API Pain Points - Lone Star PHP 2015

Slide 1

Slide 1 text

A P I PA I N - P O I N T S G E T T I N G T H I N G S W R O N G F O R F U N A N D P R O F I T @ P H I L S T U R G E O N # L O N E S TA R P H P 1 5

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

A R C H I T E C T U R E O L D S C H O O L

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

No content

Slide 11

Slide 11 text

http://girlsgotsole.com/blog/thankful-thursday-rest-days/

Slide 12

Slide 12 text

D ATA B A S E S E E D I N G L E A V E Y O U R C U S T O M E R S A L O N E

Slide 13

Slide 13 text

E N D P O I N T T H E O RY N A M I N G T H I N G S I S H A R D

Slide 14

Slide 14 text

P L U R A L V S I N G U L A R ? C O N S I S T E N C Y I S K I N G /user/23 /users

Slide 15

Slide 15 text

P L U R A L V S I N G U L A R ? C O N S I S T E N C Y I S K I N G /opportunity/43 /opportunities

Slide 16

Slide 16 text

P L U R A L V S I N G U L A R ? C O N S I S T E N C Y I S K I N G /person/dave /people

Slide 17

Slide 17 text

P L U R A L V S I N G U L A R ? C O N S I S T E N C Y I S K I N G /places /places/12 /places/12/checkins /places/12/checkins/34 /checkins/34

Slide 18

Slide 18 text

N O N E E D F O R S E O Q U E RY S T R I N G S A R E F I N E /users/active/true /users?active=true

Slide 19

Slide 19 text

A U T O - I N C R E M E N T = B A D C T R L + S Y O U R W E B S I T E /checkins/1 /checkins/2 /checkins/2369 … /checkins/3

Slide 20

Slide 20 text

A U T O - I N C R E M E N T = B A D C T R L + S Y O U R W E B S I T E github.com/zackkitzmiller/tiny-php $tiny = new \ZackKitzmiller\Tiny('lDpuU74QNH6B'); ! echo $tiny->to(5); // E ! echo $tiny->from('E'); // 5

Slide 21

Slide 21 text

A U T O - I N C R E M E N T = B A D C T R L + S Y O U R W E B S I T E ! use Rhumsaa\Uuid\Uuid; use Rhumsaa\Uuid\Exception; ! $uuid4 = Uuid::uuid4(); ! echo $uuid4; // 25769c6c-d34d-4bfe-ba98-e0ee856f3e7a github.com/ramsey/uuid

Slide 22

Slide 22 text

W H I C H M E T H O D S V E R B S O U P List GET /users Read GET /users/X Update PUT /users/X Update PATCH /users/X Create POST /users Delete DELETE /users/X Image PUT /users/X/image Images POST /users/X/images Favourites GET /users/X/images

Slide 23

Slide 23 text

H T T P V E R B S M AT T E R H O N E S T LY Don’t be @jamiehannaford. That sounds like a bad day.

Slide 24

Slide 24 text

P I C K T H E R I G H T F O R M AT B E F O R E Y O U S E T O U T

Slide 25

Slide 25 text

F O R M PAY L O A D S J U S T S E N D J S O N foo=something&bar[baz]=thing &bar[stuff]=junk&bar=true 25

Slide 26

Slide 26 text

H A C K Y PAY L O A D S N O T L I K E T H A T

Slide 27

Slide 27 text

R E A L J S O N PAY L O A D S T H N X !

Slide 28

Slide 28 text

R E A D I N G R E A L D ATA I S E A S Y T H E H T T P WA Y Lazy $_POST[‘foo’]; Proper json_decode(file_get_contents(‘php://input')); Proper in Laravel Input::json(‘foo’);

Slide 29

Slide 29 text

E R R O R M E S S A G E S B E I N G W R O N G C O R R E C T LY http://www.funcage.com/blog/page/439/

Slide 30

Slide 30 text

No content

Slide 31

Slide 31 text

2 0 0 I S N O T T H E O N LY S U C C E S S K N O W Y O U R C O D E S if ($statusCode != 200) { throw new Exception('AAGHH!!'); }

Slide 32

Slide 32 text

2xx is all about success 3xx is all about redirection 4xx is all about client errors 5xx is all about service errors

Slide 33

Slide 33 text

200 - Generic everything is OK 201 - Created something OK 202 - Accepted but is being processed async 400 - Bad Request (Validation?) 401 - Unauthorized 403 - Current user is forbidden 404 - That URL is not a valid route 405 - Method Not Allowed 410 - Data has been deleted, deactivated, suspended, etc 500 - Something unexpected happened and it is the APIs fault 503 - API is not here right now, please try again later

Slide 34

Slide 34 text

418 - I am a Teapot http://httpstatus.es/418

Slide 35

Slide 35 text

C L E A R , H U M A N E R R O R S W H A T H A P P E N E D { "error": { "errors": [ { "domain": "youtube.parameter", "reason": "missingRequiredParameter", "message": "No filter selected.", "locationType": "parameter", "location": "" } ], "code": 400, "message": "No filter selected." } }

Slide 36

Slide 36 text

E R R O R S S H O U L D M A K E S E N S E W H A T H A P P E N E D &mine=true "reason": "missingRequiredParameter", "message": "No filter selected.", … WTF

Slide 37

Slide 37 text

S U P P L E M E N T H T T P C O D E S W H A T H A P P E N E D { "error": { "type": "OAuthException", "message": "Session has expired at unix time 1385243766. The current unix time is 1385848532" } }

