SlideShare uma empresa Scribd logo

Building Awesome APIs with Lumen

Kit Brennan
Kit Brennan

An overview of how to structure your Lumen APIs to make them awesome. Topics covered: requests, responses, logging, documentation and testing. Slides assume some background in Laravel.

Tecnologia
1 de 30
Baixar para ler offline
Building Awesome APIs with Lumen Kit Brennan Rokk3r Labs
• Consistent • Reliable • Easy to use What makes an API awesome Overview
• Super fast out the box • If you know Laravel, you know Lumen • All of Laravel waiting to be switched on Why Lumen Overview
• Requests • Responses • Logging • Documentation • Testing Structure of the talk Overview
• Version your API using route prefixes Routing Requests
• Also, an excellent use of subdomain routing: Routing Requests
• Create an /api/1/ping route for public APIs • Don’t put any middleware in front of the route • Two reasons: • Lets clients easily check if server is up • First step of integrating with an API is just making sure your request reaches the remote server. Routing Requests
• Choose an endpoint structure and stick to it • Have awesome documentation for all endpoints 
 we will come back to this • GET is a safe method
 this should really go without saying • PUT and DELETE are idempotent
 operation should always produce same result Routing Requests
• GET https://example.com/api/1/users • POST https://example.com/api/1/users • GET https://example.com/api/1/users/1 • PUT https://example.com/api/1/users/1 • DELETE https://example.com/api/1/users/1 Routing Requests
• https://github.com/barryvdh/laravel-cors • Public APIs: allow all origins • Private APIs: allow your origins CORS Requests
• Session based authentication not appropriate • Three options: • Access token authentication
 for server-server apps - you provide token in advance • JSON web token
 for client-side apps - you provide a token at user login • Oauth
 for third party apps accessing existing user accounts on your system Authentication methods Requests
• https://github.com/tymondesigns/jwt-auth • Scales much better than other options - each server validates the token, rather than making a DB call • Frontend apps should store the token with LocalStorage • Tokens should expire
 use refresh tokens to generate new tokens Authentication - JSON web tokens Requests
• https://github.com/lucadegasperi/oauth2-server-laravel • Potentially very dangerous (so get it right): • You’re giving someone access to client data • Read the spec: http://tools.ietf.org/html/rfc6749 Authentication - Oauth Requests
• Avoid the magic controller validation • Instead create a validation class, call it and check in your controller if it fails Validation Requests
• Awesome APIs accept many date formats • Validation facades date validator uses strtotime • Carbon’s parse method uses strtotime • Combine the two and you can safely accept any date • Caveat… a unix timestamp is not parsed by strtotime Dates Requests
• Even APIs should have a view layer • Explicitly cast all types Transformers Responses
• Do not forget to transform your Carbon objects Transformers Responses
• Use a transformer package • https://github.com/salebab/larasponse
 the documentation sucks, but it’s still the best package • You provide a class with a transform method, then simply call it in any controller: Transformers Responses
• Power comes when you want to include other transforms in your transformer (transformer class)
 
 
 • Always include with a transformer (transformer class): 
 • Or optional include (controller class): Transformers Responses
• Response macros let you include additional meta data to response • Macros also ensure consistency of base response across all response statuses and all endpoints • Register in a service provider: Response Macros Responses
• Log all requests and all responses • This is 10x as true if you are making a public API • Make your logs easily accessible
 no, SSHing into a server is not easily accessible When to log Logging
• Shameless plug for today’s sponsor: www.understand.io
 probably the best option, so not such a shameless plug • Anything supported by Monolog should work out the box • https://papertrailapp.com • https://www.loggly.com • The ELK stack https://www.elastic.co
 open source Logging services Logging
• One is auto documented, one isn’t: Auto documenters Documentation
• http://readme.io/ • https://apiary.io/ • https://www.mashape.com/ • http://swagger.io/ -> popular auto documenter • GitHub/Bitbucket wikis Documentation services Documentation
• Tell developers about any breaking API changes • Give 30 days notice of breaking changes or downtime
 ideally longer • Make it super clear you won’t use the mailing list for marketing • Never use the mailing list for marketing Mailing list Documentation
• Write full end to end API tests. Lumen supports these out the box: API tests Testing
• Statically define your test expectations for a given route
 your seeder will need to have some fixtures for this Test every field Testing
• Returning a 200 when you should be returning a 403 (forbidden) is inexcusable. Test failures Testing
• In your TestCase.php JWT Override Testing
Thank You Kit Brennan Rokk3r Labs

