Web APIについての雑談

by Tomohiro Nishimura

Slide 1

Slide 1 text

Web API ʹ͍ͭͯͷࡶஊ ؔϞό #9

Slide 2

Slide 2 text

ג ͸ͯͳ 8FCΞϓϦέʔγϣϯΤϯδχΞ εϚʔτϑΥϯΞϓϦΤϯδχΞ ͲΕ΋த్൒୺ͰযΔ ޚࡏॴַΑ͔ͬͨ id:Sixeight (@tomohi_ro)

Slide 3

Slide 3 text

Web API ΢ΣϒΤʔϐʔΞΠ

Slide 4

Slide 4 text

ؔϞό#9 Web API ͱ͸ͳΜͧ΍ )551ϓϩτίϧΛར༻ͯ͠ωοτϫʔ Ϋӽ͠ʹݺͼग़͢"1* 8FC"1*5IF(PPE1BSUT

Slide 5

Slide 5 text

εϚʔτϑΥϯΞϓϦ ͱ Web API

Slide 6

Slide 6 text

౴͑͸ͳ͍

Slide 7

Slide 7 text

ؔϞό#9 LSUDs ͱSSKDs ▸ LSUDs (large set of unknown developers) ▸ ޿͘Ұൠతʹެ։͞Ε͍ͯΔ ▸ Twitter/Facebook/Instagram/ Google/etc ▸ SSKDs (small set of known developers) ▸ ݶΒΕͨൣғʹެ։͞Ε͍ͯΔ ▸ ࣗࣾΞϓϦͳͲ

Slide 8

Slide 8 text

44,%T গ਺ͷ஌͍ͬͯΔ։ൃऀ޲͚

Slide 9

Slide 9 text

ؔϞό#9 SSKDs (small set of known developers) ▸ ૝ఆ͞Εͨ࢖͍ํ͔͠͞Εͳ͍ ▸ ΞϓϦʹ࠷దԽͨ͠ܗͰఏڙͰ͖Δ ▸ ։ൃऀಉ࢜Ͱձ࿩Ͱ͖Δ ▸ ີ݁߹͕ͪ͠ ▸ ଥڠ͕ͪ͠

Slide 10

Slide 10 text

ίʔϧ 1εΫϦʔϯɺ

Slide 11

Slide 11 text

ؔϞό#9 1εΫϦʔϯɺ1ίʔϧ ▸ 1ը໘Λදࣔ͢ΔͷʹɺWeb APIͷݺͼग़͠͸Ұճʹ͓͍͑ͨ͞ ▸ جຊతʹ͸ෳ਺ͷϦιʔε͕ඞཁ ▸ αʔόʔଆͷ࣮૷͸ෳࡶʹͳΔ ▸ ͲΜͲΜRESTͷߟ͑ํ͔ΒͦΕΔ ▸ ஫ҙਂ͘ઃܭ͢Ε͹Մೳ ▸ ը໘Λத৺ʹߟ͑͗͢Δͱมߋʹऑ͘ͳΔ

Slide 12

Slide 12 text

ΤϯυϙΠϯτ APIͷإ

Slide 13

Slide 13 text

ؔϞό#9 ΤϯυϙΠϯτ ▸ SSKDsͩͱΤϯυϙΠϯτͳΜͰ΋͍͍ͱ͍͏࿩΋ ▸ ϝϯςφϯεੑ ▸ ݟͨ໨ѱ͍ͱ΍ΔؾʹӨڹ͢Δ ▸ ෳ਺ܥͳͷ͔୯਺ܗͳͷ͔ ▸ HATEOASΈ͍ͨͳͷ΋ਅ໘໨ʹߟ͑ͯ΋ྑͦ͞͏

Slide 14

Slide 14 text

3&45 Ԟ͞Μʹઆ໌͠ΖͱݴΘΕͯ΋೉͍͠ see also: http://www.geocities.jp/yamamotoyohei/rest/rest-to-my-wife.htm

Slide 15

Slide 15 text

ؔϞό#9 REST ▸ ͜͜Ͱ͸ϑΟʔϧσΟϯάͬΆ͍࿩ ▸ 1εΫϦʔϯɺ1ίʔϧͱ૬ੑѱ͍ؾ͕͢Δ ▸ ϩάΞ΢τ͸ DELETE ͳͷ͔Ͳ͏͔ ▸ λΠτϧͷߋ৽͸ PATCHʁʁʁʁʁʁ ▸ ૢ࡞͕ႈ౳ͳΒ PUT/DELETEɺͦ͏͡Όͳ͚Ε͹POST

Slide 16

Slide 16 text

Ϩεϙϯε ҙ֎ͱ໎͏

Slide 17

Slide 17 text

ؔϞό#9 Ϩεϙϯε ▸ ϦιʔεΛߋ৽ͨ͠ͱ͖ͷϨεϙϯε͸ɺߋ৽લʁͦΕͱ΋ߋ৽ޙʁ ▸ ϦιʔεΛফͨ͠ͱ͖͸204? ▸ 200͚ͩΕͲϨεϙϯεཁΒͳ͍ͱ͖͸ʁ ▸ {“success”: true} vs {} vs ۭจࣈྻ (←͜Ε͸ͳ͍) ▸ ഑ྻΛฦ͢ͱ͖ʹ΋ΦϒδΣΫτʹ͢Δ͔Ͳ͏͔ ▸ ͜Ε͸ηΩϡϦςΟͷ໰୊͕͋ΔͷͰΦϒδΣΫτͰ ▸ ඞཁͳཁૉ͚ͩʁ֦ுੑΛߟ͑ͯଟΊʹ΋Β͓ͬͯ͘ʁ ▸ {“user”: { id: 1, name: “hoge”}} vs {“user_id”: 1, “user_name”: “hoge”} ▸ ೔෇ͷϑΥʔϚοτͲ͏͢Δͷ͔ ▸ ϖʔδϯάͲ͏͢Δͷ͔ ▸ JSONͳͷ͔ଞͷϑΥʔϚοτͳͷ͔

