SlideShare uma empresa Scribd logo

POX to HATEOAS: Our Company's Journey Building a Hypermedia API

Luke Stokes
Luke Stokes

We started FoxyCart.com in 2007 and soon after slapped together some XML and called it an API. As our customer base grew and third-party integrations emerged, the need for a true REST API became a priority. Beginning in 2012, we started researching best practices for modern API development. This talk will tell the story of that research and 10-months of development that followed. You'll get a look at the HAL hypermedia format along with some best practices we came up with for our problem domain of exposing our entire admin interface. We'll cover a lot. You may need a seat belt.

Tecnologia
1 de 33
Baixar para ler offline
From POX to HATEOAS Our Company's Journey Building a Hypermedia API
Who... Luke Stokes Co-Founder, Developer of FoxyCart luke.stokes@foxycart.com @lukestokes http://bestoked.blogspot.com
What... FoxyCart ● ecommerce shopping cart system ● Started by Brett Florio and myself in 2005/2006, incorporated in 2007. ● SaaS (soon to be PaaS) ● Built to integrate using your css/html (we're not a CMS) ● No duplication of data
Why... No duplication? Expose our data! POX: Plain Old XML ● Confusing API actions ○ transaction_get, transaction_list, attribute_save, attribute_delete, transaction_modify, store_includes_get, etc ● Confusing request/response model ● Tight coupling between the client and server
APIs and the Internet ● Middleware ($$$) ● RPC ● SOAP ● WSDL ● Web Services (the WS-* stack) Tight Coupling! Does your browser do this?
REST to the rescue CRUD can be standardized via HTTP methods: POST/PUT = create GET = read PATCH/PUT = update DELETE = delete (goodbye *_list, *_save, *_modify, etc methods)
REST to the rescue Agreed upon response codes ● 1xx: Informational ● 2xx: Success ● 3xx: Redirection ● 4xx: Client Error (You Screwed Up) ● 5xx: Server Error (We Screwed Up) http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
But... where do we start? What's a perfect example of a REST API?
What is REST anyway? Six Constraints: ● Client-server ● Stateless ● Cacheable ● Layered system ● Code on demand (optional) ● Uniform interface ○ Identification of resources ○ Manipulation of resources through these representations ○ Self-descriptive messages ○ Hypermedia as the engine of application state
REST Client Need-to-Know ● Homepage ● Hypermedia Format ● Rel tags ● Known media types (and possibly versions) ● Bonus stuff: ○ ?limit=5&offset=10 ○ ?order=<field> desc (or asc) ○ ?fields=<field>,<field>,<field> ○ ?<field>=<value> ○ ?<field>=<some * partial value>
What's a media type? Examples: application/json application/xml application/hal+json Originally defined as MIME types (RFC 2046) Also referred to as Content-Types
Platform = Will Not Break Ecommerce site broken at 4am and you changed nothing? No one wants that phone call.
Flexible Versioning ● FOXYCART-API-VERSION header
Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json See: http://www.foxycart.com/blog/the-hypermedia-debate
Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to.
Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to. link: <https://example.com/users/2>; rel="https://example.com/rels/user"
Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to. link: <https://example.com/users/2>; rel="https://example.com/rels/user" link: <https://example.com/customers/2>; rel="https://example.com/rels/customer"
Flexible Versioning Header: FOXYCART-API-VERSION: 1 Add "awesome_sauce" field: ... "store_name":"My Store", "awesome_sauce":"pixie dust", "store_domain":"example", ... Additions? No problem!
