REST APIs on Rails

Lucas André de Alencar Full Stack Developer, Resultados Digitais @lucasandre

gem 'rails-api'

# instead of class ApplicationController < ActionController::Base end # do class ApplicationController < ActionController::API include ActionController::HttpAuthentication::Token::ControllerMethods include ActionController::MimeResponds include AbstractController::Translation # Your beautiful code goes here! end

No content

$ rails new long-trains --api ... $ rails g scaffold train type:string wagons:integer invoke active_record create db/migrate/20150907193647_create_trains.rb create app/models/train.rb invoke test_unit create test/models/train_test.rb create test/fixtures/trains.yml invoke resource_route route resources :trains create app/serializers/train_serializer.rb invoke scaffold_controller create app/controllers/trains_controller.rb invoke test_unit create test/controllers/trains_controller_test.rb

Versioning

URL Request Params HTTP Header api.longtrains.com/v1/trains api.longtrains.com/trains?version=1 Accept: application/json; version=1

gem 'versionist'

LongTrains::Application.routes.draw do api_version(:module => "V1", :path => {:value => "v1"}) do resources :trains end end URL api.longtrains.com/v1/trains

LongTrains::Application.routes.draw do api_version(:module => "V1", :parameter => {:name => "version", :value => "1"}) do resources :trains end end Request Params api.longtrains.com/trains?version=1

LongTrains::Application.routes.draw do api_version(:module => "V1", :header => {:name => "Accept", :value => "application/json; version=1"}) do resources :trains end end HTTP Header Accept: application/json; version=1

Structure

Separate API controllers by version Keep models unified between versions

Serializers

gem 'active_model_serializers'

class PostSerializer < ActiveModel::Serializer attributes :title, :body has_many :comments end class CommentSerializer < ActiveModel::Serializer attributes :name, :body belongs_to :post end class PostPreviewSerializer < ActiveModel::Serializer attributes :title, :preview end

class PostsController < ApplicationController def show @post = Post.find(params[:id]) render json: @post end def index @posts = Post.all render json: @posts, each_serializer: PostPreviewSerializer end end

Security

Pure Rails ActionController::HttpAuthentication::Basic ActionController::HttpAuthentication::Digest ActionController::HttpAuthentication::Token

TDD

Which one to use? Functional Integration a.k.a ControllerTest

Integration tests ARE the right CHOICE

Summary rails-api versioning active_model_serializers respect HTTP response codes use integration tests

Lucas André de Alencar @lucasandre alencar.lucas.a@gmail.com Valeu!

Gems github.com/rails-api/rails-api github.com/bploetz/versionist github.com/rails-api/active_model_serializers Rails API api.rubyonrails.org/classes/ActionController/HttpAuthentication/Digest.html api.rubyonrails.org/classes/ActionController/HttpAuthentication/Basic.html api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html Railscasts railscasts.com/episodes/350-rest-api-versioning railscasts.com/episodes/352-securing-an-api Links

Links Posts www.gotealeaf.com/blog/authentication-methods-in-rails www.emilsoman.com/blog/2013/05/18/building-a-tested blog.joshsoftware.com/2014/05/08/implementing-rails-apis-like-a-professional/ stackoverflow.com/questions/3297048/403-forbidden-vs-401-unauthorized-http-responses/6937030#6937030 wyeworks.com/blog/2015/6/30/how-to-build-a-rails-5-api-only-and-ember-application/ wyeworks.com/blog/2015/6/11/how-to-build-a-rails-5-api-only-and-backbone-application