NEPHP '12: Create a RESTful API
Download as PPTX, PDF1 like3,050 views
1. The document discusses creating a RESTful API for a URL shortening service. 2. It covers REST concepts like using HTTP verbs for CRUD operations, returning different status codes for success and errors, and supporting multiple output formats like JSON, XML, and JSONP. 3. The document also discusses authentication, error handling, caching, and documentation best practices for REST APIs.
![ Cre·ate[kree-eyt] verb
1. to cause to come into being, as something
unique that would not naturally evolve or
that is not made by ordinary processes.
2. to evolve from one's own thought or
imagination, as a work of art or an
invention.
Source: Dictionary.com](https://image.slidesharecdn.com/curioso-nephp-2012-120812103506-phpapp01/85/NEPHP-12-Create-a-RESTful-API-2-320.jpg)
![ Ep·ic [ep-ik] adjective
1. noting or pertaining to a long poetic
composition, usually centered upon a hero, in
which a series of great achievements or events
is narrated in elevated style: Homer's Iliad is an
epic poem.
2. resembling or suggesting such poetry: an epic
novel on the founding of the country.
3. heroic; majestic; impressively great: the epic
events of the war.
4. of unusually great size or extent: a crime wave
of epic proportions.
Source: Dictionary.com](https://image.slidesharecdn.com/curioso-nephp-2012-120812103506-phpapp01/85/NEPHP-12-Create-a-RESTful-API-3-320.jpg)
![ Rest[rest] noun
1. the refreshing quiet or repose of sleep: a good
night's rest.
2. refreshing ease or inactivity after exertion or
labor: to allow an hour for rest.
3. relief or freedom, especially from anything that
wearies, troubles, or disturbs.
4. a period or interval of
inactivity, repose, solitude, or tranquility: to go
away for a rest.
5. mental or spiritual calm; tranquility.
6. Representational State Transfer
Source: Dictionary.com](https://image.slidesharecdn.com/curioso-nephp-2012-120812103506-phpapp01/85/NEPHP-12-Create-a-RESTful-API-4-320.jpg)
![ Rest [rest] noun
1. the refreshing quiet or repose of sleep: a good
night's rest.
2. refreshing ease or inactivity after exertion or
labor: to allow an hour for rest.
3. relief or freedom, especially from anything that
wearies, troubles, or disturbs.
4. a period or interval of
inactivity, repose, solitude, or tranquility: to go
away for a rest.
5. mental or spiritual calm; tranquility.
6. Representational State Transfer
Source: Common Knowledge](https://image.slidesharecdn.com/curioso-nephp-2012-120812103506-phpapp01/85/NEPHP-12-Create-a-RESTful-API-5-320.jpg)
![ A·P·I [ey-pee-ahy] noun
1. Application Programming Interface. A
contract between two applications that
allows them to communicate effectively.
Source: Andrew Curioso](https://image.slidesharecdn.com/curioso-nephp-2012-120812103506-phpapp01/85/NEPHP-12-Create-a-RESTful-API-6-320.jpg)
![ Con·quer[kong-ker] verb
1. to acquire by force of arms; win in war: to
conquer a foreign land.
2. to overcome by force; subdue: to conquer an
enemy.
3. to gain, win, or obtain by effort, personal
appeal, etc.: conquer the hearts of his
audience.
4. to gain a victory over; surmount; master;
overcome: to conquer disease and poverty; to
conquer one's fear.
Source: Andrew Curioso](https://image.slidesharecdn.com/curioso-nephp-2012-120812103506-phpapp01/85/NEPHP-12-Create-a-RESTful-API-7-320.jpg)
![ World [wurld] noun
1. the earth or globe, considered as a planet.
2. ( often initial capital letter ) a particular division
of the earth: the Western world.
3. the earth or a part of it, with its inhabitants,
affairs, etc., during a particular period: the
ancient world.
4. humankind; the human race; humanity: The
world must eliminate war and poverty.
5. the public generally: The whole world knows it.
Source: Andrew Curioso](https://image.slidesharecdn.com/curioso-nephp-2012-120812103506-phpapp01/85/NEPHP-12-Create-a-RESTful-API-8-320.jpg)
![ World [wurld] noun
1. The ecosystem around your startup or cause
into which you drag your
family, friends, investors, and anyone who
will listen.