Flexible Versioning Header: FOXYCART-API-VERSION: 1 Remove "awesome_sauce" field... Uh Oh. Option 1: rel="https://example.com/store_v2" Option 2: FOXYCART-API-VERSION: 2
XML Accepts Header HEADERS: Array ( [0] => Accept: application/hal+xml [1] => FOXYCART-API-VERSION: 1 ) curl -X GET -H "Accept: application/hal+xml" -H "FOXYCART-API-VERSION: 1" https://api-sandbox. foxycart.com/
Next...? <link rel="self" href="https://api-sandbox.foxycart.com/" title="Your API starting point."/> <link rel="https://api.foxycart.com/rels/create_client" href="https://api- sandbox.foxycart.com/clients" title="Create a client via POST."/> HATEOAS: Hypermedia as the Engine of Application State
Next...? OPTIONS curl -i -X OPTIONS -H "Authorization: Bearer cae3c0c261fc71512428d612c1d2fd2a" -H "FOXYCART-API-VERSION: 1" -H "Accept: application/hal+xml" "https://api-sandbox.foxycart.com/stores/2" HTTP/1.1 200 OK .. Allow: HEAD,GET,PUT,PATCH,DELETE ...
Next...? POST: /clients HEADERS: Array ( [0] => Accept: application/hal+xml [1] => FOXYCART-API-VERSION: 1 ) curl -X POST -H "Accept: application/hal+xml" -H "FOXYCART-API-VERSION: 1" https://api-sandbox. foxycart.com/clients
Error Handling HTTP/1.1 400 Bad Request Date: Fri, 30 Mar 2012 21:39:50 GMT Connection: close cache-control: private, must-revalidate Content-Type: application/vnd.error+xml Content-Length: 546 https://github.com/blongden/vnd.error
Error Handling <errors xml:lang="en"> <error logref=42> <message>Validation failed</message> <link rel='help' href='http://...' title='Error information'/> <link rel='describes' href='http://...' title='Error description'/> </error> </errors>
Examples! Let's take a look at the HAL Browser! Hal Talk: http://haltalk.herokuapp.com/explorer/hal_browser.html#/ Foxy Cart: http://wiki.foxycart.com/v/0.0.0/hypermedia_api https://api-sandbox.foxycart.com/hal-browser/hal_browser.html#/ https://api-sandbox.foxycart.com/hal-browser/
What's all this token stuff? * image credit: http://www.ibm.com/developerworks/library/x-androidfacebookapi/
OAuth 2.0 - Why Bother? Remember: Platform as a service! ● Hosted solutions ● Hosted CMS ● Self-hosted on a development platform Simplify where we can: ● If you created it, you get full access to it and we can skip the OAuth Dance
Client Code $resp = $client->get( $api_home_page, null, $display->getHeaders() ); $display->displayResult('Home Page',$client); $useful_links['create_client'] = $client->getLink('create_client'); $resp = $client->post( $useful_links['create_client'], $data, $display->getHeaders() );
REST is easy, right? (Nope) ● Should every resource have a custom media type? ● How should Hypermedia be represented in JSON (Collection+JSON, HAL, Siren, etc)? ● Link header exclusively or links as part of the body? ● To embedded sub resources? ● PATCH/PUT or POST? (X-HTTP-Method- Override) ● Where to put the version number?
REST is easy, right? (Nope) ● Include the full resource response when creating or use a 204? ● How do you avoid one PATCH stomping another? ○ ETags and Preconditions ○ "If-None-Match: W/"9f55f4d0f19b152a6e7c6ddeb4107e486fd7727c"" ○ "If-Modified-Since: Wed, 15 Feb 2012 12:53:52 -0800" ● How do you make hypermedia useful to the client and end user? ● Forms?
YOU NEED TESTS! Functional tests are critical ● Ensures your changes haven't broken anything old or new ● Speeds up prototyping Tests are NOT a substitute for your eyeballs
The Future Reliable platforms Consistent functionality Known, shared resources Notes: http://bestoked.blogspot.com/2012/02/restful- resources-required-reading.html http://wiki.foxycart.com/v/0.0.0/hypermedia_api

