The dark side of the app

50 %
50 %
Information about The dark side of the app

Published on September 28, 2015

Author: SimoneDiMaulo

Source: slideshare.net

1. THE DARK SIDE OF THE APP

2. WHO ARE WE ?

3. SIMONE DI MAULO Backend Developer @Kataskopeo.com aka @toretto460 Pugger since 2012

4. CLAUDIO D’ALICANDRO Backend developer @Chupamobile.com @ClaudioSThought on twitter Pugger since 2013

5. PUG ROMA Monthly Meetings

6. TECH TALKS PHP Fast API by @toretto460 ZendFramework by @lorenzoferrara Laravel by @malatestafra MongoDB by @kekko … take a look at http://roma.grusp.org/

7. PROJECTS https://github.com/PUGX

8. THE DARK SIDE OF THE APP

9. android iOS

10. APIs

11. i have a product i have a service

12. i need APIs

13. DURABLE

14. EASY TO EVOLVE

15. SCALABLE

16. Booking Engine APIs

17. Booking engine requirements ● A user should be able to find a hotel so that he can check the availability. ● A user should be able to show a list of room with details so that he can choose one of them. ● A user should be able to find a hotel for the given check-in/check-out date so that he can make a reservation by choosing a free room.

18. Booking engine APIs ● Check the hotel availability ● Show the room detail ● Book a room ● Check the room availability ● Modify a booking ● Cancel a booking

19. RPC Exposing the booking functionality as function calls that accept parameters.

20. RPC - Style POST /booking-engine Host: my-hotel.com { "action": "findHotelsByCity", "args": { "city": "Todi", "order_by": "distance" } }

21. RPC - Style HTTP/1.1 200 OK { "hotels": [ { "id": "dahu5942hfki58-fjaau7645-lo987", "name": "Hotel Europa", "coordinates": { "lat": ..., "long": ...} }, { "id": "dr594dahty71013-jfuh628fh47ft37", "name": "Hotel Asia", "coordinates": { "lat": ..., "long": ...} } ] }

22. RPC - Style POST /booking-engine Host: my-hotel.com { "action": "getAvailability", "args": { "interval": { "checkin": "2015-09-26", "checkout": "2015-09-27" }, "hotel_id": "dahu5942hfki58-fjaau7645-lo987" } }

23. There is no contract between client and server

24. Hard to evolve

25. Hard to cache

26. too much lacks!

27. SOAP is the key ● a structured definition - WSDL ✓ ● Transactions ✓ ● WS-Security ✓

28. SOAP - Request POST /FindHotelByCity.asmx HTTP/1.1 Host: my-hotel.com Content-Type: text/xml; charset=utf-8 SOAPAction: "http://my-hotel.com/FindHotelByCity" <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://my- hotel.com/"> <SOAP-ENV:Body> <ns1:HotelsToFind> <ns1:City>Todi</ns1:City> </ns1:HotelsToFind> </SOAP-ENV:Body> </SOAP-ENV:Envelope>

29. SOAP - Response HTTP/1.1 200 OK Cache-Control: private, max-age=0 <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3. org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Body> <HotelList> <Hotel id="w3dhfu8272dlo-ldo8364j"> <Name>Hotel Europa</Name> <Coordinates lat=".." lon=".."><Coordinates> </Hotel> <Hotel id="w3dhfu8272dlo-ldo8364j"> <Name>Hotel Europa</Name> <Coordinates lat=".." lon=".."><Coordinates> </Hotel> </HotelList> </soap:Body> </soap:Envelope>

30. is SOAP the key ? ● Documentation NOT SO READABLE ● Tunneling over HTTP POST BAD ● Non standard Errors BAD ● Impossible to CACHE REALLY BAD

31. Use a contract don’t expose the domain logic

32. scalable

33. decoupled

34. IS SOAP THE KEY?

35. MAYBE NOT

36. REST

37. REST is an architectural style

38. REST gives a coordinated set of constraints

39. REST Constraints ● Client-Server model ● Stateless ● Cacheable ● Layered System ● Uniform Interface ○ Identification of resources ○ Manipulation of resources through these representations ○ Hypermedia as the engine of application state

40. Identification of RESOURCES We are talking about RESOURCES Well designed URIs

41. RESOURCES /api/booking-engine /api/hotels /api/hotels?city=Todi /api/hotels/12356/rooms ✗ ✓ ✓ ✓

42. Booking engine APIs ● Check the hotel availability ● Show the room detail ● Book a room ● Check the room availability ● Modify a booking ● Cancel a booking

43. Check the Hotel availability - RPC POST /booking-engine-api { "action": "findRoom", "params": { "hotel": 12456, "interval": { "checkin": "2015-10-01", "checkout": "2015-10-09" }, "pax": 3 } } HTTP/1.1 200 OK Date: Sun, 27 Sep 2015 10:00:45 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache { "rooms": [ { "id": 567, "beds": ["single", "double"], "amenities": [...] }, ... ] }

