47
Building Scalable RESTFul Services Luis Majano @lmajano @ortussolutions

Building sustainable RESTFul services

Embed Size (px)

Citation preview

Page 1: Building sustainable RESTFul services

Building Scalable RESTFul Services

Luis Majano@lmajano @ortussolutions

Page 2: Building sustainable RESTFul services

WHO AM I?

• Luis Majano - Computer Engineer

• Imported from El Salvador ————>

• Computer Engineer

• Adobe Community Professional

• CEO of Ortus Solutions

www.ortussolutions.com@ortussolutions

@lmajano

Page 3: Building sustainable RESTFul services

PROFESSIONAL OPEN SOURCE

• ContentBox Modular CMS, ColdBox MVC, CommandBox Package Manager

• Ortus University

• Support & Mentoring Plans

• Architecture & Design

• Infrastructure Design & Setup

• Code Reviews & Sanity Checks

• Application Development

[email protected]@ortussolutions

Page 4: Building sustainable RESTFul services

What are APIsWhat is REST

BenefitsPrinciples

Good DesignTooling

Page 5: Building sustainable RESTFul services
Page 6: Building sustainable RESTFul services
Page 7: Building sustainable RESTFul services
Page 8: Building sustainable RESTFul services

• We live in a mobile world• APIs are what powers our mobile world• Growth is exponential• Provides new ways to do business• Evolve or you will be left behind

WHY APIS ARE IMPORTANT

Page 9: Building sustainable RESTFul services

API GROWTH

Page 10: Building sustainable RESTFul services

MOTIVATIONAL QUOTES

“APIs are how we are going to build software in the future, we are just going to glue it together.”

- John Musser, founder of ProgrammableWeb

“The secret of change is to focus all of your energy, not on fighting the old, but on building the new”

- Socrates

Page 11: Building sustainable RESTFul services

REST = Representational State Transfer

• An architectural style (2000)• Standard for web + mobile apps• Adhere to best practices• Low ceremony web services • Leverage the HTTP/S Protocol• Resource Oriented not RPC Oriented

Page 12: Building sustainable RESTFul services

LOW CEREMONY

SOAP - XML

VS

REST - JSON(HTTP/S)

Headers

Params

Body

Method+URI

Page 13: Building sustainable RESTFul services

SOAP vs REST

Page 14: Building sustainable RESTFul services

/user/:usernameResource

AbstractedCanbeNestedCanpointtoanyinternalRPCcallCanbelayeredFlexible

getUser(‘lmajano’)RemoteProcedureCall

CouplingStaticRefactoringProblemsInflexible

RESOURCE VS RPC

Page 15: Building sustainable RESTFul services

RESTFUL BENEFITS

• Abstractions

• Easier to scale

• Easy to refactor

• Easier to layer

• Much Less bandwidth

Page 16: Building sustainable RESTFul services

RESTFUL PRINCIPLES

• Protocol -> HTTP/S

• Addressability

• Protocol Uniformity

• Model Representations

• Stateless

Page 17: Building sustainable RESTFul services

Addressability - ResourcesObjects/Resources can be addressable via a URI

/api/user/luis/api/user/tweets

RESTFUL PRINCIPLES

Page 18: Building sustainable RESTFul services

RESTFUL PRINCIPLES

Protocol UniformityLeveraging HTTP Verbs + HTTP Headers

Page 19: Building sustainable RESTFul services

Model RepresentationsModels in different formats: json, xml, rss, pdf, etc

200 OKContent-Type: application/json+userdb{ "users": [ { "id": 1, "name": "Emil", "country: "Sweden", "links": [ { "href": "/user/1", "rel": "self", "method": "GET" }, { "href": "/user/1", "rel": "edit", "method": "PUT" }, { "href": "/user/1", "rel": "delete", "method": "DELETE" } ] }, { "id": 2, "name": "Adam", "country: "Scotland", "links": [ { "href": "/user/2", "rel": "self",

RESTFUL PRINCIPLES

Page 20: Building sustainable RESTFul services

RESTFUL PRINCIPLES

StatelessPerformance, reliability, and ability to scale

Page 21: Building sustainable RESTFul services

LET’S APPLY THESE PRINCIPLES

Page 22: Building sustainable RESTFul services

10 STEPS TO GREATNESS

1. Resource Naming2. HTTP Verb Usage3. Meaningful Status Codes4. Modeling + Documentation 5. Uniformity 6. Security7. Versioning (Modularity)8. Performance9. Testability10.Tools

Page 23: Building sustainable RESTFul services

1. RESOURCE NAMING

1. URI Centric2. Use nouns, avoid verbs (HTTP Verbs)3. Deeper you go in the resource the more detail4. URL Params (Options)5. Headers (Auth+Options)6. This is where a modeling tool can help