Recomendados

PHP
PHPPHP
PHP
Jawhar Ali
 
PHP on Windows
PHP on WindowsPHP on Windows
PHP on Windows
guest60c7659
 
Web services tutorial
Web services tutorialWeb services tutorial
Web services tutorial
Lorna Mitchell
 
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con Innomatic
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con InnomaticCostruire applicazioni multi-tenant e piattaforme SaaS in PHP con Innomatic
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con Innomatic
Innoteam Srl
 
PHP Project PPT
PHP Project PPTPHP Project PPT
PHP Project PPT
Pankil Agrawal
 
Tech talk php_cms
Tech talk php_cmsTech talk php_cms
Tech talk php_cms
Shehrevar Davierwala
 
php
phpphp
php
bhuvana553
 
Php Ppt
Php PptPhp Ppt
Php Ppt
vsnmurthy
 

Recomendados

PHP
PHPPHP
PHP
Jawhar Ali
 
PHP on Windows
PHP on WindowsPHP on Windows
PHP on Windows
guest60c7659
 
Web services tutorial
Web services tutorialWeb services tutorial
Web services tutorial
Lorna Mitchell
 
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con Innomatic
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con InnomaticCostruire applicazioni multi-tenant e piattaforme SaaS in PHP con Innomatic
Costruire applicazioni multi-tenant e piattaforme SaaS in PHP con Innomatic
Innoteam Srl
 
PHP Project PPT
PHP Project PPTPHP Project PPT
PHP Project PPT
Pankil Agrawal
 
Tech talk php_cms
Tech talk php_cmsTech talk php_cms
Tech talk php_cms
Shehrevar Davierwala
 
php
phpphp
php
bhuvana553
 
Php Ppt
Php PptPhp Ppt
Php Ppt
vsnmurthy
 
Presentation php
Presentation phpPresentation php
Presentation php
Muhammad Saqib Malik
 
Webform Server 351 Architecture and Overview
Webform Server 351 Architecture and OverviewWebform Server 351 Architecture and Overview
Webform Server 351 Architecture and Overview
ddrschiw
 
Send, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script codeSend, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script code
Noushadur Shoukhin
 
Java Rest
Java Rest Java Rest
Java Rest
AathikaJava
 
Lotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & ArchitectureLotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & Architecture
ddrschiw
 
Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)
Stefan Koopmanschap
 
Java web services
Java web servicesJava web services
Java web services
kumar gaurav
 
Up to Speed on HTML 5 and CSS 3
Up to Speed on HTML 5 and CSS 3Up to Speed on HTML 5 and CSS 3
Up to Speed on HTML 5 and CSS 3
M. Jackson Wilkinson
 
The Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIThe Full Power of ASP.NET Web API
The Full Power of ASP.NET Web API
Eyal Vardi
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
Maarten Balliauw
 
ASP.NET WEB API
ASP.NET WEB APIASP.NET WEB API
ASP.NET WEB API
Thang Chung
 
Introduccion a HTML5
Introduccion a HTML5Introduccion a HTML5
Introduccion a HTML5
Pablo Garaizar
 
Architecture of the Web browser
Architecture of the Web browserArchitecture of the Web browser
Architecture of the Web browser
Sabin Buraga
 
Intro to web services
Intro to web servicesIntro to web services
Intro to web services
Neil Ghosh
 
58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-services58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-services
homeworkping3
 
PHP presentation - Com 585
PHP presentation - Com 585PHP presentation - Com 585
PHP presentation - Com 585
jstout007
 
Php
PhpPhp
Php
Saket Shukla
 
Cgi
CgiCgi
Cgi
Abhishek Kesharwani
 
Web Services
Web ServicesWeb Services
Web Services
Krish
 
IN LIVING CODING
IN LIVING CODINGIN LIVING CODING
IN LIVING CODING
kdhicks2
 
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Luke Stokes
 
Drupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practicesDrupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practices
Mayflower GmbH
 

Mais conteúdo relacionado

Mais procurados

Send, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script codeSend, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script code
Noushadur Shoukhin
 
Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)
Stefan Koopmanschap
 
Intro to web services
Intro to web servicesIntro to web services
Intro to web services
Neil Ghosh
 

Mais procurados (20)

Presentation php
Presentation phpPresentation php
Presentation php
 
Webform Server 351 Architecture and Overview
Webform Server 351 Architecture and OverviewWebform Server 351 Architecture and Overview
Webform Server 351 Architecture and Overview
 
Send, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script codeSend, pass, get variables with php, form, html & java script code
Send, pass, get variables with php, form, html & java script code
 
Java Rest
Java Rest Java Rest
Java Rest
 
Lotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & ArchitectureLotus Forms Webform Server 3.0 Overview & Architecture
Lotus Forms Webform Server 3.0 Overview & Architecture
 
Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)Introduction into PHP5 (Jeroen van Sluijs)
Introduction into PHP5 (Jeroen van Sluijs)
 