Recomendados

REST API Laravel
REST API LaravelREST API Laravel
REST API LaravelJohn Dave Decano
 
Rest presentation
Rest presentationRest presentation
Rest presentationsrividhyau
 
The Internet as Web Services: introduction to ReST
The Internet as Web Services: introduction to ReSTThe Internet as Web Services: introduction to ReST
The Internet as Web Services: introduction to ReSTBruno Kessler Foundation
 
Understanding and testing restful web services
Understanding and testing restful web servicesUnderstanding and testing restful web services
Understanding and testing restful web servicesmwinteringham
 
How to build a rest api.pptx
How to build a rest api.pptxHow to build a rest api.pptx
How to build a rest api.pptxHarry Potter
 
JSON REST API for WordPress
JSON REST API for WordPressJSON REST API for WordPress
JSON REST API for WordPressTaylor Lovett
 
40+ tips to use Postman more efficiently
40+ tips to use Postman more efficiently40+ tips to use Postman more efficiently
40+ tips to use Postman more efficientlypostmanclient
 
Understanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple StepsUnderstanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple StepsTessa Mero
 

Recomendados

REST API Laravel
REST API LaravelREST API Laravel
REST API LaravelJohn Dave Decano
 
Rest presentation
Rest presentationRest presentation
Rest presentationsrividhyau
 
The Internet as Web Services: introduction to ReST
The Internet as Web Services: introduction to ReSTThe Internet as Web Services: introduction to ReST
The Internet as Web Services: introduction to ReSTBruno Kessler Foundation
 
Understanding and testing restful web services
Understanding and testing restful web servicesUnderstanding and testing restful web services
Understanding and testing restful web servicesmwinteringham
 
How to build a rest api.pptx
How to build a rest api.pptxHow to build a rest api.pptx
How to build a rest api.pptxHarry Potter
 
JSON REST API for WordPress
JSON REST API for WordPressJSON REST API for WordPress
JSON REST API for WordPressTaylor Lovett
 
40+ tips to use Postman more efficiently
40+ tips to use Postman more efficiently40+ tips to use Postman more efficiently
40+ tips to use Postman more efficientlypostmanclient
 
Understanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple StepsUnderstanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple StepsTessa Mero
 
Best Practices in Web Service Design
Best Practices in Web Service DesignBest Practices in Web Service Design
Best Practices in Web Service DesignLorna Mitchell
 
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and PythonDEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and PythonCisco DevNet
 
Rest and the hypermedia constraint
Rest and the hypermedia constraintRest and the hypermedia constraint
Rest and the hypermedia constraintInviqa
 
Your First Scala Web Application using Play 2.1
Your First Scala Web Application using Play 2.1Your First Scala Web Application using Play 2.1
Your First Scala Web Application using Play 2.1Matthew Barlocker
 
Rest web services
Rest web servicesRest web services
Rest web servicesPaulo Gandra de Sousa
 
Design Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIsDesign Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIsStormpath
 
RESTful API Automation with JavaScript
RESTful API Automation with JavaScriptRESTful API Automation with JavaScript
RESTful API Automation with JavaScriptJonathan LeBlanc
 
Postman Collection Format v2.0 (pre-draft)
Postman Collection Format v2.0 (pre-draft)Postman Collection Format v2.0 (pre-draft)
Postman Collection Format v2.0 (pre-draft)Postman
 
REST-API introduction for developers
REST-API introduction for developersREST-API introduction for developers
REST-API introduction for developersPatrick Savalle
 
JSON and REST
JSON and RESTJSON and REST
JSON and RESTRobert MacLean
 
Frisby Api automation
Frisby Api automationFrisby Api automation
Frisby Api automationDineesha Suraweera
 
REST Presentation
REST PresentationREST Presentation
REST PresentationAlexandros Marinos
 
