SlideShare a Scribd company logo

Best Practices in Web Service Design

L
Lorna Mitchell

The document discusses best practices for designing web services. It covers using HTTP as a protocol, different service types like SOAP, XML-RPC and REST, and considerations for designing APIs like making them stateless, versioning, error handling and authentication. The document emphasizes keeping services small, consistent and well documented with examples to empower users.

Technology
1 of 38
Downloaded 973 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
Best Practice in Web Service Design Lorna Jane Mitchell February 2010
A Story http://www.flickr.com/photos/james_michael_hill/254778578/
Aims of a Web Service • Expose system functionality • Assist modular application architecture • Enable scalability Empower Users!
Web. Service. Design • WEB - we'll talk about HTTP itself and how the web makes an ideal vehicle for conveying information • SERVICE - understanding the service types and how to choose • DESIGN - designing a robust and useful API, techniques for anyone specifying/implementing, either at high level or in code
Web
The Web: HTTP • HyperText Transport Protocol: the "wires" that the web uses to communicate. • HTTP includes meta information as part of the request headers • We can use this rather than reinventing formats for the info
Web Request Anatomy > GET / HTTP/1.1 > User-Agent: curl/7.19.5 (i486-pc-linux-gnu) libcurl/7.19.5 OpenSSL/0.9.8g zlib/1.2.3.3 libid > Host: www.google.co.uk > Accept: */* > < HTTP/1.1 200 OK < Date: Tue, 29 Dec 2009 11:53:32 GMT < Expires: -1 < Cache-Control: private, max-age=0 < Content-Type: text/html; charset=ISO-8859-1 < Set-Cookie: PREF=ID=938ea5e5be0edfd5:TM=1262087612:LM=1262087612:S=i4OvD_W expires=Thu, 29-Dec-2011 11:53:32 GMT; path=/; domain=.google.co.uk < Set-Cookie: NID=30=xm_tayHyAuPiERmCeIv3kiHczSQgm-Nt6DWlGVKKqTrAhT2BhqDiqsw A46lBcfV-mS0WZGQqfq-Px5097pdZ3x4R2jRboXU5i8lU2GqM5ql7Zs7zmv3; expires=Wed, 30 GMT; path=/; domain=.google.co.uk; HttpOnly < Server: gws < X-XSS-Protection: 0 < Transfer-Encoding: chunked <
HTTP Status Codes Code Meaning 200 OK 302 Found 301 Moved 401 Not Authorised 403 Forbidden 404 Not Found 500 Internal Server Error
Headers • Authorization • Cookie and Set-Cookie • Cache-Control • User-Agent • Accept • Content-Type
Content-Type and Accept • Usually a common mime type, e.g: – text/html – text/xml – application/json • We can parse accordingly • Be consistent in return formats
HTTP Verbs • GET • POST • PUT • DELETE
Service
Service Types • SOAP • *-RPC – XML-RPC – JSON-RPC • REST
SOAP • Just "soap" • Defined XML format • Also includes definition for error format • Wrappers available for most languages • Optionally uses a WSDL to describe the service – Web Service Description Language
RPC Services • Remote Procedure Call • Similar to library • Call function with arguments • Body format can change – XML makes XML-RPC – JSON makes JSON-RPC
REST • REpresentational State Transfer • A series of concepts • Generally uses HTTP (HyperText Transfer Protocol) • URLs are resource locations • Verbs tell the service what to do • Status codes indicate what the outcome was
Design
Tools to Make a Web Service • Lots of options • By hand – Using PHP language features • With helper components – e.g. PEAR modules • Within a framework custom module • From an MVC system
Designing a Web Service • Who/what will consume this? • What service/format is appropriate? – multiple formats where possible • What functionality is needed? • Up-front design is recommended
Services and Unit Testing • Easiest application of unit testing • With API tests – be confident of spotting changes – update tests when making changes • Test request/response for known datasets • Could use sample database
Small APIs • Beware adding functionality • Small, flexible APIs • Few methods as possible • Easy to use
Consistency • Important to retain – naming conventions – parameter validation rules – parameter order • Just as you would in library code
Statelessness • Request alone contains all information needed • No session data • Resource does not need to be in known state • Same operation performs same outcome
Versions and Formats • Always include a version parameter • Handle multiple formats
Status Codes • Typically associated with REST – HTTP response codes • Useful in other APIs too • Headline news: success or type of failure • MVC tools may not use these by default • Highly recommended!
Error Handling • Success is not the only outcome • Users will encounter failure – it might be their fault – how you handle it is the measure of your service • Failure handling = robustness
Error Feedback • Help users help themselves • Descriptive feedback • Stack errors • Use existing/similar format
Authentication Mechanisms • Depends completely on the environment • Web services are like web applications • Application interfaces have the same considerations whether internal or external
Authentication Options • Require authentication on every request • Authenticate once and use a token • Restrict token validity • Application or web server authentication • Just like sessions
Heartbeat Method • A method which does nothing • No authentication • Requires correct request format • Gives basic feedback • Shows that service is alive
Build It And They Will Come • ... Or not! • Users need a service to be – accessible – documented – robust – reliable – simple – predictable
Delivering A Web Service • Like packaging software • Give users tools to help themselves • Avoid support calls
Documentation • WSDL • PHPDoc can help • Simple examples/tutorials • API spec – formats – variable names – data types – error information
Examples • Tutorials with examples • Include full request and response information in examples • Troubleshooting tips and known issues • Full API Documentation – simpler to generate from PHPDoc
In Summary • Web Services != Rocket Science • HTTP theory • Service types • Design considerations • Effective Delivery
Resources • http://php.net • RESTful Web Services by Leonard Richardson, Sam Ruby • http://curl.haxx.se/ • http://benramsey.com • http://lornajane.net
Questions?
Thankyou! • Lorna Mitchell • @lornajane http://joind.in/1460

