KEMBAR78
Creating a World-Class RESTful Web Services API | PPT
David Keener, profile picture
Uploaded byDavid Keener
4,866 views

Creating a World-Class RESTful Web Services API

David Keener, an experienced technical architect, discusses the complexities and best practices for creating a RESTful API, drawing on practical experiences from his work. Key topics include the importance of authentication, error handling, and designing an effective API framework that balances customer needs with company goals. The document emphasizes starting small, documenting thoroughly, and being open to iterative changes during development.

Creating a World-Class By David Keener http://www.keenertech.com RESTful Web Services API [email_address]
But First, Who Am I? Blog: http://www.keenertech.com (New Rails-based version in late June) Email: [email_address] David Keener I’m a technical architect and writer with over 20 years of experience. Been doing web applications Since 1997, and Rails applications since version 1.1. I’m a Technical Architect for Grab Networks , the company known for streaming the Beijing Olympics over the web and for distributing more news videos in the US than any other company except MSNBC.
Overview One Minute RESTful Refresher Why would you want a RESTful API? Basic design steps for an API API Architecture Details Scalability Practical Tips I’m talking about the practical experiences gained from creating a real, RESTful Web Services API for use by external customers.
What’s the Big Deal? Rails has been RESTful since 1.2…what’s so hard about doing an API? def index @videos = Video.find(:all) respond_to do |wants| wants.xml { render :layout => false, :xml => @videos.to_xml } wants.json { render :layout => false, :json => @videos.to_json } end end
What’s the Big Deal? Rails has been RESTful since 1.2…what’s so hard about doing an API? def index @videos = Video.find(:all) respond_to do |wants| wants.xml { render :layout => false, :xml => @videos.to_xml } wants.json { render :layout => false, :json => @videos.to_json } end end - No Authentication
What’s the Big Deal? Rails has been RESTful since 1.2…what’s so hard about doing an API? def index @videos = Video.find(:all) respond_to do |wants| wants.xml { render :layout => false, :xml => @videos.to_xml } wants.json { render :layout => false, :json => @videos.to_json } end end - No Authentication - No Authorization
What’s the Big Deal? Rails has been RESTful since 1.2…what’s so hard about doing an API? def index @videos = Video.find(:all) respond_to do |wants| wants.xml { render :layout => false, :xml => @videos.to_xml } wants.json { render :layout => false, :json => @videos.to_json } end end - No Authentication - No Authorization - No Error Handling
What’s the Big Deal? Rails has been RESTful since 1.2…what’s so hard about doing an API? def index @videos = Video.find(:all) respond_to do |wants| wants.xml { render :layout => false, :xml => @videos.to_xml } wants.json { render :layout => false, :json => @videos.to_json } end end - No Authentication - No Authorization - No Error Handling No fine control over data elements
What Does Grab Networks Do? Grab Tools Content Ingestion Transcoding Services Catalog Site Provide Video Store Video Distribute Video (with advertising) Short Answer: 60 Million Video Views Per Month 40,000+ Distributors Video Catalog Content Server Advertisers CDN Media Companies
Where Does the API Fit In? Will allow distributors to integrate video content into their sites more effectively Will provide a better platform on which to build our own tools Will facilitate a level of innovation that could not exist before
Washington Times Video content integrated in via RESTful API (Beta)
One-Minute RESTful Refresher HTTP methods are the “verbs” Acting on Resources (“nouns”) Providing a simple, constrained, easy-to-understand interface
Reasons for Doing an API Know WHY you’re doing an API before you embark on creating one. Most reasons fall into two basic categories: Customer-Centric: To better serve customers Company-Centric: To better serve yourself
Customer-Centric Reasons To give customers direct access to content To facilitate innovation by giving customers the capability to leverage your resources for their own purposes To allow customers to explore your content more effectively To allow authorized customers to directly manipulate resources
Company-Centric Reasons To organize functionality in a more manageable, maintainable way To centralize key logic components, e.g. –authorization logic To facilitate the creation of your own tools To leverage the creativity and innovativeness of your customers To promote tighter coupling of customer applications with API, resulting in an enhanced exit barrier
The First Step… All important projects must have a codename Like…. Tiger Leopard Longhorn
The First Step… All important projects must have a codename Like…. Tiger Leopard Longhorn (um, maybe not)
The First Step… All important projects must have a codename Like….
The First Step… All important projects must have a codename Like…. 9
Designing the API Identify the basic objects in your problem domain - These are your candidate resources Identify the relationships between your resources - These help you define nesting Look for “actions” that need to become “nouns” Ex. – subscription ( a standard example) Ex. – Publishing a video results in a “distribution” Stay in Beta a long time…you will make changes Designing a RESTful API is an interesting challenge. Forget your existing database, and start at the logical level…
