MongoDB and REST APIs A Match Made in Heaven

Good Morning
Percona Live Amsterdam 2015

View Slide

Who Am I
fighting back against impostor syndrome

View Slide

Nicola Iarocci
Co-founder and CTO at CIR 2000

View Slide

Nicola Iarocci
MongoDB Master

View Slide

Nicola Iarocci
Open Source junkie
Eve •
Cerberus •
Events •
Flask-Sentinel •
Eve.NET •
Etc.

View Slide

Nicola Iarocci
Consultant
Mongo • RESTful Services • Python • My Open Source Projects

View Slide

Nicola Iarocci
CoderDojo
Coding Clubs for Kids

View Slide

MongoDB & REST APIs
A Match Made in Heaven

View Slide

Agenda

View Slide

Agenda
1. Our use case for a RESTful API

View Slide

Agenda
2. What is a RESTful API and why we need it

View Slide

Agenda
3. Why MongoDB is a good match for RESTful Services

View Slide

Agenda
4. Build and run a MongoDB RESTful Service from scratch, live on stage.

View Slide

Agenda
5. Stories from the field (if there’s any time left, which I doubt)

View Slide

The Case
for RESTful Web APIs

View Slide

Amica 10
invoicing & accounting for italian small businesses

View Slide

your old school desktop app

View Slide

what we started with
Client
LAN/SQL
Database
Desktop
Application

View Slide

Goal
A remote service that client apps can leverage to stay in sync withc each other

View Slide

What we need #1
Must be accessible by any kind of client technology

View Slide

What we need #2
Abstract the data access layer
so we can update/replace the engine at any time with no impact on clients

View Slide

What we need #3
An appropriate data storage engine

View Slide

What we need #4
Easily (re)deployable and scalable multi-micro-service architecure

View Slide

Where we want to go
Clients
“Cloud”
Database
RESTful
Web API
API
iOS
Android
Website
Desktop Client
? ?

View Slide

Constraints
• minimum viable product first
• add features over time
• frequent database schema updates
• easily scalable
• avoid downtime as much as possible
• cater upfront for a microservices architecture

View Slide

REST
So What Is REST All About?

View Slide

REST is not a standard

View Slide

REST is not a protocol

View Slide

REST is an architectural style
for networked applications

View Slide

Defines a set of simple principles
loosely followed by most API implementations

View Slide

“resource”
the source of a specific information

View Slide

A web page is not a resource
rather the representation of a resource

View Slide

“global permanent identifier”
every resource is uniquely identified. Think a HTTP URI.

View Slide

#3
standard interface
used to exchange representations of resources
(think the HTTP protocol)

View Slide

“a set of constraints”
separation of concerns, stateless, cacheability, layered system, uniform interface, etc.

View Slide

Web is built on REST
and it is meant to be consumed by humans

View Slide

RESTful APIs are built on REST
and are meant to be consumed by machines

View Slide

Representational State Transfer (REST)
by Roy Thomas Fielding
http://www.ics.uci.edu/~fielding/pubs/dissertation/rest_arch_style.htm

View Slide

Goals #1 and #2 are met
REST layer allows all kinds of client technologies and abstracts the data away

View Slide

MongoDB and REST
Or why we picked MongoDB for our REST API

View Slide

JSON transport
Most REST services and clients produce and consume use JSON

View Slide

JSON-style data store
MongoDB stores data as Binary JSON

View Slide

JSON & RESTful API
JSON
accepted media type
Client
JSON
(BSON)
Mongo
GET
maybe we can push directly to client?

View Slide

JSON & RESTful API
JSON
accepted media type
Client
JSON
(BSON)
Mongo
JSON
subset of python dict
(kinda)
API
GET
almost.

