Download as PDF, PPTX
![$ curl -u user:pass -d '{}'
> http://127.0.0.1:8000/api/snippets/ | jq .
{
"title": [
" "
],
"created_by": [
" "
]
}](https://image.slidesharecdn.com/pyconjp2018-180917063611/85/Django-REST-Framework-API-PyCon-JP-2018-79-320.jpg)
![$ curl -u user:pass -d '{}'
> http://127.0.0.1:8000/api/snippets/ | jq .
{
"title": [
" "
],
"created_by": [
" "
]
}](https://image.slidesharecdn.com/pyconjp2018-180917063611/75/Django-REST-Framework-API-PyCon-JP-2018-79-2048.jpg)
Uploaded byMasashi Shibata
Django REST Framework における API 実装プラクティス | PyCon JP 2018
The document discusses various topics related to APIs and pagination in Django REST Framework. It covers: 1. Pagination techniques in Django REST Framework including PageNumberPagination, LimitOffsetPagination, and CursorPagination. 2. Rate limiting techniques including AnonRateThrottle, UserRateThrottle, and ScopedRateThrottle. 3. Authentication techniques including TokenAuthentication and the djangorestframework-jwt package for JSON web tokens. 4. Other API design topics like HATEOAS, versioning, and specifying media types.
More Related Content
![[DL輪読会]Whole-Body Human Pose Estimation in the Wild](https://cdn.slidesharecdn.com/ss_thumbnails/20200731wholebodyhumanposeestimationinthewildkuboshizuma-200804012445-thumbnail.jpg?width=600ounds&width=560&fit=bounds)
![[Aurora事例祭り]Amazon Aurora を使いこなすためのベストプラクティス](https://cdn.slidesharecdn.com/ss_thumbnails/amazonauroratips-170307140000-thumbnail.jpg?width=600ounds&width=560&fit=bounds)
Similar to Django REST Framework における API 実装プラクティス | PyCon JP 2018
Django REST Framework における API 実装プラクティス | PyCon JP 2018
- 1. Django REST Framework API MasashiSHIBATA c-bata c_bata_! " PyCon JP 2018 Day1
- 2.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13. http://example.com/snippets/?page=4 PageNumberPagination http://example.com/snippets/?limit=50&offset=250 prev: http://example.com/snippets/?cursor=cj0xJnA9MjAxOC next: http://example.com/snippets/?cursor=povlJDFkfhgf0lAj LimitOffsetPagination CursorPagination ※max_id since_id examle.com/snippets?since_id=6
- 14.
- 15.
- 17. 1 74 10285 113 96 12
- 18. 1 74 10285 113 96 12 1 74 102 85 113 96 12
- 19. 1 74 10285 113 96 12 1 74 102 85 113 96 12 id = 3 id=6
- 21. 1 74 10285 113 96 12 1 74 102 85 113 96 12
- 22. 1 74 10285 113 96 121 74 102 85 113 96 12 1 74 102 85 113 96 12 5 1
- 23. 1 74 10285 113 96 12 1 74 102 85 113 96 12
- 24. 1 74 10285 113 96 12 1 74 102 85 113 96 12
- 26. id id idid id id id id 3
- 27. id id idid id id id id id id id id id id id id
- 28. id id idid id id id id id id id id id id id id
- 29. id id idid id id id id id id id id id id id id
- 30. id id idid id id id id id id id id id id id id
- 31.
