How To Build An API With Ruby On Rails

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Cool , thanks for that

👍︎︎ 1 👤︎︎ u/artelicious 📅︎︎ Oct 13 2020 🗫︎ replies

Captions

[Music] hey guys hope you're all well and i'm super sorry it took so long to make another video i've been really looking forward to making one and today we're going to go over how to make a ruby api it's going to be pretty fun we're basically just going to write the backend logic send the data to an endpoint and front-end devs would actually fetch that data to display it on the front and right this is how you usually work in companies and uh yeah so let's go ahead and we are going to generate a real new app in that case i'm going to call it book api because this is the example i'm going to use today we're just going to create some books and try to display them on the on the endpoint now just before you generate the app ruby gives you this ability to specify as one of the options that you wanted as an api so it goes much faster and it doesn't generate a lot of stuff that you actually don't need for that so that's super cool it makes your whole app lighter and that's exactly what we want let's cd into our folder and open it up and first you can notice that there's a lot of stuff that is not there including some of stuff in the view a lot of javascript that is not there it's perfect we don't need it for the back end so let's generate our books model so rails also gives us this command that you probably know which is generating a resource directly we want to give it a title as a string description as a text and maybe rating oops yeah i'll be doing a lot of typos by the way guys because this is the work computer and i'm not used to the keyboard so yeah rails generate resources uh basically just uh generates the model the controller and the route for you it doesn't generate any of the actions but we don't need that so you can see that now we have our books controller we have our book model and if we go to routes we can see that we have our resource books awesome so what you want to do usually by convention when creating an api is name spacing that so you want to name space it by api defaults give it a default for the format right so we want the format to be json so this is basically uh telling rails that it should expect we are going to tell it that it should expect this resource inside of this namespace so it would be api v1 slash books so let's add the v1 namespace as well if you wanna sorry awesome so you can see here that basically we don't need to scope our books inside of v1 v because basically we just want all of the actions to appear under that scope so this is what we needed so we can go ahead actually and jump to our controller and start coding our index and see what we would actually get now just before i forget guys i'm going to be using an app called postman postman is going to allow you to simulate the responses that you get on the on the urls so it allows you to play with the data put on parameters headers and see what what kind of response you would actually get you can even simulate post or delete requests even put requests and just by sending in some data inside of a body it allows you to play around it's much easier it makes your life much easier so this is what i'm going to be using uh you can guys like just go ahead and download it won't take long and it's free so we want the index to basically hold all of our books for now we are not going to add any logic but everything works the same as if you were on a normal rails ad basically so you just say you create a variable assign it all of the books and let's say we want to render all of those books you would just render it as a json and you pass in the variable that you want to appear there i didn't see this file you know what i'm going to do actually i'm going to take this defaults here and i'm just going to edit on the resource it's cleaner nice so now we would expect the response whenever we go to api v1 books we would expect to get back all of those books which we don't have any actually yet so let's migrate let's open up the console and let's start the server awesome servers up let's create our first book first book uh description first book description i'm not very creative today am i on a rating of 4. awesome so now we have one book so we would expect that whenever we go to this url to get back the data right now we will get an error anything initialized constant api and of course we named space inside of our routes by api v1 so rails is expecting to find this books controller inside of api t1 which is not the case it's just inside of controllers so we need to change that create a folder called api inside of the folder called api we will create another folder called d1 and we can move that books controller in it so let's do that from the terminal nope we are going to move it inside of api e1 perfect so again we will also have to change that here so as it is separated inside of folders rails is expecting different modules so the first one will be api second one again would be v1 and then we would actually pass in the class so i can stay like that perfect awesome so let's try that out now thank you ruby so let's try and see what it gets us so we actually get that first book back so that's great there is something we want to do though is um it's yeah or actually i'll include that in another tutorial let's not make it too long because we still have a lot to cover so that's awesome we're getting the books back we're getting an array with all the books because this is what we're sending in perfect so now let's assume we wanted to exclude some of the data right we don't want to send in everything for example if there was a password and that data we wouldn't want to send it so we could say accept and pass in an array of what we want or if it's just one so i don't want to pass in the title we could just say accept title and we would get everything except the title so keep that in mind for now we do not need it great so uh we can always of course describe the show so everything works the same really we would pass in an id inside of the params so us on the back end would just basically grab that id and find a book with that param let me find this perfect and we would just render it so let's simulate another request and basically we would just copy and paste that and pass in an id in that case we only have one book so we pass the idea one and we get an error so it seems like i forgot to put the end to my show action let's try that again and perfect now we get the book back if we would pass id2 here it would not work of course you would need to write how to handle errors yourself but you can just see that you couldn't find id with two so if you basically just go back to the control here and create another book without any value but we will still get it back just that the title would be no awesome now i just i'm sorry i'm speeding through this because it's basically the same thing it's just grabbing data and rendering it on the on the response what i want to show you which is a little bit different is what happens when you actually want to simulate like um post requests input requests so something that you would want to do is uh inside of your application controller you would basically want to turn the response