Author: shivammamgain

This author has written 13 articles

Errors and Error handlers for REST API

Errors are an essential part of a REST API system. Error instances must follow a particular structure so the client developer can correctly handle them at the client side. We had set a proper error structure at the beginning of creating REST APIs. It's as follows: { "error": { "message": "Error description", "code": 400 } } Any error occurring during client server communication would follow the above format. Code is the returned status code and message is a brief description of the error. To raise an error we used an _error_abort() function which was an abstraction over Flask-RESTplus abort(). We defined an error structure inside _error_abort() and passed it to abort(). def _error_abort(code, message): error = { 'code': code, 'message': message, } abort(code, error=error) This method had its limitations. Since the error handlers were not being overidden, only errors raised through _error_abort() had the defined structure. So if an Internal Server error occurred, the returned error response wouldn't follow the format. To overcome this, we wrote our own exceptions for errors and created error handlers to handle them. We first made the response structure more detailed, so the client developer can understand what kind of error is being returned. { "error": { "code": 400, "message": "'name' is a required parameter", "status": "INVALID_FIELD", "field": "name" } } The above is an example of a validation error. The "status" key helps making the error more unique. For example we use 400 status code for both validation errors and invalid service errors ("Service not belonging to said event"). But both have different statuses: "INVALID_FIELD" and "INVALID_SERVICE". The "field" key is only useful in the case validation errors, where it names the field that did not pass the validation. For other errors it remains null. I first documented what kind of errors we would need. Code Status Field Description 401 NOT_AUTHORIZED null Invalid token or user not authenticated 400 INVALID_FIELD “field_name” Missing or invalid field 400 INVALID_SERVICE null Service ID mentioned in path does not belong to said Event 404 NOT_FOUND null Event or Service not found 403 PERMISSION_DENIED null User role not allowed to perform such action 500 SERVER_ERROR null Internal server error Next part was creating exception classes for each one these. I created a base error class that extended the python Exception class. class BaseError(Exception): """Base Error Class""" def __init__(self, code=400, message='', status='', field=None): Exception.__init__(self) self.code = code self.message = message self.status = status self.field = field def to_dict(self): return {'code': self.code, 'message': self.message, 'status': self.status, 'field': self.field, } The to_dict() method would help when returning the response in error handlers. I then extended this base class to other error classes. Here are three of them: class NotFoundError(BaseError): def __init__(self, message='Not found'): BaseError.__init__(self) self.code = 404 self.message = message self.status = 'NOT_FOUND' class NotAuthorizedError(BaseError): def __init__(self, message='Unauthorized'): BaseError.__init__(self) self.code = 401 self.message = message self.status = 'NOT_AUTHORIZED' class ValidationError(BaseError): def __init__(self, field, message='Invalid field'): BaseError.__init__(self) self.code = 400 self.message = message self.status = 'INVALID_FIELD' self.field = field I then defined the…