Source: Andrew Curioso](https://image.slidesharecdn.com/curioso-nephp-2012-120812103506-phpapp01/85/NEPHP-12-Create-a-RESTful-API-10-320.jpg)
![<?php
if ( $_SERVER['REQUEST_METHOD'] == 'POST' )
{
...
}
?>](https://image.slidesharecdn.com/curioso-nephp-2012-120812103506-phpapp01/85/NEPHP-12-Create-a-RESTful-API-18-320.jpg)
![ P w/ padding
Uses callback
Cross domain
Mime: application/javascript
if ( array_key_exists('callback’, $_GET) )
$callbackFunc = $_GET['callback'];
else
$callbackFunc = false;
if ( $callbackFunc !== false )
echo $callbackFunc.'(';
echojson_encode( $urlObject );
if ( $callbackFunc )
echo ')';
?>](https://image.slidesharecdn.com/curioso-nephp-2012-120812103506-phpapp01/85/NEPHP-12-Create-a-RESTful-API-22-320.jpg)
NEPHP '12: Create a RESTful API
- 1. and Conquering the World Andrew Curioso
- 2. Cre·ate[kree-eyt] verb 1. to cause to come into being, as something unique that would not naturally evolve or that is not made by ordinary processes. 2. to evolve from one's own thought or imagination, as a work of art or an invention. Source: Dictionary.com
- 3. Ep·ic [ep-ik] adjective 1. noting or pertaining to a long poetic composition, usually centered upon a hero, in which a series of great achievements or events is narrated in elevated style: Homer's Iliad is an epic poem. 2. resembling or suggesting such poetry: an epic novel on the founding of the country. 3. heroic; majestic; impressively great: the epic events of the war. 4. of unusually great size or extent: a crime wave of epic proportions. Source: Dictionary.com
- 4. Rest[rest] noun 1. the refreshing quiet or repose of sleep: a good night's rest. 2. refreshing ease or inactivity after exertion or labor: to allow an hour for rest. 3. relief or freedom, especially from anything that wearies, troubles, or disturbs. 4. a period or interval of inactivity, repose, solitude, or tranquility: to go away for a rest. 5. mental or spiritual calm; tranquility. 6. Representational State Transfer Source: Dictionary.com
- 5. Rest [rest] noun 1. the refreshing quiet or repose of sleep: a good night's rest. 2. refreshing ease or inactivity after exertion or labor: to allow an hour for rest. 3. relief or freedom, especially from anything that wearies, troubles, or disturbs. 4. a period or interval of inactivity, repose, solitude, or tranquility: to go away for a rest. 5. mental or spiritual calm; tranquility. 6. Representational State Transfer Source: Common Knowledge
- 6. A·P·I [ey-pee-ahy] noun 1. Application Programming Interface. A contract between two applications that allows them to communicate effectively. Source: Andrew Curioso
- 7. Con·quer[kong-ker] verb 1. to acquire by force of arms; win in war: to conquer a foreign land. 2. to overcome by force; subdue: to conquer an enemy. 3. to gain, win, or obtain by effort, personal appeal, etc.: conquer the hearts of his audience. 4. to gain a victory over; surmount; master; overcome: to conquer disease and poverty; to conquer one's fear. Source: Andrew Curioso
- 8. World [wurld] noun 1. the earth or globe, considered as a planet. 2. ( often initial capital letter ) a particular division of the earth: the Western world. 3. the earth or a part of it, with its inhabitants, affairs, etc., during a particular period: the ancient world. 4. humankind; the human race; humanity: The world must eliminate war and poverty. 5. the public generally: The whole world knows it. Source: Andrew Curioso
- 10. World [wurld] noun 1. The ecosystem around your startup or cause into which you drag your family, friends, investors, and anyone who will listen. Source: Andrew Curioso
- 11. Internal only (closed) External (open) Multiple consumers Everything + Scalable Growth ▪ Mash-ups! Semi-Private ▪ Innovation ▪ Evangelists Partner Integration “The Platform Play”
- 12. PATTERNS PROTOCOLS / FORMATS Representation State XML Transfer (REST) JSON Remote Procedure Calls YAML (RPC) AMF Etc...
