In this video, Keith Casey shares we walk through using Postman which we will use to debug and test our API.
- [Voiceover] While I hope to share strategies and tactics to speed along your development, you're going to have to test, debug, explore, and even make mistakes on your own to learn the best approaches. Towards that goal, there are two tools that are particularly useful in my own development. So let's spend a few minutes talking about those. First, we have Postman. Postman started as a Chrome extension but is also a standalone Mac app which allows you to make any kind of request you need to your API. You can download Postman from getpostman.com.
You can do anything from simple get requests to complex OAuth authentication flows. The results are returned in easily read formatting for mere mortals such as myself. One of the most useful but underappreciated features is the ability to create collections of requests and share them among team members. If you're teaching your team to use an API, this is powerful. Let's see an example of how to make both authenticated and unauthenticated get requests with the GitHub API. This is Postman, so in this URL box we can go ahead and insert a simple request.
So in the box we put api.github.com. And now when we hit send, this makes the request on our behalf, making a request directly to GitHub. Down below here, we can see the body that we received. In addition, we can go ahead and we can look at the headers that came back from that request. While these headers are all actually in the request, Postman goes ahead and alphabetizes them for us. So they may not be representative of what we actually see if we looked at the raw request. With Postman, in addition to anonymous requests, you can make authenticated request as your user.
To accomplish this, we'll go to the authorization tab here. In the type drop down, we have a variety of options available. We can use basic auth or even OAuth 2.0. In this case, we'll we'll use basic auth. We fill in our GitHub username and password and make our first authenticated request. Now, we could use the GitHub API via Postman to create repositories, fork projects, or simply retrieve our notifications. The only limits are what the API allows us to do, not Postman. The second tool is the cloud-based platform Runscope.
While it performs the same requests and processing that Postman does, it also includes testing, traffic monitoring, and can even serve as a proxy to capture your request. Specifically, this means that instead of making a request directly to api.github.com, Runscope generates another URL for you to use. That URL would point to Runscope and would replay your request directly to your service. In fact, in this regard, we can use it along with Postman. First, we take the normal GitHub API.
So here we have api.github.com. And down below here, we can see that Runscope has generated a new URL. We take that URL and go ahead and put it into Postman. So now when we hit send, Postman is still making the request. GitHub is still responding. But in the middle, Runscope has captured everything that happened between the two. So as far as we can tell, nothing has changed. But in terms of actually looking at the raw data, this captures it all for us. This is especially useful for event-based APIs.
APIs like Twilio, SendGrid, things along those lines. This gives you quick insight into the actions performed without having to write any of your own code. But probably the most powerful aspect of this is the collaboration. When you make a request or capture a callback, you can share the details via a simple link. Describing errors becomes trivial. Just remember that all of your logs are in the cloud. So if you would get fired for sharing data from your API, Runscope may not be the choice for you.
This course begins with a simple application specification and builds it one step at a time. Each chapter includes a key concept, with examples from other public APIs, and then shows how to build it yourself with Silex. Learn about URL routing, validating input, and generating response codes and hypermedia payloads. Like any project, the first implementation may be a little messy, but don't worry. The last chapter covers refactoring and what it takes to scale and support the API going forward.
- Understanding the project goals
- Adding authentication with Silex
- Using cross-framework and authentication middleware
- Creating a read-write API in Silex
- Uploading files via an API
- Adding file security
- Creating payloads and response codes in Silex
- Scaling your API