How can you document a REST API usage/consumption? - api

We have a medium size app (100+ SQL tables), and we often need to integrate it with partner APIs (with our system as a client/consumer). Process of designing such integration is non-trivial:
We often need to map columns in our database to fields in requests to partner API.
Some fields in requests to partner API must be constant, or conditional
In rare occasions output from one API response becomes an input to another API request
There are many resources on the web to document REST APIs - there are specific formats for that (Swagger, RAML, etc.). These formats allow efficient generation of client code and human-readable documentation. However these formats are not very helpful for describing how your app integrates with an API. We create lengthy Microsoft Word documents which contain more or less a copy of partner API methods with comments how every individual field should be used. Such solution seems sub-optimal.
Googling for better options did not yield many results, namely Swaggerhub seems to have "comments" functionality which seems to target the problem above and pretty much that's all.
Question: are there some tools, formats, workflows, ideas, etc. which facilitate designing and documenting API integrations described above?

I dont know which language you use, but i work with ApiDoc
https://apidocjs.com/
He is perfect to generate an API REST doc with comment in NodeJS, he can be used with many language

Related

Is there a solution to visually integrate custom APIs?

Sorry, I am not sure this question belongs here. We are building a solution that requires a "mapping engine", so to speak. We need to map our own db fields against multiple external APIs and vice versa. To us, this is a very time-consuming and repetitive process, and I have been unable to find any solution out there other than maker, zapier, etc. which work with pre-existing integrations. What we are dealing with is a bunch of legacy custom APIs that are never part of any of these solutions.
I was hoping there's a solution out there that would just let me paste the JSON and XML bodies of successful requests and responses of the legacy APIs we're working with, then allow us to match our internal fields against those fields in a table as API templates that we can define, and then run as an automation middleware, executing on the templates so to speak.
Does this exist?

Google Adwords Keyword Tool API to automatically extract data onto a website

Im looking to use Google Adwords Keyword tool data on a website. Ive been looking around in the API and I cant find much to match what I need. I noticed a lot of keyword research tool websites use google as their main source for their information. How would I go about doing this and extracting the data and have it run on a website automatically so it wouldnt need to be updated manually each month?
you can use the Traffic Estimator service in the AdWords API:
https://developers.google.com/adwords/api/docs/reference/v201409/TrafficEstimatorService
Be warned that this is notoriously inaccurate (which is odd given that you would think Google had its own data to call upon!)
I use the TargetingIdea service in the AdWords API to generate lists of keywords to use for building AdWords campaigns. (https://developers.google.com/adwords/api/docs/reference/v201409/TargetingIdeaService.TargetingIdea)
First off you need an API key - they're not that easy to get and your app needs to offer a whole lot of features to meet the required minimum functionality - take a look here https://developers.google.com/adwords/api/docs/requirements
Once you've jumped over that hurdle you get the data from Google by sending a request to the service. That request includes some targeting criteria like location and language and also a "seed" keyword. You can also specify if you want closely related results or broadly related results.
For example if you sold tractors you'd put 'tractors' in as a seed keyword and then the API would return either closely related terms like 'tractors for sale', 'used tractor spares' etc or more broadly related terms like 'agricultural machinery'.

Can client side mess with my API?

