Creating Solid APIs

Creating Solid APIs
DjangoCon Europe 2018
⋅Rivo Laks 2018-05-23

View Slide

Background

View Slide

What is an API?

View Slide

What is an API?
application programming interface

View Slide

What is an API?
application programmer interface

View Slide

What is an API?
application programmer interface
API is user interface for developers

View Slide

What Makes an API Good?

View Slide

Documentation

View Slide

Documentation
Familiarity

View Slide

Documentation
Familiarity
Lack of friction

View Slide

Documentation
Often overlooked

View Slide

Documentation
Often overlooked
Gives the rst impression

View Slide

Documentation
Often overlooked
Gives the rst impression
The e ort is worth it!

View Slide

Creating
Awesome Docs

View Slide

What Should Go In There?

View Slide

How do I access it?

View Slide

How do I access it?
Do I need developer account?

View Slide

How do I access it?
Root URL, etc

View Slide

How do I access it?
Root URL, etc
Authentication info

View Slide

General encodings, formats, etc

View Slide

Pagination, versioning, etc

View Slide

Common errors

View Slide

Common errors
Code for getting started

View Slide

The Endpoints

View Slide

The Endpoints
URL & operations

View Slide

The Endpoints
URL & operations
Request/response data

View Slide

The Endpoints
URL & operations
Optional parameters

View Slide

The Endpoints
URL & operations
Optional parameters
Permissions etc

View Slide

Keep it Fresh!

View Slide

Keep it Fresh!
Obsolete docs are the worst

View Slide

Keep it Fresh!
Always autogenerate!

View Slide

Keep it Fresh!
Always autogenerate!
Usually code » schema » docs

View Slide

Schema & Autogeneration

View Slide

OpenAPI, Swagger, etc

View Slide

Use your tools

View Slide

Use your tools
Combine docs & code examples

View Slide

Use your tools
Combine docs & code examples
Client libs autogeneration

View Slide

Standardize!

View Slide

JSON API
http://jsonapi.org/
one potential standard to use

View Slide

JSON API
http://jsonapi.org/
one potential standard to use
GraphQL is another option

View Slide

Standardize Structure

View Slide

Standardize Structure
Responses have predictable, familiar
structure

View Slide

GET https://example.com/api/v1/projects
{
"links": {
"next": "https://example.com/api/v1/projects?cursor=cD0yMDE4L",
"prev": null
},
"data": [...],
"included": [...]
}

View Slide

"data": [
{
"type": "project",
"id": "289",
"links": {
"self": "https://example.com/api/v1/projects/289"
},
"attributes": {
"created": "2018-04-28T22:52:08.690486Z",
"name": "Allison-Patterson",
"description": "aggregate collaborative models"
},
"relationships": {...}
},
...
],

View Slide

"data": [{ ...
"relationships": {
"created_by": {
"data": {
"type": "user",
"id": "199"
}
},
"epics": {
"data": [
{
"type": "epic",
"id": "3101"
}
],
}
} }, ...
],

View Slide

"included": [
{
"type": "epic",
"id": "3101",
"attributes": {
"created": "2018-04-28T22:50:45.885691Z",
"name": "Ergonomic background extranet"
},
"links": {
"self": "https://example.com/api/v1/epics/3101"
}
},
{
"type": "user",
"id": "199",
"attributes": {...}
}
]

View Slide

Impressions?

