Download - Drupal8 REST WTF?
DECOUPLING
PROS
flexible front-end
lack of Drupal specialists
multivendor back-end
strengths of Drupal back-end
and back office
CONS
loose some Drupal capabilities
multiple requests for resources
growth of teams
API BEST PRACTISES
DOCUMENTATION
stability and consistency
flexibility
security
ease of adoption
Source: http://www.toptal.com/api-developers/5-golden-rules-for-designing-a-great-web-api
API BEST PRACTISES
documentation
SCALABILITY AND CONSISTENCY
flexibility
security
ease of adoption
Source: http://www.toptal.com/api-developers/5-golden-rules-for-designing-a-great-web-api
GET http://mysite.com/entity/node/1
{ “title”: “My first node”, “body”: “Lorem ipsum…” }
SCALABILITY AND
CONSISTENCY
GET http://mysite.com/article/1
{ “title”: “My first node”, “body”: “Lorem ipsum…” }
SCALABILITY AND
CONSISTENCY
GET http://mysite.com/article/1
{ “title”: “My first node”, “body”: “Lorem ipsum…”, “tags”: [{ “blog”, “just trying” }] }SCALABILITY
AND CONSISTENCY
GET http://mysite.com/api/v2/article/1
{ “title”: “My first node”, “body”: “Lorem ipsum…”, “tags”: [{ “blog”, “just trying” }] }
SCALABILITY AND
CONSISTENCY
GET http://mysite.com/api/v1/article/1
{ “title”: “My first node”, “body”: “Lorem ipsum…” }
GET http://mysite.com/api/v1/article/1
{ “title”: “My first node”, “body”: “Lorem ipsum…” }
SCALABILITY AND
CONSISTENCY
GET http://mysite.com/api/blog/2?_version=1
{ “title”: “My first node”, “body”: “Lorem ipsum…” }
API BEST PRACTISES
documentation
scalability and consistency
FLEXIBILITY
security
ease of adoption
Source: http://www.toptal.com/api-developers/5-golden-rules-for-designing-a-great-web-api
API BEST PRACTISES
documentation
stability and consistency
flexibility
SECURITY
ease of adoption
Source: http://www.toptal.com/api-developers/5-golden-rules-for-designing-a-great-web-api
OWN AUTHENTICATION PROVIDER
<?php/** * @file * Contains \Drupal\pin_auth\Authentication\Provider\PinAuth. */namespace Drupal\pin_auth\Authentication\Provider; use Drupal\Core\Authentication\AuthenticationProviderInterface; use Drupal\Core\Entity\EntityTypeManagerInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; /** * HTTP Basic authentication provider. */class PinAuth implements AuthenticationProviderInterface { /** * The entity type manager. * * @var \Drupal\Core\Entity\EntityTypeManagerInterface */ protected $entityTypeManager; /** * Constructs a HTTP basic authentication provider object. * * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager * The entity manager service. */ public function __construct(EntityTypeManagerInterface $entity_type_manager) { $this->entityTypeManager = $entity_type_manager; }
}
SECURITY
public function applies(Request $request) { if (!empty($request->headers->get('pin')) && !empty($request->headers->get(‘number'))) { return TRUE; } return FALSE; } public function authenticate(Request $request) { $pin = $request->headers->get('pin'); $number = $request->headers->get('number'); $user = NULL; $user = $this->entityTypeManager->getStorage('user') ->getQuery() ->condition('field_phone_number', $number) ->condition('field_pin',$pin) ->range(0,1) ->execute(); if (!empty($user)) { return $user; } else { throw new AccessDeniedHttpException(); } }
OWN AUTHENTICATION PROVIDER
SECURITY
Solve using RouteSubscriber
https://docs.google.com/presentation/d/1wN7zICkTXcQp8d8UKMQz6oaMM_C2b58AC4oN_sywRCU
SECURITY
OWN REST END-POINTSViews
API BEST PRACTISES
documentation
stability and consistency
flexibility
security
EASE OF ADOPTION
Source: http://www.toptal.com/api-developers/5-golden-rules-for-designing-a-great-web-api