More Related Content

What's hot (20)

PDF
Apigee Demo: API Platform Overview
Apigee | Google Cloud
 
PDF
API for Beginners
Sébastien Saunier
 
PPT
Postman.ppt
ParrotBAD
 
PDF
What is REST API? REST API Concepts and Examples | Edureka
Edureka!
 
PPTX
NashTech - Azure Application Insights
Phi Huynh
 
ODP
Introduction to Swagger
Knoldus Inc.
 
PDF
Azure Application insights - An Introduction
Matthias Güntert
 
PPTX
An Introduction To REST API
Aniruddh Bhilvare
 
PPTX
Spring boot Introduction
Jeevesh Pandey
 
PDF
Best Practices for RESTful Web Services
Salesforce Developers
 
PDF
Exception handling
Anna Pietras
 
KEY
Event Driven Architecture
Stefan Norberg
 
PDF
DevOps for beginners
Pradeep Patel, PMP®
 
PPTX
React Workshop
GDSC UofT Mississauga
 
PPTX
Understanding REST APIs in 5 Simple Steps
Tessa Mero
 
PDF
Angular - Chapter 3 - Components
WebStackAcademy
 
PPTX
Web api
Sudhakar Sharma
 
PPTX
Introduction to JSON & AJAX
Collaboration Technologies
 
PDF
Migration From Oracle to PostgreSQL
PGConf APAC
 
PPSX
Rest api standards and best practices
Ankita Mahajan
 
Apigee Demo: API Platform Overview
Apigee | Google Cloud
 
API for Beginners
Sébastien Saunier
 
Postman.ppt
ParrotBAD
 
What is REST API? REST API Concepts and Examples | Edureka
Edureka!
 
NashTech - Azure Application Insights
Phi Huynh
 
Introduction to Swagger
Knoldus Inc.
 
Azure Application insights - An Introduction
Matthias Güntert
 
An Introduction To REST API
Aniruddh Bhilvare
 
Spring boot Introduction
Jeevesh Pandey
 
Best Practices for RESTful Web Services
Salesforce Developers
 
Exception handling
Anna Pietras
 
Event Driven Architecture
Stefan Norberg
 
DevOps for beginners
Pradeep Patel, PMP®
 
React Workshop
GDSC UofT Mississauga
 
Understanding REST APIs in 5 Simple Steps
Tessa Mero
 
Angular - Chapter 3 - Components
WebStackAcademy
 
Web api
Sudhakar Sharma
 
Introduction to JSON & AJAX
Collaboration Technologies
 
Migration From Oracle to PostgreSQL
PGConf APAC
 
Rest api standards and best practices
Ankita Mahajan
 

Viewers also liked (20)