that you get and parse it into a json right so we just we we write a method for that we call it json payload and what i like to do is we just call one of ruby's classes called hash within different axis we initialize it and inside of it we are going to basically parse so the the argument we give it i mean is the parsed response right to get the response you just request the raw post and why am i doing that uh basically this is going to this this class here is going to differentiate um symbols and and strings if you can say so uh title with quotes would be the same as title and a column and basically whenever we want to send in the data for through the body we are going to call the json payload right this is how we are getting the raw post which is the body of the response it doesn't maybe probably make sense right now but let me go through one of the poster put requests and we will see so let's assume we want to create through postman so through the endpoint we want to be able to create stuff so we want to be able to send the data somewhere right so the front-end what the front-end would do is they would have a form and they would send the data through the form through the body of the of the response the http request sorry so we would basically grab this body and this body is grabbed with the method we just described so json payload it would request the raw body the raw post it would turn it would parse it into a json and it would initialize it with the hash within different axis which is not necessary it just makes your life better now basically we we have that we have that response we have that body inside of here and we're assigning it to a variable called data it's just easier to understand and then when we want we would want to create a new book for example so we would say book.new like you always did with rails you always create a new one and basically usually what you would do here is that you would like pass in the strong params right that you're right in the controller down and like the the ones that you permitted but in that case you just pass in the body so now what would happen if actually someone would send like a malicious user would send us like wrong data or like a lot of data or try to make himself become an admin well that would be bad and that is not something we want so one way to avoid that is for example we can we can initialize for example a constant here called loud data and this constant would basically take whatever we want to allow the user to send us so body for example and we are going to freeze that so that it does not change so this is what we want actually we call the description now body and there is racing as well so these are the things that are allowed if someone tries to send something else these are not what we consider as a loud data i hate this keyboard awesome so now we have our allowed data but what do we do with it right so we want to go through the json payload and we are going to iterate through whatever was passed in through that payload and we are going to say if so if the allowed data includes any of the attributes from the json payload then yes we want to select it and put it in data otherwise the other ones is just going to ignore it you could also use reject and do it other way around but this is fine for now so we're just selecting the proper ones assigning them to data so if here the user would send something else such as admin true this method here would ignore it this iteration would ignore it and just select the title description and rating store it in a variable called data then we would create a new book with this data and then the usual if the book is saved we want to render jason with that book otherwise we can render an error message so let's try this out so same thing we are going to simulate the request here we go to books but this time it's going to be post and what we are going to do is pass in some body information so the title and i want this title to be my test you book pass in description look at this and finally the rating so let's try sending this and we get an internal error and again i forgot to put an end oh my god let's try that so undefined method include i forgot the question mark sorry because what we want is actually to return true if if it does include it and if it does return true then we store it inside of the variable i'm sorry guys you probably realize that but awesome so we get the response back we're not getting an error message so you can see here test book perfect so we got the book we can even like make sure or actually just by using our api and make sure that we get all the books back and you can see that our book now appears here now what would happen if inside of the body of this http request we would actually send something else so if i would want to turn myself into an admin user so that i can do bad stuff right so obviously like nothing happens so that was probably a bad example because we don't even have the admin attribute but what if rating is not allowed and we still try to pass in the rating here what would happen you can see that rating is ignored and is actually turned into no so this is how you avoid mass assignment this this malicious uh use of data is called mass assignments and we want to avoid that so now basically we we just made the post request we made the get request we can also do a put request or or delete request so the put is very similar to the create so let's go directly to the delete and again very similar to the show so we know that there are the front end is going to send us the params so why am i writing notes book book dot find so we find a book based on the program we get through the url all right and we just destroyed that book all right so let's use this url change this into a delete and let's say i want to delete the book number two all right oh my god you guys must be laughing at me all right so we don't get anything because we're not actually running any data there but if you would refresh this page you can see that the book number two is gone because we destroyed it awesome so guys that was it that's the very basic of how to create it you can grab data you write all of the logic right you store it inside of a variable and you just render it on the on the on the endpoint so very basic stuff uh everything works the same for us as back end uh the probably the biggest challenge of it is that everything is more abstract you don't see the front end you have to assume you have to align with the front-end devs hey guys this is what you need to send through this endpoint etc now maybe later on i don't know if you guys appreciated that video that video but later on what i could do is actually go over something called blue printer so it's a gem and it just makes it easier to to send json data uh to an endpoint so i could cover that and i could also cover how does the front end then deal with that data that we just sent here so thank you so much for watching subscribe and leave a like cheers

Info

Channel: CodeWithHassan

Views: 1,018

Rating: 4.8333335 out of 5

Keywords: ruby, ror, ruby on rails, programming, coding, tutorial, learning, api, backend, endpoint, rails, postman, json, parsing, computer, computer science

Id: _C5aDob_K3E

Channel Id: undefined

Length: 20min 44sec (1244 seconds)

Published: Sun Oct 11 2020