] = object_id return prep_response(response_item) add validation results to the response dictionary mercoledì 4 luglio 2012

  123. PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) >

    1: abort(400) key, value = docs.popitem() response_item = {} object_id = original[ID_FIELD] # Validation validate(value, collection, object_id) response_item['validation'] = value['validation'] if value['validation']['response'] != VALIDATION_ERROR: # Perform the update updates = {"$set": value['doc']} db(collection).update({"_Id": ObjectId(object_id)}, updates) response_item[ID_FIELD] = object_id return prep_response(response_item) $set accepts a dict with the updates for the db eg: {“active”: False}. mercoledì 4 luglio 2012

  124. PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) >

    1: abort(400) key, value = docs.popitem() response_item = {} object_id = original[ID_FIELD] # Validation validate(value, collection, object_id) response_item['validation'] = value['validation'] if value['validation']['response'] != VALIDATION_ERROR: # Perform the update updates = {"$set": value['doc']} db(collection).update({"_Id": ObjectId(object_id)}, updates) response_item[ID_FIELD] = object_id return prep_response(response_item) mongo update() method commits updates to the database. Updates are atomic. mercoledì 4 luglio 2012

  125. PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) >

    1: abort(400) key, value = docs.popitem() response_item = {} object_id = original[ID_FIELD] # Validation validate(value, collection, object_id) response_item['validation'] = value['validation'] if value['validation']['response'] != VALIDATION_ERROR: # Perform the update updates = {"$set": value['doc']} db(collection).update({"_Id": ObjectId(object_id)}, updates) response_item[ID_FIELD] = object_id return prep_response(response_item) udpate() takes the unique Id of the document andthe update expression ($set) mercoledì 4 luglio 2012

  126. PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) >

    1: abort(400) key, value = docs.popitem() response_item = {} object_id = original[ID_FIELD] # Validation validate(value, collection, object_id) response_item['validation'] = value['validation'] if value['validation']['response'] != VALIDATION_ERROR: # Perform the update updates = {"$set": value['doc']} db(collection).update({"_Id": ObjectId(object_id)}, updates) response_item[ID_FIELD] = object_id return prep_response(response_item) as always, our response dictionary is returned with proper encding mercoledì 4 luglio 2012

  127. Creating Resources POST mercoledì 4 luglio 2012

  128. POSTing we accept multiple documents (remember, we are at collection

    level here) def post(collection): docs = parse_request(request.form) response = {} for key, item in docs.items(): response_item = {} validate(item, collection) if item['validation']['response'] != VALIDATION_ERROR: document = item['doc'] response_item[ID_FIELD] = db(collection).insert(document) response_item['link'] = get_document_link(collection, response_item[ID_FIELD]) response_item['validation'] = item['validation'] response[key] = response_item return {'response': response} mercoledì 4 luglio 2012

  129. def post(collection): docs = parse_request(request.form) response = {} for key,

    item in docs.items(): response_item = {} validate(item, collection) if item['validation']['response'] != VALIDATION_ERROR: document = item['doc'] response_item[ID_FIELD] = db(collection).insert(document) response_item['link'] = get_document_link(collection, response_item[ID_FIELD]) response_item['validation'] = item['validation'] response[key] = response_item return {'response': response} POSTing we loop through the documents to be inserted mercoledì 4 luglio 2012

  130. POSTing perform validation on the document def post(collection): docs =

    parse_request(request.form) response = {} for key, item in docs.items(): response_item = {} validate(item, collection) if item['validation']['response'] != VALIDATION_ERROR: document = item['doc'] response_item[ID_FIELD] = db(collection).insert(document) response_item['link'] = get_document_link(collection, response_item[ID_FIELD]) response_item['validation'] = item['validation'] response[key] = response_item return {'response': response} mercoledì 4 luglio 2012

  131. POSTing push document and get its ObjectId back from Mongo.

    like other CRUD operations, inserting is trivial in mongo. def post(collection): docs = parse_request(request.form) response = {} for key, item in docs.items(): response_item = {} validate(item, collection) if item['validation']['response'] != VALIDATION_ERROR: document = item['doc'] response_item[ID_FIELD] = db(collection).insert(document) response_item['link'] = get_document_link(collection, response_item[ID_FIELD]) response_item['validation'] = item['validation'] response[key] = response_item return {'response': response} mercoledì 4 luglio 2012