Understanding REST
Understanding RESTUnderstanding REST
Understanding RESTNitin Pande
 
Building Automated REST APIs with Python
Building Automated REST APIs with PythonBuilding Automated REST APIs with Python
Building Automated REST APIs with PythonJeff Knupp
 
Learn REST in 18 Slides
Learn REST in 18 SlidesLearn REST in 18 Slides
Learn REST in 18 SlidesSuraj Gupta
 
RESTful services
RESTful servicesRESTful services
RESTful servicesgouthamrv
 
A python web service
A python web serviceA python web service
A python web serviceTemian Vlad
 
Implementation advantages of rest
Implementation advantages of restImplementation advantages of rest
Implementation advantages of restBalamurugan Easwaran
 
ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiTiago Knoch
 
REST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in CodeigniterREST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in CodeigniterSachin G Kulkarni
 
POS Malware: Is your Debit/Credit Transcations Secure?
POS Malware: Is your Debit/Credit Transcations Secure?POS Malware: Is your Debit/Credit Transcations Secure?
POS Malware: Is your Debit/Credit Transcations Secure?Cysinfo Cyber Security Community
 
Five pillars of Infrastructure Monitoring
Five pillars of Infrastructure MonitoringFive pillars of Infrastructure Monitoring
Five pillars of Infrastructure MonitoringDaniel Koller
 

Mais conteúdo relacionado

Mais procurados

Best Practices in Web Service Design
Best Practices in Web Service DesignBest Practices in Web Service Design
Best Practices in Web Service DesignLorna Mitchell
 
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and PythonDEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and PythonCisco DevNet
 
Rest and the hypermedia constraint
Rest and the hypermedia constraintRest and the hypermedia constraint
Rest and the hypermedia constraintInviqa
 
Your First Scala Web Application using Play 2.1
Your First Scala Web Application using Play 2.1Your First Scala Web Application using Play 2.1
Your First Scala Web Application using Play 2.1Matthew Barlocker
 
Design Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIsDesign Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIsStormpath
 
RESTful API Automation with JavaScript
RESTful API Automation with JavaScriptRESTful API Automation with JavaScript
RESTful API Automation with JavaScriptJonathan LeBlanc
 
Postman Collection Format v2.0 (pre-draft)
Postman Collection Format v2.0 (pre-draft)Postman Collection Format v2.0 (pre-draft)
Postman Collection Format v2.0 (pre-draft)Postman
 
REST-API introduction for developers
REST-API introduction for developersREST-API introduction for developers
REST-API introduction for developersPatrick Savalle
 
Understanding REST
Understanding RESTUnderstanding REST
Understanding RESTNitin Pande
 
Building Automated REST APIs with Python
Building Automated REST APIs with PythonBuilding Automated REST APIs with Python
Building Automated REST APIs with PythonJeff Knupp
 
Learn REST in 18 Slides
Learn REST in 18 SlidesLearn REST in 18 Slides
Learn REST in 18 SlidesSuraj Gupta
 
RESTful services
RESTful servicesRESTful services
RESTful servicesgouthamrv
 
A python web service
A python web serviceA python web service
A python web serviceTemian Vlad
 
ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiTiago Knoch
 
REST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in CodeigniterREST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in CodeigniterSachin G Kulkarni
 

Mais procurados (20)

Best Practices in Web Service Design
Best Practices in Web Service DesignBest Practices in Web Service Design
Best Practices in Web Service Design
 
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and PythonDEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
DEVNET-1001 Coding 101: How to Call REST APIs from a REST Client and Python
 
Rest and the hypermedia constraint
Rest and the hypermedia constraintRest and the hypermedia constraint
Rest and the hypermedia constraint
 
Your First Scala Web Application using Play 2.1
Your First Scala Web Application using Play 2.1Your First Scala Web Application using Play 2.1
Your First Scala Web Application using Play 2.1
 
Rest web services
Rest web servicesRest web services
Rest web services
 
Design Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIsDesign Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIs
 
RESTful API Automation with JavaScript
RESTful API Automation with JavaScriptRESTful API Automation with JavaScript
RESTful API Automation with JavaScript
 
