SlideShare a Scribd company logo

Building RESTful APIs w/ Grape

Download as PPTX, PDF
Daniel Doubrovkine
Daniel Doubrovkine

NYC.rb talk on building

Technology
1 of 27
Daniel Doubrovkine / Art.sy dblock@dblock.org @dblockdotorg
Solid API or Else … http://www.youtube.com/watch?v=l9vYE7B1_PU
The Rails Way: M(V)C config/routes.rb resources :artists app/controllers/artists_controller.rb class ArtistsController < ApplicationController def index @artists = … # all kinds of stuff that serves views respond_to do |format| format.html { @artists } format.json { render json: @artists.as_json } end end End
The Rails Way: MVC app/views/artists/index.json.erb -@artists.each do |artist| { 'first_name': '<%= @artist.first_name.to_json %>', 'last_name': '<%= @artist.last_name.to_json %>' }
Occupy Rails? » Where does the API start and end? » How are we going to build API v2 on top of v1? » Is API testing the same as controller testing? » How much discipline are we going to need to keep sanity? » How will deal with more difficult problems? Caching, authentication, authorization …
Modern Web Applications: NoRails » MVC UI » RESTful API » Storage
Grape » API DSL class API < Grape::API version „1' rack-based / middleware http://github.com/intridea/grape namespace :artist get “:id” do Artist.find(params[:id]).as_json end end namespace :artists do get “/” do Artist.all.as_json end end end
Documentation » Developers Have the Attention Span of a Fish * * when reading documentation » Written in Markdown http://code.dblock.org/rendering-markdown-documents-in-rails » Reference will be Generated » API Sandboxes https://github.com/mmcnierney14/API-Sandbox » API Explorer https://github.com/mmcnierney14/API-Sandbox
Testing an API # spec/spec_helper.rb RSpec.configure do |config| config.include RSpec::Rails::RequestExampleGroup, :type => :request, :example_group => { :file_path => /spec/api/ } end See “Writing Tests” @ https://github.com/intridea/grape
Mocking is for Java Programmers describe "artworks" do before(:each) do login_as Fabricate(:admin) end describe "GET /api/v1/artwork/:slug" do it "returns an unpublished artwork" do artwork = Fabricate(:artwork, published: false) get "/api/v1/artwork/#{artwork.slug}" response.status.should == 200 response.body.at_json_path(“id”).should == artwork.slug # Pathy! end end end end
Version 1 Births Version 2 » Include Api_v1 » Folder-Driven Development (FDD) api/api_v1/… module Api_v1 module Api_v2 version 'v1„ version 'v2„ module Api_v1_Me module Api_v1_Me module Api_v1_Artworks module Api_v2_Artworks # ... # ... end end See “Modularizing Grape API” @ http://code.dblock.org/modularizing-a-ror-grape-api-multiple-versions
Exceptions Abort Flow » Don’t question yourself, raise a hand. rescue_from :all, :backtrace => true error_format :json rescue_from Mongoid::Errors::Validations do |e| rack_response({ :message => e.message, :detail => e.document.errors, :backtrace => e.backtrace }.to_json) end end See “Grape: trapping all exceptions within the API” @ http://code.dblock.org/grape-trapping-all-exceptions-within-the-api
Authentication Methods » XApp: Exchange client ID for an XApp token api/v1/api_xapp_auth.rb » OAuth 2.0: Browser-Based Redirects controllers/oauth_controller.rb » XAuth: Exchange credentials for an OAuth token controllers/oauth_controller.rb » Forms Login to Website devise/warden via user.rb See “Grape: API Authentication w/ Devise” @ http://code.dblock.org/grape-api-authentication-w-devise
Authenticated Users » Unauthenticated Calls » Authorized Apps » Logged In Users, RBAC def authenticated_user authenticated error!('Unauthorized', 401) unless current_user end
Object Identity » Everything has an ID » Internal ID: BSON ObjectId » External ID: humanly-readable ID » ID is the same for all API consumers » API consumers know of a single ID » When do I use a Slug? » When do I use BSON ObjectId?
JSON Formats » ActiveRecord as_json passes options recursively :all – all fields visible to the object’s owner :public – all fields visible to a user with :read permissions :short – enough fields visible to a user with :read permissions, used within a collection » JSON data can be grown incrementally
POST and PUT » Validate Input Parameters in Models save(hashie) valid_hash_fields :first, :last
Authorization » Admins have :create, :read, :update, :delete on everything, also known as :manage » Partners have :manage on their partner data eg. partner location, get :all JSON » Users have :manage on their personal data eg. my collection, get :all JSON » Everyone has :read on public data eg. a published artwork, get :public JSON
Authorization Usage » Implemented w/ CanCan cannot :read, Artwork can :read, Artwork do |artwork| artwork.published end error!(„Unauthorized', 403) unless current_user.has_authorization_to?(:delete, artist)
Pagination » paginate(collection) » :offset or :page » :size Pagination Helper for Grape @ https://gist.github.com/1335242
Logging » Implemented as Rack Middleware » Logs API Calls
Caching » Implemented w/Rails Cache / Memcached » Key based on Class and Identity » Cache Locally » Invalidate Aggressively
Cache Busting » IE9 See “IE9: Cache-Busting with Grape Middleware” @ http://code.dblock.org/ie9-cache-busting-with-grape-middleware
Instrumentation » See API Stats in New Relic config/initializers/new_relic_agent_instrumentation_api.rb See “New Relic: Performance Instrumentaiton w/ Grape” @ http://code.dblock.org/new-relic-performance-instrumentation-with-grape-api
Performance » Trends
Next » Deep Data » Caching in JSON » Generated Documentation
How to design a good API and why it matters (Joshua Bloch) http://www.youtube.com/watch?v=aAb7hSCtvGw 1. Do one thing well 2. API is a Language, names matter 3. Documentation matters 4. Minimize mutability 5. Don’t make the client do anything the API could do