  132. POSTing a direct link to the resource we just created

    is added to the response def post(collection): docs = parse_request(request.form) response = {} for key, item in docs.items(): response_item = {} validate(item, collection) if item['validation']['response'] != VALIDATION_ERROR: document = item['doc'] response_item[ID_FIELD] = db(collection).insert(document) response_item['link'] = get_document_link(collection, response_item[ID_FIELD]) response_item['validation'] = item['validation'] response[key] = response_item return {'response': response} mercoledì 4 luglio 2012

  133. POSTing validation result is always returned to the client, even

    if the doc has not been inserted def post(collection): docs = parse_request(request.form) response = {} for key, item in docs.items(): response_item = {} validate(item, collection) if item['validation']['response'] != VALIDATION_ERROR: document = item['doc'] response_item[ID_FIELD] = db(collection).insert(document) response_item['link'] = get_document_link(collection, response_item[ID_FIELD]) response_item['validation'] = item['validation'] response[key] = response_item return {'response': response} mercoledì 4 luglio 2012

  134. POSTing standard response enconding applied def post(collection): docs = parse_request(request.form)

    response = {} for key, item in docs.items(): response_item = {} validate(item, collection) if item['validation']['response'] != VALIDATION_ERROR: document = item['doc'] response_item[ID_FIELD] = db(collection).insert(document) response_item['link'] = get_document_link(collection, response_item[ID_FIELD]) response_item['validation'] = item['validation'] response[key] = response_item return {'response': response} mercoledì 4 luglio 2012

  135. Data Validation We still need to validate incoming data mercoledì

    4 luglio 2012

  136. Data Validation DOMAIN = {} DOMAIN['contacts'] = { 'secondary_id': 'name',

    'fields': { 'name': { 'data_type': 'string', 'required': True, 'unique': True, 'max_length': 120, 'min_length': 1 }, DOMAIN is a Python dict containing our validation rules and schema structure mercoledì 4 luglio 2012

  137. Data Validation every resource (collection) maintained by the API has

    a key in DOMAIN DOMAIN = {} DOMAIN['contacts'] = { 'secondary_id': 'name', 'fields': { 'name': { 'data_type': 'string', 'required': True, 'unique': True, 'max_length': 120, 'min_length': 1 }, mercoledì 4 luglio 2012

  138. Data Validation if the resource allows for a secondary lookup

    field, we define it here DOMAIN = {} DOMAIN['contacts'] = { 'secondary_id': 'name', 'fields': { 'name': { 'data_type': 'string', 'required': True, 'unique': True, 'max_length': 120, 'min_length': 1 }, mercoledì 4 luglio 2012

  139. Data Validation known fields go in the fields dict DOMAIN

    = {} DOMAIN['contacts'] = { 'secondary_id': 'name', 'fields': { 'name': { 'data_type': 'string', 'required': True, 'unique': True, 'max_length': 120, 'min_length': 1 }, mercoledì 4 luglio 2012

  140. Data Validation validation rules for ‘name’ field. data_type is mostly

    needed to process datetimes and currency values DOMAIN = {} DOMAIN['contacts'] = { 'secondary_id': 'name', 'fields': { 'name': { 'data_type': 'string', 'required': True, 'unique': True, 'max_length': 120, 'min_length': 1 }, mercoledì 4 luglio 2012

  141. Data Validation we can define custom validation functions when the

    need arises (...) 'iban': { 'data_type': 'string', 'custom_validation': { 'module': 'customvalidation', 'function': 'validate_iban' } } (...) mercoledì 4 luglio 2012

  142. Data Validation or we can define our own custom data

    types... (...) 'contact_type': { 'data_type': 'array', 'allowed_values': [ 'client', 'agent', 'supplier', 'area manager', 'vector' ] } (...) mercoledì 4 luglio 2012

  143. Data Validation ... like the array, which allows us to

    define a list of accepted values for the field (...) 'contact_type': { 'data_type': 'array', 'allowed_values': [ 'client', 'agent', 'supplier', 'area manager', 'vector' ] } (...) mercoledì 4 luglio 2012

  144. I will spare you the validation function It’s pretty simple

    really mercoledì 4 luglio 2012

  145. Hey but! You’re building your own ORM! Just a thin

    validation layer on which I have total control AKA So What? mercoledì 4 luglio 2012

