Your rest api using laravel

Your REST API
using Laravel
@sulaeman2014 by Sulaeman

di kelon dulu
https://github.com/feelinc/Your-Laravel-Api

Postman - REST Client
http://bit.ly/1kuDLtc

Metode HTTP
OPTIONS Untuk mengetahui persyaratan dan atau kemampuan server dalam menerima request maupun
memberikan response
HEAD Untuk mengetahui header yang tersedia dari HTTP server
GET Hanya digunakan untuk mengambil data
POST Hanya digunakan untuk membuat data baru
PATCH Hanya digunakan untuk memperbaharui sebagian data
PUT Hanya digunakan untuk memperbaharui data secara lengkap
DELETE Hanya untuk menghapus data

Default Response Header
Header Value
Access-Control-Allow-Credentials true
Access-Control-Allow-Origin *
Access-Control-Allow-Methods OPTIONS, HEAD, GET, POST, PUT, PATCH, DELETE
Access-Control-Allow-Headers Origin, Accept, Content-Type, Content-MD5, Content-Range,
Content-Disposition, Authorization

HTTP Status
● 200 OK - Respon sukses untuk metode GET, PUT, PATCH or DELETE. Bisa juga digunakan untuk metode POST yang
tidak berhasil membuat data baru.
● 201 Created - Respon sukses untuk metode POST
● 204 No Content - Respon sukses untuk metode DELETE
● 304 Not Modified - Digunakan berhubungan dengan metode caching via HTTP header
● 400 Bad Request - Request data tidak valid
● 401 Unauthorized - Jika client request tidak ter-otentikasi
● 403 Forbidden - Jika akses terhadap endpoint tidak diperbolehkan
● 404 Not Found - You Now What
● 405 Method Not Allowed - Jika request terhadap endpoint tidak diperbolehkan berdasarkan user yang ter-otentikasi
● 410 Gone - Jika endpoint sudah tidak tersedia
● 415 Unsupported Media Type - Jika format konten request tidak valid
● 422 Unprocessable Entity - Bisa digunakan untuk validasi form
● 429 Too Many Requests - Jika request ditolak berhubungan dengan limitasi request per periode

HTTP Caching
ETag & If-None-Match
ETag hash atau checksum dari konten response
If-None-Match hash atau checksum ketika melakukan request. API memberikan response 304 -
Not Modified jika ETag dari konten response cocok dengan If-None-Match

Request Limiter
Periode dapat ditentukan bedasarkan per-jam atau per-hari.
Respon HTTP header untuk setiap request
Header Keterangan
X-Rate-Limit-Limit Total request yang diperbolehkan dalam periode sekarang
X-Rate-Limit-Remaining Total sisa request yang diperbolehkan dalam periode sekarang
X-Rate-Limit-Reset Sisa waktu periode sekarang, dalam detik

Versioning
api.domain.com/v1/
api.domain.com/v2/

Pagination
Link: <https://api.domain.com/v1/data?offset=3&limit=100>; rel="next", <https:
//api.domain.com/v1/data?offset=50&limit=100>; rel="last"
Available “rel” : next, last, first, prev

Otentikasi
biasa nya sih nyebut “Authentication”

Otentikasi
Aplikasi = OAuth 2
User = Basic Auth + OAuth 2 Access Token

Otentikasi Aplikasi
Scope
read write

Otentikasi User
Group
Administrators Users

Otentikasi User
Permissions
user.create user.update user.viewuser.delete

POST /authorization
REQUEST
Header Content-Type: application/json
Content-MD5: md5($stringRequestBody.$clientSecret)
Body (raw) {"grant_type":"client_credentials","client_id":"
JXSb6nEzpQ0e3WAWjsSsZurCaLy0knDjzkwxRlJs","client_secret":"
C4vpZLRI2kncfXJQZ9l0hdnaTCTupyqF1deCVEPf","scope":"read,write"}
RESPONSE
Header X-Rate-Limit-Limit: 5000
X-Rate-Limit-Remaining: 4999
X-Rate-Limit-Reset: 3600
Body {
access_token: "jU5vKEBSPSVqRwEXwjIM0N1YefCG0hwqTK5i0UC3"
token_type: "bearer"
expires: 1399017374
expires_in: 3600
}
Otorisasi Aplikasi / Client

POST /api/v1/authenticate
REQUEST
Header Authorization: Basic bWVAc3VsYWVtYW4uY29tOndoYXQ=
Body(form-data) access_token=NMy2Q0zKwoW406DN2xEpDYUpjGX7rDAabXbadQNA
RESPONSE
Body {
access_token: "qJAq492q8x2H2uZUmUN5pQPS8fOLjinDbbMCZ4DF"
expires: 1399027251
expires_in: 3600
refresh_token: "81pG21LwQVZVN1fcWWCzqLhGkNtcmxEcdXMoyeO9"
user: {
id: 1,
email: "me@sulaeman.com"
display_name: "Sulaeman Tea"
last_login: "2014-05-02T16:40:51+07:00"
is_activated: true
registered_at: "-001-11-30T00:00:00+07:07"
updated_at: "2014-05-02T16:40:51+07:00"
groups: ["Administrators"]
}
Otentikasi User