Recommended

Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
n|u - The Open Security Community
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
n|u - The Open Security Community
 
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
Michael Gough
 
Pentesting ReST API
Pentesting ReST APIPentesting ReST API
Pentesting ReST API
Nutan Kumar Panda
 
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonCheckmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Adar Weidman
 
Ssrf
SsrfSsrf
Ssrf
Ilan Mindel
 
Insecure direct object reference (null delhi meet)
Insecure direct object reference (null delhi meet)Insecure direct object reference (null delhi meet)
Insecure direct object reference (null delhi meet)
Abhinav Mishra
 
ClearPass 6.4.2 Release Notes
ClearPass 6.4.2 Release NotesClearPass 6.4.2 Release Notes
ClearPass 6.4.2 Release Notes
Aruba, a Hewlett Packard Enterprise company
 

Recommended

Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
n|u - The Open Security Community
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
n|u - The Open Security Community
 
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
Michael Gough
 
Pentesting ReST API
Pentesting ReST APIPentesting ReST API
Pentesting ReST API
Nutan Kumar Panda
 
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez YalonCheckmarx meetup API Security - API Security top 10 - Erez Yalon
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Adar Weidman
 
Ssrf
SsrfSsrf
Ssrf
Ilan Mindel
 
Insecure direct object reference (null delhi meet)
Insecure direct object reference (null delhi meet)Insecure direct object reference (null delhi meet)
Insecure direct object reference (null delhi meet)
Abhinav Mishra
 
ClearPass 6.4.2 Release Notes
ClearPass 6.4.2 Release NotesClearPass 6.4.2 Release Notes
ClearPass 6.4.2 Release Notes
Aruba, a Hewlett Packard Enterprise company
 
APEX Behind the Scenes by Scott Spendolini
APEX Behind the Scenes by Scott SpendoliniAPEX Behind the Scenes by Scott Spendolini
APEX Behind the Scenes by Scott Spendolini
Enkitec
 
Radius1
Radius1Radius1
Radius1
balamurugan.k Kalibalamurugan
 
PHP filter
PHP filterPHP filter
PHP filter
Sumit Rathore
 
Android ui layout
Android ui layoutAndroid ui layout
Android ui layout
Krazy Koder
 
OWASP Top 10 API Security Risks
OWASP Top 10 API Security RisksOWASP Top 10 API Security Risks
OWASP Top 10 API Security Risks
IndusfacePvtLtd
 
Android pentesting
Android pentestingAndroid pentesting
Android pentesting
Mykhailo Antonishyn
 