- 34. = SELECT id FROMsnippets WHERE is_public = 1 AND created_at > '2018-09-15 08:28:53.312612’ ORDER BY created_at ASC LIMIT 101; ALTER TABLE snippets ADD INDEX ix_created_public(created_at, is_public); SQL Index
- 35. INDEX D, J, Z INDEX A,B, D + A 1 INDEX F, H, J B 8 INDEX L, P, Z D 20 INDEX 20, 60, 80 INDEX 1, 8, 20 + 1 c-bata 24 INDEX 21, 50, 60 + 8 denari 23 INDEX 65, 76, 80 + 20 cstoku 25 (InnoDB)
- 36. INDEX D, J, Z INDEX A,B, D + A 1 INDEX F, H, J B 8 INDEX L, P, Z D 20 INDEX 20, 60, 80 INDEX 1, 8, 20 + 1 c-bata 24 INDEX 21, 50, 60 + 8 denari 23 INDEX 65, 76, 80 + 20 cstoku 25 (InnoDB)
- 37. INDEX D, J, Z INDEX A,B, D + A 1 INDEX F, H, J B 8 INDEX L, P, Z D 20 INDEX 20, 60, 80 INDEX 1, 8, 20 + 1 c-bata 24 INDEX 21, 50, 60 + 8 denari 23 INDEX 65, 76, 80 + 20 cstoku 25 (InnoDB) INDEX
- 38. INDEX D, J, Z INDEX A,B, D + A 1 INDEX F, H, J B 8 INDEX L, P, Z D 20 INDEX 20, 60, 80 INDEX 1, 8, 20 + 1 c-bata 24 INDEX 21, 50, 60 + 8 denari 23 INDEX 65, 76, 80 + 20 cstoku 25 (InnoDB)
- 39. INDEX D, J, Z INDEX A,B, D + A 1 INDEX F, H, J B 8 INDEX L, P, Z D 20 INDEX 20, 60, 80 INDEX 1, 8, 20 + 1 c-bata 24 INDEX 21, 50, 60 + 8 denari 23 INDEX 65, 76, 80 + 20 cstoku 25 (InnoDB) OFFSET
- 40. INDEX D, J, Z INDEX A,B, D + A 1 INDEX F, H, J B 8 INDEX L, P, Z D 20 INDEX 20, 60, 80 INDEX 1, 8, 20 + 1 c-bata 24 INDEX 21, 50, 60 + 8 denari 23 INDEX 65, 76, 80 + 20 cstoku 25 (InnoDB)
- 41. SELECT id FROMsnippets WHERE is_public = 1 AND created_at > '2018-09-15 08:28:53.312612’ ORDER BY created_at ASC LIMIT 101; ALTER TABLE snippets ADD INDEX ix_created_public(created_at, is_public); SQL Index
- 42. SELECT id FROMsnippets WHERE is_public = 1 AND created_at > '2018-09-15 08:28:53.312612’ ORDER BY created_at ASC LIMIT 101; ALTER TABLE snippets ADD INDEX ix_created_public(created_at, is_public); SQL Index id, is_public, created_at
- 43. SELECT id FROMsnippets WHERE is_public = 1 AND created_at > '2018-09-15 08:28:53.312612’ ORDER BY created_at ASC LIMIT 101; ALTER TABLE snippets ADD INDEX ix_created_public(created_at, is_public); SQL Index id, is_public, created_at
- 44. SELECT id FROMsnippets WHERE is_public = 1 AND created_at > '2018-09-15 08:28:53.312612’ ORDER BY created_at ASC LIMIT 101; ALTER TABLE snippets ADD INDEX ix_created_public(created_at, is_public); SQL Index id, is_public, created_at created_at is_public
- 46.