  146. #4 Caching and concurrency control resource representation describes how when

    and if it can be used, discarded or re-fetched mercoledì 4 luglio 2012

  147. Driving conditional requests Servers use Last-Modified and ETag response headers

    to drive conditional requests mercoledì 4 luglio 2012

  148. Last-Modified Generally considered a weak validator since it has a

    one-second resolution “Wed, 06 Jun 2012 14:19:53 UTC” mercoledì 4 luglio 2012

  149. ETag Entity Tag is a strong validator since its value

    can be changed every time the server modifies the representation 7a9f477cde424cf93a7db20b69e05f7b680b7f08 mercoledì 4 luglio 2012

  150. On ETags • Clients should be able to use ETag

    to compare representations of a resouce • An ETag is supposed to be like an object’s hash code. • Actually, some web frameworks and a lot of implementations do just that • ETag computed on an entire representation of the resource may become a performance bottleneck mercoledì 4 luglio 2012

  151. Last-Modified or ETag? You can use either or both. Consider

    the types of client consuming your service. Hint: use both. mercoledì 4 luglio 2012

  152. Validating cached representations Clients use If-Modified-Since and If-None-Match in request

    headers for validating cached representations mercoledì 4 luglio 2012

  153. If-Mod-Since & ETag def get_document(collection, object_id=None, lookup=None): response = {}

    document = find_document(collection, object_id, lookup) if document: etag = get_etag(document) header_etag = request.headers.get('If-None-Match') if header_etag and header_etag == etag: return prep_response(dict(), status=304) if_modified_since = request.headers.get('If-Modified-Since') if if_modified_since: last_modified = document[LAST_UPDATED] if last_modified <= if_modified_since: return prep_response(dict(), status=304) response[collection.rstrip('s')] = document return prep_response(response, last_modified, etag) abort(404) retrieve the document from the database mercoledì 4 luglio 2012

  154. If-Mod-Since & ETag def get_document(collection, object_id=None, lookup=None): response = {}

    document = find_document(collection, object_id, lookup) if document: etag = get_etag(document) header_etag = request.headers.get('If-None-Match') if header_etag and header_etag == etag: return prep_response(dict(), status=304) if_modified_since = request.headers.get('If-Modified-Since') if if_modified_since: last_modified = document[LAST_UPDATED] if last_modified <= if_modified_since: return prep_response(dict(), status=304) response[collection.rstrip('s')] = document return prep_response(response, last_modified, etag) abort(404) compute ETag for the current representation. We test ETag first, as it is a stronger validator mercoledì 4 luglio 2012

  155. If-Mod-Since & ETag def get_document(collection, object_id=None, lookup=None): response = {}

    document = find_document(collection, object_id, lookup) if document: etag = get_etag(document) header_etag = request.headers.get('If-None-Match') if header_etag and header_etag == etag: return prep_response(dict(), status=304) if_modified_since = request.headers.get('If-Modified-Since') if if_modified_since: last_modified = document[LAST_UPDATED] if last_modified <= if_modified_since: return prep_response(dict(), status=304) response[collection.rstrip('s')] = document return prep_response(response, last_modified, etag) abort(404) retrieve If-None-Match ETag from request header mercoledì 4 luglio 2012

  156. If-Mod-Since & ETag def get_document(collection, object_id=None, lookup=None): response = {}

    document = find_document(collection, object_id, lookup) if document: etag = get_etag(document) header_etag = request.headers.get('If-None-Match') if header_etag and header_etag == etag: return prep_response(dict(), status=304) if_modified_since = request.headers.get('If-Modified-Since') if if_modified_since: last_modified = document[LAST_UPDATED] if last_modified <= if_modified_since: return prep_response(dict(), status=304) response[collection.rstrip('s')] = document return prep_response(response, last_modified, etag) abort(404) if client and server representations match, return a 304 Not Modified mercoledì 4 luglio 2012

  157. If-Mod-Since & ETag def get_document(collection, object_id=None, lookup=None): response = {}

    document = find_document(collection, object_id, lookup) if document: etag = get_etag(document) header_etag = request.headers.get('If-None-Match') if header_etag and header_etag == etag: return prep_response(dict(), status=304) if_modified_since = request.headers.get('If-Modified-Since') if if_modified_since: last_modified = document[LAST_UPDATED] if last_modified <= if_modified_since: return prep_response(dict(), status=304) response[collection.rstrip('s')] = document return prep_response(response, last_modified, etag) abort(404) likewise, if the resource has not been modified since If-Modifed-Since, return 304 Not Modified mercoledì 4 luglio 2012

