Consuming APIs in Laravel 1516239022
Learn how to confidently integrate third-party APIs in your Laravel projects using maintainable, testable and extensible
141 69 788KB
English Pages 455 Year 2023
Table of contents :
Consuming APIs in Laravel
Sponsor
Discover the Future of API Analysis
1. Security, Your Top Priority
2. Performance Excellence
3. Design Matters
Introduction
About APIs
What is an API?
Data Formats: JSON vs. XML
JSON
XML
HTTP Message Structure
Example HTTP Request Message
Example HTTP Response Message
Types of Web APIs
REST APIs
GraphQL APIs
RPC APIs
SOAP APIs
The Benefits of APIs
Promotes Automation
Improved Services
Improved Security and Mitigation of Risk
Encourages Innovation and Creativity
Drawbacks of APIs
Building the Integration
Rate Limiting
Security
Vendor Lock-In
Sending Sensitive Information
Authentication
Bearer Tokens
JSON Web Tokens (JWT)
Basic Authentication
API Integration Security
Allowing Specific Domains or IP Addresses
Avoiding Hardcoded API Keys
Granular Permissions
Use HTTPS
Avoid Using API Keys in the URL
Conclusion
Code Techniques
Strict Type-Checking
Should You Use Strict Types?
Composition Over Inheritance
Final Classes
Advantages of Final Classes
Disadvantages of Final Classes
Should You Use Final Classes?
Data Transfer Objects
Readonly Classes and Properties
Using Interfaces and the Service Container
Redacting Sensitive Parameters
Enums
Benefits of Using Enums
Reducing Errors Using Enums
Adding Methods to Enums
Instantiating Enums from Values
Conclusion
Building an API Integration Using Saloon
What is Saloon?
Alternatives to Saloon
Guzzle
Http Facade
cURL
API SDK
Should I Use Saloon?
Connectors, Requests, and Senders
Connectors
Requests
Senders
Installation and Configuration
Installing Saloon
Configuration
Available Artisan Commands
saloon:connector
saloon:request
saloon:response
saloon:plugin
saloon:auth
Preparing the API Integration
Building the Interface and Classes
Building the Interface
Building the DTOs
Building the Collections
Creating the Integration Service Class
Binding the Interface to the Concrete Implementation
Preparing the Connector
Creating the Connector Class
Adding the Connector to the Service Class
Authentication
Where to Use Authentication
Types of Authentication
Sending Requests
Fetching a Single Resource
Fetching a List of Resources
Creating a New Resource
Updating an Existing Resource
Deleting a Resource
Pagination
Understanding Paginated Responses
Sending Requests to Paginated Endpoints in Saloon
Sending the Requests to the API
Solo Requests in Saloon
Sending Concurrent Requests
Sequential vs. Concurrent Requests
Sending Concurrent Requests
Middleware
Using the Connector's "boot" Method
Using Closures
Using Invokable Classes
Plugins
AcceptsJson
AlwaysThrowOnError
HasTimeout
Error Handling
Saloon's Exceptions
Manually Handling Errors
Automatically Handling Errors
Using Your Own Exceptions
Changing the Exception Logic
Retrying Requests
Retry a Request
Customize the Retry Logic
Handling API Rate Limits
What is Rate Limiting?
Strategies for Working with Rate Limited APIs
Installing the Saloon Rate Limit Plugin
Configuring the Rate Limits
Sending the Requests
Catching 429 Error Responses
Setting Your Own Rate Limit Thresholds
Caching Responses
Installing the Cache Plugin
How to Cache Responses
Disabling and Invalidating the Cache
Testing API Integrations
Benefits of Testing
Should We Make Real Requests?
What Should We Test?
Using a Test Double
Extracting Test Helpers Into Traits
Adding Assertions to Your Test Double
Mocking HTTP Responses
Recording HTTP Responses
Conclusion
OAuth
What is OAuth?
