REST API

REpresentational State Transfer (REST) is an architectural style that defines a set of constraints to be used for creating web services. A client requests some data from the server and the server returns the data(resource). There are 6 Constraints –

  1. Uniform Interface – It is a key constraint that differentiate between a REST API and Non-REST API. It suggests that there should be an uniform way of interacting with a given server irrespective of device or type of application (website, mobile app).
  2. Stateless – The server will not store anything about the latest HTTP request the client made. It will treat every request as new.
  3. Cacheable – Every response should include whether the response is cacheable or not and for how much duration responses can be cached at the client side.
    • Caching – Caching is the ability to store copies of frequently accessed data in several places along the request-response path. When a consumer requests a resource representation, the request goes through a cache or a series of caches (local cache, proxy cache, or reverse proxy) toward the service hosting the resource. If any of the caches along the request path has a fresh copy of the requested representation, it uses that copy to satisfy the request. If none of the caches can satisfy the request, the request travels all the way to the service (or origin server as it is formally known).
  4. Client-Server – A Client is someone who is requesting resources and are not concerned with data storage, which remains internal to each server, and server is someone who holds the resources and are not concerned with the user interface or user state.
  5. Layered system – REST allows you to use a layered system architecture where you deploy the APIs on server A, and store data on server B and authenticate requests in Server C.
  6. Code on demand (optional) – servers can also provide executable code to the client. The examples of code on demand may include the compiled components such as Java applets and client-side scripts such as JavaScript.

REST Resource naming guide

We can divide resource archetypes into four categories.

  • Document – A document resource is a singular concept that is akin to an object instance or database record.
    Use “singular” name to denote document resource archetype.
http://api.example.com/device-management/managed-devices/{device-id}
http://api.example.com/user-management/users/id
http://api.example.com/user-management/users/admin
  • Collection – A collection resource is a server-managed directory of resources. Clients may propose new resources to be added to a collection.
    Use “plural” name to denote collection resource archetype.
http://api.example.com/device-management/managed-devices
http://api.example.com/user-management/users
http://api.example.com/user-management/users/{id}/accounts
  1. Store – A store is a client-managed resource repository. A store resource lets an API client put resources in, get them back out, and decide when to delete them. A store never generates new URIs.
    Use “plural” name to denote store resource archetype.
http://api.example.com/cart-management/users/{id}/carts
http://api.example.com/song-management/users/{id}/playlists
  1. Controller –  A controller resource models a procedural concept. Controller resources are like executable functions, with parameters and return values; inputs and outputs.
    Use “verb” to denote controller archetype.
http://api.example.com/cart-management/users/{id}/cart/checkout
http://api.example.com/song-management/users/{id}/playlist/play

Best practices & rules

There are some best practices and rules which will be very useful. 

  • Use (/) to indicate hierarchical relationships.
http://api.example.com/device-management/managed-devices/{id}/scripts
http://api.example.com/device-management/managed-devices/{id}/scripts/{id}
  • Do not use trailing forward slash (/).
http://api.example.com/device-management/managed-devices/
http://api.example.com/device-management/managed-devices 	/*This is much better version*/
  • Use hyphens (-) instead of underscores (_).
http://api.example.com/inventory-management/managed-entities/{id}/install-script-location  //More readable
http://api.example.com/inventory-management/managedEntities/{id}/installScriptLocation  //Less readable

Not (_)

http://api.example.com/inventory-management/managed-entities/{id}/install-script-location  //More readable
http://api.example.com/inventory_management/managed_entities/{id}/install_script_location  //More error prone
  • Use lower case letters in URI.
http://api.example.org/my-folder/my-doc  //1
HTTP://API.EXAMPLE.ORG/my-folder/my-doc  //2
http://api.example.org/My-Folder/my-doc  //3
  • Don’t use file extensions.
http://api.example.com/device-management/managed-devices.xml  /*Do not use it*/
http://api.example.com/device-management/managed-devices 	/*This is correct URI*/