I have a website that revolves around transactions between two users. Each user needs to agree to the same terms. If I want an API so other websites can implement this into their own website, then I want to make sure that the other websites cannot mess with the process by including more fields in between or things that are irrelevant to my application. Is this possible?
If I was to implement such a thing, I would allow other websites to use tokens/URLs/widgets that would link them to my website. So, for example, website X wants to use my service to agree user A and B on the same terms. Their page will have an embedded form/frame which would be generated from my website and user B will also receive an email with link to my website's page (or a page of website X with a form/frame generated from my server).
Consider how different sites use eBay to enable users to pay. You buy everything on the site but when you are paying, either you are taken to ebay page and come back after payment, or the website has a small form/frame that is directly linked to ebay.
But this is my solution, one way of doing it. Hope this helps.
It depends on how your API is implemented. It takes considerably more work, thought, and engineering to build an API that can literally take any kind of data or to build an API that can take additional, named, key/value pairs as fields.
If you have implemented your API in this manner, then it's quite possible that users of this API could use it to extend functionality or build something slightly different by passing in additional data.
However, if your API is built to where specific values must be passed and these fields are required, then it becomes much more difficult for your API to be used in a manner that differs from what you originally intended.
For example, Google has many different API's for different purposes, and each API has a very specific number of required parameters that a developer must use in order to make a successful HTTP request. While the goal of these API's are to allow developers to extend functionality, they do allow access to only very specific pieces of data.
Lastly, you can use authentication to prevent unauthorized access to your API. The specific implementation details depend largely on the platform you're working with as well as how the API will be used. For instance, if users must login to use services provided by your API, then a form of OAuth may suffice. However, if other servers will consume your API, then the authorization will have to take place in the HTTP headers.
For more information on API best practices, see 7 Rules of Thumb When You Build an API, and a slideshow from a Google Engineer titled How to Design a Good API and Why That Matters.

How do you create a document in Google Docs programmatically?

The documentation for Google Documents List API, seems to say that you can create a local document and upload it. Is there no way to actually create and edit a document on Google Docs through an API?
While the docs call it "uploading", everything boils down to sending an appropriately formatted HTTP POST request, so of course it can actually be a new creation rather than an actual "upload" of an otherwise existing file. (Creation through POST requests is similar to what's normally described as a REST API, though in real REST you'd typically use a PUT request instead of course).
You just need to create a blob of data representing your document in any of the formats listed here -- depending on your programming language, simplest may be text/csv for a spreadsheet and application/rtf for a text-document -- then put in in an appropriately formatted POST data. For example, to make a spreadsheet in the simplest way (no metadata), you could POST something like:
POST /feeds/default/private/full HTTP/1.1
Host: docs.google.com
GData-Version: 3.0
Authorization: <your authorization header here>
Content-Length: 81047
Content-Type: text/csv
Slug: Example Spreadsheet
ColumnA, ColumnB
23, 45
Each specific programming language for which a dedicated API is supplied may offer help with this not-so-hard task; for example, in Python, per the docs, the API recommends using ETags to avoid overwriting changes when multiple clients are simultaneously "uploading" (i.e., creating or updating docs). But preparing the POST directly is always possible, since the almost-REST API is documented as the protocol underlying all language-specific APIs.
Alex's answer, while undoubtedly correct, begs the question: "how do I do that via the Google Docs API?"
Here's a way (in Python, 'cause I'm that kind of guy):
import gdata.docs.service
import StringIO
client = gdata.docs.service.DocsService()
client.ClientLogin(username, password,
source='Spreadsheet Creation Example')
content = 'COL_A, COL_B, COL_C, COL_D\ndata1, data2, data3, data4'
ms = gdata.MediaSource(file_handle=StringIO.StringIO(content),
content_type='text/csv',
content_length=len(content))
entry = client.Upload(ms, 'Test Spreadsheet')
This is a small mashup of techniques that I found in http://code.google.com/p/gdata-python-client/source/browse/tests/gdata_tests/docs/service_test.py , which I in turn found via this post from the Google Group for the GData Docs API.
The key insights (for me anyway) were:
realizing that the MediaSource constructor's formal parameter "file_handle" will take any file-like object, and
discovering (as the OP's followup to the Google Group post mentions) that the unit tests are a great source of examples
(I wasn't able to find the Python-specific developer's guide referenced by Alex's doc link -- possibly it's been lost or buried in Google's move of documentation assets from code.google.com to developers.google.com. Alex's link now redirects to the more generic document that shows mostly .NET and Java examples, but only a little Python.)
As of Feb 4, 2019, Google Docs now has a REST API.
See documentation:
https://developers.google.com/docs/api/
(Sep 2019) There are 3 ways to create a document in Google Docs programmatically:
Google Docs REST API (low-level; Python, JS/Node.js, Java, C#/.NET, PHP, Ruby, Go, etc.)
Google Apps Script (high-level; JavaScript-only)
Google Drive API (low-level like Docs API above; both alternatives above can create or edit documents, but this one is create- or delete-only plus editing sharing/permissions)
The Docs API was officially launched in Feb 2019. I produced a high-level video overview of what a mail merge application using the API would look like. (It's not a full-fledged G Suite Dev Show episode but does link to a working sample.) Check out the various guides on using the API, including Quickstart examples in a variety of programming languages.
OTOH, Apps Script is a simpler, higher-level alternative. It's a custom server-side JavaScript runtime supporting apps that are hosted+executed in Google's cloud. Use objects to talk to various Google APIs (G Suite & beyond) without knowledge of HTTP, REST, nor OAuth2. You can also access external databases with its JDBC Service or call other apps via its URL Fetch Service.
With Apps Script, you can create standalone applications, document-bound applications (only works for a single document), or Google Docs Add-ons to extend the functionality of Google Docs. Here are the Google Docs Apps Script overview page as well as the Apps Script reference documentation for Google Docs (Document Service). I've also produced a variety of Apps Script videos if that's your preferred learning vehicle. If you're new to Apps Script, see my answer to a similar SO question for more learning resources.
Typically the Docs, Sheets, Slides, etc., APIs are used to perform document-oriented functionality while the Drive API is used primarily for file-based operations. However "create" is a special case where you can use either. See my answer to another SO question which shows the difference b/w creating a new Google Sheet via the Sheets API vs. the Drive API. (Both samples in Python.) Read this if you're interested in managing sharing or updating permissions of Google Docs.