Developing rma requirements
Developing rma requirementsDeveloping rma requirements
Developing rma requirements
csk selva
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
Prabath Siriwardena
 
Burp suite
Burp suiteBurp suite
Burp suite
SOURABH DESHMUKH
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
Michael Furman
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 
PhNOG Report APRICOT 2023
PhNOG Report APRICOT 2023PhNOG Report APRICOT 2023
PhNOG Report APRICOT 2023
APNIC
 
P2P Network in Blockchain
P2P Network in BlockchainP2P Network in Blockchain
P2P Network in Blockchain
Independent University , Bangladesh
 
Request dispacther interface ppt
Request dispacther interface pptRequest dispacther interface ppt
Request dispacther interface ppt
Taha Malampatti
 
IMSI Catcher Detector Device (Gotcha) - Tri Sumarno, Bona
IMSI Catcher Detector Device (Gotcha) - Tri Sumarno, BonaIMSI Catcher Detector Device (Gotcha) - Tri Sumarno, Bona
IMSI Catcher Detector Device (Gotcha) - Tri Sumarno, Bona
idsecconf
 
Injecting Security into vulnerable web apps at Runtime
Injecting Security into vulnerable web apps at RuntimeInjecting Security into vulnerable web apps at Runtime
Injecting Security into vulnerable web apps at Runtime
Ajin Abraham
 
Beginner's Guide to APEX
Beginner's Guide to APEXBeginner's Guide to APEX
Beginner's Guide to APEX
Anthony Rayner
 
CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9
Nil Menon
 
Web tier-framework-mvc
Web tier-framework-mvcWeb tier-framework-mvc
Web tier-framework-mvc
KashfUlHuda1
 
Dvwa low level
Dvwa low levelDvwa low level
Dvwa low level
hackstuff
 
Building an API using Grape
Building an API using GrapeBuilding an API using Grape
Building an API using Grape
visnu priya
 
Building Mobile Friendly APIs in Rails
Building Mobile Friendly APIs in RailsBuilding Mobile Friendly APIs in Rails
Building Mobile Friendly APIs in Rails
Jim Jeffers
 

More Related Content

What's hot

APEX Behind the Scenes by Scott Spendolini
APEX Behind the Scenes by Scott SpendoliniAPEX Behind the Scenes by Scott Spendolini
APEX Behind the Scenes by Scott Spendolini
Enkitec
 
Android ui layout
Android ui layoutAndroid ui layout
Android ui layout
Krazy Koder
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 
P2P Network in Blockchain
P2P Network in BlockchainP2P Network in Blockchain
P2P Network in Blockchain
Independent University , Bangladesh
 
Injecting Security into vulnerable web apps at Runtime
Injecting Security into vulnerable web apps at RuntimeInjecting Security into vulnerable web apps at Runtime
Injecting Security into vulnerable web apps at Runtime
Ajin Abraham
 

What's hot (20)

APEX Behind the Scenes by Scott Spendolini
APEX Behind the Scenes by Scott SpendoliniAPEX Behind the Scenes by Scott Spendolini
APEX Behind the Scenes by Scott Spendolini
 
Radius1
Radius1Radius1
Radius1
 
PHP filter
PHP filterPHP filter
PHP filter
 
Android ui layout
Android ui layoutAndroid ui layout
Android ui layout
 
OWASP Top 10 API Security Risks
OWASP Top 10 API Security RisksOWASP Top 10 API Security Risks
OWASP Top 10 API Security Risks
 
Android pentesting
Android pentestingAndroid pentesting
Android pentesting
 
Developing rma requirements
Developing rma requirementsDeveloping rma requirements
Developing rma requirements
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
 
Burp suite
Burp suiteBurp suite
Burp suite
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
 
PhNOG Report APRICOT 2023
PhNOG Report APRICOT 2023PhNOG Report APRICOT 2023
PhNOG Report APRICOT 2023
 
P2P Network in Blockchain
P2P Network in BlockchainP2P Network in Blockchain
P2P Network in Blockchain
 
Request dispacther interface ppt
Request dispacther interface pptRequest dispacther interface ppt
Request dispacther interface ppt
 
IMSI Catcher Detector Device (Gotcha) - Tri Sumarno, Bona
IMSI Catcher Detector Device (Gotcha) - Tri Sumarno, BonaIMSI Catcher Detector Device (Gotcha) - Tri Sumarno, Bona
IMSI Catcher Detector Device (Gotcha) - Tri Sumarno, Bona
 
