With the adoption of REST, the proliferation of smartphones and tablets, and the second coming of JavaScript, exposing our applications as a service is now more important than ever.
Rails or Sinatra make really easy to create a (kinda) RESTful API but, in many occassions, these APIs are designed without really thinking on the developers that will have to use them.
I want to talk about some of the points that can help making your API more developer-friendly. Some of the areas I’ll cover will be discoverability, authentication, headers, formats, parameters, documentation and tools.
Talk delivered at London Ruby User Group on 12/12/2011
25. Accept: application/vnd.aspgems.invoicefu.v1.xml
THE
ACCEPT
HEADER
HTTP/REST Standard Not everyone Less obvious
Unambiguous supports headers Harder to use
Resources != or custom types Non standard content-
Representations types
Version as you need it Skips HTTP server logs
32. BASIC ACCESS AUTHENTICATION
authenticate_or_request_with_http_basic do |login, password|
User.find_by_login_and_password login, password
end
User and password must be passed every time
TOKEN
Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
User.find_by_login_and_api_key( params[:login], params[:api_key] )
Client can send it as a parameter or as a header
OAUTH
Depends on third party libraries
Requires initial registration of client and more integration