Reality Sets In Your database wasn’t designed to have a RESTful API built on top of it Your database probably doesn’t support the authorization needs of your API So you’re going to need a massive re-factor (or a series of them) And management will still want you to develop new features during the massive re-factor(s) This is where you compare your nice, clean, elegant resource design with your ugly, grown-over-time database
Need a (Painful) Example? Distributors were people with accounts Users were distributors who had filled out detailed profile information about themselves Two tables… Some objects were owned by distributors Some objects were owned by users Distributors => Users User => Profiles Re-factor to change ownership to users
Anatomy of an API Request Next, we standardized how API requests should work…
Authentication Since there’s no money involved… Basic HTTP Authentication SSL for additional security Using a simple 20-character API key Easily supported in Rails Can add a more advanced scheme later if needed Authentication is the process of identifying who is accessing the API
Three Major Components Acts As Authorized: Handles privilege-checking to determine whether users can view, create, update or delete resources Externalizable: Domain-Specific Language (DSL) for exposing content. Also handles creates/updates in JSON and XML Restful Behaviors: Mini-framework for common controller logic related to manipulating resources
Acts As Authorized Handles most privilege checks for the API Relies on hooks in the model underlying each resource - auth_get_owner: Who “owns” the resource - auth_get_groups: Group sharing of resource - find_authorized: A method that honors privs
Acts As Authorized (2) Users can view any resource they created or that is shared with a group to which they belong Users can update a resource if they have the “update_<resource>” privilege for a group with which the resource is shared There are a few case-by-case restrictions
Acts As Authorized (3) Model Acts As Authorized “ Acts As” Resource Hooks
Restful Behaviors Mini-framework collecting common controller logic Functions as a mix-in for API controllers Developers just need to override key methods to tailor controllers for new resources Centralizes key features like externalizing content, error handling, single-asset privilege checking, etc.
Restful Behaviors (2) Model Controller Restful Behaviors Acts As Authorized “ Acts As” Resource Hooks
Externalizable Provides a Domain-Specific Language (DSL) for externalizing resources Included in models as a mix-in Centralizes functionality for producing output Centralizes processing of incoming XML/JSON Centralizes create/update logic and ensures that only exposed fields can be set Can externalize database columns under different names
Externalizable (2) include Externalizable externalize_model_as “video” externalize_attribute :asset_id, :label => &quot;id&quot;, :methods => [:index, :show] externalize_attribute :headline, :label => &quot;title” externalize_attribute :abstract, :label => &quot;summary” externalize_attribute :keywords externalize_attribute :created_at, :methods => [:index, :show] externalize_attribute :updated_at, :methods => [:index, :show]
Overall Architecture Model Externalizable Controller Restful Behaviors Acts As Authorized “ Acts As” Resource Hooks Externalizable Specification
Error Handling HTTP Status Codes HTTP “Warn” Header Ex. - 199 WAS-002: An unauthorized network was specified (the “199” => “Miscellaneous Message”) Error Messages in JSON/XML response Last Resort: The “always_ok” option - Always return 200… (Flash) caller has to parse response to determine success or failure The diversity of technologies used to interact with the API makes it challenging to provide meaningful feedback to callers when errors occur.
Searches Set up searches as Index and Create, so it accepts both GET and POST actions Searches are networks-specific - Can search Grab Networks public content or FOX private content (if authorized) Using Sphinx open source search engine Returns videos, but with extra “confidence”
Scalability Load Balancer in front of multiple Web Servers for the API – Can add servers as needed Separate Web Server in Amazon Cloud for contracted partners…handles file uploads and video transcoding tasks – Can load balance and add servers as needed Searches run against replicate production database – Can add replicates as needed Apache magic as needed Scalability is a process, not a binary condition.
Practical Tips Start small, with a few resources - Work out the kinks, then expand the scope Start with an extended Beta - So you can change the API as needed without annoying users Recognize that a re-factor will be required - Just deal with it Eat your own dog food - It will never be solid unless you use your own API Challenge assumptions - Don’t be afraid to re-evaluate and adjust the API as you go Documentation, documentation, documentation
Resources RESTful Web Services by Leonard Richardson and Sam Ruby, Published by O’Reilly http://wasabi.grabnetworks.com - API is not publically available yet, but the documentation is