- 13. Representational State Transfer Resource based (nouns) 5 verbs GET POST DELETE Easy in PHP
- 14. 1. Client / Server 2. Stateless 3. Cacheable 4. Layered 5. Uniform Interface 6. ???
- 15. URL shortening website User authentication (simple) Create, read, update, and delete (CRUD)
- 16. id user_id users urls url created modified
- 17. Verb URL Action GET /urls.json List URLs GET /urls/123.json Resource for URL with id 123 POST /urls.json Shorten a new URL PUT /urls/123.json Edit the URL with the ID 123 DELETE /urls/123.json Delete the URL with the ID 123 POST /urls/123.json Also edit the URL with the ID 123
- 18. <?php if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) { ... } ?>
- 19. Only you can prevent CSRF Only POST and PUT should write data Only POST and DELETE should delete data Check Referrer Per request tokens
- 20. HTTP Accepts Mime Types
- 21. Simple Fast Wide-spread Mime: application/json <?php echo json_encode( $urlObject); ?>
- 22. P w/ padding Uses callback Cross domain Mime: application/javascript if ( array_key_exists('callback’, $_GET) ) $callbackFunc = $_GET['callback']; else $callbackFunc = false; if ( $callbackFunc !== false ) echo $callbackFunc.'('; echojson_encode( $urlObject ); if ( $callbackFunc ) echo ')'; ?>
- 23. Strongly Typed Human readable Lots of existing tools Mime: application/xml <?php ... ?>
- 24. HUMAN READABLE BINARY AMF Microsoft Excel HTML PDF YAML JPEG / PNG CSV Etc… Serialized PHP Etc…
- 25. Create curl –d “url=www.example.com” http://tinyr.me/urls.json Read curl http://tinyr.me/urls/123.json Update curl –d “url=www.example.com/foo” http://tinyr.me/urls/123.json Delete curl –X DELETE http://tinyr.me/urls/123.json
- 26. WE HAVE WE’RE MISSING Request handling Error handling RESTful Output Formats Pagination XML Authentication Json / JsonP Authorization Documentation
- 27. Success Error (continued) 200 OK * 405 Method Not Allowed * 201 Created * 409 Conflict 303 See Other * 410 Gone 500 Internal Server Error * Error 501 Not Implemented 401 Unauthorized * 503 Service Unavailable 402 Payment Required 403 Forbidden * 404 Not Found *
- 28. If not a POST request 405 Method Not Allowed Already existed 303 See Other Save success 201 Created Failure 500 Internal Server Error with explanation
- 29. If not a POST or PUT request 405 Method Not Allowed Invalid ID 404 File Not Found Success 200 OK Failure 500 Internal Server Error with explanation
- 30. If not a POST or DELETE request 405 Method Not Allowed Invalid ID 404 File Not Found Success 200 OK Failure 500 Internal Server Error with explanation
- 31. User is not allowed to access resource 403 Forbidden User is not logged in 401 Unauthorized
- 32. Same format Descriptive Human Computer Comprehensive
- 33. {"Error": { "code" : 404, "description" : "File Not Found" }}
- 34. Return meta-information Rate limiting Pagination Expiration / cache Etc.
- 35. Uses HTTP headers App defined “used to” start with “X-” header(“X-Current-Page:”.$currentPage); header(“X-Total: ”.$total); header(“X-Per-Page: ”.$perPage);
- 36. SOME PLATFORMS (LIKE MANY WEB BROWSERS) FORTUNATELY… Do not support: You can/should do this: DELETE PUT _method=DELETE
- 37. DELETE /urls/123.json HTTP1.1 POST /urls/123.json HTTP1.1 Host: www.example.com Host: www.example.com _method=DELETE
- 38. BAD No Authentication GOOD Basic BETTER Form and Cookie Digest BEST Oauth Shared Secret
- 39. There are no shortcuts One or more: All Users (public) Owner Shared User Moderator Administrator
- 40. Vocabularies / Schemas DTD or schema files Examples Code I/O Community Feedback WSDL 2.0
- 41. PHP rocks with REST SOAP is heavy AMF is light but requires Flash But, if you still want to, you can
- 42. User Gateway REST API POST REST request REST request Response Aka the Façade Pattern
- 44. Built-in to HTTP Expires Last-Modified Cache-Control Etag ▪ If-None-Match Stateless
- 45. Hypermedia as the Engine of Application State Roy Thomas Fielding
- 48. REST constraints Documentation Security Unit tests
- 49. Contact: www.AndrewCurioso.com/contact @AndrewCurioso on Twitter Careers.FreePriceAlerts.com
Editor's Notes
- #2: Thank you _____________Today I’m going to be talking about creating a RESTful API with PHP. Not just any RESTful API, but an Epic one.