Injecting Security into vulnerable web apps at Runtime
Injecting Security into vulnerable web apps at RuntimeInjecting Security into vulnerable web apps at Runtime
Injecting Security into vulnerable web apps at Runtime
 
Beginner's Guide to APEX
Beginner's Guide to APEXBeginner's Guide to APEX
Beginner's Guide to APEX
 
CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9CCNA 2 Routing and Switching v5.0 Chapter 9
CCNA 2 Routing and Switching v5.0 Chapter 9
 
Web tier-framework-mvc
Web tier-framework-mvcWeb tier-framework-mvc
Web tier-framework-mvc
 
Dvwa low level
Dvwa low levelDvwa low level
Dvwa low level
 

Viewers also liked

Viewers also liked (11)

Building an API using Grape
Building an API using GrapeBuilding an API using Grape
Building an API using Grape
 
Building Mobile Friendly APIs in Rails
Building Mobile Friendly APIs in RailsBuilding Mobile Friendly APIs in Rails
Building Mobile Friendly APIs in Rails
 
The Hitchhiker’s Guide to StackOverflow
The Hitchhiker’s Guide to StackOverflowThe Hitchhiker’s Guide to StackOverflow
The Hitchhiker’s Guide to StackOverflow
 
All You Need to Know About Type Script
All You Need to Know About Type ScriptAll You Need to Know About Type Script
All You Need to Know About Type Script
 
RESTful開発フロントエンド編(SPA・AltJS・フレームワーク)
RESTful開発フロントエンド編(SPA・AltJS・フレームワーク)RESTful開発フロントエンド編(SPA・AltJS・フレームワーク)
RESTful開発フロントエンド編(SPA・AltJS・フレームワーク)
 
Rails5とAPIモードについての解説
Rails5とAPIモードについての解説Rails5とAPIモードについての解説
Rails5とAPIモードについての解説
 
StackOverflow Architectural Overview
StackOverflow Architectural OverviewStackOverflow Architectural Overview
StackOverflow Architectural Overview
 
SPAに必要なJavaScriptFrameWork
SPAに必要なJavaScriptFrameWorkSPAに必要なJavaScriptFrameWork
SPAに必要なJavaScriptFrameWork
 
Railsチュートリアルの歩き方 (第4版)
Railsチュートリアルの歩き方 (第4版)Railsチュートリアルの歩き方 (第4版)
Railsチュートリアルの歩き方 (第4版)
 
Rest ful api設計入門
Rest ful api設計入門Rest ful api設計入門
Rest ful api設計入門
 
RESTful Web アプリの設計レビューの話
RESTful Web アプリの設計レビューの話RESTful Web アプリの設計レビューの話
RESTful Web アプリの設計レビューの話
 

Similar to Building RESTful APIs w/ Grape

Денис Лебедев-Управление зависимостями с помощью CocoaPods
Денис Лебедев-Управление зависимостями с помощью CocoaPodsДенис Лебедев-Управление зависимостями с помощью CocoaPods
Денис Лебедев-Управление зависимостями с помощью CocoaPods
UA Mobile
 
From Ruby to Node.js
From Ruby to Node.jsFrom Ruby to Node.js
From Ruby to Node.js
jubilem
 
Rails 3: Dashing to the Finish
Rails 3: Dashing to the FinishRails 3: Dashing to the Finish
Rails 3: Dashing to the Finish
Yehuda Katz
 

Similar to Building RESTful APIs w/ Grape (20)

Rails web api 开发
Rails web api 开发Rails web api 开发
Rails web api 开发
 
FOXX - a Javascript application framework on top of ArangoDB
FOXX - a Javascript application framework on top of ArangoDBFOXX - a Javascript application framework on top of ArangoDB
FOXX - a Javascript application framework on top of ArangoDB
 
Building Better Web APIs with Rails
Building Better Web APIs with RailsBuilding Better Web APIs with Rails
Building Better Web APIs with Rails
 
2011 a grape odyssey
2011 a grape odyssey2011 a grape odyssey
2011 a grape odyssey
 
Building web framework with Rack
Building web framework with RackBuilding web framework with Rack
Building web framework with Rack
 