PPTX
Best practices for RESTful web service design
Ramin Orujov
 
PPTX
Best Practices for Architecting a Pragmatic Web API.
Mario Cardinal
 
PPTX
Design Beautiful REST + JSON APIs
Stormpath
 
PPT
Web Service Presentation
guest0df6b0
 
PDF
RESTful API Design, Second Edition
Apigee | Google Cloud
 
PDF
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Cesare Pautasso
 
PPTX
Introduction to Web Service
Tanya Sattaya-aphitan
 
PDF
Web service introduction
Sagara Gunathunga
 
PDF
REST to RESTful Web Service
家弘 周
 
PDF
Web Services (SOAP, WSDL, UDDI)
Peter R. Egli
 
PPTX
Webservices Overview : XML RPC, SOAP and REST
Pradeep Kumar
 
PDF
Best Practices for Interoperable XML Databinding with JAXB
Martin Grebac
 
PDF
Best Practice in Web Service Design
Lorna Mitchell
 
PDF
Layer 7: Understanding XML & Web Services Performance
CA API Management
 
PDF
CSS Reset
Russ Weakley
 
PDF
Why HATEOAS
Lee Wayne
 
PDF
Web Service and Mobile Integrated Day I
Anuchit Chalothorn
 
PPTX
Introduction to XML
Abhra Basak
 
PPTX
Web service
Vaithiyanathan Govindarajan
 
PPTX
Develop ASP.Net Web Service
Safaa Farouk
 
Best practices for RESTful web service design
Ramin Orujov
 
Best Practices for Architecting a Pragmatic Web API.
Mario Cardinal
 
Design Beautiful REST + JSON APIs
Stormpath
 
Web Service Presentation
guest0df6b0
 
RESTful API Design, Second Edition
Apigee | Google Cloud
 
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Cesare Pautasso
 
Introduction to Web Service
Tanya Sattaya-aphitan
 
Web service introduction
Sagara Gunathunga
 
REST to RESTful Web Service
家弘 周
 
Web Services (SOAP, WSDL, UDDI)
Peter R. Egli
 
Webservices Overview : XML RPC, SOAP and REST
Pradeep Kumar
 
Best Practices for Interoperable XML Databinding with JAXB
Martin Grebac
 
Best Practice in Web Service Design
Lorna Mitchell
 
Layer 7: Understanding XML & Web Services Performance
CA API Management
 
CSS Reset
Russ Weakley
 
Why HATEOAS
Lee Wayne
 
Web Service and Mobile Integrated Day I
Anuchit Chalothorn
 
Introduction to XML
Abhra Basak
 
Web service
Vaithiyanathan Govindarajan
 
Develop ASP.Net Web Service
Safaa Farouk
 
Ad

Similar to Best Practices in Web Service Design (20)

