A RESTful Development: Web APIs for the Real World

GDG Berlin 2013

+MichaelMahemoff / @mahemoff

Online at bit.ly/apifest

Hit spacebar and back button to navigate these slides

Web ...

versus Native …

The Future

"The API calls, for the most part are using JSONP syntax over an HTTPS connection."

Ohhai

Mirror API
Internet == Diverse platforms

RESTed Development

  • 1. Verb All the Nouns
  • 2. API Design Principles
  • 3. Tools are Your Friend
  • 4. Emerging Trends

Cool URIs

Less Cool

UX for developers, because programmers are people too.

Universal Resource Identifier

Verb All The Nouns

https://github.com

A website

https://github.com/google

A user of a website

https://github.com/google/memcached-collections

A project of a user of a website

Create, Read, Update, Delete

GET /places/berlin
PUT /places/berlin
DELETE /places/berlin
POST /places

Anatomy of a click

Content Negotiation

Success: 200, 201, 202 ...

Redirect: 300, 301, 302 ...

Error: 400, 401, 402 ...

RESTed Development

  • 1. Verb All the Nouns
  • 2. API Design Principles
  • 3. Tools are Your Friend
  • 4. Emerging Trends
Security by design - simple requests
SSL Everywhere

Every request is authenticated

GET /things
Host: example.com
Authorization: Basic userid:password

User and 2 services: OAuth/OAuth 2

Performance and Scalability

Caching

"1 + N" pattern

Applies to APIs too

RESTed Development

  • 1. Verb All the Nouns
  • 2. API Design for Humans
  • 3. Tools are your Friend
  • 4. Emerging Trends

Hosting and Caching

  • File hosting - S3. Future: Google Drive, Dropbox, GitHub?
  • Edge Caches - CloudFlare, Akamai, Cloudfront
  • Images - Cloudinary

Edge Caching

Security-Caching Trade-Off

Server monitoring

Instant analytics and alerts

  • Check Uptime - Pingdom, Montastic
  • Capacity planning and alerts - Scout
  • Client-side and server-side exception reporting - Exceptional, Raygun
  • Usage and performance - New Relic

Epic Win!

New Relic

Experiment-friendly clients

  • HTTPie - Curl, but nice
  • UniREST - Cross-language library
  • APIBin - Pastebin for API calls

HTTPie

               http -a user:pass GET /predictions
               http PUT example.com/accounts amount:1000000 bonus:true
               http DELETE example.com/bills/123
            

API Hosting

Mashable, Apigee, Apiary, Layer7

RESTed Development

  • 1. Verb All the Nouns
  • 2. API Design for Humans
  • 3. Tools are your Friend
  • 4. Emerging Trends

2000: WS-*

Vendor-driven development

2010: Lightweight REST

  • Services → Resources
  • Complex → Simple
  • Rules → Patterns
  • Hide HTTP → Embrace HTTP
  • XML → JSON

2015: Best of both worlds

Pendulum swings back

Need-Driven APIs

Typical use cases → Coarse-grained requests

Slow Cooker Revolution

  1. End-user experience
  2. Private API
  3. Drip-feeding: Limited partners and features

Standardisation

JSON

Swagger

HATEOAS

Benefits of Standards

  • Inter-op
  • Library support
  • Document generation
  • Code generation? Maybe?

+MichaelMahemoff

bit.ly/apifest

@mahemoff

Image credits

  • Dry Icons
  • http Photo Credit: mytoenailcameoff via Compfight cc
  • Photo Credit: Darwin Bell via Compfight cc
  • placekitten
  • Developer Experience SXSW talk
  • IOT