Eve - REST API for Humans™

REST API FOR HUMANS
eve
REST WEB API
eve

View Slide

NICOLA IAROCCI
Co-Founder @ CIR2000
Lead Developer @ gestionaleamica.com
Microsoft MVP
MongoDB Master
Open Source Author
CoderDojo
DevRomagna
@nicolaiarocci / nicolaiarocci.com / [email protected]

View Slide

EVE IS POWERED BY

View Slide

View Slide

QUICKSTART

View Slide

RUN.PY
from eve import Eve
app = Eve()
app.run()

View Slide

SETTINGS.PY
# just a couple API endpoints with no
# custom options and validation rules
DOMAIN = {
'people': {}
'books': {}
}

View Slide

LAUNCH THE API
$ python run.py
* Running on http://127.0.0.1:5000/

View Slide

TEST YOUR API
$ curl -i http://localhost:5000/
{
"_items": [],
"_links": {
"self": {
"href": "127.0.0.1:5000/people",
"title": "people" },
"parent": {
"href": "127.0.0.1:5000",
"title": "home"}
}
}

View Slide

{
"_items": [],
"_links": {
"self": {
"href": "127.0.0.1:5000/people",
"parent": {
"href": "127.0.0.1:5000",
"title": "home"}
}
}
HATEOAS AT WORK HERE
TEST YOUR API

View Slide

{
"_items": [],
"_links": {
"self": {
"href": "127.0.0.1:5000/people",
"parent": {
"href": "127.0.0.1:5000",
"title": "home"}
}
}
TEST YOUR API
CLIENTS CAN EXPLORE THE API PROGRAMMATICALLY

View Slide

{
"_items": [],
"_links": {
"self": {
"href": "127.0.0.1:5000/people",
"parent": {
"href": "127.0.0.1:5000",
"title": "home"}
}
}
TEST YOUR API
AND EVENTUALLY FILL THEIR UI

View Slide

{
"_items": [],
"_links": {
"self": {
"href": "127.0.0.1:5000/people",
"parent": {
"href": "127.0.0.1:5000",
"title": "home"}
}
}
EMTPY RESOURCE AS WE DIDN’T CONNECT ANY DATASOURCE
TEST YOUR API

View Slide

SETTINGS.PY
# connect to mongo
MONGO_HOST = 'localhost'
MONGO_PORT = 27017
MONGO_USERNAME = 'user'
MONGO_PASSWORD = 'pw'
MONGO_DBNAME = 'apitest'
# or (better):
MONGO_URI = ‘mongodb://user:[email protected]:27017/apitest'

View Slide

DEMO TIME!

View Slide

# add fields and validation rules for 'people' endpoint
DOMAIN['people']['schema'] = {
'name': {
'type': 'string',
'maxlength': 50,
'unique': True}
'email': {
'type': 'string',
'regex': '^\[email protected]\S+$'},
'location': {
'type': 'dict',
'schema': {
'address': {'type': 'string'},
'city': {'type': 'string'}}},
'born': {'type': 'datetime'}}
USE BETTER REGEX IN PRODUCTION
SETTINGS.PY

View Slide

SETTINGS.PY
# enable writes. default is ['GET']
# /people
RESOURCE_METHODS = ['GET','POST']
# /people/
ITEM_METHODS = ['GET','PATCH','PUT','DELETE']

View Slide

# /people
# /people/
SETTINGS.PY
ADD/CREATE ONE OR MORE ITEMS

View Slide

# /people
# /people/
SETTINGS.PY
UPDATE DOCUMENT

View Slide

# /people
# /people/
SETTINGS.PY
REPLACE DOCUMENT

View Slide

# /people
# /people/
SETTINGS.PY
YOU GUESSED IT

View Slide

SETTINGS.PY
# a few additional configuration options
DOMAIN['people'].update(
{
'item_title': 'person',
'cache_control': 'max-age=10,must-revalidate',
'cache_expires': 10,
'additional_lookup': {
'url': 'regex("[\w]+")',
'field': 'name'
}
)

View Slide

FEATURES

View Slide

MONGO FILTERS
?where={“lastname”: “Doe”}

View Slide

PYTHON FILTERS
?where=lastname==“Doe”

View Slide

SORTING
?sort=-total
SORT BY ‘TOTAL’, DESCENDING
DEMO

View Slide

SORTING
?sort=[(“total”: -1)]
SAME, MONGODB-STYLE

View Slide

PAGINATION
?max_results=20&page=2
MAX 20 RESULTS/PAGE; PAGE 2

View Slide

PROJECTIONS
?projection={"avatar": 0}
RETURN ALL FIELDS BUT ‘AVATAR’