Pourquoi ruby et rails déchirent
Pourquoi ruby et rails déchirentPourquoi ruby et rails déchirent
Pourquoi ruby et rails déchirent
 
Serverless - Developers.IO 2019
Serverless - Developers.IO 2019Serverless - Developers.IO 2019
Serverless - Developers.IO 2019
 
Play framework
Play frameworkPlay framework
Play framework
 
Денис Лебедев-Управление зависимостями с помощью CocoaPods
Денис Лебедев-Управление зависимостями с помощью CocoaPodsДенис Лебедев-Управление зависимостями с помощью CocoaPods
Денис Лебедев-Управление зависимостями с помощью CocoaPods
 
FiNCのWeb API開発事情
FiNCのWeb API開発事情FiNCのWeb API開発事情
FiNCのWeb API開発事情
 
From Ruby to Node.js
From Ruby to Node.jsFrom Ruby to Node.js
From Ruby to Node.js
 
Making a small QA system with Docker
Making a small QA system with DockerMaking a small QA system with Docker
Making a small QA system with Docker
 
Be a microservices hero
Be a microservices heroBe a microservices hero
Be a microservices hero
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
 
Ionic Framework - get up and running to build hybrid mobile apps
Ionic Framework - get up and running to build hybrid mobile appsIonic Framework - get up and running to build hybrid mobile apps
Ionic Framework - get up and running to build hybrid mobile apps
 
From Zero to Mongo, Art.sy Experience w/ MongoDB
From Zero to Mongo, Art.sy Experience w/ MongoDBFrom Zero to Mongo, Art.sy Experience w/ MongoDB
From Zero to Mongo, Art.sy Experience w/ MongoDB
 
Infrastructure-as-code: bridging the gap between Devs and Ops
Infrastructure-as-code: bridging the gap between Devs and OpsInfrastructure-as-code: bridging the gap between Devs and Ops
Infrastructure-as-code: bridging the gap between Devs and Ops
 
Battle of NoSQL stars: Amazon's SDB vs MongoDB vs CouchDB vs RavenDB
Battle of NoSQL stars: Amazon's SDB vs MongoDB vs CouchDB vs RavenDBBattle of NoSQL stars: Amazon's SDB vs MongoDB vs CouchDB vs RavenDB
Battle of NoSQL stars: Amazon's SDB vs MongoDB vs CouchDB vs RavenDB
 
High quality ap is with api platform
High quality ap is with api platformHigh quality ap is with api platform
High quality ap is with api platform
 
Rails 3: Dashing to the Finish
Rails 3: Dashing to the FinishRails 3: Dashing to the Finish
Rails 3: Dashing to the Finish
 

More from Daniel Doubrovkine

GeneralAssemb.ly Summer Program: Tech from the Ground Up
GeneralAssemb.ly Summer Program: Tech from the Ground UpGeneralAssemb.ly Summer Program: Tech from the Ground Up
GeneralAssemb.ly Summer Program: Tech from the Ground Up
Daniel Doubrovkine
 

More from Daniel Doubrovkine (20)

The Future of Art @ Worlds Fair Nano
The Future of Art @ Worlds Fair NanoThe Future of Art @ Worlds Fair Nano
The Future of Art @ Worlds Fair Nano
 
Nasdaq CTO Summit: Inspiring Team Leads to Give Away Legos
Nasdaq CTO Summit: Inspiring Team Leads to Give Away LegosNasdaq CTO Summit: Inspiring Team Leads to Give Away Legos
Nasdaq CTO Summit: Inspiring Team Leads to Give Away Legos
 
Product Development 101
Product Development 101Product Development 101
Product Development 101
 
Open-Source by Default, UN Community.camp
Open-Source by Default, UN Community.campOpen-Source by Default, UN Community.camp
Open-Source by Default, UN Community.camp
 
Your First Slack Ruby Bot
Your First Slack Ruby BotYour First Slack Ruby Bot
Your First Slack Ruby Bot
 
Single Sign-On with Waffle
Single Sign-On with WaffleSingle Sign-On with Waffle
Single Sign-On with Waffle
 
How it All Goes Down
How it All Goes DownHow it All Goes Down
How it All Goes Down
 