PDF
Web Services Tutorial
Lorna Mitchell
 
PDF
Web Services PHP Tutorial
Lorna Mitchell
 
PDF
Web services tutorial
Lorna Mitchell
 
PDF
Web Services
Katrien Verbert
 
PPTX
An Overview of Web Services: SOAP and REST
Ram Awadh Prasad, PMP
 
PPTX
Web services
ishmecse13
 
PDF
Java Web Services [1/5]: Introduction to Web Services
IMC Institute
 
PDF
Writing RESTful Web Services
Paul Boocock
 
PDF
What is REST?
Saeid Zebardast
 
PDF
Web Services / Technology in Cloud Computing
Hitesh Mohapatra
 
PDF
wsadddddddddddddddddeb-servsdddddddddddaaaaaaaice.pdf
PrincessMonicaCostel
 
PPTX
Web services
Akshay Ballarpure
 
PPTX
Web Services.pptx
ShaikRasool27
 
PDF
Jim Webber A Couple Of Ways To Skin An Internet Scale Catx
deimos
 
PPTX
Webservices: The RESTful Approach
Mushfekur Rahman
 
PDF
Php and-web-services-24402
PrinceGuru MS
 
PDF
Brian.suda.thesis
Aravindharamanan S
 
PDF
Designing RESTful APIs
anandology
 
PDF
Web services
Carlos Samuel Gutierrez Fuentes
 
PDF
Securty Testing For RESTful Applications
Source Conference
 
Web Services Tutorial
Lorna Mitchell
 
Web Services PHP Tutorial
Lorna Mitchell
 
Web services tutorial
Lorna Mitchell
 
Web Services
Katrien Verbert
 
An Overview of Web Services: SOAP and REST
Ram Awadh Prasad, PMP
 
Web services
ishmecse13
 
Java Web Services [1/5]: Introduction to Web Services
IMC Institute
 
Writing RESTful Web Services
Paul Boocock
 
What is REST?
Saeid Zebardast
 
Web Services / Technology in Cloud Computing
Hitesh Mohapatra
 
wsadddddddddddddddddeb-servsdddddddddddaaaaaaaice.pdf
PrincessMonicaCostel
 
Web services
Akshay Ballarpure
 
Web Services.pptx
ShaikRasool27
 
Jim Webber A Couple Of Ways To Skin An Internet Scale Catx
deimos
 
Webservices: The RESTful Approach
Mushfekur Rahman
 
Php and-web-services-24402
PrinceGuru MS
 
Brian.suda.thesis
Aravindharamanan S
 
Designing RESTful APIs
anandology
 
Web services
Carlos Samuel Gutierrez Fuentes
 
Securty Testing For RESTful Applications
Source Conference
 
Ad

More from Lorna Mitchell (20)

PDF
OAuth: Trust Issues
Lorna Mitchell
 
PDF
Best Practice in API Design
Lorna Mitchell
 
PDF
Git, GitHub and Open Source
Lorna Mitchell
 
PDF
Business 101 for Developers: Time and Money
Lorna Mitchell
 
ODP
Things I wish web graduates knew
Lorna Mitchell
 
PDF
Teach a Man To Fish (phpconpl edition)
Lorna Mitchell
 
ODP
Join In With Joind.In
Lorna Mitchell
 
PDF
Tool Up Your LAMP Stack
Lorna Mitchell
 
PDF
Going Freelance
Lorna Mitchell
 
PDF
Understanding Distributed Source Control
Lorna Mitchell
 
PDF
Coaching Development Teams: Teach A Man To Fish
Lorna Mitchell
 
PDF
Zend Certification Preparation Tutorial
Lorna Mitchell
 
PDF
Implementing OAuth with PHP
Lorna Mitchell
 
PDF
Object Oriented Programming in PHP
Lorna Mitchell
 
PDF
Example Presentation
Lorna Mitchell
 
PDF
Could You Telecommute?
Lorna Mitchell
 
PDF
Design Patterns
Lorna Mitchell
 
PDF
Running a Project with Github
Lorna Mitchell
 
PDF
27 Ways To Be A Better Developer
Lorna Mitchell
 
PDF
Digital Representation
Lorna Mitchell
 
OAuth: Trust Issues
Lorna Mitchell
 
Best Practice in API Design
Lorna Mitchell
 
Git, GitHub and Open Source
Lorna Mitchell
 
Business 101 for Developers: Time and Money
Lorna Mitchell
 
Things I wish web graduates knew
Lorna Mitchell
 
Teach a Man To Fish (phpconpl edition)
Lorna Mitchell
 
Join In With Joind.In
Lorna Mitchell
 
Tool Up Your LAMP Stack
Lorna Mitchell
 
Going Freelance
Lorna Mitchell
 
Understanding Distributed Source Control
Lorna Mitchell
 
Coaching Development Teams: Teach A Man To Fish
Lorna Mitchell
 
Zend Certification Preparation Tutorial
Lorna Mitchell
 
Implementing OAuth with PHP
Lorna Mitchell
 
Object Oriented Programming in PHP
Lorna Mitchell
 
Example Presentation
Lorna Mitchell
 
Could You Telecommute?
Lorna Mitchell
 
Design Patterns
Lorna Mitchell
 
Running a Project with Github
Lorna Mitchell
 
27 Ways To Be A Better Developer
Lorna Mitchell
 
Digital Representation
Lorna Mitchell
 

Recently uploaded (20)

PDF
Book industry state of the nation 2025 - Tech Forum 2025
BookNet Canada
 
PDF
What’s my job again? Slides from Mark Simos talk at 2025 Tampa BSides
Mark Simos
 
PPTX
Seamless Tech Experiences Showcasing Cross-Platform App Design.pptx
presentifyai
 
PDF
The 2025 InfraRed Report - Redpoint Ventures
Razin Mustafiz
 
PDF
🚀 Let’s Build Our First Slack Workflow! 🔧.pdf
SanjeetMishra29
 
PDF
Automating Feature Enrichment and Station Creation in Natural Gas Utility Net...
Safe Software
 
