Crafting Elegant APIs with Laravel

Slide 1

Slide 1 text

Crafting Elegant APIs with Laravel phpday - Verona 2024

Slide 2

Slide 2 text

Johannes Pichler • living in Sandl, Austria • Web Developer since 2006 • doing PHP, Go, .NET, Java • working @ Wimberger GmbH

Slide 3

Slide 3 text

Why am I talking about APIs?

Slide 4

Slide 4 text

APIS =

Slide 5

Slide 5 text

Outline for today • Designing your API • Implementation with Laravel • Veriﬁcation & Maintenance Phase of an API

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

Consider the client(s)

Slide 8

Slide 8 text

Requests • based on resources • use standard HTTP methods • deﬁne a clear request schema that all your endpoints follow • use query parameters for ﬁltering

Slide 9

Slide 9 text

Request Routing GET: /constructions GET: /constructions/{id} POST: /constructions PUT: /constructions/{id} DELETE: /constructions/{id}

Slide 10

Slide 10 text

Response GET /constructions/1 { "id": 1, "name": "Max Mustermann (4020 Linz)", "order_value": 10000, "started_at": "2023-08-12 19:21:35", "finished_at": null } PUT /constructions/1 { "message": "Construction saved." }

Slide 11

Slide 11 text

Adding structure GET /constructions/1 { "data": { "id": 1, "name": "Max Mustermann (4020 Linz)", "order_value": 10000, "started_at": "2023-08-12 19:21:35", "finished_at": null } }

Slide 12

Slide 12 text

Adding structure PUT /constructions/1 { "data": { "id": 1, "name": "Max Mustermann (4020 Linz)", "order_value": 10000, "started_at": "2023-08-12 19:21:35", "finished_at": null }, "meta": { "message": "Construction saved." } }

Slide 13

Slide 13 text

More response examples POST /constructions/1/index { "meta": { "id": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08", "message": "Construction indexing started." } }

Slide 14

Slide 14 text

More response examples - errors POST /constructions { "errors": { "name": [ "The name field is required" ], "order_value": [ "The order value field is required", "The order value field must be numeric" ] } }

Slide 15

Slide 15 text

Advices for structuring responses • use groups for your data (data, errors, meta) • deﬁne response type by the status code not by response structure • you may use a deﬁned standard like JSON:API

Slide 16

Slide 16 text

Protecting your API endpoints • use client speciﬁc tokens by default • use user speciﬁc tokens to protect user data • Laravel Sanctum can help • if you really want to use OAuth2

Slide 17

Slide 17 text

API caching • do not use server side caching • REST should be stateless • very low hit rates • use ETags instead

Slide 18

Slide 18 text

Caching with ETags • add an ETag Header to your responses • this header value describes the state of your resource • on subsequent requests include If-None-Match with the previous ETag header value • if the resource version is still valid, the server responds with 304 not modified • otherwise it sends a new response with a new ETag value

Slide 19

Slide 19 text

API Specification • describe your endpoints first • also define edge cases • make your specification testable • document your APIs • allow clients to understand your API endpoints

Slide 20

Slide 20 text

Open API • standard for describing APIs • general information • paths & models

Slide 21

Slide 21 text

Open API - Model Construction: title: Construction type: object properties: id: type: integer description: Unique identifier for the given construction name: type: string description: the name of the construction order_value: type: number format: date description: the construction's order value started_at: type: string description: the start date of the construction finished_at: type: string description: the end date of the construction required: - id - name - order_value

Slide 22

Slide 22 text

OpenAPI Paths paths: /constructions: get: summary: Retrieve a list of constructions tags: [] responses: '200': description: OK headers: {} content: application/json: schema: type: object properties: data: type: array items: $ref: '#/components/schemas/Construction'

Slide 23

Slide 23 text

Implementation with Laravel • List and detail endpoints • protect them with an api token • verify the API speciﬁcation against the implementation

Slide 24

Slide 24 text

Veriﬁcation & Maintenance • it's all about metrics • monitor which endpoints are used and which are not • have useful error logging in place • verify your assumptions already during development

Slide 25

Slide 25 text

Maintenance • think about breaking changes • use semantic versioning if necessary • keep your API speciﬁcation up to date

Slide 26

Slide 26 text

Take aways • Specify your API before implementation • Secure your API's data • Provide propper documentation to your clients • Be careful with introducing breaking changes

Slide 27

Slide 27 text

Resources • Laravel Open API Validation Library: kirschbaum- development/laravel-openapi-validator • Tool for editing Open API Specs: Stoplight Studio

Slide 28

Slide 28 text

Questions ? • speakerdeck.com/fetzi • Twitter / X: @fetzi_io Feedback