Preview

Start a free Courses trial
to watch this video

Sign up for Treehouse

All the Rest

3:23 with Alena Holligan

As the client side frameworks improve and things get more and more mobile, providing a way to get at this mission-critical data is at the forefront of just about every company’s mind. Exposing this data through a REST API is one of the most commonly chosen solutions. There are a few more items we haven't yet implemented in our REST API. These concepts apply, not only to APIs but also any other application.

Teacher's Notes
Video Transcript
Downloads

Access Control

When attempting to access the API from another domain, you will be blocked by the browsers CORS policy. You'll need to enable access from other origins. A simple way to allow all origins is with the following middleware:

$app->add(function ($req, $res, $next) {
    $response = $next($req, $res);
    return $response
            ->withHeader('Access-Control-Allow-Origin', '*');
});

Authentication/Authorization

You'll need a way to authenticate users and control which actions and resources those users are authorized to manage. When learning about Authentication, the one thing to remember for a REST API is its statelessness. This means you will have to pass any user credentials with EACH request. Those credentials may be in the form of a username and password or some sort of token.

To learn more, check out some of our other courses:

Testing

Manual testing using Postman
Automated testing with Cucumber, an open source tool for testing business-readable specifications against your code on any modern development stack.
Automated testing with Behat, an open source Behavior-Driven Development framework for PHP. It is a tool to support you in delivering software that matters through continuous communication, deliberate discovery and test-automation.
Load testing can get expensive, but it can be extreemly helpful for high traffic APIs. There are different options available but one trusted source is Load Ninja by Smartbear.
Monitoring can also be helpful to know how users are ACTUALLY using your APi. Common tools include Run Scope and or even Postman

Documentation

Creating great documentation requires effort and patience, but it has direct implications on API adoption and maintainability. Documenting your APIs can be made significantly more manageable by selecting the right API documentation tool. Popular open source description formats like OpenAPI Specification and commercial platforms like SwaggerHub allow teams to automate the documentation process and work on a great overall experience consuming APIs.

HATEOAS

Stands for Hypermedia as the Engine of Application State. It basically means two things for your API:

Content negotiation
Hypermedia controls

One of the most popular PHP library to support implementing representations for HATEOAS REST web services is willdurand/Hateoas

You did it. 0:00

Congratulations on creating a RESTful API, it's a very sought after skill. 0:01

As the client side frameworks improve and things get more and 0:06

more mobile providing a way to get at this mission critical data is 0:11

at the forefront of just about every company's mind. 0:15

Exposing this data through a REST API is one of the most commonly chosen solutions. 0:19

There are a few more items we haven't yet implemented in our API, 0:25

these concepts apply not only to APIs, but also any other application. 0:30

Check the notes associated with this video for 0:36

additional resources covering these topics. 0:39

First and most important, if this API is going to be publicly accessible, 0:42

which is kind of the point of an API, 0:48

you'll need a way to authenticate users and control which actions and 0:50

resources those users are authorized to manage. 0:56

When learning about authentication the one thing to remember for 1:00

a REST API is its statelessness. 1:04

This means you will have to pass any user credentials with each request. 1:07

Those credentials may be in the form of a username and password or 1:12

some sort of token. 1:16

Check the notes to learn more about different ways to implement 1:18

authentication and authorization. 1:22

Next is testing. 1:24

Testing an application is always important and there are many different ways to test. 1:26

We tested our API manually using Postman, but 1:32

it's a good idea to build automated testing into your applications, 1:35

helping to reduce the number of bugs and assure continued functionality. 1:40

Basically, anything we testing manually in Postman can be 1:45

set up as an automated test. 1:49

Since you're publishing your API to the public and anyone could be using 1:52

it another important thing to test is how much of a load it can take. 1:57

It's good to know where it fails and can no longer take more requests. 2:01

Documentation is another important part of an API. 2:06

Not only should you document your code, but 2:10

you should also document how a client will interface with your API. 2:13

What data do they need to send where and what data can they expect to receive back. 2:18

The better your documentation, the less time you'll spend supporting users and 2:24

the more likely people will be to make use of your API. 2:30

Related to documentation is a component of the REST application architecture, 2:33

HATEOAS, which stands for Hypermedia as the Engine of Application State. 2:40

Basically, it's another level on top of each REST resource where 2:46

additional metadata is included that contains descriptions about 2:51

the resource and links to what other actions the API provides. 2:56

It's used for discoverability of your API. 3:00

Once again, check the notes for additional resources. 3:04

Now, that you've seen how to build your own and 3:08

understand the basics of REST you should check out some other large APIs. 3:11

I've included some resources in the teachers notes. 3:16

Now go ahead and give your brain a well deserved rest 3:19

You need to sign up for Treehouse in order to download course files.

Sign up