7/30/2019 apidesignsecondedition-111103185958-phpapp02

1/106

RESTful API DesignSecond Edition

Brian Mulloy@landlessness

Apigee@apigee

11.03.11 @ 11:03:11 PST

Dial-in or VoIP

See Details in Chat Window

7/30/2019 apidesignsecondedition-111103185958-phpapp02

2/106

groups.google.com/group/api-craft

7/30/2019 apidesignsecondedition-111103185958-phpapp02

3/106

youtube.com/apigee

7/30/2019 apidesignsecondedition-111103185958-phpapp02

4/106

To be a RESTafarian or a Pragmatist?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

5/106

7/30/2019 apidesignsecondedition-111103185958-phpapp02

6/106

AppUser

APITeam

APIAppWorld ofAPIs

AppStore

InternalSystems

AppDeveloper

7/30/2019 apidesignsecondedition-111103185958-phpapp02

7/106

Application developers are raison d'trefor APIs.

7/30/2019 apidesignsecondedition-111103185958-phpapp02

8/106

Be pragmatic.For the benefit of application developers.

7/30/2019 apidesignsecondedition-111103185958-phpapp02

9/106

Pragmatic RESTful APIs are a design problem.

7/30/2019 apidesignsecondedition-111103185958-phpapp02

10/106

baddesigns.com

7/30/2019 apidesignsecondedition-111103185958-phpapp02

11/106

7/30/2019 apidesignsecondedition-111103185958-phpapp02

12/106

7/30/2019 apidesignsecondedition-111103185958-phpapp02

13/106

Paul Mijksenaar Design for Function Award 2011

7/30/2019 apidesignsecondedition-111103185958-phpapp02

14/106

7/30/2019 apidesignsecondedition-111103185958-phpapp02

15/106

Lets look at puppies.

7/30/2019 apidesignsecondedition-111103185958-phpapp02

16/106

hackett hackett

hackett hackett

http://www.flickr.com/photos/hackett/154894923/sizes/l/in/photostream/http://www.flickr.com/photos/hackett/154894923/sizes/l/in/photostream/http://www.flickr.com/photos/hackett/156760548/sizes/l/in/photostream/http://www.flickr.com/photos/hackett/156760548/sizes/l/in/photostream/http://www.flickr.com/photos/hackett/159428076/sizes/l/in/photostream/http://www.flickr.com/photos/hackett/159428076/sizes/l/in/photostream/http://www.flickr.com/photos/hackett/159428074/sizes/l/in/photostream/http://www.flickr.com/photos/hackett/159428074/sizes/l/in/photostream/

7/30/2019 apidesignsecondedition-111103185958-phpapp02

17/106

...

/getAllDogs

/locationVerify

/foodNeeded/createRecurringDogWalk

/giveDirectOrder

/healthCheck

/getRecurringDogWalkSchedule

/getLocation/getDog

/massDogParty

/getNewDogsSince

/getRedDogs

/getSittingDogs

/dogStateChangesSearch

/replaceSittingDogsWithRunningDogs

/saveDog

...

7/30/2019 apidesignsecondedition-111103185958-phpapp02

18/106

7/30/2019 apidesignsecondedition-111103185958-phpapp02

19/106

A puppys world is big.

7/30/2019 apidesignsecondedition-111103185958-phpapp02

20/106

JnL law_keven

Smithsonian's National Zoo hackett

http://www.flickr.com/photos/hackett/306923792/sizes/o/in/set-72157594146742722/http://www.flickr.com/photos/hackett/306923792/sizes/o/in/set-72157594146742722/http://www.flickr.com/photos/nationalzoo/4998899286/sizes/o/in/photostream/http://www.flickr.com/photos/nationalzoo/4998899286/sizes/o/in/photostream/http://www.flickr.com/photos/kevenlaw/2461340910/sizes/l/in/photostream/http://www.flickr.com/photos/kevenlaw/2461340910/sizes/l/in/photostream/http://www.flickr.com/photos/jnl/48331634/sizes/l/in/photostream/http://www.flickr.com/photos/jnl/48331634/sizes/l/in/photostream/

7/30/2019 apidesignsecondedition-111103185958-phpapp02

21/106

...

/getAllLeashedDogs

/verifyVeterinarianLocation

/feedNeededFood

/createRecurringMedication

/doDirectOwnerDiscipline

/doExpressCheckupWithVeterinarian

/getRecurringFeedingSchedule

/getHungerLevel

/getSquirrelsChasingPuppies

/newDogForOwner

/getNewDogsAtKennelSince

/getRedDogsWithoutSiblings

/getSittingDogsAtPark

/setLeashedDogStateTo

/replaceParkSittingDogsWithRunningDogs

/saveMommaDogsPuppies

...

...