More Related Content

PPTX
Creating web services
byAdam Nemeth
 
PPTX
Creating a custom connector in mule
byAchyuta Lakshmi
 
PDF
Fed London - January 2015
byPhil Leggetter
 
PPTX
Mule api gateway overview
bySanjeet Pandey
 
PPTX
The anypoint platform for API's
byAchyuta Lakshmi
 
PPTX
Onion Architecture
bymatthidinger
 
PDF
How to Build Front-End Web Apps that Scale - FutureJS
byPhil Leggetter
 
PPTX
Api testing
byvcubesoftsolutions
 
Creating web services
byAdam Nemeth
 
Creating a custom connector in mule
byAchyuta Lakshmi
 
Fed London - January 2015
byPhil Leggetter
 
Mule api gateway overview
bySanjeet Pandey
 
The anypoint platform for API's
byAchyuta Lakshmi
 
Onion Architecture
bymatthidinger
 
How to Build Front-End Web Apps that Scale - FutureJS
byPhil Leggetter
 
Api testing
byvcubesoftsolutions
 

What's hot

PDF
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
byMichael Kuehne-Schlinkert
 
PPT
API Façade Pattern
byNabeel Yoosuf
 
PDF
apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...
byapidays
 
PPTX
Api Testing
byVishwanath KC
 
PDF
What Postman Did for a CEO Who Can’t Code by Craig Balkin
byPostman
 
PDF
Rest api best practices – comprehensive handbook
byKaty Slemon
 
PDF
Amazon API Gateway
byMark Bate
 
PDF
Crafting ColdFusion Applications like an Architect
byColdFusionConference
 
PPTX
Integration with Microsoft SharePoint using Mule ESB
bySanjeet Pandey
 
PPTX
Mule esb stripe
byD.Rajesh Kumar
 
PPTX
Automatic documentation with mule
byF K
 
PPTX
Get Data from Microsoft CRM using Mule ESB
bySanjeet Pandey
 
PDF
The Most Common Errors That Aren’t Caught
byNordic APIs
 
PPTX
Creating a Symfony Ecommerce App
byMuhammad Azaz Qadir
 
PPTX
Query in share point by mule
bySon Nguyen
 
PDF
The API-Application Semantic Gap
by3scale
 
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
byMichael Kuehne-Schlinkert
 
API Façade Pattern
byNabeel Yoosuf
 
apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...
byapidays
 
Api Testing
byVishwanath KC
 
What Postman Did for a CEO Who Can’t Code by Craig Balkin
byPostman
 
Rest api best practices – comprehensive handbook
byKaty Slemon
 
Amazon API Gateway
byMark Bate
 
Crafting ColdFusion Applications like an Architect
byColdFusionConference
 
Integration with Microsoft SharePoint using Mule ESB
bySanjeet Pandey
 
Mule esb stripe
byD.Rajesh Kumar
 
Automatic documentation with mule
byF K
 
Get Data from Microsoft CRM using Mule ESB
bySanjeet Pandey
 
The Most Common Errors That Aren’t Caught
byNordic APIs
 
Creating a Symfony Ecommerce App
byMuhammad Azaz Qadir
 
Query in share point by mule
bySon Nguyen
 
The API-Application Semantic Gap
by3scale
 

Viewers also liked

PPTX
Introduction angular js
byMizan Riqzia
 
PPTX
Releasing the dopamine
byPaul Boocock
 
PDF
Wso2 con byod-shan-ppt
byWSO2
 
PPTX
Cross Platform Mobile Apps with APIs from Qcon San Francisco
byCA API Management
 