HATEOAS driven REST API

REST architectural style lets you use hypermedia links in the response contents so that the client can dynamically navigate to the appropriate resource by traversing the hypermedia links. Above is conceptually the same as a web user browsing through web pages by clicking the relevant hyperlinks to achieve a final goal.
For example HTTP GET http://api.domain.com/management/departments/10

{
    "departmentId": 10,
    "departmentName": "Administration",
    "locationId": 1700,
    "managerId": 200,
    "links": [
        {
            "href": "10/employees",
            "rel": "employees",
            "type" : "GET"
        }
    ]
}

In the preceding example, the response returned by the server contains hypermedia links to employee resources 10/employees, which can be traversed by the client to read employees belonging to the department.

Idempotent REST API

When making multiple identical requests has the same effect as making a single request – then that REST API is called idempotent. Except POST everything is idempotent, because POST will create a new resource N times if you invoke it N times.

Best practices to Secure REST API

  • Always use HTTPS.
  • Use password hash.
  • Never expose information on URL.
    Usernames, passwords, session tokens, and API keys should not appear in the URL, as this can be captured in web server logs, which makes them easily exploitable.
https://api.domain.com/user-management/users/{id}/someAction?apiKey=abcd123456789  //Very BAD !!
  • Use OAuth instead of basic auth.
  • Add timestamp in request it will prevent the basic reply attack from people who are trying brute force to your system.

Application state vs Resource state

  • Application state : Application state is server-side data which servers store to identify incoming client requests, their previous interaction details, and current context information.
  • Resource state : Resource state is the current state of a resource on a server at any point of time – and it has nothing to do with the interaction between client and server. It is what you get as a response from the server as API response. You refer to it as resource representation.

Advantages of statelessness

  • Statelessness helps in scaling the APIs to millions of concurrent users by deploying it to multiple servers. Any server can handle any request because there is no session related dependency.
  • No server side synchronization.
  • Easy to cache.
  • The server never loses track of “where” each client is in the application because the client sends all necessary information with each request.

PyCon India 2019

Yaaaaa!!!! it was my first PyCon India. One day I was chatting to Sayan and suddenly he told me that start saving some money from now and attend the pycon India this year. I had never been any kind of conference ever before so I was bit hesitated about this conference but Sayan and other folks from dgplug guided me a lot. I started my journey with my dad from Kolkata on 10th October and reached Chennai on 11th.

Day 0

On 12th October I left for the conference. When I reached the conference I saw sourabh, Pravar and Rayan there and talked with them. After that I got my attendee card then went for the breakfast and while eating I met some people and talked with them like Vijay, Noah later I proceeded to the conference. After that I attended the Jake VanderPlas’s keynote. After that I was going to various sponsors booth to collect the goodies :p. After that I went for Pradyun’s talk Python Packaging – where we are and where we’re headed. He described how packaging works with pip and how they are planning to move ahead.
I met many of the faces whom I used to know on IRC/Twitter only. Later me and Sayan explored the Poster Session. It was really exciting and my first day of the conference was over. After the conference me and some other folks went for visiting the Palavakkam Beach and spent some good time there.

goodies & swags 😉

Day 1

On 13th it started with keynote by Ines Montani. After that there was annual DGPLUG staircase meeting. Sayan conducted the meeting and we all introduced our self to each other and discussed about what went wrong to this year’s summer training. We also discussed about the tasks given by Sayan this year. After finishing the lunch we also solved some word puzzles and coding questions to get the t-shirts and swags. The conference ended with David Beazley keynote and he live coded a stack machine, wrote an interpreter for Web Assembly game that was initially written for Rust in Python and in the end added PyGame to make it into an actual game. I was amazed after seeing it. The keynote ended with standing ovation from all the people in the hall. After the conference we went for DGPLUG dinner and spent some good time with other folks and had our dinner there.