/getAllDogs

/verifyLocation

/feedNeeded

/createRecurringWakeUp

/giveDirectOrder

/checkHealth

/getRecurringWakeUpSchedule

/getLocation

/getDog

/newDog

/getNewDogsSince

/getRedDogs

/getSittingDogs

/setDogStateTo

/replaceSittingDogsWithRunningDogs

/saveDog

...

7/30/2019 apidesignsecondedition-111103185958-phpapp02

22/106

We are on a slippery slope.

7/30/2019 apidesignsecondedition-111103185958-phpapp02

23/106

Keep the simple things simple.

7/30/2019 apidesignsecondedition-111103185958-phpapp02

24/106

Hopkinsii

http://www.flickr.com/photos/hopkinsii/2194298635/sizes/o/in/photostream/http://www.flickr.com/photos/hopkinsii/2194298635/sizes/o/in/photostream/

7/30/2019 apidesignsecondedition-111103185958-phpapp02

25/106

We only need two base URLs per resource.

7/30/2019 apidesignsecondedition-111103185958-phpapp02

26/106

The first is for a collection.

7/30/2019 apidesignsecondedition-111103185958-phpapp02

27/106

/dogs

7/30/2019 apidesignsecondedition-111103185958-phpapp02

28/106

The second is for an element.

7/30/2019 apidesignsecondedition-111103185958-phpapp02

29/106

/dogs/1234

7/30/2019 apidesignsecondedition-111103185958-phpapp02

30/106

POST

GETPUT

DELETE

7/30/2019 apidesignsecondedition-111103185958-phpapp02

31/106

CREATE

READUPDATE

DELETE

7/30/2019 apidesignsecondedition-111103185958-phpapp02

32/106

POSTcreate

GETread

PUTupdate

DELETEdelete

create anew dog

list dogs replacedogs withnew dogs

delete alldogs

treat as a

collectioncreate newdog in it

show Bo

if existsupdate Bo

if notcreate Bo

delete Bo

Resource

/dogs

/dogs/1234

Wikipedia

http://en.wikipedia.org/wiki/Representational_State_Transferhttp://en.wikipedia.org/wiki/Representational_State_Transfer

7/30/2019 apidesignsecondedition-111103185958-phpapp02

33/106

POSTcreate

GETread

PUTupdate

DELETEdelete

create anew dog

list dogs replacedogs withnew dogs

delete alldogs

treat as acollection

createnew dogin it

show Bo

if existsupdate Bo

if notcreate Bo

delete Bo

Resource

/dogs

/dogs/1234

Wikipedia

http://en.wikipedia.org/wiki/Representational_State_Transferhttp://en.wikipedia.org/wiki/Representational_State_Transfer

7/30/2019 apidesignsecondedition-111103185958-phpapp02

34/106

POSTcreate

GETread

PUTupdate

DELETEdelete

create anew dog

list dogs bulkupdatedogs

delete alldogs

error show Bo

if existsupdate Bo

if noterror

delete Bo

Resource

/dogs

/dogs/1234

Wikipedia

http://en.wikipedia.org/wiki/Representational_State_Transferhttp://en.wikipedia.org/wiki/Representational_State_Transfer

7/30/2019 apidesignsecondedition-111103185958-phpapp02

35/106

Verbs are bad.

7/30/2019 apidesignsecondedition-111103185958-phpapp02

36/106

Nouns are good.

7/30/2019 apidesignsecondedition-111103185958-phpapp02

37/106

Plurals or singulars?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

38/106

/checkins

Foursquare

/deals

GroupOn

/Product

Zappos

7/30/2019 apidesignsecondedition-111103185958-phpapp02

39/106

Plurals are better.

/dogs

7/30/2019 apidesignsecondedition-111103185958-phpapp02

40/106

Abstract or concrete naming?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

41/106

/things

/animals

/dogs

Super High

High

Medium

/beagles

Low

7/30/2019 apidesignsecondedition-111103185958-phpapp02

42/106

Concrete is better than abstract./dogs

7/30/2019 apidesignsecondedition-111103185958-phpapp02

43/106

What about associations?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

44/106

GET /owners/5678/dogs

POST /owners/5678/dogs

7/30/2019 apidesignsecondedition-111103185958-phpapp02

45/106

What about complex variations?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

46/106

Cody Simms

http://www.flickr.com/photos/jcodysimms/246024262/sizes/l/in/photostream/http://www.flickr.com/photos/jcodysimms/246024262/sizes/l/in/photostream/

7/30/2019 apidesignsecondedition-111103185958-phpapp02

47/106

Sweep variations under the ?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

48/106

/dogs?color=red&state=running&location=park

7/30/2019 apidesignsecondedition-111103185958-phpapp02

49/106

Hopkinsii

http://www.flickr.com/photos/hopkinsii/2194298635/sizes/o/in/photostream/http://www.flickr.com/photos/hopkinsii/2194298635/sizes/o/in/photostream/

