Building APIs Developers Love (LCA2014)

Slide 1

Slide 1 text

Hello!

Slide 2

Slide 2 text

I'm Darcy Any questions? sutto@sutto.net / @sutto

Slide 3

Slide 3 text

Building APIs that Developers ❤️!

Slide 4

Slide 4 text

We're talking about HTTP

Slide 5

Slide 5 text

Why are Open APIs Important?

Slide 6

Slide 6 text

Increasingly becoming deﬁning interface to services

Slide 7

Slide 7 text

E.g. Amazon S3 API for Storage, Twitter for Communication

Slide 8

Slide 8 text

Free support for a huge variety of existing tools

Slide 9

Slide 9 text

HTTP as the transport layer

Slide 10

Slide 10 text

Language agnostic helps with abstraction

Slide 11

Slide 11 text

HTTP has legacy

Slide 12

Slide 12 text

Rich Internet Applications & Mobile Applications

Slide 13

Slide 13 text

The web as a system of interconnected pieces

Slide 14

Slide 14 text

Why build an API vs Open Sourcing the Code?

Slide 15

Slide 15 text

Open Sourcing isn't always feasible

Slide 16

Slide 16 text

Logistics

Slide 17

Slide 17 text

Licensing / IP

Slide 18

Slide 18 text

Operational

Slide 19

Slide 19 text

Simpler Facade / Interface

Slide 20

Slide 20 text

Lower Barrier to Entry for Consumption

Slide 21

Slide 21 text

Building Good Apis

Slide 22

Slide 22 text

Simple, Consistent Structure

Slide 23

Slide 23 text

Keep Serialization Simple

Slide 24

Slide 24 text

XML or JSON

Slide 25

Slide 25 text

… but mainly JSON

Slide 26

Slide 26 text

Simpler objects building the bigger picture

Slide 27

Slide 27 text

Serialized versions based on context

Slide 28

Slide 28 text

e.g. full object vs compact object

Slide 29

Slide 29 text

Collection+JSON, HAL and the like

Slide 30

Slide 30 text

Addendum: http://jsonapi.org/ is an excellent reference point

Slide 31

Slide 31 text

Well-considered Errors

Slide 32

Slide 32 text

Errors aren't just for the libraries, must be for the developer

Slide 33

Slide 33 text

Unique error identiﬁer + human readable description

Slide 34

Slide 34 text

No content

Slide 35

Slide 35 text

String identiﬁers convey more than numeric codes

Slide 36

Slide 36 text

… but still use HTTP error codes

Slide 37

Slide 37 text

… and serve the correct content type

Slide 38

Slide 38 text

Document errors across the whole API and speciﬁc sections

Slide 39

Slide 39 text

Make it easy to explore & experiment

Slide 40

Slide 40 text

People will explore your API

Slide 41

Slide 41 text

Encourage that

Slide 42

Slide 42 text

curl & wget

Slide 43

Slide 43 text

… and don't forget the humble browser.

Slide 44

Slide 44 text

Side note: httpie is *wonderful*

Slide 45

Slide 45 text

No content

Slide 46

Slide 46 text

Change is inevitable

Slide 47

Slide 47 text

Easier to design for it than to bolt it on

Slide 48

Slide 48 text

What are you versioning?

Slide 49

Slide 49 text

- versus - Versioning Data Versioning Semantics

Slide 50

Slide 50 text

- versus - Header based Path based

Slide 51

Slide 51 text

Content-Type negotiation

Slide 52

Slide 52 text

Designing for change

Slide 53

Slide 53 text

Understand the best choice for you

Slide 54

Slide 54 text

Embrace HTTP

Slide 55

Slide 55 text

HTTP can be simple

Slide 56

Slide 56 text

… but it can also be hard

Slide 57

Slide 57 text

Source: https://github.com/basho/webmachine/wiki/Diagram

Slide 58

Slide 58 text

Lots of small pieces that are key

Slide 59

Slide 59 text

Status Codes Methods Content Negotiation

Slide 60

Slide 60 text

Headers for Metadata

Slide 61

Slide 61 text

Caching

Slide 62

Slide 62 text

Don't reinvent what's already there.

Slide 63

Slide 63 text

SPDY & HTTP 2.0

Slide 64

Slide 64 text

Don't reinvent Auth

Slide 65

Slide 65 text

Powerful, Easy to use, Secure

Slide 66

Slide 66 text

Hard to balance all three

Slide 67

Slide 67 text

… so don't reinvent the wheel

Slide 68

Slide 68 text

HTTP Authorization Header

Slide 69

Slide 69 text

OAuth / OAuth2

Slide 70

Slide 70 text

Avoid developers having to write custom code to handle your auth

Slide 71

Slide 71 text

API Design Approaches

Slide 72

Slide 72 text

RPC

Slide 73

Slide 73 text

JSON-RPC / XML-RPC

Slide 74

Slide 74 text

SOAP & others

Slide 75

Slide 75 text

Resource-based APIs

Slide 76

Slide 76 text

HATEOAS vs. “REST”

Slide 77

Slide 77 text

Graph-based APIs

Slide 78

Slide 78 text

Hypermedia

Slide 79

Slide 79 text

Documentation is critical

Slide 80

Slide 80 text

Good documentation is even more important than a good design

Slide 81

Slide 81 text

Thoroughly document data choices

Slide 82

Slide 82 text

… and document how the api itself works

Slide 83

Slide 83 text

Automatic Tooling is improving

Slide 84

Slide 84 text

but hand written stills wins

Slide 85

Slide 85 text

Make examples language-agnostic

Slide 86

Slide 86 text

Choose your tooling wisely

Slide 87

Slide 87 text

Tools to simplify, not to completely abstract.

Slide 88

Slide 88 text

Build for the web, not your language of choice.

Slide 89

Slide 89 text

You should still care / be dealing with some parts of HTTP

Slide 90

Slide 90 text

Actually use it.

Slide 91

Slide 91 text

Good APIs aren't just designed for computers.

Slide 92

Slide 92 text

Great APIs are designed for humans.

Slide 93

Slide 93 text

Embracing Open APIs

Slide 94

Slide 94 text

Don't build yet another, completely custom take on things

Slide 95

Slide 95 text

… as the tendency as programmers is to do

Slide 96

Slide 96 text

Emphasis simplicity

Slide 97

Slide 97 text

Using Standardised & Documented Structures

Slide 98

Slide 98 text

Expose as much data as is feasible early on

Slide 99

Slide 99 text

Use standardised solutions for given issues (e.g. Auth)

Slide 100

Slide 100 text

Think of it as an interface, not a mirror of the implementation

Slide 101

Slide 101 text

Encourage diverse implementations

Slide 102

Slide 102 text

But most importantly, solve a real problem — not a perceived one.

Slide 103

Slide 103 text

Questions?

Slide 104

Slide 104 text

Facebook Graph API:  https://developers.facebook.com/docs/graph-api/ Apiary (API Tools): http://apiary.io/ JSON API Spec  http://jsonapi.org/ httpie:  http://httpie.org/ Previous API talk (Ruby-oriented):  http://blog.ninjahideout.com/posts/api-driven-applications- with-rails