- #12: Even if you are developing a closed API…I hope everyone considers open APIs.All this roles up into one concept. “The platform play.” So if you need something to go back to your boss or your investors with… that’s the thing. You’re making a platform play.
- #13: There are multiple patterns for APIs. There are a couple more lesser used ones but the two big ones are REST and RPC.Within those patterns you can use one or more formats to transfer your data.
- #14: Rest stands for Representational State Transfer incase you missed it in Neal’s presentation. As mentioned yesterday, the largest example of REST in the wild is HTTP.Luckily for us, CakePHP is usually layered on-top of HTTP so it inherits all the RESTful mechanisms.REST has a concept called resources (a specific user or comment are two examples).They are also called nouns which are acted on by verbs.There are five verbs in HTTP. We will focus on three.Finally, one last important thing… CakePHP makes REST easy.
- #16: The app that I will be using as an example today is the simplest app that I could think of.It is a URL shortening services that allows you to authenticate and thus be able to delete and edit URLs that you yourself shortened, and also basic CRUD.
- #17: There are two models. The user model, which is pretty standard for a CakePHP project, and the urls model which I have on the screen.A full URL shortened can, of course, get much more complicated than that. But for today I’m keeping it basic.
- #18: Once you’ve baked your model and what not you can open up your router and map the resource. This will register all the routes you need for REST in one call.You can still do it manually if you want but you don’t have to.These are the six routes registered when you map a resource.
- #19: Before we begin developing views we’ll haveto tell PHP to recognize file extensions and switch the views and layouts accordingly.We do this by turning on parseExtensions in the routes.php file and including the RequestHandler component in the app_controller.The RequestHandler component is what actually switches the views. It also includes helpers automatically in the view if a helper has the same name as the extension (like XML) and parses incoming POSTed XML and assigns it to the data property of the controller.
- #20: One rule to live by is to never write or delete data on anything that is not a POST, PUT, or DELETE request.The main purpose of this rule is to protect against Cross Site Request Forgeries or CSRF attacks which are every difficult to defend against otherwise.Say that the add method accepted GET requests. Someone could then simply embed an image on a page with the add URL as a source and execute a add() as any user who visits the site.
- #22: We now need to create a couple views.The Json view is the first and the one that I like the most. Because it is simple and easy to understand.It is fast thanks to native PHP support, and also very wide-spread.What you see here is the entire view for the view action in the urls controller.Notice the path to the view. The RequestHandler will tell Cake to look in the json folder for the appropriate view.
- #23: We can also easily support JsonP or Json with padding.JsonP specifies a Javascript callback function to execute with the results of a request.It allows for cross domain requests because you can trigger it via a simple script-include and function calls works across domains so the callback will work just fine.One important note is that it is only for GET requests. So, as I said earlier, it shouldn’t be able to write or delete data.JsonP can be handle generically in the layout. Notice the layout path.A JsonP request always takes the callback via a query parameter. So your app controller can read in the callback then set it for use in the view. The layout then reads it sand wraps the output in it is necessary.
- #24: Now for the XML view. And I can hear the boos now.XML does have some benefits. It is strongly typed, human readable, and has lots of existing tools available.Like Json, the view is pretty self-explanatory. Note the xml sub-directory in the view path.
- #25: One of the best parts about using parseExtensions and RequestHandler is you can literally have as many views as you want into the data.I listed just some of them here.
- #30: Erik’s talk.
- #32: If you did the ACL stuff Erik was talking about…Little difficult. Default behavior is redirectController, model, and object
- #35: Maintenance mode