Postman Collection Format v2.0 (pre-draft)
Postman Collection Format v2.0 (pre-draft)Postman Collection Format v2.0 (pre-draft)
Postman Collection Format v2.0 (pre-draft)
 
REST-API introduction for developers
REST-API introduction for developersREST-API introduction for developers
REST-API introduction for developers
 
JSON and REST
JSON and RESTJSON and REST
JSON and REST
 
Frisby Api automation
Frisby Api automationFrisby Api automation
Frisby Api automation
 
REST Presentation
REST PresentationREST Presentation
REST Presentation
 
Understanding REST
Understanding RESTUnderstanding REST
Understanding REST
 
Building Automated REST APIs with Python
Building Automated REST APIs with PythonBuilding Automated REST APIs with Python
Building Automated REST APIs with Python
 
Learn REST in 18 Slides
Learn REST in 18 SlidesLearn REST in 18 Slides
Learn REST in 18 Slides
 
RESTful services
RESTful servicesRESTful services
RESTful services
 
A python web service
A python web serviceA python web service
A python web service
 
Implementation advantages of rest
Implementation advantages of restImplementation advantages of rest
Implementation advantages of rest
 
ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web api
 
REST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in CodeigniterREST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in Codeigniter
 

Destaque

Five pillars of Infrastructure Monitoring
Five pillars of Infrastructure MonitoringFive pillars of Infrastructure Monitoring
Five pillars of Infrastructure MonitoringDaniel Koller
 
Tech Chat – What's New in Sumo Logic
Tech Chat – What's New in Sumo LogicTech Chat – What's New in Sumo Logic
Tech Chat – What's New in Sumo LogicSumo Logic
 
Hadoop / Spark on Malware Expression
Hadoop / Spark on Malware ExpressionHadoop / Spark on Malware Expression
Hadoop / Spark on Malware ExpressionMapR Technologies
 
Ahg microsoft stream_insight_queries
Ahg microsoft stream_insight_queriesAhg microsoft stream_insight_queries
Ahg microsoft stream_insight_queriesSteve Xu
 
Game Over - HTML5 Games
Game Over - HTML5 GamesGame Over - HTML5 Games
Game Over - HTML5 GamesGuido Garcia
 
Marian Marinov, 1H Ltd.
Marian Marinov, 1H Ltd.Marian Marinov, 1H Ltd.
Marian Marinov, 1H Ltd.Ontico
 
AppSensor Near Real-Time Event Detection and Response - DevNexus 2016
AppSensor Near Real-Time Event Detection and Response - DevNexus 2016AppSensor Near Real-Time Event Detection and Response - DevNexus 2016
AppSensor Near Real-Time Event Detection and Response - DevNexus 2016jtmelton
 
George Park Workshop 1 - Cosumnes CSD
George Park Workshop 1 - Cosumnes CSDGeorge Park Workshop 1 - Cosumnes CSD
George Park Workshop 1 - Cosumnes CSDCosumnes CSD
 
Chicago AWS user group meetup - May 2014 at Cohesive
Chicago AWS user group meetup - May 2014 at CohesiveChicago AWS user group meetup - May 2014 at Cohesive
Chicago AWS user group meetup - May 2014 at CohesiveCloudCamp Chicago
 
Urban legends - PJ Hagerty - Codemotion Amsterdam 2017
Urban legends - PJ Hagerty - Codemotion Amsterdam 2017Urban legends - PJ Hagerty - Codemotion Amsterdam 2017
Urban legends - PJ Hagerty - Codemotion Amsterdam 2017Codemotion
 
Answers in environmental education @kaye
Answers in environmental education @kayeAnswers in environmental education @kaye
Answers in environmental education @kayeCee Saliendrez
 
Free - Chris Anderson
Free - Chris AndersonFree - Chris Anderson
Free - Chris Andersonschooldialoog
 
EMC World 2015 - The Devops Toolkit
EMC World 2015 - The Devops ToolkitEMC World 2015 - The Devops Toolkit
EMC World 2015 - The Devops ToolkitJonas Rosland
 
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...OpenWhisk
 
Zero to Hero: Getting started with DVCS
Zero to Hero: Getting started with DVCSZero to Hero: Getting started with DVCS
Zero to Hero: Getting started with DVCSAtlassian
 

Destaque (20)

POS Malware: Is your Debit/Credit Transcations Secure?
POS Malware: Is your Debit/Credit Transcations Secure?POS Malware: Is your Debit/Credit Transcations Secure?
POS Malware: Is your Debit/Credit Transcations Secure?
 