/customers Get - List customers Post - Create new customer

/customer/:id Get - Show customer Put - Update customer Delete - Delete customer

/customer/:id/invoices Get - All invoices Post - Create invoice

/customer/:id/invoice/:invoiceID Get - Show invoice Put - Update invoice Delete -Delete invoice

Page 24: Building sustainable RESTFul services

2. HTTP VERB USAGE

Operation Verb

Create POST

Read GET

Update PUT

Single item update PATCH

Delete DELETE

Info/Metadata HEAD

Resource Doc OPTIONS

Page 25: Building sustainable RESTFul services

3. MEANINGFUL STATUS CODES

Code Description

200 OK, usually a representation

201 New resource, check headers for URI

202 Accepted (ASYNC), check headers or response for tokens

203 Non-authoritative (Usually a cached response)

204 No Content, but processed

205 Reset Content

206 Partial Results (Usually pagination)

Code Description

400 Bad Request

401 Unauthorized

402 Payment Required

403 Forbidden

404 Not Found

405 Method not allowed

406 Not acceptable (Validation, invalid data)

408 Request Timeout

410 Resource Gone

429 Too Many Requests

500 Server Error

Page 26: Building sustainable RESTFul services

4. MODELING + DOCUMENTATION

Page 27: Building sustainable RESTFul services

4. MODELING + DOCUMENTATION

• Swagger Standard (swagger.io)• YML or JSON

• Swagger based tool: ColdBox Relax• Model RESTFul Services• Scaffold MVC Routes• Documentation Exporter (HTML,PDF,etc)• Tester• Swagger Import/Export

boxinstallrelax—saveDev

Page 28: Building sustainable RESTFul services

SWAGGER JSON{swagger:"2.0",info:{description:"ThisisasampleserverPetstoreserver.YoucanfindoutmoreaboutSwaggerat[http://swagger.io](http://swagger.io)oron[irc.freenode.net,#swagger](http://swagger.io/irc/).Forthissample,youcanusetheapikey`special-key`totesttheauthorizationfilters.",version:"1.0.0",title:"SwaggerPetstore",termsOfService:"http://swagger.io/terms/",contact:{email:"[email protected]"},license:{name:"Apache2.0",url:"http://www.apache.org/licenses/LICENSE-2.0.html"}},host:"petstore.swagger.io",basePath:"/v2",tags:[{name:"pet",description:"EverythingaboutyourPets",externalDocs:{description:"Findoutmore",url:"http://swagger.io"}},{name:"store",description:"AccesstoPetstoreorders"},{

Page 29: Building sustainable RESTFul services

RELAX MODELfunctionconfigure(){ //ThisiswherewedefineourRESTfulservice,thisisusually //ourfirstplacebeforeevenbuildingit,wespecitout. this.relax={ //ServiceTitle title="ForgeBoxIO", //ServiceDescription description="ThisAPIpowersForgeBox", //Serviceentrypoint,canbeasinglestringornamevaluepairstodenotetiers //entryPoint="http://www.myapi.com", entryPoint={ dev ="http://localhost:9095/api/v1", stg ="http://forgebox.stg.ortussolutions.com/api/v1", prd ="http://forgebox.io/api/v1" }, //DoesithaveextensiondetectionviaColdBox extensionDetection=true, //Validformatextensions validExtensions="json", //Doesitthrowexceptionswheninvalidextensionsaredetected throwOnInvalidExtension=false }; //GlobalAPIHeaders //globalHeader(name="x-app-token",description="Thesecretapplicationtoken",required=true,type="string");

//ECHO

Page 30: Building sustainable RESTFul services

5. UNIFORMITY

• Common Response object• Common Controller (MVC)• HTTP Verb Security• Access Security• Error Handling Uniformity• Response Uniformity

Error!

Security

WhereFrameworksWillHelp!

Page 31: Building sustainable RESTFul services

RESPONSE OBJECT/***HTTPResponsemodelfortheAPI*/componentaccessors="true"{

propertyname="format" type="string" default="json"; propertyname="data" type="any" default=""; propertyname="error" type="boolean" default="false"; propertyname="binary" type="boolean" default="false"; propertyname="messages" type="array"; propertyname="location" type="string" default=""; propertyname="jsonCallback" type="string" default=""; propertyname="jsonQueryFormat"type="string" default="query";

propertyname="contentType" type="string" default=""; propertyname="statusCode" type="numeric" default="200"; propertyname="statusText" type="string" default="OK"; propertyname="errorCode" type="numeric" default="0"; propertyname="responsetime" type="numeric" default="0"; propertyname="cachedResponse" type="boolean" default="false"; propertyname="headers" type="array";