Continue ReadingErrors and Error handlers for REST API

Swagger

Swagger is a specification for describing REST APIs. The main aim of Swagger is to provide a REST API definition format that is readable by both machines and humans. You can think of two entities in a REST API: One the provider of API, and another the client using the API. Swagger essentially covers the gap between them by providing a format that is easy to use by the client and easy for the provider to define. If not using Swagger, one would most certainly be creating the API first, writing the documentation (human-readable) with it. The client developer would read the documentation and use APIs as required. With Swagger, the specification can be considered as the document itself, helping both the client developer and the provider. Here's an example spec I wrote for our GET APIs at Organizer Server: https://gist.github.com/shivamMg/dacada0b45585bcd9cd0fbe4a722eddf The format, although readable doesn't really look what a client developer would be asking for. Remember that the format is machine readable? What does it mean exactly? Since the Swagger spec is a defined format, the provider can document it and people can write programs that understand the Swagger specification. Swagger itself comes with a set of tools (http://swagger.io/tools/) that use Swagger definitions created by the API provider to create SDKs for the clients to use. Swagger-UI One of our most used tools at our server is the Swagger UI (http://swagger.io/swagger-ui/). It reads an API spec written in Swagger to generate corresponding UI that people can use to explore the APIs. Every API endpoint can have responses and parameters associated with it. For instance our Event endpoint at Server ("/events/:event_id"). You can see how the UI displays the Model Schema, required parameters and possible response message. Apart from documentation, Swagger UI provides the "Try it out!" tool that lets you make requests to the server for the corresponding API. This feature is incredibly useful for POST requests. No need for long curl commands in the terminal. Here's the Swagger config from our demo application: https://open-event.herokuapp.com/api/v2/swagger.json The Swagger UI for this config can be found at https://open-event.herokuapp.com/api/v2 The UI for the example spec (gist) I linked before can be browsed here. Swagger-js https://github.com/swagger-api/swagger-js Swagger-js is JS library that reads an API spec written in Swagger and provides an interface to the client developer to interact with the API. We will be using Swagger-js for Open Event Webapp. Here's an example to show you how it works. Let's say the following endpoint returns (json) a list of events. /events The client developer can create a GET request and render the list with HTML. $.getJSON("http://example.com/api/v2/events", function(data) { var events = ""; $.each(data, function(i, event) { events += "<li id='event_" + i + "'>" + event.name + "</li>"; }); $("ul#events").html(events); }); What if the provider moves the endpoint to "/event/all"? The client developer would need to change every instance of the URL to http://example.com/event/all. Let's now take the case of Swagger-js. With Swagger-js the client developer would essentially be writing programs to interact with the…

Continue ReadingSwagger

Organizer Server and REST APIs

The Open Event Organizer Server is a server application written in Flask. It provides an admin interface for the organizers of events to manage events and related services like Sessions, Tracks, etc. Additionally it provides GET APIs for developers to read data from the server. These APIs are consumed by the Open Event Webapp and Android Client to display details to the users. The existing APIs could only fetch data. My is to create REST APIs that write data to the server. Developers are divided into groups with every group handling one aspect of the project. Avi Aryan and I would be working on REST APIs. Currently I'm working on porting the existing GET APIs to newer spec. Justin decided on our stack and technologies we would be working with (link). We are using Flask-Restplus extension for building APIs. The write API is not going to be the only big change to the server. The new authorization system is also going to change a lot. It would include more user roles, with each of them having different set of permissions. Apart from the Administrator and Organizer, a user can be: Attendee Moderator Speaker Track Organizer Other changes to User Management are mentioned in the docs. Besides these, adding support for OAuth 2.0 is also on the list. This would let users sign up through Social Media platforms. I had thought of a possible work flow for my group. Port existing GET APIs with newer spec on Flask-Restplus. Add the user roles mentioned above to the authorization system. A user role defines what type of services a user has access to. For example, an Attendee has write access to feedback and rating system for Sessions but he does not have permissions to create or modify Tracks. This needs to be done before creating write (POST/PUT/DELETE) APIs, so that access to services can be defined according to the user roles. The GET APIs are public and do not require any such permissions. Create write APIs. Set up user authentication system to register and sign in users. Add support for OAuth 2.0. Many of these changes require other changes to the server. Like the feedback and rating system for Attendees has not been implemented yet and would first require definitions for its database models. Existing models would also require changes. A lot of work to do. I have previously worked with Python and Django. This project brings a lot of new stuff for me. Python2, Flask, Swagger and RESTful APIs. Duke, Justin and Mario are going to be mentors for the Organizer Server. All in all, this summer is going to be an exciting one 😀. About Me: I'm Shivam, a 3rd year Computer Engineering student from College of Technology, Pantnagar. This is my first attempt at GSOC and I'm grateful to FOSSASIA for accepting my proposal. I started out with FOSSASIA by contributing to their Open Source projects.

Continue ReadingOrganizer Server and REST APIs