Use Cases for OAuth
Single-Sign-On (SSO)
Third-Party API Access
Authenticating on Smart Devices
Server-to-Server Authorization
OAuth Terminology
OAuth Roles
Flows and Grants
Tokens
Client ID and Client Secret
Public and Confidential Clients
Scopes
OAuth 2.0 Flows
Authorization Code Grant
Authorization Code Grant with PKCE
Refresh Token Grant
Client Credentials Grant
Device Code Grant
Implicit Grant
Resource Owner Password Grant
The Benefits of Using OAuth
Improved Security
Improved User Experience
Common and Well-Supported Standard
View and Revoke Access
The Drawbacks of Using OAuth
Complexity
Security Concerns
Third-Party Dependency
Potential for Inconsistent Implementations
Possible Alienation of Users
OAuth Best Practices
Use PKCE with the Authorization Code Flow
Don't Use the Password Grant
Use the Authorization Code Flow Instead of the Implicit Flow
Use Exact String Matching for Redirect URIs
Don't Use Access Tokens in Query Strings
Use Sender-Constrained or One-Time Use Refresh Tokens
Allow Users to Revoke Access
Pass Credentials in the Authorization Header
Laravel Packages for OAuth
Laravel Socialite
Laravel Passport
OAuth2 with Saloon — Authorization Code Grant
Preparing the OAuth Integration
Creating the OAuth Routes
Preparing Your Connector For OAuth
Building the Interface and Classes
Building the DTOs and Collection
Preparing Our Model and Database
Creating the Integration Service Class
Binding the Interface to the Concrete Implementation
Generating an Authorization URL
Handling the Authorization Callback
Making a Request Using the Access Token
Testing Your OAuth2 Integrations
Preparing For Testing
Testing the Controllers
Testing the Service Class
Conclusion
Webhooks
What Are Webhooks?
The Advantages of Webhooks
Real-Time Updates
Reduced Load on Your Application
Seamless Integrations With Your Application
The Disadvantages of Webhooks
Increased Complexity
Increased Security Risks
Fire and Forget
Defining Webhooks Routes
Defining Webhook Routes in the External Application's Dashboard
Defining Webhook Routes at Runtime
Building Webhook Routes
What Will Be Sent
Creating the Route
Creating the Enum
Creating the Model
Creating the Controller
Webhook Security
Why You Must Secure Your Webhooks
Validating a Mailgun Webhook
Testing Webhook Routes
Using Queues to Process Webhooks
Benefits of Processing Webhooks Using Queues
Creating a New Job Class
Updating the Controller
Updating the Tests
Conclusion
Final Words
Consuming APIs in Laravel
Sponsor
Discover the Future of API Analysis
1. Security, Your Top Priority
2. Performance Excellence
3. Design Matters
Introduction
About APIs
What is an API?
Data Formats: JSON vs. XML
JSON
XML
HTTP Message Structure
Example HTTP Request Message
Example HTTP Response Message
Types of Web APIs
REST APIs
GraphQL APIs
RPC APIs
SOAP APIs
The Benefits of APIs
Promotes Automation
Improved Services
Improved Security and Mitigation of Risk
Encourages Innovation and Creativity
Drawbacks of APIs
Building the Integration
Rate Limiting
Security
Vendor Lock-In
Sending Sensitive Information
Authentication
Bearer Tokens
JSON Web Tokens (JWT)
Basic Authentication
API Integration Security
Allowing Specific Domains or IP Addresses
Avoiding Hardcoded API Keys
Granular Permissions
Use HTTPS
Avoid Using API Keys in the URL
Conclusion
Code Techniques
Strict Type-Checking
Should You Use Strict Types?
Composition Over Inheritance
Final Classes
Advantages of Final Classes
Disadvantages of Final Classes
Should You Use Final Classes?
Data Transfer Objects
Readonly Classes and Properties
Using Interfaces and the Service Container
Redacting Sensitive Parameters
Enums
Benefits of Using Enums
Reducing Errors Using Enums
Adding Methods to Enums
Instantiating Enums from Values
Conclusion
Building an API Integration Using Saloon
What is Saloon?
Alternatives to Saloon
Guzzle
Http Facade
cURL
API SDK
Should I Use Saloon?