View Slide

JSON & RESTful API
JSON
objects
Client
JSON
(BSON)
Mongo
JSON/dict
maps to python dict
(validation layer)
API
POST
also works when sending data the database

View Slide

Similarity with RDBMS
makes NoSQL easy to grasp (even for a sql head like me)

View Slide

Terminology
RDBMS Mongo
Database Database
Table Collection
Rows(s) JSON Document
Index Index
Join Embedding & Linking

View Slide

What about Queries?
Queries in MongoDB are represented as JSON-style objects
db.things.find({x: 3, y: "foo”});

View Slide

Filtering and Sorting
native
Mongo
query syntax
Client
JSON
(BSON)
Mongo
(very) thin
parsing
& validation
layer
API
Expose the native MongoDB syntax?
?where={“x”: 3, “y”: “foo”}

View Slide

JSON all along the pipeline
mapping to and from the database feels more natural

View Slide

No need for ORM
No need to map objects to JSON and vice-versa (win!)

View Slide

schema-less
dynamic documents allow for painless evolution

View Slide

REST is stateless
MongoDB lacks transactions

View Slide

Ideal API Surface
Mongo collection maps to API resource endpoint
api.example.com/contacts
Maps to a Mongo collection

View Slide

Ideal API Surface
Mongo document maps to a API document endpoint
api.example.com/contacts/4f46445fc88e201858000000
Maps to a collection ObjectID

View Slide

Goal #3 is met
An appropriate data storage engine: MongoDB

View Slide

Eve
REST API for Humans™
Free and Open Source
Powered by MongoDB and Good Intentions
eve

View Slide

Philosopy
effortlessly build and deploy highly customizable, fully featured
RESTful Web Services

View Slide

Quickstart

View Slide

install
$ pip install eve

View Slide

run.py
from eve import Eve
app = Eve()
if __name__ == '__main__':
app.run()

View Slide

settings.py
# just a couple API endpoints with no custom
schema or rules.
DOMAIN = {
‘people’: {}
‘works’: {}
}

View Slide

launch
$ python run.py
* Running on http://127.0.0.1:5000/

View Slide

enjoy
HATEOAS AT WORK HERE
$ curl http://localhost:5000/people
{
"_items": [],
"_links": {
"self": {"href": "people", "title": "people"},
"parent": {“href": "/", "title": "home"},
},
"_meta": {
"max_results": 25,
"total": 0,
"page": 1
}}

View Slide

enjoy
CLIENTS CAN
EXPLORE THE API
PROGRAMMATICALLY
{
"_items": [],
"_links": {
"parent": {“href": "/", "title": “home”}
},
"_meta": {
"max_results": 25,
"total": 0,
"page": 1
}}

View Slide

{
"_items": [],
"_links": {
},
"_meta": {
"max_results": 25,
"total": 0,
"page": 1
}}
enjoy
AND EVENTUALLY FILL THE UI

View Slide

enjoy
{
"_items": [],
"_links": {
},
"_meta": {
"max_results": 25,
"total": 0,
"page": 1
}}
PAGINATION DATA

View Slide

enjoy
EMTPY RESOURCE
AS WE DID NOT
CONNECT A DATASOURCE
{
"_items": [],
"_links": {
},
"_meta": {
"max_results": 25,
"total": 0,
"page": 1
}}

View Slide

settings.py
# let’s connect to a mongo instance
MONGO_HOST = 'localhost'
MONGO_PORT = 27017
MONGO_USERNAME = 'user'
MONGO_PASSWORD = 'user'
MONGO_DBNAME = 'percona'

View Slide

settings.py
# let’s also add a few validation rules
DOMAIN['people']['schema'] = {
'name': {
'type': 'string’,
'maxlength': 50,
'unique': True},
'email': {
'type': 'string',
'regex': '^\[email protected]\S+$'},
'location': {
'type': 'dict',
'schema': {
'address': {'type': 'string'},
'city': {'type': 'string’}}},
'born': {'type': 'datetime'}}
UNIQUE STRING,
MAX LENGTH 50

View Slide

settings.py
'name': {
'type': 'string',
'maxlength': 50,
'unique': True},
'email': {
'type': 'string',
'location': {
'type': 'dict',
'schema': {
ONLY ACCEPT
VALID EMAILS

View Slide

settings.py
'name': {
'type': 'string’,
'maxlength': 50,
'unique': True},
'email': {
'type': 'string',
'location': {
'type': 'dict',
'schema': {
THIS REGEX SUCKS! 
DON’T USE
IN PRODUCTION

