All geek questions in one place

RESTful API Design

I am developing a REST API as a backend application for an Android application to run. Currently, the startup has a web version of their service with users of about 10 thousand users. I have a few doubts regarding web API design:

  • How to protect your API?

I want only the Android client to access the API and no one else. One way is to send the encrypted token from the front-end and decrypt it on the internal server. Is there any other way? Also, how do I implement it?

  1. How to make my API fast and efficient?

There is a special endpoint that is accessed very often. However, information about this endpoint does not change. Therefore, requests that are executed for a short period of time are likely to return the same response. How to respond faster to such requests? Would perform ETagand Last-Modified?

  1. Should I trust my client data?

Currently, when I receive a request with some parameter, the only check I perform in the request is to check if the parameter is nullor not. E.g. If the request has mobileas a parameter, I only check if the parameter is present mobilein the request. I do not perform other checks, such as checking if length is mobileless than 10, and then throwing an exception.

EDIT: , , " ", , , .

+4
1

, . , , API . :

1. API ?

, API . / REST :

, django-rest-auth.

2. API ?

", , , ", , - ( ):

if response_in_cache and time_passed < max_time_frame:
    return response_in_cache
else:
    generate response
    save response in the cache (for next time)
    return response

api New Relic.

3. ?

! django-rest-framework RESTful API. Serializer, / /. :

class CommentSerializer(serializers.Serializer):
    email = serializers.EmailField()
    content = serializers.CharField(max_length=200)
    created = serializers.DateTimeField()

Validation

serializer = CommentSerializer(data={'email': 'foobar', 'content': 'baz'})
serializer.is_valid()
# False
serializer.errors
# {'email': [u'Enter a valid e-mail address.'], 'created': [u'This field is required.']}

.

+1

Source: https://habr.com/ru/post/1569728/

More articles:


All Articles