44. Check the Hotel availability - REST GET /api/hotels/12456/rooms?checkin=2015- 10-01&checkout=2015-10-09&pax=3 HTTP/1.1 200 OK Date: Sun, 27 Sep 2015 10:00:45 GMT { "rooms": [ { "id": 567, "beds": ["single", "double"], "amenities": [...] }, ... ] }

45. Does not change until next booking

46. LET’S CACHE

47. HTTP CACHE HTTP/1.1 200 OK Date: Sun, 27 Sep 2015 10:00:45 GMT Cache-Control: public, max-age=600 ETag: db87ju95dgtyg-12348765209 Expiration modelValidation model

48. I CAN’T CACHE IT POST /booking-engine-api { "action": "findRoom", "params": { "interval": { "checkin": "2015-10-01", "checkout": "2015-10-09" }, "pax": 3 } "hotel": 12456 }

49. VERBS What’s the difference between GET and POST ?

50. GET HEAD PUT POST PATCH OPTIONS DELETE VERBS

51. GET HEAD PUT POST PATCH OPTIONS DELETE SAFE

52. GET HEAD PUT POST PATCH OPTIONS DELETE IDEMPOTENT

53. ERROR HANDLING

54. Check the Hotel availability GET /api/hotels/12456/rooms?checkin=2015-10-01&checkout=2015-10-09&pax=3 HTTP/1.1 200 OK Date: Sun, 27 Sep 2015 10:00:45 GMT { "error": "Hotel Not Found" }

55. STATUS CODES 100 HTTP CONTINUE 101 HTTP SWITCHING PROTOCOLS 102 HTTP PROCESSING 201 HTTP CREATED 202 HTTP ACCEPTED 203 HTTP NON AUTHORITATIVE INFORMATION 204 HTTP NO CONTENT 205 HTTP RESET CONTENT 206 HTTP PARTIAL CONTENT 207 HTTP MULTI STATUS 208 HTTP ALREADY REPORTED 226 HTTP IM USED 300 HTTP MULTIPLE CHOICES 301 HTTP MOVED PERMANENTLY 302 HTTP FOUND 303 HTTP SEE OTHER 304 HTTP NOT MODIFIED 305 HTTP USE PROXY 306 HTTP RESERVED 307 HTTP TEMPORARY REDIRECT 308 HTTP PERMANENTLY REDIRECT 400 HTTP BAD REQUEST 401 HTTP UNAUTHORIZED 402 HTTP PAYMENT REQUIRED 403 HTTP FORBIDDEN 404 HTTP NOT FOUND 405 HTTP METHOD NOT ALLOWED 406 HTTP NOT ACCEPTABLE 407 HTTP PROXY AUTHENTICATION REQUIRED 408 HTTP REQUEST TIMEOUT 409 HTTP CONFLICT 410 HTTP GONE 411 HTTP LENGTH REQUIRED 412 HTTP PRECONDITION FAILED 413 HTTP REQUEST ENTITY TOO LARGE 414 HTTP REQUEST URI TOO LONG 415 HTTP UNSUPPORTED MEDIA TYPE 416 HTTP REQUESTED RANGE NOT SATISFIABLE 417 HTTP EXPECTATION FAILED 418 HTTP I AM A TEAPOT 422 HTTP UNPROCESSABLE ENTITY 423 HTTP LOCKED 424 HTTP FAILED DEPENDENCY 425 HTTP RESERVED FOR WEBDAV ADVANCED … 426 HTTP UPGRADE REQUIRED 428 HTTP PRECONDITION REQUIRED 429 HTTP TOO MANY REQUESTS 431 HTTP REQUEST HEADER FIELDS TOO LARGE 500 HTTP INTERNAL SERVER ERROR 501 HTTP NOT IMPLEMENTED 502 HTTP BAD GATEWAY 503 HTTP SERVICE UNAVAILABLE 504 HTTP GATEWAY TIMEOUT 505 HTTP VERSION NOT SUPPORTED 506 HTTP VARIANT ALSO NEGOTIATES EXPERIMENTAL 507 HTTP INSUFFICIENT STORAGE ... 200 HTTP OK SOAP is here

56. USE THE RIGHT STATUS CODE GET /api/hotels/12456/rooms?checkin=2015-10-01&checkout=2015-10-09&pax=3 {...} HTTP/1.1 200 OK {"error": "Hotel Not Found"} HTTP/1.1 404 Not Found

57. BE STANDARD

58. MIDDLEWARE

59. ex. MIDDLEWARE

60. ex. MIDDLEWARE

61. ex. MIDDLEWARE

62. ex. MIDDLEWARE

63. ex. MIDDLEWARE var app = require('express')(); var logger = new (winston.Logger)({ transports: [ new (winston.transports.Console)({ level: 'info' }) ] }); app.use(function(req, res, next) { logger.info("Received request: %s", JSON.stringify({ headers: req.headers, method: req.method, url: req.url }) ); next(); }); var server = app.listen(3000);