Taking Over Open Source Projects @ GoGaRuCo 2014
Taking Over Open Source Projects @ GoGaRuCo 2014Taking Over Open Source Projects @ GoGaRuCo 2014
Taking Over Open Source Projects @ GoGaRuCo 2014
 
Mentoring Engineers & Humans
Mentoring Engineers & HumansMentoring Engineers & Humans
Mentoring Engineers & Humans
 
Tiling and Zooming ASCII Art @ iOSoho
Tiling and Zooming ASCII Art @ iOSohoTiling and Zooming ASCII Art @ iOSoho
Tiling and Zooming ASCII Art @ iOSoho
 
Artsy ♥ ASCII ART
Artsy ♥ ASCII ARTArtsy ♥ ASCII ART
Artsy ♥ ASCII ART
 
The Other Side of Your Interview
The Other Side of Your InterviewThe Other Side of Your Interview
The Other Side of Your Interview
 
Hiring Engineers (the Artsy Way)
Hiring Engineers (the Artsy Way)Hiring Engineers (the Artsy Way)
Hiring Engineers (the Artsy Way)
 
Mentoring 101 - the Artsy way
Mentoring 101 - the Artsy wayMentoring 101 - the Artsy way
Mentoring 101 - the Artsy way
 
Building and Scaling a Test Driven Culture
Building and Scaling a Test Driven CultureBuilding and Scaling a Test Driven Culture
Building and Scaling a Test Driven Culture
 
Introducing Remote Install Framework
Introducing Remote Install FrameworkIntroducing Remote Install Framework
Introducing Remote Install Framework
 
HackYale 0-60 in Startup Tech
HackYale 0-60 in Startup TechHackYale 0-60 in Startup Tech
HackYale 0-60 in Startup Tech
 
Taming the Testing Beast - AgileDC 2012
Taming the Testing Beast - AgileDC 2012Taming the Testing Beast - AgileDC 2012
Taming the Testing Beast - AgileDC 2012
 
GeneralAssemb.ly Summer Program: Tech from the Ground Up
GeneralAssemb.ly Summer Program: Tech from the Ground UpGeneralAssemb.ly Summer Program: Tech from the Ground Up
GeneralAssemb.ly Summer Program: Tech from the Ground Up
 
Making Agile Choices in Software Technology
Making Agile Choices in Software TechnologyMaking Agile Choices in Software Technology
Making Agile Choices in Software Technology
 

Recently uploaded

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Recently uploaded (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

