Upgrade to Pro — share decks privately, control downloads, hide ads and more …

API Pain Points - PHP Argentina 2014

Phil Sturgeon
November 07, 2014
Programming
2
590

API Pain Points - PHP Argentina 2014

A look at some ways to avoid doing dumb things with your API that will haunt you later.

Phil Sturgeon

November 07, 2014
Tweet

More Decks by Phil Sturgeon

See All by Phil Sturgeon
What They Should Tell You About API Development
philsturgeon
2
620
Building Extraordinary Packages
philsturgeon
1
530
API Pain Points - Lone Star PHP 2015
philsturgeon
4
640
API Pain Points - ConFoo 2015
philsturgeon
2
1k

Other Decks in Programming

See All in Programming
第1回 AWSとGitHub勉強会 - キックオフ -
ogiwarat
0
150
WebViewと向き合う
mkeeda
1
160
Software Architecture
hschwentner
6
1.6k
Twillio SDKをFlutterアプリに統合した話/twilio-in-flutter
minma_curama
0
130
第2回 AWSとGitHub勉強会 - CodespacesとHelidonの利用 -
ogiwarat
0
150
個人開発のiOSアプリでUI/UXを標準に寄せてみた / 20230919_orochi
uhooi
0
370
外部APIとズブズブな開発どうしてますか?
kin29
1
330
2023/09/23 「AIキャラクターの言動に深みを持たせる」
sr2mg4
1
590
Jakarta EE Guide for Spring Developers
ivargrimstad
0
740
なぜ自社ではスクラムがうまくいかないのか アジャイルコーチと考える、スクラムのアンチパターン / Why Scrum doesn't work in my company?
daipresents
1
340
ZennにみるCloudRunとBigQueryによるアプリケーション構築 / zenn-cloudrun-bigquery-serverless
wadayusuke
13
3.6k
4 Patterns to Jumpstart your Event-Driven Architecture Journey @ Current 2023, San Jose California
hpgrahsl
0
140

Featured

See All Featured
A designer walks into a library…
pauljervisheath
199
17k
Build The Right Thing And Hit Your Dates
maggiecrowley
23
1.7k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
41
11k
Being A Developer After 40
akosma
52
580k
Adopting Sorbet at Scale
ufuk
66
8.1k
GitHub's CSS Performance
jonrohan
1021
440k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
33
8.6k
Build your cross-platform service in a week with App Engine
jlugia
223
17k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
123
30k
The Cult of Friendly URLs
andyhume
71
5.3k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
15
1.6k
Building Better People: How to give real-time feedback that sticks.
wjessup
349
18k

Transcript

  1. A P I PA I N - P O I N T S
    G E T T I N G T H I N G S W R O N G F O R F U N A N D P R O F I T
    @ P H I L S T U R G E O N # P H P C O N FA R

    View Slide

  2. View Slide

  3. View Slide

  4. View Slide

  5. View Slide

  6. View Slide

  7. A R C H I T E C T U R E
    O L D S C H O O L

    View Slide

  8. View Slide

  9. http://girlsgotsole.com/blog/thankful-thursday-rest-days/

    View Slide

  10. D ATA B A S E S E E D I N G
    L E A V E Y O U R C U S T O M E R S A L O N E

    View Slide

  11. E N D P O I N T T H E O RY
    N A M I N G T H I N G S I S H A R D

    View Slide

  12. P L U R A L V S I N G U L A R ?
    C O N S I S T E N C Y I S K I N G
    /user/23
    /users

    View Slide

  13. P L U R A L V S I N G U L A R ?
    C O N S I S T E N C Y I S K I N G
    /opportunity/43
    /opportunities

    View Slide

  14. P L U R A L V S I N G U L A R ?
    C O N S I S T E N C Y I S K I N G
    /person/dave
    /people

    View Slide

  15. P L U R A L V S I N G U L A R ?
    C O N S I S T E N C Y I S K I N G
    /places
    /places/12
    /places/12/checkins
    /places/12/checkins/34
    /checkins/34

    View Slide

  16. N O N E E D F O R S E O
    Q U E RY S T R I N G S A R E F I N E
    /users/active/true
    /users?active=true

    View Slide

  17. A U T O - I N C R E M E N T = B A D
    C T R L + S Y O U R W E B S I T E
    /checkins/1
    /checkins/2
    /checkins/2369