PDF
Restful design principles
byGeison Goes
 
PDF
Restful api design
byMizan Riqzia
 
PDF
RESTful API development with Symfony2
byTaras Omelianenko
 
PDF
Nge-GIT (Belajar Git Bareng)
byMizan Riqzia
 
PPTX
REST API Best Practices & Implementing in Codeigniter
bySachin G Kulkarni
 
PDF
RESTful API Design & Implementation with CodeIgniter PHP Framework
byBo-Yi Wu
 
ODP
Microservice Architecture JavaCro 2015
byNenad Pecanac
 
PPTX
DataPower Restful API Security
byJagadish Vemugunta
 
PDF
Spring IO 2016 - Spring Cloud Microservices, a journey inside a financial entity
byToni Jara
 
PPTX
Building REST APIs with Spring Boot and Spring Cloud
byKenny Bastani
 
PPTX
Building a Reactive RESTful API with Akka Http & Slick
byZalando Technology
 
PPTX
Securing RESTful APIs using OAuth 2 and OpenID Connect
byJonathan LeBlanc
 
PPTX
RESTful API and ASP.NET
byDelphiCon
 
PDF
REST, RESTful API
byHossein Baghayi
 
PPTX
REST and Microservices
byShaun Abram
 
PPTX
Rest API Security
byStormpath
 
Introduction angular js
byMizan Riqzia
 
Releasing the dopamine
byPaul Boocock
 
Wso2 con byod-shan-ppt
byWSO2
 
Cross Platform Mobile Apps with APIs from Qcon San Francisco
byCA API Management
 
Restful design principles
byGeison Goes
 
Restful api design
byMizan Riqzia
 
RESTful API development with Symfony2
byTaras Omelianenko
 
Nge-GIT (Belajar Git Bareng)
byMizan Riqzia
 
REST API Best Practices & Implementing in Codeigniter
bySachin G Kulkarni
 
RESTful API Design & Implementation with CodeIgniter PHP Framework
byBo-Yi Wu
 
Microservice Architecture JavaCro 2015
byNenad Pecanac
 
DataPower Restful API Security
byJagadish Vemugunta
 
Spring IO 2016 - Spring Cloud Microservices, a journey inside a financial entity
byToni Jara
 
Building REST APIs with Spring Boot and Spring Cloud
byKenny Bastani
 
Building a Reactive RESTful API with Akka Http & Slick
byZalando Technology
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
byJonathan LeBlanc
 
RESTful API and ASP.NET
byDelphiCon
 
REST, RESTful API
byHossein Baghayi
 
REST and Microservices
byShaun Abram
 
Rest API Security
byStormpath
 

Similar to Creating a World-Class RESTful Web Services API

PDF
Practical guide to building public APIs
byReda Hmeid MBCS
 
PPTX
REST-API introduction for developers
byPatrick Savalle
 
PPTX
Building a REST API for Longevity
byMuleSoft
 
PDF
O reilly sacon2018nyc - restful api design - master - v1.0
byTom Hofte
 
PPTX
Intro to API Design Principles
byVictor Osimitz
 
PPTX
Api Design
byJason Harmon
 
PDF
Modern REST API design principles and rules.pdf
byAparna Sharma
 
PPTX
Super simple introduction to REST-APIs (2nd version)
byPatrick Savalle
 
PDF
REST API Recommendations
byJeelani Shaik
 
PDF
The ultimate api checklist by Blendr.io
byBlendr.io
 
PDF
Modern REST API design principles and rules.pdf
byAparna Sharma
 
PDF
zendframework2 restful
bytom_li
 
PDF
JOSA TechTalks - RESTful API Concepts and Best Practices
byJordan Open Source Association
 