7/30/2019 apidesignsecondedition-111103185958-phpapp02

50/106

/dogs

7/30/2019 apidesignsecondedition-111103185958-phpapp02

51/106

What about errors?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

52/106

meredithfarmer

http://www.flickr.com/photos/meredithfarmer/311658424/http://www.flickr.com/photos/meredithfarmer/311658424/

7/30/2019 apidesignsecondedition-111103185958-phpapp02

53/106

Facebook

{"type":"OAuthException","message":"(#803) Some

of the aliases you requested do not exist:

foo.bar"}

HTTP Status Code: 200

{"status":401,"message":"Authenticate","code":

20003,"more_info":"http://www.twilio.com/docs/

errors/20003"}

Twilio HTTP Status Code: 401

{"code":401,"message":"Authentication

Required"}

SimpleGeo HTTP Status Code: 401

http://www.twilio.com/docs/errors/20003http://www.twilio.com/docs/errors/20003http://www.twilio.com/docs/errors/20003http://www.twilio.com/docs/errors/20003

7/30/2019 apidesignsecondedition-111103185958-phpapp02

54/106

200 - OK

{message : Verbose, plain language

description of the problem with hints abouthow to fix it.

more_info : http://dev.teachdogrest.com/

errors/12345}

Code for code

Message for people

401 - Unauthorized

http://en.wikipedia.org/wiki/List_of_HTTP_status_codes

http://dev.teachdogrest.com/http://dev.teachdogrest.com/http://en.wikipedia.org/wiki/List_of_HTTP_status_codeshttp://en.wikipedia.org/wiki/List_of_HTTP_status_codeshttp://dev.teachdogrest.com/http://dev.teachdogrest.com/http://dev.teachdogrest.com/http://dev.teachdogrest.com/

7/30/2019 apidesignsecondedition-111103185958-phpapp02

55/106

What about versioning?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

56/106

/2010-04-01/Accounts/

Twilio

/services/data/v20.0/sobjects/Account

salesforce.com

?v=1.0

Facebook

7/30/2019 apidesignsecondedition-111103185958-phpapp02

57/106

/v1/dogs

7/30/2019 apidesignsecondedition-111103185958-phpapp02

58/106

Please give me exactly what I need.

7/30/2019 apidesignsecondedition-111103185958-phpapp02

59/106

/people:(id,first-name,last-name,industry)

LinkedIn

/joe.smith/friends?fields=id,name,picture

Facebook

?fields=title,media:group(media:thumbnail)

Google (partial response)

https://graph.facebook.com/bgolub?fields=id,name,picturehttps://graph.facebook.com/bgolub?fields=id,name,picture

7/30/2019 apidesignsecondedition-111103185958-phpapp02

60/106

/dogs?fields=name,color,location

7/30/2019 apidesignsecondedition-111103185958-phpapp02

61/106

What about pagination?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

62/106

offsetlimit

Facebook

page

rpp

Twitter

start

count

LinkedIn

7/30/2019 apidesignsecondedition-111103185958-phpapp02

63/106

/dogs?limit=25&offset=50

7/30/2019 apidesignsecondedition-111103185958-phpapp02

64/106

What about formats?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

65/106

?alt=json

Google Data

/venue.json

Foursquare

Accept: application/json

Digg*

?type=json

* The type argument, if present, overrides the Accept header.

7/30/2019 apidesignsecondedition-111103185958-phpapp02

66/106

/dogs.json

/dogs/1234.json

7/30/2019 apidesignsecondedition-111103185958-phpapp02

67/106

What about defaults?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

68/106

json

Format

Pagination (depends on data size)

limit=10&offset=0

7/30/2019 apidesignsecondedition-111103185958-phpapp02

69/106

What about attribute names?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

70/106

"created_at": "Thu Nov 03 05:19:38 +0000 2011"

Twitter

"DateTime": "2011-10-29T09:35:00Z"

Bing

"createdAt": 1320296464

Foursquare

https://graph.facebook.com/bgolub?fields=id,name,picturehttps://graph.facebook.com/bgolub?fields=id,name,picture

7/30/2019 apidesignsecondedition-111103185958-phpapp02

71/106

var myObject = JSON.parse(response);

JSON is for JavaScript Objects

timing = myObject.created_at;

These looks funny in JavaScript

timing = myObject.DateTime;

7/30/2019 apidesignsecondedition-111103185958-phpapp02

72/106

"createdAt": 1320296464

JavaScript Convention

Medial Capitalization aka CamelCase

timing = myObject.createdAt;

