API best practices

API Writing Best Practices by Binghan

always manually output your field

meaningful resource URI
-post(c) get(r) put(u) delete(d)

json or xml response
– json/xml parser

html response codes
200, 301, 403,

background all the things
-create 3 queus
-image resizing

– swagger – PHP
– swagger – UI

– write tests, behat and jenkins

version your API
– put it in your header


Senitizing Data to Prevent SQL Injection & XSS by Binghan

prevent injection
– real_escape_string
– check your fields (is_numeric)
– laravel use rules

XSS atempt

XSS angular
– ng-bind-html-unsafe

prevent XSS
-strip tags (not full proof)
– preg_replace
– find number values of
– replace all html that can exe js
– do a for loop
– log the user id
– generate-xss-


Exploring & Documenting APIs with Swagger by Binghan

-create a json endpoint
– use swagger UI to compile into nice documents


SAS – Shared Access Signature for Private Blob by JC

generate signature

– more security
– 3 types of access
– every1, public only for blob, private
– allow private to access blob

– microsoft library (C#)
– hard code in php, based on ms docs
– generate signature – sha256
– default start and end time max 1 hr
– Add identifier to access longer


Return of the Azure CDN by VincentS

– cdn is not instant
– blob will be updated first

– media services
– adaptive streaming
– video is not actually downloaded