View Slide

settings.py
'name': {
'type': 'string',
'maxlength': 50,
'unique': True},
'email': {
'type': 'string',
'location': {
'type': 'dict',
'schema': {
SUBDOCUMENT WITH
2 STRING FIELDS

View Slide

settings.py
'name': {
'type': 'string’,
'maxlength': 50,
'unique': True},
'email': {
'type': 'string',
'location': {
'type': 'dict',
'schema': {
ONLY ACCEPT
DATETIME VALUES

View Slide

settings.py
# allow write access to API endpoints
# (default is [‘GET’] for both settings)
# /people
RESOURCE_METHODS = ['GET','POST']
# /people/
ITEM_METHODS = ['GET','PATCH','PUT','DELETE']
ADD/CREATE ONE OR MORE ITEMS

View Slide

settings.py
# /people
# /people/
EDIT ITEM

View Slide

settings.py
# /people
# /people/
REPLACE ITEM

View Slide

settings.py
# /people
# /people/
YOU GUESSED IT

View Slide

settings.py
CLIENT UI
# a few optional config options
DOMAIN['people'].update(
{
'item_title': 'person',
'cache_control':'max-age=10,must-revalidate',
'cache_expires': 10,
'additional_lookup': {
'url’: 'regex("[\w]+")',
'field’: 'name'}
}
}
)

View Slide

settings.py
CLIENT CACHE OPTIONS
{
'url’: 'regex("[\w]+")',
'field’: 'name'}
}
}
)

View Slide

settings.py
ALTERNATE ENDPOINT
{
'url’: 'regex("[\w]+")',
'field’: 'name'}
}
}
)

View Slide

Features Overview
We are going to focus on MongoDB power-ups

View Slide

full range of CRUD operations
Create/POST
Read/GET
Update/PATCH and Replace/PUT
Delete/DELETE

View Slide

filters, mongo style
?where={“name”: “john”}

View Slide

filters, the python way
?where=name==john

View Slide

sorting
?sort=city,-name
SORT BY CITY, THEN NAME DESCENDING

View Slide

projections
?projection={"avatar": 0}
RETURN ALL FIELDS BUT ‘AVATAR’

View Slide

projections
?projection={"lastname": 1}
ONLY RETURN ‘LASTNAME’

View Slide

pagination
?max_results=20&page=2
MAX 20 RESULTS PER PAGE; PAGE 2

View Slide

GeoJSON
support and validation for all GeoJSON types
Point, LineString, Polygon, MultiPoint,
MultiLineString, MultiPolygon, GeometricalCollection

View Slide

document embedding
joins

View Slide

standard request
$ curl example.com/works/
{ 
"title": "Book Title", 
"description": "book description", 
"author": “52da465a5610320002660f94" 
}
RAW FOREIGN KEY
(DEFAULT)

View Slide

request an embedded document
$ curl example.com/works/?embedded={“author”: 1}
{ 
"author": { 
“firstname”: “Mark”, 
“lastname”: “Green”, 
} 
}
REQUEST EMBEDDED AUTHOR

View Slide

embedded document
$ curl example.com/works/?embedded={“author”: 1}
{ 
"author": { 
“firstname”: “Mark”, 
“lastname”: “Green”, 
} 
}
# embedding is configurable on per-field basis and
# can be pre-set by API maintainer
EMBEDDED DOCUMENT

View Slide

bulk inserts
insert multiple documents with a single request

View Slide

request
$ curl -d ‘
[
{
"firstname": "barack",
"lastname": “obama"
},
{
"firstname": "mitt",
"lastname": “romney”
}
]'
-H 'Content-Type: application/json’

View Slide

response
[
{
"_status": "OK",
"_updated": "Thu, 22 Nov 2012 15:22:27 GMT",
"_id": "50ae43339fa12500024def5b",
"_etag": "749093d334ebd05cf7f2b7dbfb7868605578db2c"
"_links": {"self": {"href": “”, "title": "person"}}
},
{
"_status": "OK",
"_id": "50ae43339fa12500024def5c",
"_etag": "62d356f623c7d9dc864ffa5facc47dced4ba6907"
"_links": {"self": {"href": “", "title": "person"}}
}
] COHERENCE MODE OFF: ONLY META FIELDS ARE RETURNED