Building RESTful APIs w/ Grape

  • 1. Daniel Doubrovkine / Art.sy dblock@dblock.org @dblockdotorg
  • 2. Solid API or Else … http://www.youtube.com/watch?v=l9vYE7B1_PU
  • 3. The Rails Way: M(V)C config/routes.rb resources :artists app/controllers/artists_controller.rb class ArtistsController < ApplicationController def index @artists = … # all kinds of stuff that serves views respond_to do |format| format.html { @artists } format.json { render json: @artists.as_json } end end End
  • 4. The Rails Way: MVC app/views/artists/index.json.erb -@artists.each do |artist| { 'first_name': '<%= @artist.first_name.to_json %>', 'last_name': '<%= @artist.last_name.to_json %>' }
  • 5. Occupy Rails? » Where does the API start and end? » How are we going to build API v2 on top of v1? » Is API testing the same as controller testing? » How much discipline are we going to need to keep sanity? » How will deal with more difficult problems? Caching, authentication, authorization …
  • 6. Modern Web Applications: NoRails » MVC UI » RESTful API » Storage
  • 7. Grape » API DSL class API < Grape::API version „1' rack-based / middleware http://github.com/intridea/grape namespace :artist get “:id” do Artist.find(params[:id]).as_json end end namespace :artists do get “/” do Artist.all.as_json end end end
  • 8. Documentation » Developers Have the Attention Span of a Fish * * when reading documentation » Written in Markdown http://code.dblock.org/rendering-markdown-documents-in-rails » Reference will be Generated » API Sandboxes https://github.com/mmcnierney14/API-Sandbox » API Explorer https://github.com/mmcnierney14/API-Sandbox
  • 9. Testing an API # spec/spec_helper.rb RSpec.configure do |config| config.include RSpec::Rails::RequestExampleGroup, :type => :request, :example_group => { :file_path => /spec/api/ } end See “Writing Tests” @ https://github.com/intridea/grape
  • 10. Mocking is for Java Programmers describe "artworks" do before(:each) do login_as Fabricate(:admin) end describe "GET /api/v1/artwork/:slug" do it "returns an unpublished artwork" do artwork = Fabricate(:artwork, published: false) get "/api/v1/artwork/#{artwork.slug}" response.status.should == 200 response.body.at_json_path(“id”).should == artwork.slug # Pathy! end end end end
  • 11. Version 1 Births Version 2 » Include Api_v1 » Folder-Driven Development (FDD) api/api_v1/… module Api_v1 module Api_v2 version 'v1„ version 'v2„ module Api_v1_Me module Api_v1_Me module Api_v1_Artworks module Api_v2_Artworks # ... # ... end end See “Modularizing Grape API” @ http://code.dblock.org/modularizing-a-ror-grape-api-multiple-versions
  • 12. Exceptions Abort Flow » Don’t question yourself, raise a hand. rescue_from :all, :backtrace => true error_format :json rescue_from Mongoid::Errors::Validations do |e| rack_response({ :message => e.message, :detail => e.document.errors, :backtrace => e.backtrace }.to_json) end end See “Grape: trapping all exceptions within the API” @ http://code.dblock.org/grape-trapping-all-exceptions-within-the-api
  • 13. Authentication Methods » XApp: Exchange client ID for an XApp token api/v1/api_xapp_auth.rb » OAuth 2.0: Browser-Based Redirects controllers/oauth_controller.rb » XAuth: Exchange credentials for an OAuth token controllers/oauth_controller.rb » Forms Login to Website devise/warden via user.rb See “Grape: API Authentication w/ Devise” @ http://code.dblock.org/grape-api-authentication-w-devise
  • 14. Authenticated Users » Unauthenticated Calls » Authorized Apps » Logged In Users, RBAC def authenticated_user authenticated error!('Unauthorized', 401) unless current_user end
  • 15. Object Identity » Everything has an ID » Internal ID: BSON ObjectId » External ID: humanly-readable ID » ID is the same for all API consumers » API consumers know of a single ID » When do I use a Slug? » When do I use BSON ObjectId?
  • 16. JSON Formats » ActiveRecord as_json passes options recursively :all – all fields visible to the object’s owner :public – all fields visible to a user with :read permissions :short – enough fields visible to a user with :read permissions, used within a collection » JSON data can be grown incrementally
  • 17. POST and PUT » Validate Input Parameters in Models save(hashie) valid_hash_fields :first, :last
  • 18. Authorization » Admins have :create, :read, :update, :delete on everything, also known as :manage » Partners have :manage on their partner data eg. partner location, get :all JSON » Users have :manage on their personal data eg. my collection, get :all JSON » Everyone has :read on public data eg. a published artwork, get :public JSON
  • 19. Authorization Usage » Implemented w/ CanCan cannot :read, Artwork can :read, Artwork do |artwork| artwork.published end error!(„Unauthorized', 403) unless current_user.has_authorization_to?(:delete, artist)
  • 20. Pagination » paginate(collection) » :offset or :page » :size Pagination Helper for Grape @ https://gist.github.com/1335242
  • 21. Logging » Implemented as Rack Middleware » Logs API Calls
  • 22. Caching » Implemented w/Rails Cache / Memcached » Key based on Class and Identity » Cache Locally » Invalidate Aggressively
  • 23. Cache Busting » IE9 See “IE9: Cache-Busting with Grape Middleware” @ http://code.dblock.org/ie9-cache-busting-with-grape-middleware
  • 24. Instrumentation » See API Stats in New Relic config/initializers/new_relic_agent_instrumentation_api.rb See “New Relic: Performance Instrumentaiton w/ Grape” @ http://code.dblock.org/new-relic-performance-instrumentation-with-grape-api
  • 25. Performance » Trends
  • 26. Next » Deep Data » Caching in JSON » Generated Documentation
  • 27. How to design a good API and why it matters (Joshua Bloch) http://www.youtube.com/watch?v=aAb7hSCtvGw 1. Do one thing well 2. API is a Language, names matter 3. Documentation matters 4. Minimize mutability 5. Don’t make the client do anything the API could do