Documentation First: A Recipe for API Success

I've shipped a handful of greenfield APIs in recent months for different clients, and in each case I've been building the documentation before the API. I hadn't really recognised it as a pattern until someone else commented on it, but I do find this approach has worked well for my projects, so I thought I'd share my thoughts on this in a bit more detail. Continue reading

PHP 7.0 (and 5.6) on Ubuntu

PHP 7 is released but for those of us who don't usually compile our own PHP, it can be a long wait for our preferred distro to release the packages we want. For Ubuntu, I'm using a PPA which allows both PHP 5.6 and PHP 7.0 to be installed, including things like extensions, at the same time. It was very easy to set up (I'm running Ubuntu 15.10 but this process should also work on older versions back to at least 14.04 which is the previous LTS) so here's a quick walkthrough of what I did. Continue reading

Simple One-to-one Meetings

Recently I was giving some advice (that I was asked for, which is novel) regarding one-to-one meetings between developers and either team leads or management can be structured. My thoughts really boiled down to some very short points (this is why sometimes, those meetings take 15 minutes and other times they take 3 times that for a monthly update!). In case they're useful to anyone else, here's my meeting outline:

  • What's going well/what are you excited about?
  • What's tedious/annoying or actually a problem?
  • What could I be doing that I'm not?

Continue reading

Use Ngrok for Testing APIs on Dev

Recently I was hastily building an API for a client and I wanted to run some tests against it. I've written before about using Runscope for API testing, but this was against a local dev platform (inside a VM, not directly on my laptop) rather than a public API. The same problem arises if you want to access a local site or API from elsewhere or from a mobile device. In all these scenarios, ngrok is your friend. Continue reading

Handling Composer "lock file out of date" Warning

Composer is dependency management for PHP, and it consists of two main files:

  • composer.json where you specify your dependencies
  • composer.lock where composer itself records exactly which precise version of every library and every dependency of every library it picked, so all installs will be identical

Crucially, the composer.lock also includes a hash of the current composer.json when it updates, so you can always tell if you've added a requirement to the composer.json file and forgotten to install it. Continue reading

PHP Web Services: 2nd Edition


I'm delighted to announce that the second edition of PHP Web Services is published! This isn't an entirely new book but in my own biased opinion it is a much better job of this topic than I did the first time around :) Following from the feedback we got on the first book, this edition contains quite a lot more working examples (with code on github) as well as updates for new tools and expansion on newer technologies and practices.

Writing a second edition was nothing like writing a first edition, it's more like editing with snippets of writing and rewriting thrown in. My heartiest thanks to my tech reviewers who sorted out all kinds of nonsense contradictions and generally asked hard questions during the process - you are all humans of the highest calibre :)

Upgrade To Better Passwords in PHP

The password features in PHP aren't exactly new, but I see lots of applications from "before" which aren't being migrated to better practices. I have some strategies for doing these migrations so I thought I'd share my main approach, plus a similar-but-different one I saw in the wild (OK it was in CakePHP, so not too wild!). Continue reading

OAuth2 with PHP's built in Streams Functions

Most of the time when I work with APIs from PHP, I use Guzzle - it's awesome and modern and elegant. However some of my work is with legacy platforms and I recently had a situation where we needed to integrate with a API using OAuth2, and launch that integration before the planned platform upgrade from an older version of PHP was expected to complete.

(this drives me nuts, I love upgrading systems but the downside is you have to work with the old ones first and none of the tools you want have been invented yet!)

For OAuth2, all I had to be able to do was to send an Authorization header with my web request from PHP. My second-favourite way of making API calls from PHP is to use PHP's stream handling, so I did that. It's not code you see very often but it's super-simple and it works on every PHP platform I've tried so far, so here's an example:

// assemble the options
$opts = array(
  'http'=>array(
    'header'=> "Authorization: Bearer " . $access_token
  )
);
// create the context
$context = stream_context_create($opts);

// now make the request! Use the context and simply output the result
echo file_get_contents('http://api.example.com/endpoint1', false, $context);

If you're trying to make an API call from PHP and installing better tools is hard for any reason, this example may help!

API Testing with Runscope

I work with a lot of APIs and I really appreciate good tools. Lately I've been really enjoying using Runscope for testing and monitoring my APIs so I thought I'd share how I work with this tool, which has a great one-person free tier *and* the ability to import/export tests so if you need to work with a team with just the free tier (the examples here are from an open source project which is an obvious use case where it's hard to fund tools), it's clunky but doable. The idea here is just to show you around how to create your own API tests with Runscope (and also to write down what I did so I can point both my future self and others at this!) Continue reading