Alex Tercete tercete@vtex.com.br REST Definições e Boas Práticas

HTTP Firulas +

HTTP Recursos +

Recursos

Dog https://www.flickr.com/photos/mcpig/2203669161

POST /dogs GET /dogs/:id PUT /dogs/:id DELETE /dogs/:id

dog vs. dogs

POST /dogs/:id/feed POST /dogs/:id/throwBone GET /dogs/:id/showOwner POST /dogs/:id/takeOut

Verbos NÃO

Substantivos SIM

feed throwBone showOwner takeOut food  meal bone  game owner walk  exercise

POST /dogs/:id/meals POST /dogs/:id/games GET /dogs/:id/owners POST /dogs/:id/exercises

GET /dogs/getByFurColor GET /dogs/getByOwner

Query String

GET /dogs?furColor=:color GET /dogs?owner=:owner

GET /dogs?furColor=:color GET /owners/:id/dogs

Verbos

GET POST PUT DELETE id id ? id id id id

Cria Obtém Altera Remove GET POST PUT DELETE

Method Definitions RFC2616, Seção 9 http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html

Status Code

Redirection Successful Client Error Server Error 2XX 3XX 4XX 5XX

Não é aqui. Tá tudo BEM! Você tá MAL! Eu tô MAL! 2XX 3XX 4XX 5XX

http://httpstatusdogs.com/

http://httpstatusdogs.com/

No content

No content

No content

HTTP/1.1 201 Created Location: /dogs/Snoopy POST /dogs HTTP/1.1 Content-Type: application/json { "name": "Snoopy" }

HTTP/1.1 301 Moved Permanently Location: /composers/Beethoven GET /dogs/Beethoven HTTP/1.1

HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic GET /dogs HTTP/1.1

HTTP/1.1 405 Method Not Allowed Allow: GET, POST DELETE /dogs HTTP/1.1

Status Code Definitions RFC2616, Seção 10 http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

Cache

HTTP/1.1 200 OK Cache-Control: private, max-age=300 Expires: Tue, 18 Mar 2014 19:00:00 GMT ETag: 50780f47f6839d47d60bc4555ee00c3f GET /dogs HTTP/1.1

HTTP/1.1 304 Not Modified Cache-Control: private, max-age=300 Expires: Tue, 18 Mar 2014 19:00:00 GMT ETag: 50780f47f6839d47d60bc4555ee00c3f GET /dogs HTTP/1.1 If-None-Match: 50780f47f6839d47d60bc4555ee00c3f

Caching in HTTP RFC2616 http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html

Versionamento

GET /v1/dogs HTTP/1.1 GET /dogs HTTP/1.1 X-VTEX-Zoo-Version: v1 GET /dogs HTTP/1.1 Accept: application/vnd.vtex.zoo-v1+json Rota Cabeçalho Proprietário Cabeçalho Padrão

Autenticação

GET /dogs HTTP/1.1 Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== GET /dogs HTTP/1.1 Authorization: AWS AKIAIOSFODNN7EXAMPLE:fr...Dzg= GET /dogs HTTP/1.1 X-VTEX-Api-AppKey: some-key X-VTEX-Api-AppToken: 5Om3tOkE|\| Padrão Proprietária Muito Proprietária

The OAuth 2.0 Authorization Framework RFC6749 http://tools.ietf.org/html/rfc6749

Tratamento de Erros

HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic Content-Type: application/json { “errorCode”: “auth.invalid_credentials”, “message”: “Credenciais inválidas”, “help”: “http://docs.vtex.com/api/authentication” }

HTTP/1.1 400 Bad Request Content-Type: application/json { “errorCode”: “checkout.invalid_order”, “message”: “Dados do pedido inválidos”, “reasons”: { “id”: “É obrigatório” } }

Hypermedia

HTTP/1.1 200 OK Content-Type: application/json { “name”: “Snoopy” “owners”: [{ “name”: “Charlie Brown” }] } GET /dogs/Snoopy HTTP/1.1 Accept: application/json

HTTP/1.1 200 OK Content-Type: application/json { “name”: “Snoopy”, “owners”: { “href”: “/dogs/Snoopy/owners” } } GET /dogs/Snoopy HTTP/1.1 Accept: application/json

Virtualização

Camada de Virtualização da API API API API Aplicação

Considerações Finais

Resumo • REST = HTML + Recursos • Verbos, não! Substantivos, sim! • Status Codes: – 20[014], 30[124], 4(0[13459]|2[29]), 50[03] • Cache • Versionamento: – Accept • Autenticação: – OAuth 2.0 • Hypermedia: – href • Virtualização

Bons exemplos • http://developer.github.com/v3/ • http://www.twilio.com/docs/api/rest • https://developer.paypal.com/webapps/develop er/docs/api/ • http://developer.netflix.com/docs

Maus exemplos • http://www.flickr.com/services/api/request.rest. html • https://dev.twitter.com/docs/api/1.1 • https://developers.facebook.com/docs/graph- api/reference

Referências • http://www.ics.uci.edu/~fielding/pubs/dissertation/rest_arch_style.htm • Apigee – https://blog.apigee.com/detail/restful_api_design_nouns_are_good_verbs_are_bad – https://blog.apigee.com/detail/restful_api_design_plural_nouns_and_concrete_name s – https://blog.apigee.com/detail/simplify_associations_sweep_complexities_under_the _http – https://blog.apigee.com/detail/restful_api_design_what_about_errors – https://blog.apigee.com/detail/restful_api_design_chatty_apis – https://blog.apigee.com/detail/restful_api_design_complement_with_sdk – https://blog.apigee.com/detail/restful_api_design_api_virtualization

Referências (2) • http://blogs.burnsidedigital.com/2013/07/whats-a-rest-api/ • Steve Klabnik – http://blog.steveklabnik.com/posts/2011-07-03-nobody-understands-rest-or- http – http://blog.steveklabnik.com/posts/2011-08-07-some-people-understand- rest-and-http – http://blog.steveklabnik.com/posts/2012-02-23-rest-is-over – http://blog.steveklabnik.com/posts/2012-02-13-an-api-ontology – http://timelessrepo.com/haters-gonna-hateoas • http://barelyenough.org/blog/2008/05/versioning-rest-web-services/ • http://www.mobify.com/blog/beginners-guide-to-http-cache-headers/

Alex Tercete tercete@vtex.com.br Obrigado!