/** *Constructor */ Responsefunctioninit(){

Page 32: Building sustainable RESTFul services

BASE CONTROLLER/***Aroundhandlerforallfunctions*/functionaroundHandler(event,rc,prc,targetAction,eventArguments){ try{ varstime=getTickCount(); //prepareourresponseobject prc.response=getModel("Response@core"); //Scopetheincominguserrequest prc.oCurrentUser=securityService.getUserSession();

//prepareargumentexecution varargs={event=arguments.event,rc=arguments.rc,prc=arguments.prc}; structAppend(args,arguments.eventArguments); //Securethecall if(isAuthorized(event,rc,prc,targetAction)){ //Executeaction varsimpleResults=arguments.targetAction(argumentCollection=args); } }catch(Anye){ //LogLocally log.error("Errorcalling#event.getCurrentEvent()#:#e.message##e.detail#",e); //LogtoBugLogHQ sendToBugLog(e);

Page 33: Building sustainable RESTFul services

6. SECURITY

SSL is a MUST! HTTP Verb Security Request Throttling Client API Keys or Tokens (Headers/Params) API Key + Secret Encryption Keys (Like Amazon) Basic Authentication (At least its something!) IP Based Filtering/Tagging (Programmatic/Firewall/Etc) oAuth Third Party API Managers (Adobe API Manager, Kong)

Page 34: Building sustainable RESTFul services

• Upgrade/Downgrade Paths

• Scale with Ease

• No more monoliths

• Implementations:

• Frameworks

• API Manager

• Both

7. VERSIONING (MODULARITY)

Page 35: Building sustainable RESTFul services

8. PERFORMANCE• Web Server (Nginx)

• Gzip Compression• Resource Caching• HTTP2• SSL Keep-Alive Connections• Throttling

• Distributed Caching• Couchbase• Redis

• Adobe API Manager• Create a Caching Strategy• Cache Invalidation

Page 36: Building sustainable RESTFul services

Looks familiar?

9. TESTABILITY

Page 37: Building sustainable RESTFul services

WHY PEOPLE DON’T TEST

COMFORT

Page 38: Building sustainable RESTFul services

WHY PEOPLE DON’T TEST

New MethodologyNew Learned Behavior

It is a leap….

Page 39: Building sustainable RESTFul services

BIGGEST LIE IN SOFTWARE DEV

Don’t worry, we will create the

tests and refactor it later!

Page 40: Building sustainable RESTFul services

• Just do it!

• You will get dirty

• It can hurt (a little)

• Learned behavior

NO MORE EXCUSES

IT WILL ACCELERATE YOUR DEVELOPMENT

Page 41: Building sustainable RESTFul services

BDD TESTING

Page 42: Building sustainable RESTFul services

10. TOOLS

1. Modeling/Documentation/Testing1. Relax, Postman, Swagger, Gelato, SwaggerHub

2. API Management1. Adobe, Mulesoft, Kong

3. Load Testing1. JMeter, Paessler

4. Modular Frameworks1. ColdBox for ColdFusion/CFML2. Laravel, Kohana for PHP

Page 43: Building sustainable RESTFul services

10. ADOBE API MANAGER1. Tons of Features:

1. Rate Limiting2. SLAs3. Swagger Support4. Caching5. Versioning6. Security7. Analytics8. SOAP Tools9. Notifications

http://www.adobe.com/products/coldfusion-enterprise/api-management-platform.html

Page 44: Building sustainable RESTFul services

TECHNOLOGY STACK

REST

Stack ColdBox MVC

Relax

cbSwagger

RollbarCouchbase

Nginx

AdobeAPI

Page 45: Building sustainable RESTFul services

10 STEPS TO GREATNESS

1. Resource Naming2. HTTP Verb Usage3. Meaningful Status Codes4. Modeling + Documentation 5. Uniformity 6. Security7. Versioning (Modularity)8. Performance9. Testability10.Tools

Page 46: Building sustainable RESTFul services

RESOURCES

• Adobe API Manager: www.adobe.com/products/coldfusion-enterprise/api-management-platform.html

• Swagger SDK: github.com/coldbox-modules/swagger-sdk

• cbSwagger Module: github.com/coldbox-modules/cbSwagger

• ColdBox : ortussolutions.com/products/coldbox

• TestBox : ortussolutions.com/products/testbox

• CommandBox: ortussolutions.com/products/commandbox

• Slack: boxteam.herokuapp.com

Page 47: Building sustainable RESTFul services

RESOURCES

• Docker - https://www.docker.com/

• Portainer - portainer.io

• Kong - https://getkong.org/

• Postman - https://www.getpostman.com/

• Gelato - https://gelato.io/

• Swagger - https://swagger.io/tools/

• Paessler - http://www.paessler.com/webstress

• JMeter - http://jmeter.apache.org/