What should a developer know before building an API for a community based website?

What things should a developer designing and implementing an API for a community based website know before starting the heavy coding? There are a bunch of APIs out there like Twitter API, Facebook API, Flickr API, etc which are all good examples. But how would you build your own API?
What technologies would you use? I think it's a good idea to use REST-like interface so that the API is accessible from different platforms/clients/browsers/command line tools (like curl). Am I right? I know that all the principles of web development should be met like caching, availability, scalability, security, protection against potential DOS attacks, validation, etc. And when it comes to APIs some of the most important things are backward compatibility and documentation. Am I missing something?
On the other hand, thinking from user's point of view (I mean the developer who is going to use your API), what would you look for in an API? Good documentation? Lots of code samples?
This question was inspired by Joel Coehoorn's question "What should a developer know before building a public web site?".
This question is a community wiki, so I hope you will help me put in one place all the things that should be addressed when building an API for a community based website.
If you really want to define a REST api, then do the following:
forget all technology issues other than HTTP and media types.
Identify the major use cases where a client will interact with the API
Write client code that perform those "use cases" against a hypothetical HTTP server. The only information that client should start with is the response from a GET request to the root API url. The client should identify the media-type of the response from the HTTP content-type header and it should parse the response. That response should contain links to other resources that allow the client to perform all of the APIs required operations.
When creating a REST api it is easier to think of it as a "user interface" for a machine rather than exposing an object model or process model. Imagine the machine navigating the api programmatically by retrieving a response, following a link, processing the response and following the next link. The client should never construct a URL based on its knowledge of how the server organizes resources.
How those links are formatted and identified is critical. The most important decision you will make in defining a REST API is your choice of media types. You either need to find standard ways of representing that link information (think Atom, microformats, atom link-relations, Html5 link relations) or if you have specialized needs and you don't need really wide reach to many clients, then you could create your own media-types.
Document how those media types are structured and what links/link-relations they may contain. Specific information about media types is critical to the client. Having a server return Content-Type:application/xml is useless to a client if it wants to do anything more than parse the response. The client cannot know what is contained in a response of type application/xml. Some people do believe you can use XML schema to define this but there are several disadvantages to this and it violates the REST "self-descriptive message" constraint.
Remember that what the URL looks like has absolutely no bearing on how the client should operate. The only exception to this, is that a media type may specify the use of templated URIs and may define parameters of those templates. The structure of the URL will become significant when it comes to choosing a server side framework. The server controls the URL structure, the client should not care. However, do not let the server side framework dictate how the client interacts with the API and be very cautious about choosing a framework that requires you to change your API. HTTP should be the only constraint regarding the client/server interaction.