PPTX
Api crash
byJames Wong
 
PPTX
Api crash
byHoang Nguyen
 
PPTX
Api crash
byLuis Goldster
 
PPTX
Api crash
byHarry Potter
 
PPTX
Api crash
byFraboni Ec
 
PPTX
Api crash
byTony Nguyen
 
PPTX
Api crash
byYoung Alista
 
Practical guide to building public APIs
byReda Hmeid MBCS
 
REST-API introduction for developers
byPatrick Savalle
 
Building a REST API for Longevity
byMuleSoft
 
O reilly sacon2018nyc - restful api design - master - v1.0
byTom Hofte
 
Intro to API Design Principles
byVictor Osimitz
 
Api Design
byJason Harmon
 
Modern REST API design principles and rules.pdf
byAparna Sharma
 
Super simple introduction to REST-APIs (2nd version)
byPatrick Savalle
 
REST API Recommendations
byJeelani Shaik
 
The ultimate api checklist by Blendr.io
byBlendr.io
 
Modern REST API design principles and rules.pdf
byAparna Sharma
 
zendframework2 restful
bytom_li
 
JOSA TechTalks - RESTful API Concepts and Best Practices
byJordan Open Source Association
 
Api crash
byJames Wong
 
Api crash
byHoang Nguyen
 
Api crash
byLuis Goldster
 
Api crash
byHarry Potter
 
Api crash
byFraboni Ec
 
Api crash
byTony Nguyen
 
Api crash
byYoung Alista
 

More from David Keener

PPTX
Writing Killer Fight Scenes
byDavid Keener
 
PPTX
Build a Space Battle
byDavid Keener
 
PPTX
Creating an Adaptive Setting
byDavid Keener
 
PDF
Public Speaking for Writers
byDavid Keener
 
PPTX
21st Century Writer
byDavid Keener
 
PPTX
Titanic: The Forgotten Passengers
byDavid Keener
 
PDF
Rails Tips and Best Practices
byDavid Keener
 
PDF
Elevator Up, Please!
byDavid Keener
 
PDF
Rails and the Apache SOLR Search Engine
byDavid Keener
 
PDF
Killer Business Models
byDavid Keener
 
PDF
Rails Security
byDavid Keener
 
PDF
Building Facebook Apps
byDavid Keener
 
PDF
Leveraging Rails to Build Facebook Apps
byDavid Keener
 
PPT
Quick Start: ActiveScaffold
byDavid Keener
 
PPT
Creating Custom Charts With Ruby Vector Graphics
byDavid Keener
 
PPT
A Tour of Ruby On Rails
byDavid Keener
 
PPT
Using Rails to Create an Enterprise App: A Real-Life Case Study
byDavid Keener
 
PPT
Practical JRuby
byDavid Keener
 
PPT
Implementing OpenID for Your Social Networking Site
byDavid Keener
 
PDF
Creating Dynamic Charts With JFreeChart
byDavid Keener
 
Writing Killer Fight Scenes
byDavid Keener
 
Build a Space Battle
byDavid Keener
 
Creating an Adaptive Setting
byDavid Keener
 
Public Speaking for Writers
byDavid Keener
 
21st Century Writer
byDavid Keener
 
Titanic: The Forgotten Passengers
byDavid Keener
 
Rails Tips and Best Practices
byDavid Keener
 
Elevator Up, Please!
byDavid Keener
 
Rails and the Apache SOLR Search Engine
byDavid Keener
 
Killer Business Models
byDavid Keener
 
Rails Security
byDavid Keener
 
Building Facebook Apps
byDavid Keener
 
Leveraging Rails to Build Facebook Apps
byDavid Keener
 
Quick Start: ActiveScaffold
byDavid Keener
 
Creating Custom Charts With Ruby Vector Graphics
byDavid Keener
 
A Tour of Ruby On Rails
byDavid Keener
 
Using Rails to Create an Enterprise App: A Real-Life Case Study
byDavid Keener
 
Practical JRuby
byDavid Keener
 
Implementing OpenID for Your Social Networking Site
byDavid Keener
 
Creating Dynamic Charts With JFreeChart
byDavid Keener
 

Recently uploaded

PDF
The invisible key: Securing the new attack vector of OAuth tokens
byGianluca Varisco
 
PPTX
Top Trends in Kubernetes Security: TalosCon 2025
byCheryl Hung
 
PDF
KV Caching Strategies for Latency-Critical LLM Applications by John Thomson
byScyllaDB
 
PPTX
Agentic AI Solutions and Services | Aeologic
byankitaeologic
 
PDF
Beyond Generative AI: Creating Demand for Compute in the 2030s
byReidar Wasenius
 