POST /authorization
REQUEST
Header Content-Type: application/json
Body (raw) {"grant_type":"refresh_token","refresh_token":"
81pG21LwQVZVN1fcWWCzqLhGkNtcmxEcdXMoyeO9","client_id":"
JXSb6nEzpQ0e3WAWjsSsZurCaLy0knDjzkwxRlJs","client_secret":"
C4vpZLRI2kncfXJQZ9l0hdnaTCTupyqF1deCVEPf","state":3438732984782937489}
RESPONSE
Body {
access_token: "H6MUOmYSAUG2nmOrvPXQvFWMJFXOELwP34kjPsza"
expires: 1399027533
expires_in: 3600
}
Refresh Token Aplikasi / Client

POST /api/v1/authenticate
REQUEST
Header Authorization: Basic d3JvbmdAdXNlci5jb206d2hhdA==
Body(form-data) access_token=H6MUOmYSAUG2nmOrvPXQvFWMJFXOELwP34kjPsza
RESPONSE
Status 401 Unauthorized
Body {"message":"User was not found."}
Otentikasi User
Gunakan user credential yang salah

Resources
agak enak baca nya? ato malah buka google translate?

POST /api/v1/users Membuat / Mendaftarkan User
REQUEST
Header Authorization: Bearer 7E81Ojh0pSLgqtbHAHfYRrcfJ2HWNNYrNL4CqjEM
Content-Type: application/json
Body (raw) {"email":"neneng.caur@domain.com","password":"abcabc","group":"Users","activated":
true,"first_name":"Neneng","last_name":""}
RESPONSE
Status 201 Created
Body {
id: 2,
email: "neneng.caur@domain.com"
first_name: "Neneng"
last_name: ""
display_name: "Neneng"
last_login: null
is_activated: true
registered_at: "2014-05-03T04:29:34+07:00"
updated_at: "2014-05-03T04:29:34+07:00"
groups: ["Users"]

GET /api/v1/users/:id Mengambil User
REQUEST Header Authorization: Bearer 7E81Ojh0pSLgqtbHAHfYRrcfJ2HWNNYrNL4CqjEM
RESPONSE
Body {
id: 2,
last_name: ""
last_login: null
is_activated: true
registered_at: "2014-05-03T04:29:34+07:00"
updated_at: "2014-05-03T04:29:34+07:00"
groups: ["Users"]
}

PATCH /api/v1/users/:id Memperbaharui Data User (sebagian)
REQUEST
Body (raw) {"first_name":"Neneng","last_name":"Caur"}
RESPONSE
Body {
id: 2,
last_name: "Caur"
display_name: "Neneng Caur"
last_login: null
is_activated: true
registered_at: "2014-05-03T04:29:34+07:00"
updated_at: "2014-05-03T04:29:34+07:00"
groups: ["Users"]
}

PUT /api/v1/users/:id Memperbaharui Data User
REQUEST
Body (raw) {"email":"neneng.caur@domain.com","password":"abcabc","group":"Users","activated":
false,"first_name":"Neneng","last_name":"Caur"}
RESPONSE
Body {
id: 2,
last_name: "Caur"
display_name: "Neneng Caur"
last_login: null
is_activated: false
registered_at: "2014-05-03T04:29:34+07:00"
updated_at: "2014-05-03T04:29:34+07:00"
groups: ["Users"]
}

DELETE /api/v1/users/:id Menghapus Data User
REQUEST Header Authorization: Bearer 7E81Ojh0pSLgqtbHAHfYRrcfJ2HWNNYrNL4CqjEM
RESPONSE
Status 204 No Content
Body

GET /api/v1/users Mengambil Daftar User
REQUEST
Param offset=1&limit=1
RESPONSE
Body [
{
id: 1
last_name: ""
last_login: null
is_activated: true
registered_at: "2014-05-03T12:07:50+07:00"
updated_at: "2014-05-03T12:07:50+07:00"
}
]

PROBLEM
ASEM!

Apache Web Server
CGI/Fast CGI
HTTP Basic Auth
Server variable PHP_AUTH_USER dan PHP_AUTH_PW nyasar entah kemana :P
SOLUSI
.htaccess
# Fix the HTTP basic auth
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Nginx Web Server
HTTP “Authorization” header
Server variable HTTP_AUTHORIZATION nyasar entah kemana :P
SOLUSI
Konfigurasi Nginx server
ignore_invalid_headers off;

Terima Kasih
Sulaeman
@sulaeman
http://id.linkedin.com/in/sulaeman

Your rest api using laravel

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Your rest api using laravel

Similar to Your rest api using laravel (20)

Recently uploaded

Recently uploaded (20)

Your rest api using laravel