View Slide

PROJECTIONS
?projection={"lastname": 1}
ONLY RETURN ‘LASTNAME’

View Slide

EMBEDDED RESOURCES
?embedded={"author": 1}
DEMO

View Slide

NOT EMBEDDED
$ curl -i
HTTP/1.1 200 OK
{
"title": "Book Title",
"description": "book description",
"author": "52da465a5610320002660f94"
}
RAW FOREIGN KEY

View Slide

EMBEDDED
$ curl -i ?embedded={"author": 1}
HTTP/1.1 200 OK
{
"author": {
"firstname": "Mark",
"lastname": "Green",
}
}
REQUEST EMBEDDED AUTHOR

View Slide

EMBEDDED
$ curl -i ?embedded={"author": 1}
HTTP/1.1 200 OK
{
"author": {
}
}
EMBEDDED DOCUMENT

View Slide

JSON AND XML
SERIALIZATION FOR ALL RESPONSES
DEMO

View Slide

APPLICATION/JSON
[
{
"born": "Sat, 23 Feb 1985 12:00:00 GMT",
"role": ["copy", "author"],
"location": {"city": "New York", "address": "4925 Lacross Road"},
"_id": "50bf198338345b1c604faf31",
"_updated": "Wed, 05 Dec 2012 09:53:07 GMT",
"_created": "Wed, 05 Dec 2012 09:53:07 GMT",
"_etag": "ec5e8200b8fa0596afe9ca71a87f23e71ca30e2d",
},
{
"firstname": "John",
...
},
]

View Slide

[
{
"born": "Sat, 23 Feb 1985 12:00:00 GMT",
"role": ["copy", "author"],
"location": {"city": "New York", "address": "4925 Lacross Road"},
"_id": "50bf198338345b1c604faf31",
"_updated": "Wed, 05 Dec 2012 09:53:07 GMT",
"_created": "Wed, 05 Dec 2012 09:53:07 GMT",
"_etag": "ec5e8200b8fa0596afe9ca71a87f23e71ca30e2d",
},
{
"firstname": "John",
...
},
]
APPLICATION/JSON
METAFIELDS ARE CUSTOMIZABLE

View Slide

APPLICATION/XML

Green
Mark
Wed, 05 Dec 2012 09:53:07 GMT
author
copy

4925 Lacross Road
New York

<_id>50bf198338345b1c604faf31
Wed, 05 Dec 2012 09:53:07 GMT
Sat, 18 Jan 2014 09:16:10 GMT
ec5e8200b8fa0596afe9ca71a87f23e71ca30e2d

...

View Slide

HATEOAS
HYPERMEDIA AS THE ENGINE OF APPLICATION STATE

View Slide

HATEOAS
{
"_links": {
"self": {
"href": "/people",
"parent": {
"href": "/",
"title": "home"},
"next": {
"href": "/people?page=2",
"title": "next page"},
"last": {
"href": "/people?page=10",
"title": "last page"}
}
}

View Slide

DOCUMENT VERSIONS
?version=3
?version=all
?version=diffs

View Slide

FILE STORAGE
FILES ARE STORED IN GRIDFS BY DEFAULT

View Slide

FILE STORAGE / SETTINGS
accounts = {
"name": {"type": "string"},
"pic": {"type": "media"},
}

View Slide

FILE UPLOAD
$ curl F "name=doe" -F "[email protected]"
HTTP/1.1 200 OK
$ curl -i
HTTP/1.1 200 OK
{
"name": "john",
"pic": "/9j/4QAYRXhpZgAASUkqAAgAAAAAAAAAâ€¦"
}
MULTIPART/DATA-FORM POST

View Slide

FILE UPLOAD
$ curl F "name=doe" -F "[email protected]"
HTTP/1.1 200 OK
$ curl -i
HTTP/1.1 200 OK
{
"name": "john",
"pic": "/9j/4QAYRXhpZgAASUkqAAgAAAAAAAAA…"
}
FILES RETURNED AS BASE64 STRINGS

View Slide

FILE STORAGE (WITH META)
$ curl -i
HTTP/1.1 200 OK
{
"name": "john",
"pic": {
"file": "/9j/4QAYRXhpZgAASUkqAAgAAAAAAAAA",
"content_type": "image/jpeg",
"name": "profile.jpg",
"length": 8129
}
}
EXTENDED_MEDIA_INFO: [‘content_type, ‘name’, ‘length’]

