Week 13 Building an API Part 1 - Code-the-Dream-School/rails-guidebook GitHub Wiki

Week Topic Learning Objectives Key Resources
13 Building an API Part 1
  • Understand what web APIs are
  • Become familiar with the JSON data format
  • Understand the REST model for API communication on the web
  • Implement REST based logon using the Devise gem
  • Test REST APIs with Postman
  • Add CRUD operations for database objects
  • Understand Cross Site Request Forgery and how to prevent it
 Lesson Materials

Coding Assignment

Lesson Outline

What Students Learn

  1. Introduction to REST and JSON

    • Understand RESTful principles and HTTP methods (GET, POST, PUT, PATCH, DELETE).
    • Learn how JSON is used for request and response bodies.

  2. Authentication and Authorization

    • Implement user registration and authentication using Devise.
    • Learn about HTTP-only cookies for storing authentication tokens and security considerations.

  3. CRUD Operations

    • Create and manage CRUD operations for Member and Fact models.
    • Implement access control to ensure users can only access their own data.

  4. Testing and Documentation

    • Use Postman to test REST APIs.
    • Document APIs using Swagger and Rspec test cases.

  5. Error Handling

    • Implement error handling for invalid requests and exceptions.

  6. Security Considerations

    • Address CSRF protection and proper handling of security tokens.

Checklist

  • Initial Setup

    • Fork and clone the starter Rails repository.
    • Create a lesson12 branch.
    • Add necessary gems: devise, email_validator, strong_password.
    • Configure Rails session and Devise.

  • Creating Controllers

    • Generate users/Registrations, users/Sessions, and test controllers.
    • Implement JSON response handling in RegistrationsController and SessionsController.
    • Create AuthenticationCheck concern and integrate it into controllers.
    • Configure routes for user registration, session management, and testing.

  • Testing with Postman

    • Create and test GET, POST, and DELETE requests in Postman.
    • Verify user registration, login, and logout functionality.

  • Models and Associations

    • Generate Member and Fact models.
    • Implement model validations and associations.
    • Migrate databases.

  • Controllers and Routes for CRUD Operations

    • Generate API controllers for Members and Facts.
    • Implement CRUD operations and access control in controllers.
    • Set up routes with namespaces for API versioning.

  • Exception Handling

    • Create ExceptionHandler module and include it in ApplicationController.

  • CSRF Protection

    • Implement CSRF token handling and set skip_forgery_protection where necessary.
    • Configure Postman environment to handle CSRF tokens.

  • Submission

    • Commit changes and push to GitHub.
    • Open a pull request for review.

Ensure each of these tasks is completed to fully implement the API and prepare it for testing and submission.

⚠️ **GitHub.com Fallback** ⚠️