Skip to content

Instantly share code, notes, and snippets.

View leesto's full-sized avatar

Lee Stone leesto

9 followers · 2 following
View GitHub Profile
@philsturgeon
philsturgeon / gist:5465246
Last active May 23, 2022 12:29
API Golden Rules

Never Expose DB Results Directly

  1. If you rename a field, then your users are fucked. Convert with a hardcoded array structure.
  2. Most DB drivers [for PHP] will show integers as numeric strings and false as "0", so you want to typecast them.
  3. Unless you're using an ORM with "hidden" functionality, people will see passwords, salts and all sorts of fancy codes. If you add one and forget to put it in your $hidden array then OOPS!

Use the URI sparingly, and correctly

  1. Use the query string for paired params instead of /users/id/5/active/true. Your API does not need to be SEO optimised.
  2. ?format=xml is stupid, use an Accept: application/xml header. I added this to the CodeIgniter Rest Server once for lazy people, and now people think it's a thing. It's not.
@lgladdy
lgladdy / twitter-application-only-auth.php
Created March 12, 2013 09:46
A working example of Twitter's new application-only auth, written in PHP.
<?php
//This is all you need to configure.
$app_key = '';
$app_token = '';
//These are our constants.
$api_base = 'https://api.twitter.com/';
$bearer_token_creds = base64_encode($app_key.':'.$app_token);
@strings28
strings28 / meter-polyfill.css
Created November 8, 2010 02:41
meter{
display: block;
border: 1px outset;
height: 20px;
width: 100px;
overflow: hidden;
}
meter div
{
display: block;