PDF
AI Agents in the Cloud: The Rise of Agentic Cloud Architecture
Lilly Gracia
 
PPTX
Agentforce World Tour Toronto '25 - Supercharge MuleSoft Development with Mod...
Alexandra N. Martinez
 
PDF
Future-Proof or Fall Behind? 10 Tech Trends You Can’t Afford to Ignore in 2025
DIGITALCONFEX
 
PPTX
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
PDF
LOOPS in C Programming Language - Technology
RishabhDwivedi43
 
PDF
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
PPTX
Designing_the_Future_AI_Driven_Product_Experiences_Across_Devices.pptx
presentifyai
 
DOCX
Python coding for beginners !! Start now!#
Rajni Bhardwaj Grover
 
PDF
“Squinting Vision Pipelines: Detecting and Correcting Errors in Vision Models...
Edge AI and Vision Alliance
 
PDF
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PPTX
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
PDF
Go Concurrency Real-World Patterns, Pitfalls, and Playground Battles.pdf
Emily Achieng
 
PDF
How do you fast track Agentic automation use cases discovery?
DianaGray10
 
Book industry state of the nation 2025 - Tech Forum 2025
BookNet Canada
 
What’s my job again? Slides from Mark Simos talk at 2025 Tampa BSides
Mark Simos
 
Seamless Tech Experiences Showcasing Cross-Platform App Design.pptx
presentifyai
 
The 2025 InfraRed Report - Redpoint Ventures
Razin Mustafiz
 
🚀 Let’s Build Our First Slack Workflow! 🔧.pdf
SanjeetMishra29
 
Automating Feature Enrichment and Station Creation in Natural Gas Utility Net...
Safe Software
 
AI Agents in the Cloud: The Rise of Agentic Cloud Architecture
Lilly Gracia
 
Agentforce World Tour Toronto '25 - Supercharge MuleSoft Development with Mod...
Alexandra N. Martinez
 
Future-Proof or Fall Behind? 10 Tech Trends You Can’t Afford to Ignore in 2025
DIGITALCONFEX
 
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
LOOPS in C Programming Language - Technology
RishabhDwivedi43
 
POV_ Why Enterprises Need to Find Value in ZERO.pdf
darshakparmar
 
Designing_the_Future_AI_Driven_Product_Experiences_Across_Devices.pptx
presentifyai
 
Python coding for beginners !! Start now!#
Rajni Bhardwaj Grover
 
“Squinting Vision Pipelines: Detecting and Correcting Errors in Vision Models...
Edge AI and Vision Alliance
 
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
Go Concurrency Real-World Patterns, Pitfalls, and Playground Battles.pdf
Emily Achieng
 