DGPLUG group

Day 2

On 14th(my birthday :p) morning I left for IIT Madras Research Park and in the morning there was my workshop on docker. After finishing the workshop I joined devsprint. There was lots of mentors conducting the devsprint and from that I choosed to join the Python Packaging Sprint which was conducted by Pradyun. It was my first devsprint and I didn’t even know anything about it but Pradyun helped me a lot understand the issue and what should be my approach to solve that. after the devsprint we went for dinner again. On that day most of my friends were returning so it was time to say goodbye to them 🙂

day 3

On 15th again there was devsprint happening there and I was solving an issue in pip and Pradyun was helping me regarding that issue. Besides devsprint me and Sourabh was discussing about some security stuff. After the devsprint I talked with other people.

After the devsprint

Summary

Pycon India has gave me the opportunity to communicate and meet people from all across the world as well as different background. I got to know about lots of new technologies and other technical stuff. I made lots of new friends there and I returned home with some great memories with me 🙂 . If I go next year then I would like to be a volunteer there.

Write your commit message in your favourite text editor

Most of us use git as their version control system and in day to day life while developing any application we commit our changes quite frequently. We follow the traditional way of committing changes like below –

$ git commit -m "Our commit message"

But we have another cool option to do this commit. We can use our favorite text editor for this commit. We have to first tell git that pop up the text editor every time you commit changes. For this execute below command in your terminal –

$ git config --global core.editor "vim"

Here it will pop up the vim text editor when you will execute git commit.

Thank you 🙂

Learned to Build a simple pascal interpreter using python

Photo by Max Duzij on Unsplash

Recently I was going through the series of ‘Let’s Build A Simple Interpreter‘ by Ruslan Spivak which was given by Sayan as an assignment of summer training. Here you can see the whole series codes. I have gone through all the parts and added what I have learned in the README.md file.

In this series the main focus was to build an simple pascal interpreter by python which can execute simple pascal codes like mathematical operations and procedure calling. This series introduced me lots of thing like scanner, token, parser, interpreter and grammar, etc. At first I was thinking that I will not be able to complete the series properly as I didn’t know anything about interpreter and compiler but as move forward in this series things get cleared because everything was elaborated properly. Whenever I stuck at any point I search it in the internet and try to find the proper solution. For me in this series the most interesting part was the grammar of any programming language and how they help.

In this series I also learned how to write better commits so people can understand my code and also learned how to reset my commit to previous commit when I commit wrong things or made any bad commit message. Here you can see my commits.

Thank you 🙂

Fun with python requests module

I was reading this part of the pym book and thought that I should change this code a little bit so that it can do some better thing like instead of storing the content in a text file it stores it in a HTML file and it also checks if there is any same named file exists in the directory or not. Here is the code –

import os.path
import requests

def download(url):
    """
    Download the given url and saves it to the current directory
    :arg url: URL of the file to be downloaded.
    """
    req = requests.get(url)
    if req.status_code == 404:
        print('No such file found at %s' % url)
        return
    fileName = url.split('/')[-1].split('.')[0] + '.html'
    print(fileName)
    if os.path.isfile(fileName):
        print('Same file name already exist')
    else:
        with open(fileName, 'wb') as fobj:
            fobj.write(req.content)
        print('Download over')

if __name__ == "__main__":
    url = input("Enter a URL: ")
    download(url)

Above we are getting the content of the content of the url by requests.get(url) method. Then checking if that url is valid or not. If valid then parsing the url by split() method like first we are splitting it by “/” and taking the last value of the list and then splitting it again with “.” and taking the first value of the list. Then checking if there is no same name file exist and if there is no same name file then we are creating a file then writing the content in the file.
Thank you 🙂

Study, day 3

I have started learning python 3 from pym book by Kushal.

Read about following topics and solved problems.

  • Strings
    • Strip the string.Finding text.palindrome checking.Number of words.
  • Function
    • Defining function.Local and Global variable.keyword and keyword only arguments.Docstring.
  • File Handling.
    • Opening and closing a file.Reading data inside a file.Copying data from one file to another.Counting spaces, tabs and new lines in a file.
  • Exceptions
    • Various type of errors.
    • Handling exceptions.
    • Using finally keyword for cleaning.