Five pillars of Infrastructure Monitoring
Five pillars of Infrastructure MonitoringFive pillars of Infrastructure Monitoring
Five pillars of Infrastructure Monitoring
 
Tech Chat – What's New in Sumo Logic
Tech Chat – What's New in Sumo LogicTech Chat – What's New in Sumo Logic
Tech Chat – What's New in Sumo Logic
 
Hadoop / Spark on Malware Expression
Hadoop / Spark on Malware ExpressionHadoop / Spark on Malware Expression
Hadoop / Spark on Malware Expression
 
Composite çelik
Composite çelikComposite çelik
Composite çelik
 
Ahg microsoft stream_insight_queries
Ahg microsoft stream_insight_queriesAhg microsoft stream_insight_queries
Ahg microsoft stream_insight_queries
 
Game Over - HTML5 Games
Game Over - HTML5 GamesGame Over - HTML5 Games
Game Over - HTML5 Games
 
Book of Fauna and Flora
Book of Fauna and FloraBook of Fauna and Flora
Book of Fauna and Flora
 
Setex Brochure by Matrax Bulgaria
Setex Brochure by Matrax BulgariaSetex Brochure by Matrax Bulgaria
Setex Brochure by Matrax Bulgaria
 
Marian Marinov, 1H Ltd.
Marian Marinov, 1H Ltd.Marian Marinov, 1H Ltd.
Marian Marinov, 1H Ltd.
 
AppSensor Near Real-Time Event Detection and Response - DevNexus 2016
AppSensor Near Real-Time Event Detection and Response - DevNexus 2016AppSensor Near Real-Time Event Detection and Response - DevNexus 2016
AppSensor Near Real-Time Event Detection and Response - DevNexus 2016
 
George Park Workshop 1 - Cosumnes CSD
George Park Workshop 1 - Cosumnes CSDGeorge Park Workshop 1 - Cosumnes CSD
George Park Workshop 1 - Cosumnes CSD
 
Introduction to ICS/SCADA security
Introduction to ICS/SCADA securityIntroduction to ICS/SCADA security
Introduction to ICS/SCADA security
 
Chicago AWS user group meetup - May 2014 at Cohesive
Chicago AWS user group meetup - May 2014 at CohesiveChicago AWS user group meetup - May 2014 at Cohesive
Chicago AWS user group meetup - May 2014 at Cohesive
 
Urban legends - PJ Hagerty - Codemotion Amsterdam 2017
Urban legends - PJ Hagerty - Codemotion Amsterdam 2017Urban legends - PJ Hagerty - Codemotion Amsterdam 2017
Urban legends - PJ Hagerty - Codemotion Amsterdam 2017
 
Answers in environmental education @kaye
Answers in environmental education @kayeAnswers in environmental education @kaye
Answers in environmental education @kaye
 
Free - Chris Anderson
Free - Chris AndersonFree - Chris Anderson
Free - Chris Anderson
 
EMC World 2015 - The Devops Toolkit
EMC World 2015 - The Devops ToolkitEMC World 2015 - The Devops Toolkit
EMC World 2015 - The Devops Toolkit
 
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
 
Zero to Hero: Getting started with DVCS
Zero to Hero: Getting started with DVCSZero to Hero: Getting started with DVCS
Zero to Hero: Getting started with DVCS
 

Semelhante a Building Awesome APIs with Lumen

AWS Lambda Function with Kotlin
AWS Lambda Function with KotlinAWS Lambda Function with Kotlin
AWS Lambda Function with KotlinTroy Miles
 
Building real time applications with Symfony2
Building real time applications with Symfony2Building real time applications with Symfony2
Building real time applications with Symfony2Antonio Peric-Mazar
 