Slide 38

Slide 38 text

S U P P L E M E N T H T T P C O D E S W H A T H A P P E N E D { "error": { "message": "(#210) Subject must be a page.", "type": "OAuthException", "code": 210 } }

Slide 39

Slide 39 text

S U P P L E M E N T H T T P C O D E S W H A T H A P P E N E D { "error": { "message": "(#210) Subject must be a page.", "type": "OAuthException", "code": 210, "url": “http://developers.facebook.com/errors#210“ } }

Slide 40

Slide 40 text

E R R O R S A R E A S O LV E D P R O B L E M U S E A N E X I S T I N G F O R M A T jsonapi.org/format/#errors mnot.net/blog/2013/05/15/http_problem

Slide 41

Slide 41 text

GET example.com/subfolder/api/ command/john/secret/foo/bar/

Slide 42

Slide 42 text

O A U T H 2 . 0 thephpleague.com github.com/thephpleague/oauth2-server

Slide 43

Slide 43 text

O A U T H 2 C A N D O A L O T PA S S W O R D S , I M P L I C I T, S O C I A L L O G I N S …

Slide 44

Slide 44 text

U S E S S L

Slide 45

Slide 45 text

L O L E X C E P T F O R …

Slide 46

Slide 46 text

FA C E B O O K … Y O U B # % @ * D S ! ! ! S E R I O U S LY Refresh Tokens? ! Lol

Slide 47

Slide 47 text

Y O U T U B E … Y O U S E M I - B # % @ * D S ! ! ! S T I L L S E R I O U S LY Refresh Tokens? ! Kinda

Slide 48

Slide 48 text

P R E S E N TAT I O N L AY E R D O N T L E T U S E R S B E H I N D T H E C U R TA I N

Slide 49

Slide 49 text

! return Places::all(); P R E S E N TAT I O N L AY E R D O N T L E T U S E R S B E H I N D T H E C U R TA I N

Slide 50

Slide 50 text

No content

Slide 51

Slide 51 text

No content

Slide 52

Slide 52 text

T R A N S F O R M E R S … A S S E M B L E ! public function transform(Book $book) { return [ 'id' => (int) $book->id, 'title' => $book->title, 'year' => $book->yr, ‘created' => (string) $book->created_at, ]; } fractal.thephpleague.com

Slide 53

Slide 53 text

F L E X I B L E R E S P O N S E S S T O P Y O U R I P H O N E D E V C O M P L A I N I N G GET /checkins/dsfXte ?include=place,user,activity

Slide 54

Slide 54 text

PA G I N AT E D A TA G R O W S FA S T { "data": [ ... ], "cursors": { "after": "MTI=", "next_url": "https://api.example.com/places ?cursor=MTI%3" } }

Slide 55

Slide 55 text

D E F I N E A L I M I T R A N G E PA G I N A T I O N D D O S if ($limit < 1 || $limit > 100) { $limit = 100; }

Slide 56

Slide 56 text

A U T O M AT E T E S T I N G I F Y O U L O V E Y O U R J O B http://www.engineersgotblued.com/

Slide 57

Slide 57 text

P H P U N I T + B E H AT http://www.bil-jac.com/bestfriendsclub.php

Slide 58

Slide 58 text

Scenario: Find a merchant When I request "GET /moments/1" Then I get a "200" response And scope into the "data" property And the properties exist: """ id title year created """

Slide 59

Slide 59 text

Scenario: Try to ﬁnd an ` checkin When I request "GET /checkins/nope" Then I get a "404" response

Slide 60

Slide 60 text

Scenario:Wrong Arguments for user follow Given I have the payload: """ {"is_following": "foo"} """ When I request "PUT /users/1” Then I get a "400" response Not a boolean

Slide 61

Slide 61 text

apiblueprint.org

Slide 62

Slide 62 text

github.com/apiaryio/dredd

Slide 63

Slide 63 text

getpostman.com

Slide 64

Slide 64 text

V E R S I O N I N G / V 1 / D O E S N T C O U N T https://api.example.com/v1/places

Slide 65

Slide 65 text

V E R S I O N I N G / V 1 / D O E S N T C O U N T https://api-v1.example.com/places

Slide 66

Slide 66 text

V E R S I O N I N G / V 1 / D O E S N T C O U N T Accept: application/vnd.example+json; version=1 Accept: application/vnd.example+json; version=2

Slide 67

Slide 67 text

V E R S I O N I N G / V 1 / D O E S N T C O U N T Accept: application/vnd.example.user+json; version=1 Accept: application/vnd.example.user+json; version=2

Slide 68

Slide 68 text

V E R S I O N I N G / V 1 / D O E S N T C O U N T Copy Facebook ! Maybe? ! THIS ONE TIME! Facebook ruined the one good thing they ever did

Slide 69

Slide 69 text

No content

Slide 70

Slide 70 text

nordicapis.com

Slide 71

Slide 71 text

developer.github.com/v3/

Slide 72

Slide 72 text

github.com/interagent/http-api-design

Slide 73

Slide 73 text

E V E RY T H I N G I S W R O N G D O N T B E T H A T G U Y troyhunt.com/2014/02/your-api-versioning-is-wrong-which-is.html

Slide 74

Slide 74 text

leanpub.com/build-apis-you-wont-hate/c/BRISKET15