API Pain Points (PHPNE)

A P I P A I N - P O I N T S
G E T T I N G T H I N G S W R O N G F O R F U N A N D P R O F I T
@ P H I L S T U R G E O N 2 0 1 4

A R C H I T E C T U R E
O L D S C H O O L

http://girlsgotsole.com/blog/thankful-thursday-rest-days/

D A T A B A S E S E E D I N G
L E A V E Y O U R C U S T O M E R S A L O N E

E N D P O I N T T H E O R Y
N A M I N G T H I N G S I S H A R D

P L U R A L V S I N G U L A R ?
C O N S I S T E N C Y I S K I N G
/user/23
/users

/opportunity/43
/opportunities

/person/dave
/people

/places
/places/12
/places/12/checkins
/places/12/checkins/34
/checkins/34

N O N E E D F O R S E O
Q U E R Y S T R I N G S A R E F I N E
/users/active/true
/users?active=true

A U T O - I N C R E M E N T = B A D
C T R L + S Y O U R W E B S I T E
/checkins/1
/checkins/2
/checkins/2369
…
/checkins/3

github.com/zackkitzmiller/tiny-php
$tiny = new ZackKitzmillerTiny('lDpuU74QNH6B');
echo $tiny->to(5);
// E
echo $tiny->from('E');
// 5

use RhumsaaUuidUuid;
use RhumsaaUuidExceptio
$uuid4 = Uuid::uuid4();
echo $uuid4;
// 25769c6c-d34d-4bfe-ba98-e0ee856f3e7a
github.com/ramsey/uuid

H T T P V E R B S M A T T E R
H O N E S T L Y
Dont be @jamiehannaford.
That sounds like a bad day.

F O R M P A Y L O A D S
J U S T S E N D J S O N
foo=something&bar[baz]=thing
&bar[stuff]=junk&bar=true18

H A C K Y P A Y L O A D S
N O T L I K E T H A T

R E A L J S O N P A Y L O A D S
T H N X !

R E A D I N G R E A L D A T A I S
E A S Y
T H E H T T P W A Y
json_decode($_POST['stupid-json']);
json_decode(file_get_contents(‘php://input'));
Input::get(‘foo’);

2 0 0 I S N O T T H E O N L Y
S U C C E S S
K N O W Y O U R C O D E S
if ($statusCode != 200) {
throw new Exception('AAGHH!!');
}

2xx is all about success
3xx is all about redirection
4xx is all about client errors
5xx is all about service errors

200 - Generic everything is OK
201 - Created something OK
202 - Accepted but is being processed async
400 - Bad Request (Validation?)
401 - Unauthorized
403 - Current user is forbidden
404 - That URL is not a valid route
405 - Method Not Allowed
410 - Data has been deleted, deactivated, suspended, etc
500 - Something unexpected happened and it is the APIs fault
503 - API is not here right now, please try again later

418 - I am a Teapot
http://httpstatus.es/418

C L E A R , H U M A N
E R R O R S
W H A T H A P P E N E D
{
"error": {
"errors": [
{
"domain": "youtube.parameter",
"reason": "missingRequiredParameter",
"message": "No filter selected.",
"locationType": "parameter",
"location": ""
}
],
"code": 400,
"message": "No filter selected."
}
}

E R R O R S S H O U L D M A K E
S E N S E
&mine=true
"reason": "missingRequiredParameter",
"message": "No filter selected.",
…
WTF

S U P P L E M E N T H T T P
C O D E S
{
"error": {
"type": "OAuthException",
"message": "Session has expired at unix time 138
}
}

C O D E S
{
"error": {
"message": "(#210) Subject must be a page.",
"code": 210
}
}

C O D E S
{
"error": {
"message": "(#210) Subject must be a page.",
"code": 210,
"url": “http://developers.facebook.com/errors#210“
}
}

O A U T H 2 . 0
thephpleague.com
github.com/thephpleague/oauth2-server

O A U T H 2 C A N D O A L O T
P A S S W O R D S , I M P L I C I T , S O C I A L L O G I N S …

F A C E B O O K … Y O U
B # % @ * D S ! ! !
S E R I O U S L Y
Refresh Tokens?
Lol

Y O U T U B E … Y O U S E M I -
B # % @ * D S ! ! !
S T I L L S E R I O U S L Y
Refresh Tokens?
Kinda

P R E S E N T A T I O N L A Y E R
D O N T L E T U S E R S B E H I N D T H E C U R T A I N

return Places::all();
P R E S E N T A T I O N L A Y E R
D O N T L E T U S E R S B E H I N D T H E C U R T A I N

T R A N S F O R M E R S …
A S S E M B L E !
public function transform(Book $book)
{
return [
'id' => (int) $book->id,
'title' => $book->title,
'year' => $book->yr,
‘created' => (string) $book->created_at,
];
}
fractal.thephpleague.com

F L E X I B L E R E S P O N S E S
S T O P Y O U R I P H O N E D E V C O M P L A I N I N G
GET /checkins/dsfXte
?include=place,user,activity

P A G I N A T E
D A T A G R O W S F A S T
{
"data": [
...
],
"cursors": {
"after": "MTI=",
"next_url": "https://api.example.com/places
?cursor=MTI%3"
}
}

D E F I N E A L I M I T R A N G E
P A G I N A T I O N D D O S
if ($limit < 1 || $limit > 100) {
$limit = 100;
}

A U T O M A T E T E S T I N G
I F Y O U L O V E Y O U R J O B
http://www.engineersgotblued.com/

P H P U N I T + B E H A T
http://www.bil-jac.com/bestfriendsclub.php

Scenario: Find a merchant
When I request "GET /moments/1"
Then I get a "200" response
And scope into the "data" property
And the properties exist:
"""
id
title
year
created
"""

Scenario: Try to find an ` checkin
When I request "GET /checkins/nope"

Scenario:Wrong Arguments for user follow
Given I have the payload:
"""
{"is_following": "foo"}
"""
When I request "PUT /users/1”
Not a boolean

V E R S I O N I N G
/ V 1 / D O E S N T C O U N T
https://api.example.com/v1/places

V E R S I O N I N G
https://api-v1.example.com/places

V E R S I O N I N G
Accept: application/vnd.example+json; version=1
Accept: application/vnd.example+json; version=2

V E R S I O N I N G
Accept: application/vnd.example.user+json; version=1
Accept: application/vnd.example.user+json; version=2

V E R S I O N I N G
Copy Facebook
Maybe?
THIS ONE TIME!
Facebook ruined the one good thing they ever did

E V E R Y T H I N G I S
W R O N G
D O N T B E T H A T G U Y
troyhunt.com/2014/02/your-api-versioning-is-wrong-which-is.html

leanpub.com/build-apis-you-wont-hate/c/TOONARMY

API Pain Points (PHPNE)

More Related Content

What's hot (19)

Similar to API Pain Points (PHPNE) (20)

More from Phil Sturgeon (8)

Recently uploaded (20)

API Pain Points (PHPNE)