RESTful web
RESTful webRESTful web
RESTful webAlvin Qi
 
Middleware in Golang: InVision's Rye
Middleware in Golang: InVision's RyeMiddleware in Golang: InVision's Rye
Middleware in Golang: InVision's RyeCale Hoopes
 
CNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesCNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesSam Bowne
 
MEAN Stack WeNode Barcelona Workshop
MEAN Stack WeNode Barcelona WorkshopMEAN Stack WeNode Barcelona Workshop
MEAN Stack WeNode Barcelona WorkshopValeri Karpov
 
(ATS6-PLAT04) Query service
(ATS6-PLAT04) Query service (ATS6-PLAT04) Query service
(ATS6-PLAT04) Query service BIOVIA
 
CNIT 129S: 10: Attacking Back-End Components
CNIT 129S: 10: Attacking Back-End ComponentsCNIT 129S: 10: Attacking Back-End Components
CNIT 129S: 10: Attacking Back-End ComponentsSam Bowne
 
Restful风格ž„web服务架构
Restful风格ž„web服务架构Restful风格ž„web服务架构
Restful风格ž„web服务架构Benjamin Tan
 
Ch 3: Web Application Technologies
Ch 3: Web Application TechnologiesCh 3: Web Application Technologies
Ch 3: Web Application TechnologiesSam Bowne
 
Metrics are Not Enough: Monitoring Apache Kafka / Gwen Shapira (Confluent)
Metrics are Not Enough: Monitoring Apache Kafka / Gwen Shapira (Confluent)Metrics are Not Enough: Monitoring Apache Kafka / Gwen Shapira (Confluent)
Metrics are Not Enough: Monitoring Apache Kafka / Gwen Shapira (Confluent)Ontico
 

Semelhante a Building Awesome APIs with Lumen (20)

Redundant devops
Redundant devopsRedundant devops
Redundant devops
 
AWS Lambda Function with Kotlin
AWS Lambda Function with KotlinAWS Lambda Function with Kotlin
AWS Lambda Function with Kotlin
 
REST APIs
REST APIsREST APIs
REST APIs
 
Building real time applications with Symfony2
Building real time applications with Symfony2Building real time applications with Symfony2
Building real time applications with Symfony2
 
RESTful web
RESTful webRESTful web
RESTful web
 
Middleware in Golang: InVision's Rye
Middleware in Golang: InVision's RyeMiddleware in Golang: InVision's Rye
Middleware in Golang: InVision's Rye
 
CNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesCNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application Technologies
 
MEAN Stack WeNode Barcelona Workshop
MEAN Stack WeNode Barcelona WorkshopMEAN Stack WeNode Barcelona Workshop
MEAN Stack WeNode Barcelona Workshop
 
(ATS6-PLAT04) Query service
(ATS6-PLAT04) Query service (ATS6-PLAT04) Query service
(ATS6-PLAT04) Query service
 
CNIT 129S: 10: Attacking Back-End Components
CNIT 129S: 10: Attacking Back-End ComponentsCNIT 129S: 10: Attacking Back-End Components
CNIT 129S: 10: Attacking Back-End Components
 
Restful风格ž„web服务架构
Restful风格ž„web服务架构Restful风格ž„web服务架构
Restful风格ž„web服务架构
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Ch 3: Web Application Technologies
Ch 3: Web Application TechnologiesCh 3: Web Application Technologies
Ch 3: Web Application Technologies
 
Metrics are Not Enough: Monitoring Apache Kafka / Gwen Shapira (Confluent)
Metrics are Not Enough: Monitoring Apache Kafka / Gwen Shapira (Confluent)Metrics are Not Enough: Monitoring Apache Kafka / Gwen Shapira (Confluent)
Metrics are Not Enough: Monitoring Apache Kafka / Gwen Shapira (Confluent)
 

Último

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 

Último (20)

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Building Awesome APIs with Lumen