    /checkins/3

    View Slide

  18. A U T O - I N C R E M E N T = B A D
    C T R L + S Y O U R W E B S I T E
    github.com/zackkitzmiller/tiny-php
    $tiny = new \ZackKitzmiller\Tiny('lDpuU74QNH6B');
    !
    echo $tiny->to(5);
    // E
    !
    echo $tiny->from('E');
    // 5

    View Slide

  19. A U T O - I N C R E M E N T = B A D
    C T R L + S Y O U R W E B S I T E
    !
    use Rhumsaa\Uuid\Uuid;
    use Rhumsaa\Uuid\Exceptio
    !
    $uuid4 = Uuid::uuid4();
    !
    echo $uuid4;
    // 25769c6c-d34d-4bfe-ba98-e0ee856f3e7a
    github.com/ramsey/uuid

    View Slide

  20. W H I C H M E T H O D S
    V E R B S O U P
    List GET /users
    Read GET /users/X
    Update PUT /users/X
    Update PATCH /users/X
    Create POST /users
    Delete DELETE /users/X
    Image PUT /users/X/image
    Images POST /users/X/images
    Favourites GET /users/X/images

    View Slide

  21. H T T P V E R B S M AT T E R
    H O N E S T LY
    Dont be @jamiehannaford.
    That sounds like a bad day.

    View Slide

  22. P I C K T H E R I G H T F O R M AT
    B E F O R E Y O U S E T O U T

    View Slide

  23. F O R M PAY L O A D S
    J U S T S E N D J S O N
    foo=something&bar[baz]=thing

    &bar[stuff]=junk&bar=true

    23

    View Slide

  24. H A C K Y PAY L O A D S
    N O T L I K E T H A T

    View Slide

  25. R E A L J S O N PAY L O A D S
    T H N X !

    View Slide

  26. R E A D I N G R E A L D ATA I S E A S Y
    T H E H T T P WA Y
    Lazy
    $_POST[‘foo’];
    Proper
    json_decode(file_get_contents(‘php://input'));
    Proper in Laravel
    Input::json(‘foo’);

    View Slide

  27. E R R O R M E S S A G E S
    B E I N G W R O N G C O R R E C T LY
    http://www.funcage.com/blog/page/439/

    View Slide

  28. View Slide

  29. 2 0 0 I S N O T T H E O N LY S U C C E S S
    K N O W Y O U R C O D E S
    if ($statusCode != 200) {
    throw new Exception('AAGHH!!');
    }

    View Slide

  30. 2xx is all about success
    3xx is all about redirection
    4xx is all about client errors
    5xx is all about service errors

    View Slide

  31. 200 - Generic everything is OK
    201 - Created something OK
    202 - Accepted but is being processed async
    400 - Bad Request (Validation?)
    401 - Unauthorized
    403 - Current user is forbidden
    404 - That URL is not a valid route
    405 - Method Not Allowed
    410 - Data has been deleted, deactivated, suspended, etc
    500 - Something unexpected happened and it is the APIs fault
    503 - API is not here right now, please try again later

    View Slide

  32. 418 - I am a Teapot
    http://httpstatus.es/418

    View Slide

  33. C L E A R , H U M A N E R R O R S
    W H A T H A P P E N E D
    {
    "error": {
    "errors": [
    {
    "domain": "youtube.parameter",
    "reason": "missingRequiredParameter",
    "message": "No filter selected.",
    "locationType": "parameter",
    "location": ""
    }
    ],
    "code": 400,
    "message": "No filter selected."
    }
    }

    View Slide

  34. E R R O R S S H O U L D M A K E S E N S E
    W H A T H A P P E N E D
    &mine=true
    "reason": "missingRequiredParameter",
    "message": "No filter selected.",

    WTF

    View Slide

  35. S U P P L E M E N T H T T P C O D E S
    W H A T H A P P E N E D
    {
    "error": {
    "type": "OAuthException",
    "message": "Session has expired at unix time
    1385243766. The current unix time is 1385848532"
    }
    }

    View Slide

  36. S U P P L E M E N T H T T P C O D E S
    W H A T H A P P E N E D
    {
    "error": {
    "message": "(#210) Subject must be a page.",
    "type": "OAuthException",
    "code": 210
    }
    }

