Stuff I've Been Part Of

  • The League of Extraordinary Packages
  • PHP The Right Way
  • CodeIgniter
  • PyroCMS
  • FuelPHP
  • PHP-FIG
  • PancakeApp
  • Build APIs You Won't Hate

From Bristol 🇬🇧

HORROR STORIES!

Don't Do Slow Stuff

  • Async as much as you can
  • Tell clients where to get updates
  • Sockets, web hooks, or even long-polling!

Check Your Async Code Is Actually Quicker!

  • Maybe put that image straight on S3
  • Redis maybe doesn't need 1 megabyte files going into the queue
  • Definitely don't base64 encode them!

The most daft performance issue

/users/123 => /users/#{nil} => /users/

Restrict pagination limit size!


if ($limit < 1 || $limit > 100) {

  $limit = 100;

}

Don't let an unpaginated endpoint be a DDoS vector.

Includes are cool

But, restrict what people can include.

?include=literally,everything,in,
the,goddam,database,what,is,
happening,so,slow,help,me,database,
server,is,on,fire,agggghhhhhh

Another Easy Idea: Use SSL

Come on folks, it's free.

Go to letsencrypt.org

Instagram Didn't

Mazin Ahmed

Runscope helps you catch liars

Server Errors on 200

  • Nothing to do with REST
  • RPC should use status codes properly too!
  • Runscope, New Relic etc. will not report
🤖 Blorp, I'm a robot, and I have no idea what this means!

{
  "error": {
    "errors": [
      {
        "domain": "youtube.parameter",
        "reason": "missingRequiredParameter",
        "message": "No filter selected.",
        "locationType": "parameter",
        "location": ""
      }
    ],
    "code": 400,
    "message": "No filter selected."
  }
}
					
🙋 Hi, I'm a human and I have no idea what this means!

{
  "error": {
    "errors": [
      {
        "domain": "youtube.parameter",
        "reason": "missingRequiredParameter",
        "message": "No filter selected.",
        "locationType": "parameter",
        "location": ""
      }
    ],
    "code": 400,
    "message": "No filter selected."
  }
}
					
Oh I'm missing the 'filter' parameter?
WRONG!

Needed to add &mine=true to URL...

🤔 😫

Only the following status codes will be cached by default: - 200: OK - 203: Non-Authoritative Information - 300: Multiple Choices - 301: Moved Permanently - 302: Moved Temporarily - 304: Not modified - 307: Temporary Redirect - 410: Gone - 404: Not Found **Source:** [varnish-software.com](http://book.varnish-software.com/4.0/chapters/VCL_Basics.html)

							if (beresp.status == 429) {
								set beresp.ttl = 0s;
							}
						

Talking over HTTP

  • Expect the worst from everyone
  • The response might not contain JSON
  • The response might be empty
  • The response might never come!

def get_something(id)
response = JSON.parse(client.get('/api/something/'+id))

if response['RESPONSE']['CODE'] == "SUCCESS"
  return response
elsif response['RESPONSE']['CODE'] == 'NOT FOUND'
  return response
else
  message = response['RESPONSE']['APIERROR']
  raise SomeError, "Error from third-party API: #{message}."
end
end
					
  • This will explode in so many ways

Talking over HTTP

  • If it's not JSON, catch that exception

def get_something(id)
response = JSON.parse(client.get('/api/something/'+id))

if response['RESPONSE']['CODE'] == "SUCCESS"
  return response
elsif response['RESPONSE']['CODE'] == 'NOT FOUND'
  return response
else
  message = response['RESPONSE']['APIERROR']
  raise SomeError, "Error from third-party API: #{message}."
end
rescue JSON::ParserError => e
raise HttpServerError, "Service returned invalid JSON data"
end
					

Talking over HTTP

  • The response might be empty if its a timeout

def get_something(id)
response = JSON.parse(client.get('/api/something/'+id))

if response.nil?
  raise HttpServerError, "Service returned an empty response"
end

# ... success or fail

rescue JSON::ParserError => e
raise HttpServerError, "Service returned invalid JSON data"
end
					

Talking over HTTP

  • The response might be a weird shape

def get_something(id)
response = JSON.parse(client.get('/api/something/'+id))

if response.nil?
  raise HttpServerError, "Service returned an empty response"
end

unless response['RESPONSE'] && response['RESPONSE']['CODE']
  raise HttpServerError, "Service returned an unexpected response: #{response}"
end

# ... success or fail

rescue JSON::ParserError => e
raise HttpServerError, "Service returned invalid JSON data"
end
					

Documentation is not optional

Learn how to build docs: bit.ly/api-doc-video