The Dream of the 90’s is Withering on the Vine (in Portland) 

How to Future-Proof & Increase The Level of Sanity in the Design of Your APIs, by Respecting the Best Practices of HTTP Or... 

This is Roy 

Principles • Client-Server • Stateless • Cacheable • Uniform Interface • Opaque Layering • Code-on-Demand 

Objectives •Auth •Querying •Relationships •Pagination •Formats •Caching •Logging •API Versioning 

Auth •Simple! •Basic vs. Digest (over SSL, obviously) •Upshot of Basic: http://user:[email protected]/objects •Cookies? •Custom Tokens? 

Querying •There are approaches to making this discoverable •They are ridiculously ivory-tower •Better: ?q= 

Relationships •Goal: Introspect API domain model and transform object relationships to URLs 

Relationships GET /tasks HTTP/1.1 [{ title: "Finish client demo", completed: false, _links: { self: { href: "http://my.app/tasks/1138" }, owner: { href: "http://my.app/users/nate" }, subtasks: { href: "http://my.app/tasks/1138/subtasks" } } }] 

Pagination GET /tasks?page=5&order=due ? 

Pagination HTTP Range! GET /videos/rickroll.mp4 Range: bytes=100-99999 

Pagination HEAD /tasks HTTP/1.1 ... HTTP 200 OK Accept-Ranges: tasks 

Pagination HEAD /posts HTTP/1.1 ... HTTP 200 OK Accept-Ranges: posts 

Pagination GET /posts HTTP/1.1 Range: posts=1-20 

Caching (Strategies) • Generated cache keys (ETag, If-None-Match) • For writes: If-Match • Time-based (Last-Modified / If-Modified-Since) 

Logging Custom Response Headers! 

Logging X-Query-Log: SELECT * From users WHERE name = "nate" X-Query-Log: SELECT * From tasks WHERE user_id = 13 

Logging X-Query-Log: users.find({ name: "nate" }) 

DEMO