PDF
Session 2 - Agentic Orchestration with UiPath Maestro
byDianaGray10
 
PPTX
Session 5 - Specialized AI Associate Series: Build a Document Understanding ...
byDianaGray10
 
PDF
TrustArc Webinar - Migration to TrustArc: What Your Journey Will Look Like
byTrustArc
 
PDF
Unlocking Full-Stack Observability for AIOps: A Precisely Ironstream for Big ...
byPrecisely
 
PDF
Meta and Apple close to settling EU cases.pdf
byLUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP
 
PDF
Planetek Italia Corporate Profile brochure
byPlanetek Italia Srl
 
PPTX
"Daily workflows with Cursor IDE", Maksym Anisimov
byFwdays
 
PDF
UiPath DevConnect 2025: Introduction to Agentic Automation
byDianaGray10
 
PDF
Dragino商品カタログ 2025.7 LoRaWAN・NB-IoT・LTE-M(LTE Cat.M1)対応センサーリスト
byCRI Japan, Inc.
 
PDF
A fool with a tool is still a fool - Plone Conference 2025
byAndreas Jung
 
PDF
Atlantix is an AI-first venture studio, building companies with AI at the core
byadmin625551
 
PDF
Rivian's Push Notification Sub Stream with Mega Filter by Marcus Kim & Saahil...
byScyllaDB
 
PDF
Combining AI with Red Teaming and Bug Bounty
byRamin Farajpour Cami
 
PDF
2025 October Patch Tuesday
byIvanti
 
PDF
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
The invisible key: Securing the new attack vector of OAuth tokens
byGianluca Varisco
 
Top Trends in Kubernetes Security: TalosCon 2025
byCheryl Hung
 
KV Caching Strategies for Latency-Critical LLM Applications by John Thomson
byScyllaDB
 
Agentic AI Solutions and Services | Aeologic
byankitaeologic
 
Beyond Generative AI: Creating Demand for Compute in the 2030s
byReidar Wasenius
 
Session 2 - Agentic Orchestration with UiPath Maestro
byDianaGray10
 
Session 5 - Specialized AI Associate Series: Build a Document Understanding ...
byDianaGray10
 
TrustArc Webinar - Migration to TrustArc: What Your Journey Will Look Like
byTrustArc
 
Unlocking Full-Stack Observability for AIOps: A Precisely Ironstream for Big ...
byPrecisely
 
Meta and Apple close to settling EU cases.pdf
byLUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP
 
Planetek Italia Corporate Profile brochure
byPlanetek Italia Srl
 
"Daily workflows with Cursor IDE", Maksym Anisimov
byFwdays
 
UiPath DevConnect 2025: Introduction to Agentic Automation
byDianaGray10
 
Dragino商品カタログ 2025.7 LoRaWAN・NB-IoT・LTE-M(LTE Cat.M1)対応センサーリスト
byCRI Japan, Inc.
 
A fool with a tool is still a fool - Plone Conference 2025
byAndreas Jung
 
Atlantix is an AI-first venture studio, building companies with AI at the core
byadmin625551
 
Rivian's Push Notification Sub Stream with Mega Filter by Marcus Kim & Saahil...
byScyllaDB
 
