Cecy Correa, @cecycorrea
#RailsConf 2016
My name is Cecy Correa
Associate Engineer at ReturnPath
Rails.application.routes.draw do
resources :users
end
$ rake routes
Prefix Verb URI Pattern Controller#Action
users GET /users(.:format) users#index
POST /users(.:format) users#create
new_user GET /users/new(.:format) users#new
edit_user GET /users/:id/edit(.:format) users#edit
user GET /users/:id(.:format) users#show
PATCH /users/:id(.:format) users#update
PUT /users/:id(.:format) users#update
DELETE /users/:id(.:format) users#destroy
Credit: @schneems
Tools you can use to consume APIs good (and do other things good too)
URL: aka endpoint
http://mycoolapi.com/photos
Resource: what you are trying to access (in this case photos)
Method: aka verb
GET http://mycoolapi.com/photos
The action you want to do.
Headers: info about the request / response
GET http://mycoolapi.com/photos
Accept: application/json
Host: mycoolapi.com
Body: data sent / received
GET http://mycoolapi.com/photos
Content-type: application/json
Date: Wed, 3 May 2016 01:23:45
[
{
"photo_url": "http://mycoolapi.com/photos/12345.jpg"
}
]
Not all APIs are this way, but most you will encounter for public consumption are.
Status codes are not arbitrary!
Status codes have been established, agreed upon (RFC 7231)
Some people spend a lot of time picking the right status code!
(I'm going to focus on the ones used for APIs most often)
You should not submit the request again without modifications (i.e. check your params, bro)
Check your creds, bro
Creds could be wrong, but also not
Standard error. Not sure what happened but def. not your fault.
API could be down, or maybe throttling
No one expects you to memorize them, you can look them up.
Some APIs don't require authentication
Some APIs require authentication in the form of an API key and secret.
How you authenticate via API key and secret depends on the API:
Check your API docs for information on how to authenticate.
Let's make some test calls!
We'll use cURL for this!
No excuse for not making test calls before you start integrating the API.
In some cases, users may need to grant you permission to access their data or perform actions on their behalf.
Authentication: prove you are who you say you are
Authorization: what you are authorized to access (aka scope)
Let's make an Oauth request and see how it works!
Crazy useful functionality for working with APIs!
Or if you don't like the library that is available?
It's easy!
You know the basics!
You know the components of a call
If you've made test calls, you know what to expect
Great presentation by Hiroshi Nakamura comparing HTTP clients
3 "pure Ruby" libraries
Also patron, which uses libcurl
Other Ruby libraries are wrappers of these ^^
You're going to want to do some research into what you may need / want.
Never commit your API key / secret to source control!
Use environment variables!
How do you test a 3rd party API you are consuming?
How do you test a 3rd party API you are consuming?
Check the API status page!
Most APIs have it.
Subscribe to it, feed it into Slack.
Don't test against a live API.
Don't test against a live API.
Don't test against a live API.
VCR: gem that "records" API responses
Run your tests against it so you don't hit the live API
There's even versions of VCR in other languages!
Let's set up a webhook and test it.
Tweet anything to @cecycorrea to see it in action!