Following the same-name course on Lynda.com
- Use of
__var_name
andself.var_name
in model - Decorator for oop in Python:
@var_name.setter
... - User
serialize()
for convert a class instance to dictionary type - Use
app.error_handler_spec
dictionary to map error handler to different handler
- Create operation ->
POST
- Meaningful HTTP Response code:
- 201 Created,
- 500 Internal Server Error,
- 400 Bad Request
- If success -> response should contain access path for new entity
- Always authenticate
- Use parameter
serialize = True/False
to get entity in different format
- Use
PUT
- 2 approaches:
- Can create data if not existed -> if new entity, return code
201 Created
- NOT create data -> return that there's nothing to update
- Can create data if not existed -> if new entity, return code
- Response code:
- 404 Not Found
- 200 OK: for success, response contains entity
- 204 No Content: for success, response NOT contains entity
- Use
DELETE
- Response code:
- 404 Not Found
- 204 No Content : for a successful delete
- Optional: 200 OK - for a successful delete but with the deleted entity in response body
- Using
JSON LD
- Different mechanisms:
- Basic HTTP authentication:
- Use pair of username/password
- Request headers with contain:
Authorization
header with content isBasic {base65_encoded_user_password}
- Can implement using a wrapper decorator
- Cookies
- Hash message based authentication
- OAuth
- Basic HTTP authentication:
- Should always use SSL/HTTPS
- What is caching
- Component that stores data -> future requests for the data can be served faster
- Types of caching
- HTTP Header caches with ETag
ETag
header store cache info eg. the time that request was responded- Use with
Cache-Control
header too
- Application Level cache (eg. Redis, Hazel Cache)
- Gateway or Reverse Proxy cache
- HTTP Header caches with ETag
- Use eTags for cache control
- ETag = entity tag, based on resourced hashed and timestamp
- Code for setting ETag
- HTTP error codes
- Common codes: 200, 400, 401, 403, 404, 405, 500, 501
- Application Specific Error Codes in HTTP Headers
- Custom headers should start with
X-HEADER_NAME
- Code:
X-MyAPI-Error-Code: 15
- Message:
X-MyAPI-Error-Message: "error message here"
- Custom headers should start with
- Meaningful error messages in HTTP Headers
- Modular architecture
- App is built up using small parts
- Modules connect to each other through well defined interfaces
- Modules can be reused in different projects
- REST API architecture guideline
- Define interface -> human readable, meaningful routes, easy to remember
- Apply standards for HTTP Response codes
- Version the API
- Follow KISS principle (Keep It Simple, Stupid)
- Design for supporting:
- CRUD operations
- Authorization
- Permissions
- Caching
- Flask Blueprints
- What?
- Application component within Flask
- Have access to app config
- Can change app config when registered
- Why?
- Help to build up large apps
- Can be registered for subdomains or URLs
- Different Blueprints can be created for different versions
- What?
- HTTPS use TLS or SSL
- Ensures secure communication transport
- Messages sent from client to server are encrypted
- Protects from:
- Man in the middle attacks
- Eavesdroppers (unwanted listeners of the communicating channel)
- Token
- Stateless -> should be sent with each request
- Usually set in HTTP header
- Flask-security can be used
- Implement token-based authentication
- Sent between browser and server
- Common types:
- Secure Cookie
- HTTP Only Cookie
- Session Cookie
- Persistent Cookie
- Always store as some form of hash code
- User credentials should be held in a separate database on different server
- If needed, an authentication microservice can be implemented for authentiation
- Flask test client - from the Werkzeug framework
- Works with
unittest
module
- Test authorization success + fail
- Always apply versioning for your API
- Always use meaningful HTTP Response Codes (
200 OK
,404 Not Found
,401 Unauthorized
,201 Created
, etc.) - Secure data with authentication
- Use caching if needed
PUT
vsPATCH
:- Both for update
PUT
first try to update the data item, if it's not existed, it will try to save the item