View Slide

response
[
{
"_status": "OK",
"_id": "50ae43339fa12500024def5b",
"_etag": "749093d334ebd05cf7f2b7dbfb7868605578db2c"
"_links": {"self": {"href": “”, "title": “person”}},
"firstname": "barack",
"lastname": "obama",
},
{
"_status": "OK",
"_id": "50ae43339fa12500024def5c",
"_etag": "62d356f623c7d9dc864ffa5facc47dced4ba6907"
"_links": {"self": {"href": “", "title": "person"}}
"firstname": "mitt",
"lastname": "romney",
}
]
COHERENCE MODE ON: ALL FIELDS RETURNED

View Slide

document versioning
?version=3
?version=all
?version=diffs

View Slide

soft deletes
preserve deleted documents and retrieve them with a simple
?show_deleted

View Slide

file storage
files are stored in GridFS by default; customizable for S3, file system, etc.

View Slide

data validation
powerful and extensible data validation powered by Cerberus

View Slide

rich validation grammar
referentrial integrity / unique values / defaults / regex / etc.

View Slide

custom data types
create your own data types to validate against

View Slide

custom validation logic
extended the validation system to cater for specific use cases

View Slide

multi database
serve endpoints and/or users from dedicated mongos

View Slide

index maintenance
define sets of resource indexes to be (re)created at launch
supports sparse, geo2d and background indexes

View Slide

event hooks
plug custom actions in the request/response cycle

View Slide

run.py
from eve import Eve
app = Eve()
def percona(resource, response):
documents = response['_items']
for document in documents:
document['percona'] = 'is so cool!'
if __name__ == '__main__':
app.on_fetched_resource += percona_live
app.run()
CALLBACK FUNCTION

View Slide

run.py
from eve import Eve
app = Eve()
if __name__ == '__main__':
app.run()
LOOP ON ALL DOCUMENTS

View Slide

run.py
from eve import Eve
app = Eve()
if __name__ == '__main__':
app.run()
INJIECT FIELD

View Slide

run.py
from eve import Eve
app = Eve()
if __name__ == '__main__':
app.run()
ATTACH CALLBACK TO
EVENT HOOK

View Slide

rate limiting
powered

View Slide

settings.py
# Rate limit on GET requests:
RATE_LIMIT_GET = (1, 60)
ONE REQUEST PER MINUTE (CLIENT)

View Slide

$ curl -i
HTTP/1.1 200 OK
X-RateLimit-Limit: 1
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1390486659
rate limited request
CURRENT LIMIT

View Slide

$ curl -i
HTTP/1.1 200 OK
REMAINING

View Slide

$ curl -i
HTTP/1.1 200 OK
TIME TO RESET

View Slide

$ curl -i
HTTP/1.1 429 TOO MANY REQUESTS
OUCH!

View Slide

operations log
log all operations and eventually expose a dedicated endpoint

View Slide

HATEOAS
Hypermedia As Engine Of The Application State

View Slide

XML support
$ curl -H ”Accept: application/xml” -i http://example.com/people

<_created>Fri, 18 Sep 2015 13:41:37 GMT
<_etag>5d057712ce792ebb4100b96aa98bfe9b6693c07b
<_id>55fc149138345b0880f07e3d
<_updated>Fri, 18 Sep 2015 13:41:37 GMT
[email protected]
john

View Slide

conditional requests
allow clients to only request non-cached content

View Slide

If-Modified-Since
If-Modified-Since: Wed, 05 Dec 2012 09:53:07 GMT
ONLY RETURN DOCUMENT IF MODIFIED SINCE

View Slide

If-None-Match
If-None-Match:1234567890123456789012345678901234567890
>
ONLY RETURN DOCUMENT ETAG CHANGED

View Slide

data integrity and concurrency
no overwriting documents with obsolete versions

View Slide

missing ETag
# fails, as there is no ETag included with request
$ curl \
-X PATCH \
-i http://example.com/people/521d6840c437dc0002d1203c \
-H "Content-Type: application/json" \
-d '{"name": “ronald"}'
HTTP/1.1 403 FORBIDDEN
NO ETAG
REJECTED