Java web services
Java web servicesJava web services
Java web services
 
Up to Speed on HTML 5 and CSS 3
Up to Speed on HTML 5 and CSS 3Up to Speed on HTML 5 and CSS 3
Up to Speed on HTML 5 and CSS 3
 
The Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIThe Full Power of ASP.NET Web API
The Full Power of ASP.NET Web API
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
 
ASP.NET WEB API
ASP.NET WEB APIASP.NET WEB API
ASP.NET WEB API
 
Introduccion a HTML5
Introduccion a HTML5Introduccion a HTML5
Introduccion a HTML5
 
Architecture of the Web browser
Architecture of the Web browserArchitecture of the Web browser
Architecture of the Web browser
 
Intro to web services
Intro to web servicesIntro to web services
Intro to web services
 
58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-services58615764 net-and-j2 ee-web-services
58615764 net-and-j2 ee-web-services
 
PHP presentation - Com 585
PHP presentation - Com 585PHP presentation - Com 585
PHP presentation - Com 585
 
Php
PhpPhp
Php
 
Cgi
CgiCgi
Cgi
 
Web Services
Web ServicesWeb Services
Web Services
 
IN LIVING CODING
IN LIVING CODINGIN LIVING CODING
IN LIVING CODING
 

Destaque

iPhone Apps with HTML5
iPhone Apps with HTML5iPhone Apps with HTML5
iPhone Apps with HTML5
Mayflower GmbH
 

Destaque (6)

Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
Why Bitcoin May Be More Disruptive than the Internet. Barcamp Nashville 2013
 
Drupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practicesDrupal 6: Aufbau/API/Best practices
Drupal 6: Aufbau/API/Best practices
 
Javascript Ttesting
Javascript TtestingJavascript Ttesting
Javascript Ttesting
 
PaaSing Your Code Around
PaaSing Your Code AroundPaaSing Your Code Around
PaaSing Your Code Around
 
iPhone Apps with HTML5
iPhone Apps with HTML5iPhone Apps with HTML5
iPhone Apps with HTML5
 
Fast & Furious: Speed in the Opera browser
Fast & Furious: Speed in the Opera browserFast & Furious: Speed in the Opera browser
Fast & Furious: Speed in the Opera browser
 

Semelhante a POX to HATEOAS: Our Company's Journey Building a Hypermedia API

CharlesSweetResume06155122015
CharlesSweetResume06155122015CharlesSweetResume06155122015
CharlesSweetResume06155122015
Charlie Sweet
 
Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB
WSO2
 

Semelhante a POX to HATEOAS: Our Company's Journey Building a Hypermedia API (20)

PHP on Windows
PHP on WindowsPHP on Windows
PHP on Windows
 
Using the new WordPress REST API
Using the new WordPress REST APIUsing the new WordPress REST API
Using the new WordPress REST API
 
Microservice Websites – Micro CPH
Microservice Websites – Micro CPHMicroservice Websites – Micro CPH
Microservice Websites – Micro CPH
 
Crafting APIs
Crafting APIsCrafting APIs
Crafting APIs
 
High quality ap is with api platform
High quality ap is with api platformHigh quality ap is with api platform
High quality ap is with api platform
 
CharlesSweetResume06155122015
CharlesSweetResume06155122015CharlesSweetResume06155122015
CharlesSweetResume06155122015
 
unit1 part 1 sem4 php.docx
unit1 part 1 sem4 php.docxunit1 part 1 sem4 php.docx
unit1 part 1 sem4 php.docx
 
WordPress and Client Side Web Applications WCTO
WordPress and Client Side Web Applications WCTOWordPress and Client Side Web Applications WCTO
WordPress and Client Side Web Applications WCTO
 
REST Development made Easy with ColdFusion Aether
REST Development made Easy with ColdFusion AetherREST Development made Easy with ColdFusion Aether
REST Development made Easy with ColdFusion Aether
 
Rails missing features
Rails missing featuresRails missing features
Rails missing features
 
Simplify your professional web development with symfony
Simplify your professional web development with symfonySimplify your professional web development with symfony
Simplify your professional web development with symfony
 
Wordcamp Toronto Presentation
Wordcamp Toronto PresentationWordcamp Toronto Presentation
Wordcamp Toronto Presentation
 
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
 
Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB
 
Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...
Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...
Building a multilingual & multi-country e-commerce site with Drupal 7 @ NYC C...
 