View Slide

FILE STORAGE (DEDICATED ENDPOINT)
$ curl -i
HTTP/1.1 200 OK
{
"name": "john",
"pic": "/media/profile.jpg"
}
}
RETURN_MEDIA_AS_URL = True
MEDIA_ENDPOINT = "media"

View Slide

RATE LIMITING
POWERED

View Slide

RATE LIMITING / SETTINGS
# Set rate limit on GET requests:
# 1 requests 1 minute window (per client)
RATE_LIMIT_GET = (1, 60)

View Slide

RATE LIMITING / FIRST REQUEST
$ curl -i
HTTP/1.1 200 OK
X-RateLimit-Limit: 1
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1390486659

View Slide

RATE LIMITING / SECOND REQUEST
$ curl -i
HTTP/1.1 429 TOO MANY REQUESTS

View Slide

CONDITIONAL REQUESTS
ALLOW CLIENTS TO ONLY REQUEST NON-CACHED CONTENT
DEMO

View Slide

IF-MODIFIED-SINCE
If-Modified-Since: Wed, 05 Dec 2012 09:53:07 GMT
“Return document is changed since , or 304”

View Slide

IF-NONE-MATCH
If-None-Match:1234567890123456789012345678901234567890
“Return data if it has changed (ETAG differs from mine), or 304”
>

View Slide

BULK INSERTS
INSERT MULTIPLE DOCUMENTS WITH A SINGLE REQUEST
DEMO

View Slide

BULK INSERTS / REQUEST
$ curl -d '
[
{
"firstname": "barack",
"lastname": "obama"
},
{
"firstname": "mitt",
"lastname": "romney"
}
]'
-H 'Content-Type: application/json'

View Slide

BULK INSERTS / RESPONSE
[
{
"_status": "OK",
"_updated": "Thu, 22 Nov 2012 15:22:27 GMT",
"_id": "50ae43339fa12500024def5b",
"_etag": "749093d334ebd05cf7f2b7dbfb7868605578db2c"
"_links": {"self": {"href": "", "title": "person"}}
},
{
"_status": "OK",
"_id": "50ae43339fa12500024def5c",
"_etag": "62d356f623c7d9dc864ffa5facc47dced4ba6907"
}
]
COHERENCE MODE OFF: ONLY META FIELDS ARE RETURNED

View Slide

BULK INSERTS / RESPONSE
[
{
"_status": "OK",
"_id": "50ae43339fa12500024def5b",
"_etag": "749093d334ebd05cf7f2b7dbfb7868605578db2c"
"_links": {"self": {"href": "", "title": }},
"firstname": "barack",
"lastname": "obama",
…
},
{
"_status": "OK",
"_id": "50ae43339fa12500024def5c",
"firstname": "mitt",
"lastname": "romney",
…
}
] COHERENCE MODE ON: ALL FIELDS RETURNED

View Slide

DATA INTEGRITY AND
CONCURRENCY CONTROL
NO OVERWRITING OF ANY DOCUMENT WITH OBSOLETE VERSIONS
DEMO

View Slide

DATA INTEGRITY AND CONSISTENCY
$ curl -X PATCH -i
-d '{"firstname": "ronald"}'
HTTP/1.1 428 PRECONDITION REQUIRED
IF-MATCH MISSING

View Slide

$ curl -X PATCH -i
-H "If-Match: "
HTTP/1.1 412 PRECONDITION FAILED
ETAG MISMATCH

View Slide

$ curl -X PATCH -i
-H "If-Match: 206fb4a39815cc0ebf48b2b52d7…”
HTTP/1.1 200 OK
UPDATE ALLOWED AS CLIENT AND SERVER ETAG ARE MATCHING

View Slide

DATA VALIDATION
[
{
"_status": "ERR",
"_issues": {"name": "value 'clinton' not unique"}
},
{
"_status": "OK",
"_id": "50ae43339fa12500024def5c",
"_links": {
"self": {
"href": "",
"title": "person"
}
}
}
]
powered by
Cerberus
python-cerberus.org

View Slide

GEOJSON
SUPPORT AND VALIDATION FOR GEOJSON TYPES
POINT, LINE-STRING, POLYGON, MULTI-POINT,
MULTILINE-STRING, MULTI-POLYGON, GEOMETRICAL COLLECTION

View Slide

AUTHENTICATION AND AUTHORIZATION
BASIC, TOKEN AND HMAC AUTH SUPPORTED

View Slide

RUNS ON ALL PYTHONS
2.7 / 3.4+ / PYPY 3

View Slide

AND MUCH MORE
CORS / CACHE CONTROL / OPLOG / SOFT DELETES
LOGGING / CUSTOM ID FIELDS / JSONP / MULTI-DB / AGGREGATION / ETC.