  158. Concurrency control Clients use If-Unmodified-Since and If-Match in request headers

    as preconditions for concurrency control mercoledì 4 luglio 2012

  159. def edit_document(collection, object_id, method): document = find_document(collection, object_id) if document:

    header_etag = request.headers.get('If-Match') if header_etag is None: return prep_response('If-Match missing from request header', status=403) if header_etag != get_etag(document[LAST_UPDATED]): # Precondition failed abort(412) else: if method in ('PATCH', 'POST'): return patch_document(collection, document) elif method == 'DELETE': return delete_document(collection, object_id) else: abort(404) Concurrency control Create/Update/Delete are controlled by ETag retrieve client’s If-Match ETag from the request header mercoledì 4 luglio 2012

  160. Concurrency control Create/Update/Delete are controlled by ETag editing is forbidden

    if ETag is not provided def edit_document(collection, object_id, method): document = find_document(collection, object_id) if document: header_etag = request.headers.get('If-Match') if header_etag is None: return prep_response('If-Match missing from request header', status=403) if header_etag != get_etag(document[LAST_UPDATED]): # Precondition failed abort(412) else: if method in ('PATCH', 'POST'): return patch_document(collection, document) elif method == 'DELETE': return delete_document(collection, object_id) else: abort(404) mercoledì 4 luglio 2012

  161. Concurrency control Create/Update/Delete are controlled by ETag def edit_document(collection, object_id,

    method): document = find_document(collection, object_id) if document: header_etag = request.headers.get('If-Match') if header_etag is None: return prep_response('If-Match missing from request header', status=403) if header_etag != get_etag(document[LAST_UPDATED]): # Precondition failed abort(412) else: if method in ('PATCH', 'POST'): return patch_document(collection, document) elif method == 'DELETE': return delete_document(collection, object_id) else: abort(404) client and server representations don’t match. Precondition failed. mercoledì 4 luglio 2012

  162. Concurrency control Create/Update/Delete are controlled by ETag def edit_document(collection, object_id,

    method): document = find_document(collection, object_id) if document: header_etag = request.headers.get('If-Match') if header_etag is None: return prep_response('If-Match missing from request header', status=403) if header_etag != get_etag(document[LAST_UPDATED]): # Precondition failed abort(412) else: if method in ('PATCH', 'POST'): return patch_document(collection, document) elif method == 'DELETE': return delete_document(collection, object_id) else: abort(404) client and server representation match, go ahead with the edit mercoledì 4 luglio 2012

  163. Sending cache & concurrency directives back to clients mercoledì 4

    luglio 2012

  164. Cache & Concurrency def prep_response(dct, last_modified=None, etag=None, status=200): (...) resp.headers.add('Cache-Control',

    'max-age=%s,must-revalidate' & 30) resp.expires = time.time() + 30 if etag: resp.headers.add('ETag', etag) if last_modified: resp.headers.add('Last-Modified', date_to_str(last_modified)) return resp encodes ‘dct’ according to client’s accepted MIME Data-Type (click here see that slide) mercoledì 4 luglio 2012

  165. Cache & Concurrency Cache-Control, a directive for HTTP/1.1 clients (and

    later) -RFC2616 def prep_response(dct, last_modified=None, etag=None, status=200): (...) resp.headers.add('Cache-Control', 'max-age=%s,must-revalidate' & 30) resp.expires = time.time() + 30 if etag: resp.headers.add('ETag', etag) if last_modified: resp.headers.add('Last-Modified', date_to_str(last_modified)) return resp mercoledì 4 luglio 2012

  166. Cache & Concurrency Expires, a directive for HTTP/1.0 clients def

    prep_response(dct, last_modified=None, etag=None, status=200): (...) resp.headers.add('Cache-Control', 'max-age=%s,must-revalidate' & 30) resp.expires = time.time() + 30 if etag: resp.headers.add('ETag', etag) if last_modified: resp.headers.add('Last-Modified', date_to_str(last_modified)) return resp mercoledì 4 luglio 2012

  167. Cache & Concurrency ETag. Notice that we don’t compute it

    on the rendered representation, this is by design. def prep_response(dct, last_modified=None, etag=None, status=200): (...) resp.headers.add('Cache-Control', 'max-age=%s,must-revalidate' & 30) resp.expires = time.time() + 30 if etag: resp.headers.add('ETag', etag) if last_modified: resp.headers.add('Last-Modified', date_to_str(last_modified)) return resp mercoledì 4 luglio 2012

