Developing a Public API. Things you should know while building a public API.

1. Things you should know
Building a
Public API
}During
Before
After

2. @yonatanm
Outbrain

3. Outbrain
>0.5B 190B
Unique Visitors RecommendationS
per Month

4. * min {control on usage}
* max {responsibility}
* decisions.exist {_.takeAtDay1}
* min {control on usage}
* max {responsibility}
* decisions.exist {_.takeAtDay1}

5. Quiz #1
???
Product
API
Users

6. Answer
Developers
Product
API
Users

7. Quiz #2
???
Product
API
U.X.

8. Answer
Product
API Resources
&& URIS
U.X.

9. Be consistently
consistent
* HTTP methods
* HTTP codes
* Headers
* Authentication
No one likes surprises
Make your users feel at home
Use Standards:
Error handling

10. It is all about the
Expectations
GET
POST
PUT
/customers/{id}
/customers
/customers
REQUEST RESPONSE
customerGET
customercustomer
customercustomer*
200
201
200

11. To embed
GET /customers/1

12. GET /customer/1/orders
|| !to embed
GET /customers/1

13. Can we have
both ?
To embed || !to embed ?
Simple
All you need in one request
Fewer transactions
Simple
All you need in one request
Fewer transactions Fast
Building block
flexibility
Cacheable
Fast
Building block
flexibility
Cacheable
!to embed
to embed
and do it right ?
*

14. Yes We Can !
GET /customers/1
GET /customers/1?embed=orders

15. Yes We Can #2
GET /customers/1

16. Quiz #3
???
Product
API
U.I.

17. Answer
Documentation
Product
API
U.I.

18. Documentation
apiary.io
Swager
Mashape and More...
apiary.io
Swager
Mashape and More...
* Be consistent
* Focus on Resources
* Less > More
* Examples
* Be consistent
* Focus on Resources
* Less > More
* Examples
‫במקביל‬ ‫עבודה‬ "
”‫דביל‬ ‫לכל‬ ‫הצלחה‬ –
‫במקביל‬ ‫עבודה‬ "
”‫דביל‬ ‫לכל‬ ‫הצלחה‬ –
** Sand-box ?
+1
** Sand-box ?
+1

19. Documentation

20. Documentation

21. Documentation

22. * UX – interactions
* UI – documentation
* Ideas to new features
* Bugs
Eat your own dog
food
Tip #1

23. Tip #2
What's wrong with using DB IDs
as your entity IDs?
GET /customers/1

24. “Authorization”
“privacy” , your privacy
“Authorization”
“privacy” , your privacy
Bi-Directional mapping using secret key
HOW?
Tip #2
Add another column in the DB
27847321845
69
1

25. Like a version
OR
/SUPPORT/multiple/VERSIONS/v2.5/
/SELL/your/soul/to/backwards/compatibility
URI should control
identity not presentation
http://bit.ly/1Mo0yXF

26. ===>
GET /customer/1 HTTP/1.1
Accept: application/outbrain.customer-v2.5+json
===>
GET /customer/1 HTTP/1.1
Accept: application/outbrain.customer-v2.5+json
<===
HTTP/1.1 200 OK
Content-Type: application/outbrain.customer-v2.5+json
<===
HTTP/1.1 200 OK
Content-Type: application/outbrain.customer-v2.5+json
Like a version

27. – One ?
– Three ?
– Four ?
– One ?
– Three ?
– Four ?
Quiz #3
How many Types do you need ?
GET /customer/1
PUT /customer/1POST /customer/1

28. Clones ? Not Really !
!= Internal Model
Retrieve != Update != Create

29. JSON 2 Case Class [Scala]
http://json2caseclass.cleverapps.io/http://json2caseclass.cleverapps.io/
.json
.scala

30. Security
Tip #3
Translation
1
2
WebWeb
Business Logic (API)
4
5
6
Events
Cache

31. Layers – Tree structure

32. “Boss, Boss
his API is not RESTful”
But his API
is level 3 on
RMM
evaluating RESTFulness

33. 0 – One URI One verb
1 (Resource) – multiple URIs One verb
2 (Verbs) – multiple URIs multiple verbs
3 – Hypertext As The Engine Of Application State
0 – One URI One verb
1 (Resource) – multiple URIs One verb
2 (Verbs) – multiple URIs multiple verbs
3 – Hypertext As The Engine Of Application State
Rest Maturity Model
steps toward the Holy Grail of REST

34. 1, 2, 3 ... Testing
restassuredrestassured
269 Integ. tests269 Integ. tests

35. OB-TOKEN-V1:
Sign(
)
Security
GET /token
Basic Auth.
GET /token
-H “OB-TOKEN-V1:
VERY_LONG_TOKEN”
B64{Header} B64{claims} B64{Header} B64{claims}

36. Much more to talk about
* metrics and monitoring
* Internal and Public API
* Rate Limit
* metrics and monitoring
* Internal and Public API
* Rate Limit

37. Want to build
I'm
Hiring
The next version of
Amplify API ?