Did somebody say Application Programming Interface?

Bad titles aside, and the fact that nothing has been updated considering this is week 5 of Studio 3. One of the Learning Outcomes for this trimester is the creation of an API (Application Programming Interface, it's in the title...) that can be used by other programmers or audience for literally anything.

I managed to team with a friend and guess it or not, we're making a REST API for Anime titles. Aside from the judgement this is receiving because we chose anime, the API is going to include some nifty features that you'll see in other professional APIs such as Ubisoft, Discord, YouTube, Chrome, etc. (There's a real metric tonne of them)
These features include but are not limited to requiring OAuth2 tokens for authentication, rate limiting, User proofing (In the retrospect of displaying easy to understand errors about what went wrong, not just an error code and a message simply saying Oh Snap! I couldn't be bothered to right any actual error message, so... check what you did wrong), the API will only support the GET method since we really have no intention of opening it up to add new entries when we have a program to do it for us :) ), actual HTTP codes and not our own error codes which mean literally nothing... And finally, JSON output, because we all know it's the best way of displaying data that a normal human being can read!

We also followed a guide line of how to more or less structure a REST API. So that was a huge help understanding more about professional standards



Ok... Features have been conveyed, now for some explanation of how we're going about these things. First off, OAuth2. Rather than making my own hacky method of providing an auth key and use that to authenticate each request, why not use a library that already does this and actually works the very first time used? That's where oauth2-server-php comes in which can be found here, thanks to bshaffer for creating this and making it publicly available! (WOO! Open Source!)
The library makes it easy to handle OAuth2 since all it takes is a few lines by the end user and everything is taken cared of...

  1. Setup the database tables and it's connection
  2. Create a file which gives out the tokens
  3. Use the token that is generated from that file and use it to authenticate your endpoints
if(!$server->verifyResourceRequest(OAuth2\Request::createFromGlobals())) {  
    $server->getResponse()->send();
    die();
}

The above code checks if the request is legitimate and valid. If that's the case, the if statement will resolve to False and skip the die(); line so the rest of the file can be grabbing the data from the database and handing it to the page.

The second feature is rate limiting which I'm currently handling now, I found Stiphle which is... a little library to try and provide an easy way of throttling/rate limit requests, for those without fancy hardware etc. You can found out more here. But from it's setup code, it seems rather simple to handle rate limiting for users...

$throttle = new Stiphle\Throttle\LeakyBucket;
$identifier = 'dave';
while(true) {  
    // the throttle method returns the amount of milliseconds it slept for
    echo $throttle->throttle($identifier, 5, 1000);
}

So that's what's been done for now, we have some mockup data in the database already which I'll talk about in another blog post since this one is already getting kinda lengthy and the start of the scraping script which is written in python and uses BeautifulSoup and lxml. More will come soon since well, this is how I gain progress...

Tom Lynn

Read more posts by this author.

Australia http://rubbix.net