Slide 18

Slide 18 text

ΤϥʔϨεϙϯε ࣮͸ॏཁ

Slide 19

Slide 19 text

ؔϞό#9 ΤϥʔϨεϙϯε ▸ ϑΥʔϚοτ͸ݻఆ͍ͨ͠ ▸ ϝοηʔδΛ;͘ΊΔ vs ΞϓϦͰੜ੒ ▸ ଟݴޠԽͲ͏͢Δ͔ɺߋ৽͠΍͢͞͸Ͳ͏͔ ▸ ΞϓϦଆͰΤϥʔʹର͢ΔέΞ͕ͻͭΑ͏͕Ͳ͏͔ ▸ Τϥʔίʔυඞཁͳͷ͔ ▸ Ͳ͜·Ͱ৘ใ͕͍Δͷ͔

Slide 20

Slide 20 text

ೝূ ࣗ෼Ͱ͋Δ͜ͱͷূ໌

Slide 21

Slide 21 text

ؔϞό#9 ೝূ ▸ APIτʔΫϯΈ͍ͨͳͷ༻ҙ͢Δ ▸ Expireͱ͔ϦϑϨογϡͷ࢓૊Έ͕͍Δ ▸ ΋ΕͨΒࠔΔ ▸ ܦ࿏͕҉߸Խ͞Ε͍ͯͨΒ·͍͍͋ ▸ OAuth 2.0 ▸ ͏·͘΍Δํ๏͸͋Γͦ͏͚ͩΕͲ஌ݟ͸ͳ͠

Slide 22

Slide 22 text

҉߸Խ ೉ಡԽ Ӆ͍ͨ͠ͷͰ

Slide 23

Slide 23 text

ؔϞό#9 ҉߸Խ,೉ಡԽ ▸ Ӆ͍ͨ͠৘ใΛӅ͢ ▸ ୈࡾऀʹରͯ͠(ݸਓ৘ใ)ɺ࢖༻ऀʹରͯ͠ (ήʔϜͱ͔) ▸ HTTPSͩͱ͍͍ͩͨ҆৺ ▸ ಺༰Λ೉ಡԽͯ͠όΠφϦͰૹΔͱ͔ ▸ ΞϓϦଆͰσίʔυ͢Δͷେม໰୊ ▸ σίϯύΠϧ͞Εͨͱ͖ͷରࡦ ▸ ૬ख͸CIA͡Όͳͯ͘ૉਓ

Slide 24

Slide 24 text

όʔδϣϯ ޙํޓ׵ͷཁ

Slide 25

Slide 25 text

ؔϞό#9 όʔδϣϯ ▸ ޙํޓ׵ੑΛอ͍ͪͨ ▸ όʔδϣϯΛࢦఆ͢Δ͜ͱͰϨεϙϯεΛฦ͠Θ͚Δ ▸ /v1/hoge/piyo, ?version=1, X-API-Version: 1, application/ vnd.example.v1+json ▸ Ͳ͏΍ͬͯ؅ཧ͢Δ͔ ▸ ผͷϑΝΠϧͰ؅ཧ͢Δ ▸ ifจͰ෼ذ͢Δ ▸ ݹ͍όʔδϣϯΛ͍ͭഇࢭ͢Δ͔

Slide 26

Slide 26 text

ඇޓ׵ͳมߋ ආ͚ΒΕͳ͍

Slide 27

Slide 27 text

ؔϞό#9 ඇޓ׵ͳมߋ ▸ ਃ੥Ͳ͏͢Δͷ͔ ▸ ਃ੥༻ͷαʔόʔΛ༻ҙͯͦͪ͠Βʹ޲͚Δ ▸ ΤϯυϙΠϯτΛฦ͢API (HATEOASʹͭͳ͕Δ) ▸ ਃ੥࣌ͷΈຊ൪ͱผͷ΋ͷݟͤΔͷͲ͏ͳͷ͔ ▸ ͪͳΈʹ͸ͯͳͰ͸΍ͬͯͳ͍ ▸ ڧ੍όʔδϣϯΞοϓ ▸ ΞϓϦͷόʔδϣϯΛ্͛ͳ͍ͱ࢖͑ͳ͘͢Δ

Slide 28

Slide 28 text

࿩୊ ͦͷଞͷ

Slide 29

Slide 29 text

ؔϞό#9 ࿩୊ ▸ υΩϡϝϯτ ▸ ςετ ▸ ΦʔέεϨʔγϣϯ૚ ▸ ཉ͍͠஋͚ͩ΋Β͏ͱ͔ ▸ ࣗಈੜ੒ ▸ Swaggerͱ͔ ▸ ແݶʹ͋Δ

Slide 30

Slide 30 text

·ͱΊ ͦͯ͠

Slide 31

Slide 31 text

ؔϞό#9 ·ͱΊ ▸ ౴͑͸ͳ͍ ▸ ϓϩδΣΫτຖʹߟ͑Δඞཁ͕͋Δ ▸ ͱʹ͔͘໎͏ ▸ ձ࿩͠·͠ΐ͏

Slide 32

Slide 32 text

ϝϦʔΫϦε Ϛε