Combining AI with Red Teaming and Bug Bounty
byRamin Farajpour Cami
 
2025 October Patch Tuesday
byIvanti
 
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 

Creating a World-Class RESTful Web Services API

  • 1.
    Creating a World-ClassBy David Keener http://www.keenertech.com RESTful Web Services API [email_address]
  • 2.
    But First, WhoAm I? Blog: http://www.keenertech.com (New Rails-based version in late June) Email: [email_address] David Keener I’m a technical architect and writer with over 20 years of experience. Been doing web applications Since 1997, and Rails applications since version 1.1. I’m a Technical Architect for Grab Networks , the company known for streaming the Beijing Olympics over the web and for distributing more news videos in the US than any other company except MSNBC.
  • 3.
    Overview One MinuteRESTful Refresher Why would you want a RESTful API? Basic design steps for an API API Architecture Details Scalability Practical Tips I’m talking about the practical experiences gained from creating a real, RESTful Web Services API for use by external customers.
  • 4.
    What’s the BigDeal? Rails has been RESTful since 1.2…what’s so hard about doing an API? def index @videos = Video.find(:all) respond_to do |wants| wants.xml { render :layout => false, :xml => @videos.to_xml } wants.json { render :layout => false, :json => @videos.to_json } end end
  • 5.
    What’s the BigDeal? Rails has been RESTful since 1.2…what’s so hard about doing an API? def index @videos = Video.find(:all) respond_to do |wants| wants.xml { render :layout => false, :xml => @videos.to_xml } wants.json { render :layout => false, :json => @videos.to_json } end end - No Authentication
  • 6.
    What’s the BigDeal? Rails has been RESTful since 1.2…what’s so hard about doing an API? def index @videos = Video.find(:all) respond_to do |wants| wants.xml { render :layout => false, :xml => @videos.to_xml } wants.json { render :layout => false, :json => @videos.to_json } end end - No Authentication - No Authorization
  • 7.
    What’s the BigDeal? Rails has been RESTful since 1.2…what’s so hard about doing an API? def index @videos = Video.find(:all) respond_to do |wants| wants.xml { render :layout => false, :xml => @videos.to_xml } wants.json { render :layout => false, :json => @videos.to_json } end end - No Authentication - No Authorization - No Error Handling
  • 8.
    What’s the BigDeal? Rails has been RESTful since 1.2…what’s so hard about doing an API? def index @videos = Video.find(:all) respond_to do |wants| wants.xml { render :layout => false, :xml => @videos.to_xml } wants.json { render :layout => false, :json => @videos.to_json } end end - No Authentication - No Authorization - No Error Handling No fine control over data elements
  • 9.
    What Does GrabNetworks Do? Grab Tools Content Ingestion Transcoding Services Catalog Site Provide Video Store Video Distribute Video (with advertising) Short Answer: 60 Million Video Views Per Month 40,000+ Distributors Video Catalog Content Server Advertisers CDN Media Companies
  • 10.
    Where Does theAPI Fit In? Will allow distributors to integrate video content into their sites more effectively Will provide a better platform on which to build our own tools Will facilitate a level of innovation that could not exist before
  • 11.
    Washington Times Videocontent integrated in via RESTful API (Beta)
  • 12.
    One-Minute RESTful RefresherHTTP methods are the “verbs” Acting on Resources (“nouns”) Providing a simple, constrained, easy-to-understand interface
  • 13.
    Reasons for Doingan API Know WHY you’re doing an API before you embark on creating one. Most reasons fall into two basic categories: Customer-Centric: To better serve customers Company-Centric: To better serve yourself
  • 14.
    Customer-Centric Reasons Togive customers direct access to content To facilitate innovation by giving customers the capability to leverage your resources for their own purposes To allow customers to explore your content more effectively To allow authorized customers to directly manipulate resources
  • 15.
    Company-Centric Reasons Toorganize functionality in a more manageable, maintainable way To centralize key logic components, e.g. –authorization logic To facilitate the creation of your own tools To leverage the creativity and innovativeness of your customers To promote tighter coupling of customer applications with API, resulting in an enhanced exit barrier
  • 16.
    The First Step…All important projects must have a codename Like…. Tiger Leopard Longhorn
  • 17.
    The First Step…All important projects must have a codename Like…. Tiger Leopard Longhorn (um, maybe not)
  • 18.
    The First Step…All important projects must have a codename Like….
  • 19.
    The First Step…All important projects must have a codename Like…. 9
  • 20.
    Designing the APIIdentify the basic objects in your problem domain - These are your candidate resources Identify the relationships between your resources - These help you define nesting Look for “actions” that need to become “nouns” Ex. – subscription ( a standard example) Ex. – Publishing a video results in a “distribution” Stay in Beta a long time…you will make changes Designing a RESTful API is an interesting challenge. Forget your existing database, and start at the logical level…