PHP on Windows and on Azure
PHP on Windows and on AzurePHP on Windows and on Azure
PHP on Windows and on Azure
 
CONTENT MANAGEMENT SYSTEM
CONTENT MANAGEMENT SYSTEMCONTENT MANAGEMENT SYSTEM
CONTENT MANAGEMENT SYSTEM
 
Switch to Backend 2023
Switch to Backend 2023Switch to Backend 2023
Switch to Backend 2023
 
Making Of PHP Based Web Application
Making Of PHP Based Web ApplicationMaking Of PHP Based Web Application
Making Of PHP Based Web Application
 
Introduction to PHP - SDPHP
Introduction to PHP - SDPHPIntroduction to PHP - SDPHP
Introduction to PHP - SDPHP
 

Último

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Último (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

POX to HATEOAS: Our Company's Journey Building a Hypermedia API

  • 1. From POX to HATEOAS Our Company's Journey Building a Hypermedia API
  • 2. Who... Luke Stokes Co-Founder, Developer of FoxyCart luke.stokes@foxycart.com @lukestokes http://bestoked.blogspot.com
  • 3. What... FoxyCart ● ecommerce shopping cart system ● Started by Brett Florio and myself in 2005/2006, incorporated in 2007. ● SaaS (soon to be PaaS) ● Built to integrate using your css/html (we're not a CMS) ● No duplication of data
  • 4. Why... No duplication? Expose our data! POX: Plain Old XML ● Confusing API actions ○ transaction_get, transaction_list, attribute_save, attribute_delete, transaction_modify, store_includes_get, etc ● Confusing request/response model ● Tight coupling between the client and server
  • 5. APIs and the Internet ● Middleware ($$$) ● RPC ● SOAP ● WSDL ● Web Services (the WS-* stack) Tight Coupling! Does your browser do this?
  • 6. REST to the rescue CRUD can be standardized via HTTP methods: POST/PUT = create GET = read PATCH/PUT = update DELETE = delete (goodbye *_list, *_save, *_modify, etc methods)
  • 7. REST to the rescue Agreed upon response codes ● 1xx: Informational ● 2xx: Success ● 3xx: Redirection ● 4xx: Client Error (You Screwed Up) ● 5xx: Server Error (We Screwed Up) http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
  • 8. But... where do we start? What's a perfect example of a REST API?
  • 9. What is REST anyway? Six Constraints: ● Client-server ● Stateless ● Cacheable ● Layered system ● Code on demand (optional) ● Uniform interface ○ Identification of resources ○ Manipulation of resources through these representations ○ Self-descriptive messages ○ Hypermedia as the engine of application state
  • 10. REST Client Need-to-Know ● Homepage ● Hypermedia Format ● Rel tags ● Known media types (and possibly versions) ● Bonus stuff: ○ ?limit=5&offset=10 ○ ?order=<field> desc (or asc) ○ ?fields=<field>,<field>,<field> ○ ?<field>=<value> ○ ?<field>=<some * partial value>
  • 11. What's a media type? Examples: application/json application/xml application/hal+json Originally defined as MIME types (RFC 2046) Also referred to as Content-Types
  • 12. Platform = Will Not Break Ecommerce site broken at 4am and you changed nothing? No one wants that phone call.
  • 14. Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json See: http://www.foxycart.com/blog/the-hypermedia-debate
  • 15. Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to.
  • 16. Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to. link: <https://example.com/users/2>; rel="https://example.com/rels/user"
  • 17. Flexible Versioning ● FOXYCART-API-VERSION header ● Per-resource vendor specific media type: application/vnd.foxycart.com.store.v1+json ● Hypermedia allows us to version via the link relation we code to. link: <https://example.com/users/2>; rel="https://example.com/rels/user" link: <https://example.com/customers/2>; rel="https://example.com/rels/customer"
  • 18. Flexible Versioning Header: FOXYCART-API-VERSION: 1 Add "awesome_sauce" field: ... "store_name":"My Store", "awesome_sauce":"pixie dust", "store_domain":"example", ... Additions? No problem!