- 47. • • CDN (akamai,fastly, cloudflare, …) • (Nginx, apache, …) • Django • AnonRateThrottle • UserRateThrottle • ScopedRateThrottle
- 48. • CDN RateLimiting, DDoS Protection • https://docs.fastly.com/api/ • https://developer.akamai.com/blog/2018/05/30/ demystifying-api-rate-limiting • • https://www.nginx.com/blog/rate-limiting-nginx/
- 49. • AnonRateThrottle: • IP(X-Forwarded-For WSGI environ REMOTE_ADDR ) • UserRateThrottle: • • ScopedRateThrottle: •
- 50. • AnonRateThrottle: • IP(X-Forwarded-For WSGI environ REMOTE_ADDR ) • UserRateThrottle: • • ScopedRateThrottle: • CDN Nginx
- 51. • AnonRateThrottle: • IP(X-Forwarded-For WSGI environ REMOTE_ADDR ) • UserRateThrottle: • • ScopedRateThrottle: • Github
- 52. REST_FRAMEWORK = { 'DEFAULT_THROTTLE_CLASSES':( ‘rest_framework.throttling.AnonRateThrottle', ‘rest_framework.throttling.UserRateThrottle', ), 'DEFAULT_THROTTLE_RATES': { 'anon': ‘10/min', 'user': ‘100/min' } }
- 53. REST_FRAMEWORK = { 'DEFAULT_THROTTLE_CLASSES':( ‘rest_framework.throttling.AnonRateThrottle', ‘rest_framework.throttling.UserRateThrottle', ), 'DEFAULT_THROTTLE_RATES': { 'anon': ‘10/min', 'user': ‘100/min' } } sec, min, hour, day 1 s m, h, d
- 54. REST_FRAMEWORK = { 'DEFAULT_THROTTLE_CLASSES':( ‘rest_framework.throttling.AnonRateThrottle', ‘rest_framework.throttling.UserRateThrottle', ), 'DEFAULT_THROTTLE_RATES': { 'anon': ‘10/min', 'user': ‘100/min' } } Django LocalMemCache
- 55. REST_FRAMEWORK = { 'DEFAULT_THROTTLE_CLASSES':( ‘rest_framework.throttling.AnonRateThrottle', ‘rest_framework.throttling.UserRateThrottle', ), 'DEFAULT_THROTTLE_RATES': { 'anon': ‘10/min', 'user': ‘100/min' } } Github RateThrottle
- 56. https://github.com/c-bata/django-api-practices • • clients/dos.py :10 • clients/throttle_client.py : • • RATE_LIMIT=true • anon: 3req/s , user: 10req/s
- 57. • • clients/dos.py :10 • clients/throttle_client.py : • • RATE_LIMIT=true • anon: 3req/s , user: 10req/s https://github.com/c-bata/django-api-practices TokenBucketAlgorithm Python 2 14
- 60. • CDN Nginx •REST Framework 3 • UserRateLimit • Rate Limit
- 61.
- 62. • TokenAuthentication: • djangorestframework-jwt:JSON Web Token • https://github.com/GetBlimp/django-rest-framework-jwt • Refresh JWT
- 63. JWT JSON Web Token ClaimJSON ( RFC7519)
- 64.
- 65.
- 66.
- 67.
- 68. RS HS • HMAC:) HS256 • • • • : ) RS256. PS ES • •
- 69. RS HS • HMAC:) HS256 • • • • : ) RS256 • • HMAC
- 70. RS HS • HMAC:) HS256 • • • • : ) RS256 • • djangorestframework-jwt HS256
- 71. RS HS • HMAC:) HS256 • • • • : ) RS256 • • ) Firebase JWT
- 72. RS HS • HMAC:) HS256 • • • • : ) RS256 • • https://pyjwt.readthedocs.io/en/latest/algorithms.html PyJWT
- 73. • TokenAuthentication • djangorestframework-jwt •JWT • JWT • HMAC •
- 74. Topic 4 HATEOAS Versioning Specifying mediatype KEYWORDS
- 75. • HATEOAS (HypertextAs The Engine Of Application State) • • • API Django REST Framework
- 76. HATEOAS Hypertext As TheEngine Of Application State URI API DefaultRouter HyperLinkedModelSerializer $ curl http://localhost:8000/api/ | jq . { "snippets": "http://localhost:8000/api/snippets/" "users": “http://localhost:8000/api/users/“ }
- 77.
- 78. • rest_framework.urlpatterns.format_suffix_patterns $curl -H 'Accept: text/html' <your api endpoint> BrowsableAPIRenderer
- 79. $ curl -uuser:pass -d '{}' > http://127.0.0.1:8000/api/snippets/ | jq . { "title": [ " " ], "created_by": [ " " ] }
- 80.
- 81.
- 82.