api versioning in url a good practise or not? - ruby-on-rails

Referred many blogs and found that versioning api in url is a bad practise but most of the popular companies have their api versioning in their url?.. need to know the reason behind it and also the advantages of using version in url...please help me on this

It is always better to keep the version in URLs as this will help api consumers to continue using your old api in case your api is upgraded or changed. When you have developed a new API, it is not wise to deprecate the old ones right away (it will break all hell loose) and let your users use the old url till they upgrade to your new apis.
Hope that will help.

Related

how to check if a url/link is safe in ruby on rails

So I looked around and found nothing that helps or clarify this question, suppose you have a ruby on rails (5.2) API and you want to save some URLs as part of a model definition, how to determine that the URL you are saving is safe? and by safe I mean, avoid URLs/links that may contain phishing and deceptive sites.
Thx in advance 👍.
Here is what I found so far, hope this help someone (that have the same requirement):
As pointed by #debugger there are multiple services that provide these functionalities, the best fit in my case are the ones below:
Safe browsing google API no commercial purposes
Web Risk for commercial purposes
The above are google APIs that can be used to check if a URL is safe or not.
In the last case you will be charged after a certain amount of request so maybe is a good idea to check if the URL/link is valid: valid URL gem

Need for versioning api

Can somebody please explain me what exactly is API versioning and why is it needed. I know how to create versions for api on a rails web app, but I really want to know why is it needed. Before somebody downvotes or flags or anything, I googled , I couldn't find any satisfying answer. I would really appreciate it if somebody answers this.
API versioning allows you to have multiple versions of your API and use them at the same time. With this solution, you are assuring backward compatibility for all of the applications integrated with your API.
Simple example
Your API is used by 10 different applications. You are using Basic access authentication, but you noticed that it could be done better. So, you decided to use modify this and use Oauth.
No API versioning
You will have to wait for all of 10 applications to implement changes before releasing the new API version. Otherwise, you will lose the integration. Of course, you can use if/else statements in your code to distinguish which authentication method should you use but this will be not elegant.
API versioning
You can release new API version whenever you want. Then, you can inform your client, that the old API will be deprecated in 3 months, so they have time to implement changes on their side.
Also, you can ask them to add a param to all requests (to choose which API version they will use), and you can set it by the default to the new version. That will allow you to avoid problems with new applications that want to use your API.
Summary(in my opinion):
Pros
1. clean and elegant code (without additional if/else statements)
2. backward compatibility
Cons
1. sometimes you have to duplicate your code
2. it might look like a complex solution at the beginning but don't be scared
Here you can read about two options of API versioning - URL param and HTTP header
I hope that my explanation is clear and helps you understand API versioning
The main reason for versioning your APIs is to provide a constant structure for everybody using them. Let's say you define an initial API for your service (v1) that you send out to your clients. After some time your app changes, and you maybe want to exclude some fields/add new ones. This would be a problem for the client, since their implementation of your API might break if some fields that they are expecting is missing. So you create a v2 with those features, without breaking the initial functionality.

how to organize outgoing api request urls in rails

I have an application in rails that make request to other microservices using httparty. Other microservices are also written in Rails. Right now, i hard coded all the api urls used in httparty, what will be a more elegant way to organize them?
This is a great question, although it's way too broad to be answered meaningfully here without more specifics on the problem you're solving.
However, if I were you, I'd start by reading the source code for existing API libraries. It's a fantastic way to learn about API design principles from very practical examples in products you likely use every day.
Personally, I've found that the Stripe Ruby SDK (https://github.com/stripe/stripe-ruby specifically, lib/stripe/api_operations), the Slack Ruby SDK (https://github.com/dblock/slack-ruby-client), AWS Ruby SDK (https://github.com/aws/aws-sdk-ruby though this one's pretty big), and Github Ruby SDK (https://github.com/aws/aws-sdk-ruby) are all well designed and worth studying.