  • 19. Flexible Versioning Header: FOXYCART-API-VERSION: 1 Remove "awesome_sauce" field... Uh Oh. Option 1: rel="https://example.com/store_v2" Option 2: FOXYCART-API-VERSION: 2
  • 20. XML Accepts Header HEADERS: Array ( [0] => Accept: application/hal+xml [1] => FOXYCART-API-VERSION: 1 ) curl -X GET -H "Accept: application/hal+xml" -H "FOXYCART-API-VERSION: 1" https://api-sandbox. foxycart.com/
  • 21. Next...? <link rel="self" href="https://api-sandbox.foxycart.com/" title="Your API starting point."/> <link rel="https://api.foxycart.com/rels/create_client" href="https://api- sandbox.foxycart.com/clients" title="Create a client via POST."/> HATEOAS: Hypermedia as the Engine of Application State
  • 22. Next...? OPTIONS curl -i -X OPTIONS -H "Authorization: Bearer cae3c0c261fc71512428d612c1d2fd2a" -H "FOXYCART-API-VERSION: 1" -H "Accept: application/hal+xml" "https://api-sandbox.foxycart.com/stores/2" HTTP/1.1 200 OK .. Allow: HEAD,GET,PUT,PATCH,DELETE ...
  • 23. Next...? POST: /clients HEADERS: Array ( [0] => Accept: application/hal+xml [1] => FOXYCART-API-VERSION: 1 ) curl -X POST -H "Accept: application/hal+xml" -H "FOXYCART-API-VERSION: 1" https://api-sandbox. foxycart.com/clients
  • 24. Error Handling HTTP/1.1 400 Bad Request Date: Fri, 30 Mar 2012 21:39:50 GMT Connection: close cache-control: private, must-revalidate Content-Type: application/vnd.error+xml Content-Length: 546 https://github.com/blongden/vnd.error
  • 25. Error Handling <errors xml:lang="en"> <error logref=42> <message>Validation failed</message> <link rel='help' href='http://...' title='Error information'/> <link rel='describes' href='http://...' title='Error description'/> </error> </errors>
  • 26. Examples! Let's take a look at the HAL Browser! Hal Talk: http://haltalk.herokuapp.com/explorer/hal_browser.html#/ Foxy Cart: http://wiki.foxycart.com/v/0.0.0/hypermedia_api https://api-sandbox.foxycart.com/hal-browser/hal_browser.html#/ https://api-sandbox.foxycart.com/hal-browser/
  • 27. What's all this token stuff? * image credit: http://www.ibm.com/developerworks/library/x-androidfacebookapi/
  • 28. OAuth 2.0 - Why Bother? Remember: Platform as a service! ● Hosted solutions ● Hosted CMS ● Self-hosted on a development platform Simplify where we can: ● If you created it, you get full access to it and we can skip the OAuth Dance
  • 29. Client Code $resp = $client->get( $api_home_page, null, $display->getHeaders() ); $display->displayResult('Home Page',$client); $useful_links['create_client'] = $client->getLink('create_client'); $resp = $client->post( $useful_links['create_client'], $data, $display->getHeaders() );
  • 30. REST is easy, right? (Nope) ● Should every resource have a custom media type? ● How should Hypermedia be represented in JSON (Collection+JSON, HAL, Siren, etc)? ● Link header exclusively or links as part of the body? ● To embedded sub resources? ● PATCH/PUT or POST? (X-HTTP-Method- Override) ● Where to put the version number?
  • 31. REST is easy, right? (Nope) ● Include the full resource response when creating or use a 204? ● How do you avoid one PATCH stomping another? ○ ETags and Preconditions ○ "If-None-Match: W/"9f55f4d0f19b152a6e7c6ddeb4107e486fd7727c"" ○ "If-Modified-Since: Wed, 15 Feb 2012 12:53:52 -0800" ● How do you make hypermedia useful to the client and end user? ● Forms?
  • 32. YOU NEED TESTS! Functional tests are critical ● Ensures your changes haven't broken anything old or new ● Speeds up prototyping Tests are NOT a substitute for your eyeballs
  • 33. The Future Reliable platforms Consistent functionality Known, shared resources Notes: http://bestoked.blogspot.com/2012/02/restful- resources-required-reading.html http://wiki.foxycart.com/v/0.0.0/hypermedia_api