7/30/2019 apidesignsecondedition-111103185958-phpapp02

73/106

What about non-resource-y stuf

?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

74/106

Calculate

Translate

Convert

7/30/2019 apidesignsecondedition-111103185958-phpapp02

75/106

/convert?from=EUR&to=CNY&amount=100

Use verbs not nouns

7/30/2019 apidesignsecondedition-111103185958-phpapp02

76/106

What about searching?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

77/106

/search?q=fluffy+fur

Global

/owners/5678/dogs/search?q=fluffy+furScoped

/search.xml?q=fluffy+fur

Formatted

7/30/2019 apidesignsecondedition-111103185958-phpapp02

78/106

What about counts?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

79/106

/dogs/count

7/30/2019 apidesignsecondedition-111103185958-phpapp02

80/106

What about the rest of the URL?

graph.facebook.comFacebook

7/30/2019 apidesignsecondedition-111103185958-phpapp02

81/106

api.foursquare.comFoursquare

developers.foursquare.com

g pFacebook

developers.facebook.com

api.twitter.comTwitter

search.twitter.com

api.facebook.com

dev.twitter.com

stream.twitter.com

7/30/2019 apidesignsecondedition-111103185958-phpapp02

82/106

api.teachdogrest.com

developers.teachdogrest.com

API gateway

Developer connection

api ! developers (if from browser)

Do web redirects

dev ! developers

developer ! developers

7/30/2019 apidesignsecondedition-111103185958-phpapp02

83/106

What about exceptional stuf

?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

84/106

Client intercepts HTTP error codes

7/30/2019 apidesignsecondedition-111103185958-phpapp02

85/106

{"error" : "Could not authenticate

you." }

Twitter

HTTP Status Code: 200

/public_timelines.json?

suppress_response_codes=true

Al t OK

7/30/2019 apidesignsecondedition-111103185958-phpapp02

86/106

200 - OK

Code for code ignoring

{response_code : 401, message :

Verbose, plain language description of the

problem with hints about how to fix it.

more_info : http://dev.teachdogrest.com/

errors/12345, code : 12345}

Message for people & code

/dogs?suppress_response_codes=true

Always returns OK

http://dev.teachdogrest.com/http://dev.teachdogrest.com/http://dev.teachdogrest.com/http://dev.teachdogrest.com/http://dev.teachdogrest.com/http://dev.teachdogrest.com/

7/30/2019 apidesignsecondedition-111103185958-phpapp02

87/106

Client supports limited HTTP methods

7/30/2019 apidesignsecondedition-111103185958-phpapp02

88/106

Method Parameter

/dogs?method=post

create

/dogs

read

/dogs/1234?method=put&location=park

update

/dogs/1234?method=delete

delete

7/30/2019 apidesignsecondedition-111103185958-phpapp02

89/106

What about authentication?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

90/106

Permissions Service API

PayPal

OAuth 2.0

Facebook

OAuth 1.0aTwitter

7/30/2019 apidesignsecondedition-111103185958-phpapp02

91/106

OAuth 2.0

Use latest and greatest OAuth

Dont do something close, but diferent.

7/30/2019 apidesignsecondedition-111103185958-phpapp02

92/106

How do application developers use the API?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

93/106

What about chatty applications?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

94/106

First be complete & RESTful.

Then provide shortcuts.

7/30/2019 apidesignsecondedition-111103185958-phpapp02

95/106

/owners/5678?fields=name,dogs(name)

Partial response syntax can help.

7/30/2019 apidesignsecondedition-111103185958-phpapp02

96/106

What about when building an UIrequires a lot of domain knowledge?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

97/106

7/30/2019 apidesignsecondedition-111103185958-phpapp02

98/106

Complement your API with codelibraries and SDK.

7/30/2019 apidesignsecondedition-111103185958-phpapp02

99/106

Really? All of this? And iterate it?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

100/106

7/30/2019 apidesignsecondedition-111103185958-phpapp02

101/106

API Virtualization Layer

Application

APIAPI API

7/30/2019 apidesignsecondedition-111103185958-phpapp02

102/106

Be RESTfulOnly 2 URLsNo verbsUse nouns as plurals

Concrete over abstractFor JSON follow JavaScript conventionsSweep complexity behind the ?Borrow from leading APIs

Account for exceptional clientsAdd virtualization layer

7/30/2019 apidesignsecondedition-111103185958-phpapp02

103/106

Questions?

7/30/2019 apidesignsecondedition-111103185958-phpapp02

104/106

THANK YOUSubscribe to API webinars at:

youtube.com/apigee

7/30/2019 apidesignsecondedition-111103185958-phpapp02

105/106

THANK YOUQuestions and ideas to:

groups.google.com/group/api-craft

7/30/2019 apidesignsecondedition-111103185958-phpapp02

106/106

THANK YOUContact me at:

@landlessness

brian@apigee.com

mailto:brian@apigee.commailto:brian@apigee.com