  • 21.
    Reality Sets InYour database wasn’t designed to have a RESTful API built on top of it Your database probably doesn’t support the authorization needs of your API So you’re going to need a massive re-factor (or a series of them) And management will still want you to develop new features during the massive re-factor(s) This is where you compare your nice, clean, elegant resource design with your ugly, grown-over-time database
  • 22.
    Need a (Painful)Example? Distributors were people with accounts Users were distributors who had filled out detailed profile information about themselves Two tables… Some objects were owned by distributors Some objects were owned by users Distributors => Users User => Profiles Re-factor to change ownership to users
  • 23.
    Anatomy of anAPI Request Next, we standardized how API requests should work…
  • 24.
    Authentication Since there’sno money involved… Basic HTTP Authentication SSL for additional security Using a simple 20-character API key Easily supported in Rails Can add a more advanced scheme later if needed Authentication is the process of identifying who is accessing the API
  • 25.
    Three Major ComponentsActs As Authorized: Handles privilege-checking to determine whether users can view, create, update or delete resources Externalizable: Domain-Specific Language (DSL) for exposing content. Also handles creates/updates in JSON and XML Restful Behaviors: Mini-framework for common controller logic related to manipulating resources
  • 26.
    Acts As AuthorizedHandles most privilege checks for the API Relies on hooks in the model underlying each resource - auth_get_owner: Who “owns” the resource - auth_get_groups: Group sharing of resource - find_authorized: A method that honors privs
  • 27.
    Acts As Authorized(2) Users can view any resource they created or that is shared with a group to which they belong Users can update a resource if they have the “update_<resource>” privilege for a group with which the resource is shared There are a few case-by-case restrictions
  • 28.
    Acts As Authorized(3) Model Acts As Authorized “ Acts As” Resource Hooks
  • 29.
    Restful Behaviors Mini-frameworkcollecting common controller logic Functions as a mix-in for API controllers Developers just need to override key methods to tailor controllers for new resources Centralizes key features like externalizing content, error handling, single-asset privilege checking, etc.
  • 30.
    Restful Behaviors (2)Model Controller Restful Behaviors Acts As Authorized “ Acts As” Resource Hooks
  • 31.
    Externalizable Provides aDomain-Specific Language (DSL) for externalizing resources Included in models as a mix-in Centralizes functionality for producing output Centralizes processing of incoming XML/JSON Centralizes create/update logic and ensures that only exposed fields can be set Can externalize database columns under different names
  • 32.
    Externalizable (2) includeExternalizable externalize_model_as “video” externalize_attribute :asset_id, :label => &quot;id&quot;, :methods => [:index, :show] externalize_attribute :headline, :label => &quot;title” externalize_attribute :abstract, :label => &quot;summary” externalize_attribute :keywords externalize_attribute :created_at, :methods => [:index, :show] externalize_attribute :updated_at, :methods => [:index, :show]
  • 33.
    Overall Architecture ModelExternalizable Controller Restful Behaviors Acts As Authorized “ Acts As” Resource Hooks Externalizable Specification
  • 34.
    Error Handling HTTPStatus Codes HTTP “Warn” Header Ex. - 199 WAS-002: An unauthorized network was specified (the “199” => “Miscellaneous Message”) Error Messages in JSON/XML response Last Resort: The “always_ok” option - Always return 200… (Flash) caller has to parse response to determine success or failure The diversity of technologies used to interact with the API makes it challenging to provide meaningful feedback to callers when errors occur.
  • 35.
    Searches Set upsearches as Index and Create, so it accepts both GET and POST actions Searches are networks-specific - Can search Grab Networks public content or FOX private content (if authorized) Using Sphinx open source search engine Returns videos, but with extra “confidence”
  • 36.
    Scalability Load Balancerin front of multiple Web Servers for the API – Can add servers as needed Separate Web Server in Amazon Cloud for contracted partners…handles file uploads and video transcoding tasks – Can load balance and add servers as needed Searches run against replicate production database – Can add replicates as needed Apache magic as needed Scalability is a process, not a binary condition.
  • 37.
    Practical Tips Startsmall, with a few resources - Work out the kinks, then expand the scope Start with an extended Beta - So you can change the API as needed without annoying users Recognize that a re-factor will be required - Just deal with it Eat your own dog food - It will never be solid unless you use your own API Challenge assumptions - Don’t be afraid to re-evaluate and adjust the API as you go Documentation, documentation, documentation
  • 38.
    Resources RESTful WebServices by Leonard Richardson and Sam Ruby, Published by O’Reilly http://wasabi.grabnetworks.com - API is not publically available yet, but the documentation is