  168. Cache & Concurrency And finally, we add the Last-Modified header

    tag. def prep_response(dct, last_modified=None, etag=None, status=200): (...) resp.headers.add('Cache-Control', 'max-age=%s,must-revalidate' & 30) resp.expires = time.time() + 30 if etag: resp.headers.add('ETag', etag) if last_modified: resp.headers.add('Last-Modified', date_to_str(last_modified)) return resp mercoledì 4 luglio 2012

  169. Cache & Concurrency the response object is now complete and

    ready to be returned to the client def prep_response(dct, last_modified=None, etag=None, status=200): (...) resp.headers.add('Cache-Control', 'max-age=%s,must-revalidate' & 30) resp.expires = time.time() + 30 if etag: resp.headers.add('ETag', etag) if last_modified: resp.headers.add('Last-Modified', date_to_str(last_modified)) return resp mercoledì 4 luglio 2012

  170. #5 HATEOAS “Hypertext As The Engine Of Application State” that’s

    one long ass acronym mercoledì 4 luglio 2012

  171. HATEOAS in a Nutshell • clients interact entirely through hypermedia

    provided dynamically by the server • clients need no prior knowledge about how to interact with the server • clients access an application through a single well known URL (the entry point) • All future actions the clients may take are discovered within resource representations returned from the server mercoledì 4 luglio 2012

  172. It’s all about Links resource representation includes links to related

    resources mercoledì 4 luglio 2012

  173. { "links":[ "<link rel='parent' title='home' href='http://api.example.com/' />", "<link rel='collection' title='contacts'

    href='http://api.example.com/Contacts' />", "<link rel='next' title='next page' href='http://api.example.com/Contacts?page=2' />" ], "contacts":[ { "updated":"Wed, 06 Jun 2012 14:19:53 UTC", "name":"Jon Doe", "age": 27, "etag":"7a9f477cde424cf93a7db20b69e05f7b680b7f08", "link":"<link rel='self' title='Contact' href='http://api.example.com/Contacts/ 4f46445fc88e201858000000' />", "_id":"4f46445fc88e201858000000", }, ] } Collection Representation every resource representation provides a links section with navigational info for clients mercoledì 4 luglio 2012

  174. { "links":[ "<link rel='parent' title='home' href='http://api.example.com/' />", "<link rel='collection' title='contacts'

    href='http://api.example.com/Contacts' />", "<link rel='next' title='next page' href='http://api.example.com/Contacts?page=2' />" ], "contacts":[ { "updated":"Wed, 06 Jun 2012 14:19:53 UTC", "name":"Jon Doe", "age": 27, "etag":"7a9f477cde424cf93a7db20b69e05f7b680b7f08", "link":"<link rel='self' title='Contact' href='http://api.example.com/Contacts/ 4f46445fc88e201858000000' />", "_id":"4f46445fc88e201858000000", }, ] } Collection Representation the rel attribute provides the relationship between the linked resource and the one currently represented mercoledì 4 luglio 2012

  175. { "links":[ "<link rel='parent' title='home' href='http://api.example.com/' />", "<link rel='collection' title='contacts'

    href='http://api.example.com/Contacts' />", "<link rel='next' title='next page' href='http://api.example.com/Contacts?page=2' />" ], "contacts":[ { "updated":"Wed, 06 Jun 2012 14:19:53 UTC", "name":"Jon Doe", "age": 27, "etag":"7a9f477cde424cf93a7db20b69e05f7b680b7f08", "link":"<link rel='self' title='Contact' href='http://api.example.com/Contacts/ 4f46445fc88e201858000000' />", "_id":"4f46445fc88e201858000000", }, ] } Collection Representation the title attribute provides a tag (or description) for the linked resource. Could be used as a caption for a client button. mercoledì 4 luglio 2012

  176. { "links":[ "<link rel='parent' title='home' href='http://api.example.com/' />", "<link rel='collection' title='contacts'

    href='http://api.example.com/Contacts' />", "<link rel='next' title='next page' href='http://api.example.com/Contacts?page=2' />" ], "contacts":[ { "updated":"Wed, 06 Jun 2012 14:19:53 UTC", "name":"Jon Doe", "age": 27, "etag":"7a9f477cde424cf93a7db20b69e05f7b680b7f08", "link":"<link rel='self' title='Contact' href='http://api.example.com/Contacts/ 4f46445fc88e201858000000' />", "_id":"4f46445fc88e201858000000", }, ] } Collection Representation the href attribute provides and absolute path to the resource (the “permanent identifier” per REST def.) mercoledì 4 luglio 2012