Connectors, Requests, and Senders
Connectors
Requests
Senders
Installation and Configuration
Installing Saloon
Configuration
Available Artisan Commands
saloon:connector
saloon:request
saloon:response
saloon:plugin
saloon:auth
Preparing the API Integration
Building the Interface and Classes
Building the Interface
Building the DTOs
Building the Collections
Creating the Integration Service Class
Binding the Interface to the Concrete Implementation
Preparing the Connector
Creating the Connector Class
Adding the Connector to the Service Class
Authentication
Where to Use Authentication
Types of Authentication
Sending Requests
Fetching a Single Resource
Fetching a List of Resources
Creating a New Resource
Updating an Existing Resource
Deleting a Resource
Pagination
Understanding Paginated Responses
Sending Requests to Paginated Endpoints in Saloon
Sending the Requests to the API
Solo Requests in Saloon
Sending Concurrent Requests
Sequential vs. Concurrent Requests
Sending Concurrent Requests
Middleware
Using the Connector's "boot" Method
Using Closures
Using Invokable Classes
Plugins
AcceptsJson
AlwaysThrowOnError
HasTimeout
Error Handling
Saloon's Exceptions
Manually Handling Errors
Automatically Handling Errors
Using Your Own Exceptions
Changing the Exception Logic
Retrying Requests
Retry a Request
Customize the Retry Logic
Handling API Rate Limits
What is Rate Limiting?
Strategies for Working with Rate Limited APIs
Installing the Saloon Rate Limit Plugin
Configuring the Rate Limits
Sending the Requests
Catching 429 Error Responses
Setting Your Own Rate Limit Thresholds
Caching Responses
Installing the Cache Plugin
How to Cache Responses
Disabling and Invalidating the Cache
Testing API Integrations
Benefits of Testing
Should We Make Real Requests?
What Should We Test?
Using a Test Double
Extracting Test Helpers Into Traits
Adding Assertions to Your Test Double
Mocking HTTP Responses
Recording HTTP Responses
Conclusion
OAuth
What is OAuth?
Use Cases for OAuth
Single-Sign-On (SSO)
Third-Party API Access
Authenticating on Smart Devices
Server-to-Server Authorization
OAuth Terminology
OAuth Roles
Flows and Grants
Tokens
Client ID and Client Secret
Public and Confidential Clients
Scopes
OAuth 2.0 Flows
Authorization Code Grant
Authorization Code Grant with PKCE
Refresh Token Grant
Client Credentials Grant
Device Code Grant
Implicit Grant
Resource Owner Password Grant
The Benefits of Using OAuth
Improved Security
Improved User Experience
Common and Well-Supported Standard
View and Revoke Access
The Drawbacks of Using OAuth
Complexity
Security Concerns
Third-Party Dependency
Potential for Inconsistent Implementations
Possible Alienation of Users
OAuth Best Practices
Use PKCE with the Authorization Code Flow
Don't Use the Password Grant
Use the Authorization Code Flow Instead of the Implicit Flow
Use Exact String Matching for Redirect URIs
Don't Use Access Tokens in Query Strings
Use Sender-Constrained or One-Time Use Refresh Tokens
Allow Users to Revoke Access
Pass Credentials in the Authorization Header
Laravel Packages for OAuth
Laravel Socialite
Laravel Passport
OAuth2 with Saloon — Authorization Code Grant
Preparing the OAuth Integration
Creating the OAuth Routes
Preparing Your Connector For OAuth
Building the Interface and Classes
Building the DTOs and Collection
Preparing Our Model and Database
Creating the Integration Service Class
Binding the Interface to the Concrete Implementation
Generating an Authorization URL
Handling the Authorization Callback
Making a Request Using the Access Token
Testing Your OAuth2 Integrations
Preparing For Testing
Testing the Controllers
Testing the Service Class
Conclusion
Webhooks
What Are Webhooks?
The Advantages of Webhooks
Real-Time Updates
Reduced Load on Your Application
Seamless Integrations With Your Application
The Disadvantages of Webhooks
Increased Complexity
Increased Security Risks
Fire and Forget
Defining Webhooks Routes
Defining Webhook Routes in the External Application's Dashboard
Defining Webhook Routes at Runtime
Building Webhook Routes
What Will Be Sent
Creating the Route
Creating the Enum
Creating the Model
Creating the Controller
Webhook Security
Why You Must Secure Your Webhooks
Validating a Mailgun Webhook
Testing Webhook Routes
Using Queues to Process Webhooks
Benefits of Processing Webhooks Using Queues
Creating a New Job Class
Updating the Controller
Updating the Tests
Conclusion
Final Words