    View Slide

  37. S U P P L E M E N T H T T P C O D E S
    W H A T H A P P E N E D
    {
    "error": {
    "message": "(#210) Subject must be a page.",
    "type": "OAuthException",
    "code": 210,
    "url": “http://developers.facebook.com/errors#210“
    }
    }

    View Slide

  38. O A U T H 2 . 0
    thephpleague.com
    github.com/thephpleague/oauth2-server

    View Slide

  39. O A U T H 2 C A N D O A L O T
    PA S S W O R D S , I M P L I C I T, S O C I A L L O G I N S …

    View Slide

  40. U S E S S L

    View Slide

  41. L O L
    E X C E P T F O R …

    View Slide

  42. FA C E B O O K … Y O U B # % @ * D S ! ! !
    S E R I O U S LY
    Refresh Tokens?
    !
    Lol

    View Slide

  43. Y O U T U B E … Y O U S E M I - B # % @ * D S ! ! !
    S T I L L S E R I O U S LY
    Refresh Tokens?
    !
    Kinda

    View Slide

  44. P R E S E N TAT I O N L AY E R
    D O N T L E T U S E R S B E H I N D T H E C U R TA I N

    View Slide

  45. !
    return Places::all();
    P R E S E N TAT I O N L AY E R
    D O N T L E T U S E R S B E H I N D T H E C U R TA I N

    View Slide

  46. View Slide

  47. View Slide

  48. T R A N S F O R M E R S … A S S E M B L E !
    public function transform(Book $book)
    {
    return [
    'id' => (int) $book->id,
    'title' => $book->title,
    'year' => $book->yr,
    ‘created' => (string) $book->created_at,
    ];
    }
    fractal.thephpleague.com

    View Slide

  49. F L E X I B L E R E S P O N S E S
    S T O P Y O U R I P H O N E D E V C O M P L A I N I N G
    GET /checkins/dsfXte
    ?include=place,user,activity

    View Slide

  50. PA G I N AT E
    D A TA G R O W S FA S T
    {
    "data": [
    ...
    ],
    "cursors": {
    "after": "MTI=",
    "next_url": "https://api.example.com/places
    ?cursor=MTI%3"
    }
    }

    View Slide

  51. D E F I N E A L I M I T R A N G E
    PA G I N A T I O N D D O S
    if ($limit < 1 || $limit > 100) {
    $limit = 100;
    }

    View Slide

  52. A U T O M AT E T E S T I N G
    I F Y O U L O V E Y O U R J O B
    http://www.engineersgotblued.com/

    View Slide

  53. P H P U N I T + B E H AT
    http://www.bil-jac.com/bestfriendsclub.php

    View Slide

  54. Scenario: Find a merchant

    When I request "GET /moments/1"

    Then I get a "200" response

    And scope into the "data" property

    And the properties exist:

    """

    id

    title

    year

    created

    """

    View Slide

  55. Scenario: Try to find an ` checkin


    When I request "GET /checkins/nope"


    Then I get a "404" response

    View Slide

  56. Scenario:Wrong Arguments for user follow


    Given I have the payload:

    """

    {"is_following": "foo"}

    """


    When I request "PUT /users/1”


    Then I get a "400" response

    Not a boolean

    View Slide

  57. apiblueprint.org

    View Slide

  58. getpostman.com

    View Slide

  59. V E R S I O N I N G
    / V 1 / D O E S N T C O U N T
    https://api.example.com/v1/places

    View Slide

  60. V E R S I O N I N G
    / V 1 / D O E S N T C O U N T
    https://api-v1.example.com/places

    View Slide

  61. V E R S I O N I N G
    / V 1 / D O E S N T C O U N T
    Accept: application/vnd.example+json; version=1
    Accept: application/vnd.example+json; version=2

    View Slide

  62. V E R S I O N I N G
    / V 1 / D O E S N T C O U N T
    Accept: application/vnd.example.user+json; version=1
    Accept: application/vnd.example.user+json; version=2

    View Slide

  63. V E R S I O N I N G
    / V 1 / D O E S N T C O U N T
    Copy Facebook
    !
    Maybe?
    !
    THIS ONE TIME!
    Facebook ruined the one good thing they ever did

    View Slide

  64. E V E RY T H I N G I S W R O N G
    D O N T B E T H A T G U Y
    troyhunt.com/2014/02/your-api-versioning-is-wrong-which-is.html

    View Slide

  65. leanpub.com/build-apis-you-wont-hate/c/ARGENTINA14

    View Slide