View Slide

ETag mismatch
# fails, as ETag does not match with server
$ curl \
-X PATCH \
-i http://example.com/people/521d6840c437dc0002d1203c \
-H "If-Match: 1234567890123456789012345678901234567890" \
-H "Content-Type: application/json” \
-d '{"firstname": "ronald"}'
HTTP/1.1 412 PRECONDITION FAILED
ETAG MISMATCH
REJECTED

View Slide

valid ETag
# success at last! ETag matches with server
$ curl \
-X PATCH \
-i http://example.com/people/50adfa4038345b1049c88a37 \
-H "If-Match: 80b81f314712932a4d4ea75ab0b76a4eea613012" \
-H "Content-Type: application/json" \
-d '{"firstname": "ronald"}'
HTTP/1.1 200 OK
# Like most of features, ETags can be disabled.
ETAG MATCH
ACCEPTED

View Slide

custom data layers
build your own data layer

View Slide

authentication and authorization
basic / token / hmac / BYO / OAuth2 / you name it

View Slide

and (a lot) more
CORS, cache control, API versioning, JOSNP, Etc.

View Slide

vibrant community
90+ contributors / 350+ forks / 2500+ github stargazers

View Slide

Eve-Docs
automatic documentation for Eve APIs in both HTML and JSON
CHARLES FLYNN

View Slide

Eve-Docs

View Slide

Eve-Elastic
Elasticsearch data layer for your Eve-powered API
PETR JASEK

View Slide

Eve-SQLAlchemy
SQL data layer for Eve-powered APIs
PETR JASEK

View Slide

Eve-Mongoengine
enables mongoengines data models to be used as Eve schema
STANISLAV HELLER

View Slide

Eve.NET
HTTP and REST client for Eve-powered APIs
PETR JASEK

View Slide

Eve-OAuth2
leverage Flask-Sentinel to protect your API endpoints with OAuth2
THOMAS SILEO

View Slide

REST Layer
“golang REST API framework heavily inspired by Python Eve”
THOMAS SILEO

View Slide

Goal # 4 achieved
easy to setup, launch and scale up; also a good fit for microservices infrastracture

View Slide

A look back to initial draft
Clients
“Cloud”
Database
RESTful
Web API
API
iOS
Android
Website
Desktop Client
? ?

View Slide

Clients
Multiple
MongoDBs
Database
Adam
eve instances
API
iOS
Android
Website
Desktop Client
what we have in production

View Slide

stories from the trenches
#1. when too much (magic) is too much
#2. sometimes you don’t want to debug
#3. so how do I login into this thing?

View Slide

Take Aways

View Slide

Enhance MongoDB
with powerful features on top of native engine
validation, document embedding (joins), referential integrity,
document versioning, transformations, rate limiting, etc.

View Slide

Consider the REST layer
as an ideal data access layer
the story of pymongo 3.0 breaking changes
mongo or sql or elastic or …

View Slide

Consider the REST layer
as an ideal data access layer
the story of Adam dashboards

View Slide

Consider Microservices
leverage Eve features create a network of isolated yet standardized services
 
each service has a dedicated role
runs as an eve instance, with its own configuration
has its own database(s)
callbacks route traffic between services

View Slide

Clients
User-reserved
MongoDBs
eve-multidb
Data
Auth
eve-oauth2
(ﬂask-sentinel)
API
iOS
Android
Website
Desktop Client
Adam 1
Adam
eve instance
Redis
auth tokens,
rate limiting
Auth/Users
MongoDB

View Slide

Clients
service-
reserved
MongoDBs
Data
Auth
eve-oauth2,
ﬂask-sentinel
API
iOS
Android
Website
Desktop Client
Adam 2
Adam
eve instance
Redis
auth tokens,
rate limiting
Services
eve instances
Auth/Users
MongoDB
very simplified

View Slide

thanks
nicolaiarocci
python-eve.org
eve

View Slide

MongoDB and REST APIs A Match Made in Heaven

MongoDB and REST APIs A Match Made in Heaven

Nicola Iarocci

More Decks by Nicola Iarocci

Other Decks in Technology

Featured

Transcript