  177. { "links":[ "<link rel='parent' title='home' href='http://api.example.com/' />", "<link rel='collection' title='contacts'

    href='http://api.example.com/Contacts' />", "<link rel='next' title='next page' href='http://api.example.com/Contacts?page=2' />" ], "contacts":[ { "updated":"Wed, 06 Jun 2012 14:19:53 UTC", "name":"Jon Doe", "age": 27, "etag":"7a9f477cde424cf93a7db20b69e05f7b680b7f08", "link":"<link rel='self' title='Contact' href='http://api.example.com/Contacts/ 4f46445fc88e201858000000' />", "_id":"4f46445fc88e201858000000", }, ] } Collection Representation every resource listed exposes its own link, which will allow the client to perform PATCH, DELETE etc. on the resource mercoledì 4 luglio 2012

  178. { "links":[ "<link rel='parent' title='home' href='http://api.example.com/' />", "<link rel='collection' title='contacts'

    href='http://api.example.com/Contacts' />", "<link rel='next' title='next page' href='http://api.example.com/Contacts?page=2' />" ], "contacts":[ { "updated":"Wed, 06 Jun 2012 14:19:53 UTC", "name":"Jon Doe", "age": 27, "etag":"7a9f477cde424cf93a7db20b69e05f7b680b7f08", "link":"<link rel='self' title='Contact' href='http://api.example.com/Contacts/ 4f46445fc88e201858000000' />", "_id":"4f46445fc88e201858000000", }, ] } Collection Representation while we are here, notice how every resource also exposes its own etag, last-modified date. mercoledì 4 luglio 2012

  179. HATEOAS The API entry point (the homepage) the API homepage

    responds to GET requests and provides links to its top level resources to the clients @app.route('/', methods=['GET']) def home(): response = {} links = [] for collection in DOMAIN.keys(): links.append("<link rel='child' title='%(name)s'" "href='%(collectionURI)s' />" % {'name': collection, 'collectionURI': collection_URI(collection)}) response['links'] = links return response mercoledì 4 luglio 2012

  180. HATEOAS The API entry point (the homepage) for every collection

    of resources... @app.route('/', methods=['GET']) def home(): response = {} links = [] for collection in DOMAIN.keys(): links.append("<link rel='child' title='%(name)s'" "href='%(collectionURI)s' />" % {'name': collection, 'collectionURI': collection_URI(collection)}) response['links'] = links return response mercoledì 4 luglio 2012

  181. HATEOAS The API entry point (the homepage) ... provide relation,

    title and link, or the persistent identifier @app.route('/', methods=['GET']) def home(): response = {} links = [] for collection in DOMAIN.keys(): links.append("<link rel='child' title='%(name)s'" "href='%(collectionURI)s' />" % {'name': collection, 'collectionURI': collection_URI(collection)}) response['links'] = links return response mercoledì 4 luglio 2012

  182. Wanna see it running? Hopefully it won’t explode right into

    my face mercoledì 4 luglio 2012

  183. Only complaint I have with Flask so far... Most recent

    HTTP methods not supported mercoledì 4 luglio 2012

  184. 508 NOT MY FAULT Not supported yet mercoledì 4 luglio

    2012

  185. 208 WORKS FOR ME Not supported yet mercoledì 4 luglio

    2012

  186. Just kidding! it isn’t even my joke! mercoledì 4 luglio

    2012

  187. Introducing My next open source project

  188. Eve Effortlessly build and deploy a fully featured proprietary API

  189. Eve is Open Source and brings at your fingertips all

    the features mentioned in this talk

  190. Check it out at https://github.com/nicolaiarocci/eve

  191. Web Resources • Richardson Maturity Model: steps toward the glory

    of REST by Richard Flowers • RESTful Service Best Practices by Todd Fredrich • What Exactly is RESTful Programming? StackOverflow (lots of resources) • API Anti-Patterns: How to Avoid Common REST Mistakes by Tomas Vitvar mercoledì 4 luglio 2012

  192. Excellent Books mercoledì 4 luglio 2012

  193. I’m getting a cut. Excellent Books I wish! mercoledì 4

    luglio 2012

  194. Thank you. @nicolaiarocci mercoledì 4 luglio 2012