View Slide

Flexibility
Con gurable elds:
GET https://example.com/api/v1/projects
GET https://example.com/api/v1/projects \
?included=comments
GET https://example.com/api/v1/projects \
?included=comments&fields[project]=name,comments

View Slide

Pagination
List responses have next / prev links
{
"links": {
"prev": null
},
"data": [...],
}

View Slide

Pagination
List responses have next / prev links
{
"links": {
"prev": null
},
"data": [...],
}
Cursor-base pagination FTW (but YMMV)

View Slide

There is More ...
Filtering
Ordering

View Slide

Errors

View Slide

Errors
POST https://example.com/api/v1/projects
{
"errors": [
{
"title": "Invalid Attribute",
"detail": "Name must contain at least three letters.",
"source": { "pointer": "/data/attributes/name" },
"status": "422"
}
]
}

View Slide

Special Cases
For when you have LOTS of data

View Slide

Special Cases
For when you have LOTS of data
out-of-band approach

View Slide

GET https://example.com/api/v1/datasets/123
{
"data": {
"type": "dataset",
"id": "123",
"attributes": {
"name": "CIFAR10 dataset",
},
"links": {
"data_tgz": "https://www.cs.toronto.edu/~kriz/cifar-10-python.tar.gz",
"self": "https://example.com/api/v1/datasets/123"
}
}
}

View Slide

Standardization Matters
the speci c standard isn't that important
GraphQL, etc are also good options

View Slide

Authentication &
Authorization

View Slide

Token Authentication
Clients send HTTP header, ala
Authorization: Token 9944b09199c62bcf9418

View Slide

OAuth 2.0

View Slide

OAuth 2.0
For creating platforms

View Slide

OAuth 2.0
Complex, but solves many issues

View Slide

OAuth 2.0
Complex, but solves many issues
Many packages, e.g. Django OAuth Toolkit,
OAuthLib

View Slide

Versioning

View Slide

Versioning Schemes

View Slide

Versioning Schemes
AcceptHeaderVersioning (DRF)
GET /projects HTTP/1.0
Accept: application/json; version=1.0

View Slide

Versioning Schemes
AcceptHeaderVersioning (DRF)
GET /projects HTTP/1.0
Accept: application/json; version=1.0
URLPathVersioning (DRF)
GET /v1/projects HTTP/1.0
Accept: application/json

View Slide

Versioning Schemes Cont.
Integers ( v1 ) vs dates ( 2018-05-23 )?

View Slide

Dates are less emotional

View Slide

Dates are less emotional
Make upgrades easy

View Slide

Version Transformers

View Slide

» » Requests into newer version » »
Core code is for latest version
« « Responses into older version « «

View Slide

» » Requests into newer version » »
Core code is for latest version
« « Responses into older version « «
Won't work for big, breaking changes

View Slide

tg-apicore

View Slide

Thorgate API Core
pip install tg-apicore
Addon for Django REST Framework

View Slide

Thorgate API Core
pip install tg-apicore
Addon for Django REST Framework
Documentation generation
Pre-con gured
Viewset/serializer utils

View Slide

Client's Perspective

View Slide

The Scenario
Let's try speech recognition...

View Slide

The Scenario
Let's try speech recognition...
... using AWS and GCP

View Slide

Getting Started
Documentation

View Slide

Getting Started
Documentation
Quite easy to nd
A bit overwhelming

View Slide

Getting Started
Documentation
Quite easy to nd
A bit overwhelming
Code examples

View Slide

Comprehensive Clients
Install Python client
GCP: google-cloud package
AWS: boto3 package

View Slide

AWS: boto3 package
Authenticate

View Slide

AWS: boto3 package
Authenticate
Thorough docs

View Slide

Amazon
import boto3
client = boto3.client('transcribe')
response = client.start_transcription_job(...)

View Slide

Amazon
import boto3
client = boto3.client('transcribe')
response = client.start_transcription_job(...)
Google
from google.cloud import speech
client = speech.SpeechClient()
results = client.recognize(...)

View Slide

In Summary
Invest in documentation
Embrace standards (e.g. JSON API)
Use automation
Reduce friction

View Slide

Thanks!
Rivo Laks ⋅ @rivolaks ⋅ rivolaks.com
Lead Engineer at Thorgate ⋅ thorgate.eu
API framework for Django/DRF ⋅ tg-apicore (WIP)

View Slide

Creating Solid APIs

Creating Solid APIs

Rivo Laks

More Decks by Rivo Laks

Other Decks in Technology

Featured

Transcript