View Slide

BSD LICENSED
USE IN BOTH OPEN SOURCE AND COMMERCIAL

View Slide

DEVELOPERS

View Slide

CUSTOM DATA LAYERS
BUILD YOUR OWN DATA LAYER

View Slide

SQL ALCHEMY

View Slide

ELASTICSERCH

View Slide

AUTHENTICATION
BASIC | TOKEN | HMAC
DEMO

View Slide

SECURITY AT A GLANCE
• global authentication
• endpoint authentication
• public enpoints and methods
• role based access control
• user restricted resource access

View Slide

THREE STEPS
AUTH TUTORIAL

View Slide

ONE.
IMPORT BASE AUTH CLASS

View Slide

TWO.
OVERRIDE CHECK_AUTH() METHOD

View Slide

THREE.
PASS CUSTOM CLASS TO THE EVE APP

View Slide

CUSTOM VALIDATION
EXTEND THE BUILT-IN VALIDATION SYSTEM

View Slide

CUSTOM VALIDATION
• add custom data types
• add custom validation logic
• normalization

View Slide

EVENT HOOKS
PLUG CUSTOM ACTIONS INTO THE API LOOP
DEMO

View Slide

EVENT HOOKS AT A GLANCE
• POST on_insert/on_inserted
• GET on_fetch/on_fetched
• PATCH on_update/on_updated
• PUT on_replace/on_replaced
• DELETE on_delete/on_deteled
• on_pre_; on_post_

View Slide

TRANSFORM INCOMING DOCUMENTS

View Slide

EVE IS FLASK
‘CLASSIC’ FLASK POWER IS AT YOUR FINGERTIPS
DEMO

View Slide

FLASK AT YOUR FINGERTIPS
from eve import Eve
app = Eve()
# add a regular Flask endpoint
@app.route('/hello')
def hello_world():
return 'Hello World!'
if __name__ == '__main__':
app.run()

View Slide

FLASK AT YOUR FINGERTIPS
from eve import Eve
from eve.auth import requires_auth
app = Eve()
# add Eve auth to Flask endpoint
@app.route('/hello')
@requires_auth('resource')
def hello_world():
return 'Hello World!'
if __name__ == '__main__':
app.run()

View Slide

CUSTOM FILE STORAGE
CUSTOM STORAGE CLASSES: S3 / FILE SYSTEM / ETC.

View Slide

COMMUNITY

View Slide

EVE-SWAGGER
SWAGGER FOR EVE

View Slide

EVE-SWAGGER

View Slide

EVE-SQLALCHEMY
SQL DATA LAYER FOR EVE

View Slide

EVE-ELASTIC
ELASTICSEARCH DATA LAYER FOR EVE REST FRAMEWORK

View Slide

EVE.NET
CROSS PLATFORM ASYNC C# CLIENT FOR .NET APPS
PETR JASEK

View Slide

EVE-AUTH-JWT
OAUTH 2.0 JWT VALIDATION AUTHENTICATION
THOMAS SILEO

View Slide

FLASK-SENTINEL
OAUTH2 SERVER
THOMAS SILEO

View Slide

{137: }
Bryan Cattle Christoph Witzany Daniele Pizzolli
dccrazyboy Dong Wei Ming Florian Rathgeber Francisco
Corrales Morales Garrin Kimmell Gianfranco Palumbo Jaroslav
Semančík Jean Boussier John Deng Jorge Puente Sarrín
Josh Villbrandt Julien Barbot Ken Carpenter Kevin
Bowrin Kracekumar Nicolas Bazire Nicolas Carlier Ondrej
Slinták Petr Jašek Paul Doucet Robert Wlodarczyk Roberto Pasini
Ronan Delacroix Roy Smith Ryan Shea Samuel Sutch
Stanislav Heller Thomas Sileo Tomasz Jezierski Xavi Cubillas

View Slide

PYTHON-EVE.ORG
eve
REST WEB API
eve
@nicolaiarocci / nicolaiarocci.com / [email protected]
thanks!

View Slide

View Slide

Eve - REST API for Humans™

Eve - REST API for Humans™

Nicola Iarocci

More Decks by Nicola Iarocci

Other Decks in Programming

Featured

Transcript