How do you fast track Agentic automation use cases discovery?
DianaGray10
 

Best Practices in Web Service Design

  • 1. Best Practice in Web Service Design Lorna Jane Mitchell February 2010
  • 3. Aims of a Web Service • Expose system functionality • Assist modular application architecture • Enable scalability Empower Users!
  • 4. Web. Service. Design • WEB - we'll talk about HTTP itself and how the web makes an ideal vehicle for conveying information • SERVICE - understanding the service types and how to choose • DESIGN - designing a robust and useful API, techniques for anyone specifying/implementing, either at high level or in code
  • 5. Web
  • 6. The Web: HTTP • HyperText Transport Protocol: the "wires" that the web uses to communicate. • HTTP includes meta information as part of the request headers • We can use this rather than reinventing formats for the info
  • 7. Web Request Anatomy > GET / HTTP/1.1 > User-Agent: curl/7.19.5 (i486-pc-linux-gnu) libcurl/7.19.5 OpenSSL/0.9.8g zlib/1.2.3.3 libid > Host: www.google.co.uk > Accept: */* > < HTTP/1.1 200 OK < Date: Tue, 29 Dec 2009 11:53:32 GMT < Expires: -1 < Cache-Control: private, max-age=0 < Content-Type: text/html; charset=ISO-8859-1 < Set-Cookie: PREF=ID=938ea5e5be0edfd5:TM=1262087612:LM=1262087612:S=i4OvD_W expires=Thu, 29-Dec-2011 11:53:32 GMT; path=/; domain=.google.co.uk < Set-Cookie: NID=30=xm_tayHyAuPiERmCeIv3kiHczSQgm-Nt6DWlGVKKqTrAhT2BhqDiqsw A46lBcfV-mS0WZGQqfq-Px5097pdZ3x4R2jRboXU5i8lU2GqM5ql7Zs7zmv3; expires=Wed, 30 GMT; path=/; domain=.google.co.uk; HttpOnly < Server: gws < X-XSS-Protection: 0 < Transfer-Encoding: chunked <
  • 8. HTTP Status Codes Code Meaning 200 OK 302 Found 301 Moved 401 Not Authorised 403 Forbidden 404 Not Found 500 Internal Server Error
  • 9. Headers • Authorization • Cookie and Set-Cookie • Cache-Control • User-Agent • Accept • Content-Type
  • 10. Content-Type and Accept • Usually a common mime type, e.g: – text/html – text/xml – application/json • We can parse accordingly • Be consistent in return formats
  • 11. HTTP Verbs • GET • POST • PUT • DELETE
  • 13. Service Types • SOAP • *-RPC – XML-RPC – JSON-RPC • REST
  • 14. SOAP • Just "soap" • Defined XML format • Also includes definition for error format • Wrappers available for most languages • Optionally uses a WSDL to describe the service – Web Service Description Language
  • 15. RPC Services • Remote Procedure Call • Similar to library • Call function with arguments • Body format can change – XML makes XML-RPC – JSON makes JSON-RPC
  • 16. REST • REpresentational State Transfer • A series of concepts • Generally uses HTTP (HyperText Transfer Protocol) • URLs are resource locations • Verbs tell the service what to do • Status codes indicate what the outcome was
  • 18. Tools to Make a Web Service • Lots of options • By hand – Using PHP language features • With helper components – e.g. PEAR modules • Within a framework custom module • From an MVC system
  • 19. Designing a Web Service • Who/what will consume this? • What service/format is appropriate? – multiple formats where possible • What functionality is needed? • Up-front design is recommended
  • 20. Services and Unit Testing • Easiest application of unit testing • With API tests – be confident of spotting changes – update tests when making changes • Test request/response for known datasets • Could use sample database
  • 21. Small APIs • Beware adding functionality • Small, flexible APIs • Few methods as possible • Easy to use
  • 22. Consistency • Important to retain – naming conventions – parameter validation rules – parameter order • Just as you would in library code
  • 23. Statelessness • Request alone contains all information needed • No session data • Resource does not need to be in known state • Same operation performs same outcome
  • 24. Versions and Formats • Always include a version parameter • Handle multiple formats
  • 25. Status Codes • Typically associated with REST – HTTP response codes • Useful in other APIs too • Headline news: success or type of failure • MVC tools may not use these by default • Highly recommended!
  • 26. Error Handling • Success is not the only outcome • Users will encounter failure – it might be their fault – how you handle it is the measure of your service • Failure handling = robustness
  • 27. Error Feedback • Help users help themselves • Descriptive feedback • Stack errors • Use existing/similar format
  • 28. Authentication Mechanisms • Depends completely on the environment • Web services are like web applications • Application interfaces have the same considerations whether internal or external
  • 29. Authentication Options • Require authentication on every request • Authenticate once and use a token • Restrict token validity • Application or web server authentication • Just like sessions
  • 30. Heartbeat Method • A method which does nothing • No authentication • Requires correct request format • Gives basic feedback • Shows that service is alive
  • 31. Build It And They Will Come • ... Or not! • Users need a service to be – accessible – documented – robust – reliable – simple – predictable
  • 32. Delivering A Web Service • Like packaging software • Give users tools to help themselves • Avoid support calls
  • 33. Documentation • WSDL • PHPDoc can help • Simple examples/tutorials • API spec – formats – variable names – data types – error information
  • 34. Examples • Tutorials with examples • Include full request and response information in examples • Troubleshooting tips and known issues • Full API Documentation – simpler to generate from PHPDoc
  • 35. In Summary • Web Services != Rocket Science • HTTP theory • Service types • Design considerations • Effective Delivery
  • 36. Resources • http://php.net • RESTful Web Services by Leonard Richardson, Sam Ruby • http://curl.haxx.se/ • http://benramsey.com • http://lornajane.net
  • 38. Thankyou! • Lorna Mitchell • @lornajane http://joind.in/1460