How to manage multiple APIs in Rails

I have a Rails backend that serves multiple clients:
Angular JS App
iOS App
At first, I only had the iOS App, and used classical API versioning in rails when substantial changes were brought to the client (naming my versions v1, v2 and so on).
When we came up with the Angular front end, we needed a specific API, so I did a new version that I would use only with Angular (let's say v5).
At that point, v1 through v4 are dedicated to iOS, and v5 to Angular.
Obviously, I can simultaneously update my backend along with my Angular API, since both are served to the client every time they access the website. Therefore, there is no need for the Angular API to be versioned.
However, I'm at that point where I need to update my iOS API, and it is starting to get very wrong : v1..v4 are for iOS, and v5 is taken by Android. So the supposed next iOS API should be... v6? Definitely wrong.
I wanted to know if it was possible to name an API version angular, and thanks to this answer on SO I understand why this is not possible. I'll quote the interesting part for my case:
Ryan Bigg wrote:
I couldn't figure out how to get /api/asdf/users to match, because how do you determine if that is supposed to be a request to /api/<resource>/<identifier> or /api/<version>/<resource>?
Now you understand better my situation, here's the question.
The question
How am I supposed to manage multiple APIs, but which are not really like versions?
Is it possible to subdivide API versions? Like:
api/angular/v1
api/ios/v5 (moving v1..v4 to api/ios/ as well)
api/android/v1
Is there any best practice to do so? Or should I just be using the current API versioning system, knowing which version corresponds to which client?
I think in the end this is a design issue. Your API should be thought of as the methods to access your model in networked MVC. Just as in any MVC the model should be independent of it's view and controller. I think having a different API per client is almost like having a different model for each client, which I don't think is what you are intending.
As an example, (I am assuming your API is Restful), a GET request to
api/v1/user/1
might return a json "view" of user 1, each of your clients should be written to work with that same output. If you decide you will no longer support this, or add or remove some content from the returned json that would break an existing client, then you might bump the version and implement the change on that version
I would suggest your next API version expose all of the resources needed by any clients you currently have, and then overtime update your clients to work with this new unified API. If you find your self making changes to your model (API) that would break an existing client, then you can release a new version, allowing existing clients to continue to work with the old API and new or updated clients can pick up the new version.
A set of automated tests on your API will help identify when you break an existing client.
I am not expert at this, but I did (as a learning project) create a rails app with an api, and I was able to use the same api for android and ios.
In regards to your routing issue quoted from Ryan Bigg, you can resolve it by applying a constraint to the route. For example:
get /api/:type/:version/users/all, to: "users#index", constraints: {type: /(ios|angular)/, version: /\d+/}
Ensuring the the version is a number and the type is either "ios" or "angular", you can easily set up the routes for two separate APIs.
To answer the questions as to whether or not it is possible--yes. Anything is possible, especially with Ruby!
I, first of all, would not have two separate APIs to manage. However, if I did, I would create separate namespaces for each API and name the as AngularAPI and IosAPI. I would just route to them separately. The correct answer will depend on how exactly you've set up your API system.
How would I maintain two separate APIs? (from the comment)
It depends on how substantially different the APIs are. If there are only a few differences, it would make sense to simply use a different controller with different routes. For example, AngularUsersController and IosUsersController. They would both extend a ApiUsersController and alter only what was needed for each platform. This would still allow for proper versioning as it grew, and also keep code duplication at bay.

Getting started consuming web services in a Ruby on Rails 3 application

So I'm getting started learning Rails. Now that Rails 3 is out, I want to stick to learning the Rails 3 way of doing things. One of the things I want to learn how to do is how to consume web services / work with third party REST APIs / create "mashup" applications. I've only done minimal work like this with PHP and pre-built libraries.
Can someone please lead me to some resources, best practices, or give me a quick 101 lesson on how to start working with these types of APIs? What gems should I use? Some sample code to get me started would be much appreciated.
Update: I am specifically trying to use the Google Books API (non-authenticated). Since there is no client library for this API, I'm wondering how other Ruby/Rails developers are working with APIs that don't come with their own Ruby library. That's why I'm looking for a more generic solution to working with "fill in the blank" API.
Update: After some research, I noticed the Net::HTTP library. All the tutorials that talked about it were fairly old. Is this still the best library to use for consuming RESTful web services? Or is there a newer Gem that makes this easier? I just want to know which gem/library I should use, and how to work with the XML/JSON result that is returned.
Update: This presentation was really helpful. It mentions a bunch of different libraries and shows examples of some of the libraries mentioned below: http://www.slideshare.net/pengwynn/json-and-the-apinauts
I'm a pretty big fan of HTTParty.
It's an abstraction layer on top of Net::HTTP with a nice little DSL for consuming web services. Here's a good example of how easy it is to use.
It's not without some warts (lots of dependencies) but it's really the way to go if you're on the consuming side.
I'd recommend REST with Nokogiri:
http://railscasts.com/episodes/190-screen-scraping-with-nokogiri
Nokogiri works well with xml too, not just HTML.
Weary is a really neat DSL for consuming RESTful services.
Clearly inspired by HTTParty but a bit newer and a bit more concise.

Resources