  • 1. Building Awesome APIs with Lumen Kit Brennan Rokk3r Labs
  • 2. • Consistent • Reliable • Easy to use What makes an API awesome Overview
  • 3. • Super fast out the box • If you know Laravel, you know Lumen • All of Laravel waiting to be switched on Why Lumen Overview
  • 4. • Requests • Responses • Logging • Documentation • Testing Structure of the talk Overview
  • 5. • Version your API using route prefixes Routing Requests
  • 6. • Also, an excellent use of subdomain routing: Routing Requests
  • 7. • Create an /api/1/ping route for public APIs • Don’t put any middleware in front of the route • Two reasons: • Lets clients easily check if server is up • First step of integrating with an API is just making sure your request reaches the remote server. Routing Requests
  • 8. • Choose an endpoint structure and stick to it • Have awesome documentation for all endpoints 
 we will come back to this • GET is a safe method
 this should really go without saying • PUT and DELETE are idempotent
 operation should always produce same result Routing Requests
  • 9. • GET https://example.com/api/1/users • POST https://example.com/api/1/users • GET https://example.com/api/1/users/1 • PUT https://example.com/api/1/users/1 • DELETE https://example.com/api/1/users/1 Routing Requests
  • 10. • https://github.com/barryvdh/laravel-cors • Public APIs: allow all origins • Private APIs: allow your origins CORS Requests
  • 11. • Session based authentication not appropriate • Three options: • Access token authentication
 for server-server apps - you provide token in advance • JSON web token
 for client-side apps - you provide a token at user login • Oauth
 for third party apps accessing existing user accounts on your system Authentication methods Requests
  • 12. • https://github.com/tymondesigns/jwt-auth • Scales much better than other options - each server validates the token, rather than making a DB call • Frontend apps should store the token with LocalStorage • Tokens should expire
 use refresh tokens to generate new tokens Authentication - JSON web tokens Requests
  • 13. • https://github.com/lucadegasperi/oauth2-server-laravel • Potentially very dangerous (so get it right): • You’re giving someone access to client data • Read the spec: http://tools.ietf.org/html/rfc6749 Authentication - Oauth Requests
  • 14. • Avoid the magic controller validation • Instead create a validation class, call it and check in your controller if it fails Validation Requests
  • 15. • Awesome APIs accept many date formats • Validation facades date validator uses strtotime • Carbon’s parse method uses strtotime • Combine the two and you can safely accept any date • Caveat… a unix timestamp is not parsed by strtotime Dates Requests
  • 16. • Even APIs should have a view layer • Explicitly cast all types Transformers Responses
  • 17. • Do not forget to transform your Carbon objects Transformers Responses
  • 18. • Use a transformer package • https://github.com/salebab/larasponse
 the documentation sucks, but it’s still the best package • You provide a class with a transform method, then simply call it in any controller: Transformers Responses
  • 19. • Power comes when you want to include other transforms in your transformer (transformer class)
 
 
 • Always include with a transformer (transformer class): 
 • Or optional include (controller class): Transformers Responses
  • 20. • Response macros let you include additional meta data to response • Macros also ensure consistency of base response across all response statuses and all endpoints • Register in a service provider: Response Macros Responses
  • 21. • Log all requests and all responses • This is 10x as true if you are making a public API • Make your logs easily accessible
 no, SSHing into a server is not easily accessible When to log Logging
  • 22. • Shameless plug for today’s sponsor: www.understand.io
 probably the best option, so not such a shameless plug • Anything supported by Monolog should work out the box • https://papertrailapp.com • https://www.loggly.com • The ELK stack https://www.elastic.co
 open source Logging services Logging
  • 23. • One is auto documented, one isn’t: Auto documenters Documentation
  • 24. • http://readme.io/ • https://apiary.io/ • https://www.mashape.com/ • http://swagger.io/ -> popular auto documenter • GitHub/Bitbucket wikis Documentation services Documentation
  • 25. • Tell developers about any breaking API changes • Give 30 days notice of breaking changes or downtime
 ideally longer • Make it super clear you won’t use the mailing list for marketing • Never use the mailing list for marketing Mailing list Documentation
  • 26. • Write full end to end API tests. Lumen supports these out the box: API tests Testing
  • 27. • Statically define your test expectations for a given route
 your seeder will need to have some fixtures for this Test every field Testing
  • 28. • Returning a 200 when you should be returning a 403 (forbidden) is inexcusable. Test failures Testing
  • 29. • In your TestCase.php JWT Override Testing