64. ex. MIDDLEWARE // File web/app.php require_once __DIR__.'/../app/bootstrap.php.cache'; require_once __DIR__.'/../app/AppKernel.php'; require_once __DIR__.'/../app/AppCache.php'; use SymfonyComponentHttpFoundationRequest; $kernel = new AppKernel('prod', false); $kernel->loadClassCache(); // wrap the default AppKernel with the AppCache one $kernel = new AppCache($kernel); $request = Request::createFromGlobals(); $response = $kernel->handle($request); $response->send(); $kernel->terminate($request, $response);

65. How REST is your API ?

66. Richardson Maturity Model Level 0 - Plain Old XML Level 1 - Resources Level 2 - HTTP Verbs Level 3 - Hypermedia Controls

67. HYPERMEDIA

68. HYPERMEDIA EXAMPLE { "links": [ { "rel": "new", "href": "http://mycompany.hotels/api/hotels/12456/room/new" }, ], "rooms": [ { "id": 567, "beds": ["single", "double"], "links": [ { "rel": "self", "href": "http://mycompany.hotels/api/hotels/12456/room/567" }, { "rel": "amenities", "href": "http://mycompany.hotels/api/hotels/12456/room/567/amenities" } ] }, ... ] }

69. THE RESPONSE FOR THE CUSTOMER # The Customer (from Android client) GET /api/hotels/12456/room/new HTTP/1.1 Host: mycompany.hotels HTTP/1.1 403 Forbidden

70. THE RESPONSE FOR THE ADMIN # The Admin (From the SPA in the backoffice) GET /api/hotels/12456/room/new HTTP/1.1 Host: mycompany.hotels HTTP/1.1 200 OK { "links": { "ref": "action", "method": "POST" "href": "http://mycompany.hotels/api/hotels/12456/room" } room: { "beds": { "multiple": true, "options": { "single": { "label": "Single" }, "double": { "label": "Double" } }, } } }

71. HATEOAS

72. GETHEAD PUT POST PATCH OPTIONS DELETE VERBS new edit remove

73. Haters gonna HATEOAS

74. HATEOAS ISN’T A SILVER BULLET The documentation is important, but instead of explaining what to look for and where, should explain how to look and how to interpret the resources.

75. WITHSTAND BREAKING CHANGES “The foolish and the dead alone never change their opinions” - James Russell Lowell -

76. API VERSIONING

77. Versioning an interface is just a "polite" way to kill deployed clients. — Roy Fielding.

78. WRONG WAY #1 Versioning the url GET /api/v2/your/resource/id Host: yoursite.com

79. WRONG WAY #2 Versioning by header GET /api/your/resource/id Host: yoursite.com X-api-version: 2

80. WRONG WAY #3 Versioning by content type GET /api/your/resource/id Host: yoursite.com Accept: application/vnd.mycorp.bookings.v2+json Vary: Accept

81. Utopia is not a destination but a direction

82. Questions ?

83. Thank You!

Add a comment

Related pages

App - Dark Side

Dark Side of the Chew is a cinematic first as director Andrew Nisker travels our planet and speaks to gobs of manufacturers, activists, and scientists to ...
Read more

Google | Star Wars: Awaken the Force Within

Awaken the Force within you. Choose a side and your Google apps will follow your path. Dark side or ... Play Store Download the Star Wars app from the ...
Read more

Dark Side Bakery: Apps backen mit Microsoft | Gründerszene

Auf der dunklen Seite gibt es nicht nur Kekse und essbare Knete: Seit Anfang Mai lädt Microsoft interessierte App-Entwickler und Gründer in die Dark Side ...
Read more

Dark Side of Technology - Android Apps und Tests - AndroidPIT

The Dark Side of Technology App is a resource to assist in identifying the negative aspects of Internet technology for the purpose of avoiding danger and ...
Read more

"Dark Side" Video Star App - YouTube

Music video of "Dark Side" by Kelly Clarkson. I love this App. :) ... I love this App. :) Created using Video Star: http://VideoStarApp.com/FREE.
Read more

Dark Sky Weather App for iOS and Android

Dark Sky weather apps provide the most accurate source of hyperlocal weather information. ... specifically for the app. As an independent service, ...
Read more

Dark Side Arises for Phone Apps - WSJ

... businesses and consumers are beginning to confront a budding dark side of ... downloaded from the App Store may still be harmful," wrote ...
Read more

The Google app: The Dark Side - YouTube

Feel the power of the Google app. Meet the Google app. The smart way to ... Choose between the light and the dark side in Google's Star ...
Read more

TalkOMeter - Android Apps und Tests - AndroidPIT

Dies ist die Begleit-App zum Vortrag App-ocalypse Now (The dark side of your App). Der Talk wird ab April 2015 auf mehreren Konferenzen in Deutschland ...
Read more

DarkSideLoader: Illegale Appstores haben es auf iOS-Geräte ...

Name der App: Herausgeber: Minecraft: Pocket Edition: Mojang: Heads Up! Warner Bros: Cut the Rope: Magic ZeptoLab UK Limited: NBA 2K16 2K: Geometry Dash
Read more