Flask REST API: Introduction

Dylan Anthony - Jun 30 '19 - - Dev Community

Most of what I do as a professional developer involves back end services using Python and Flask. I've tried a bunch of different combinations of methodologies and technologies and come up with a pattern that seems to work well in most cases. Over the course of this series, I'll do my best to walk you through the different considerations when building web services and explain why I've made the choices that I've made. By the end, I hope to have both a guide to success for Flask developers and a template that can be used to kickstart new web dev projects.

Outline

Here are all the topics related to web services that I plan to cover. I'll give specific detail on how I solve each problem, but I'll try to also give general advice to be applied regardless of the language/framework you're using. Some of this may change as I write. I might add things on or leave things off based on interest in comments. Please let me know if you think I've missed anything here so I can make sure I add it as I start writing! I also plan to make all the code available on GitHub as I go.

  1. Foundation: Building an app that's ready to grow.
    1. Basic, sustainable package structure
    2. Dependency management
    3. Running services locally
    4. Integration with IDEs
    5. Basic unit tests
  2. Continuous Integration: Catching mistakes early
    1. Automated tests
    2. Static analysis
    3. Dependency Vulnerabilities
    4. Style checking
  3. Authentication: Knowing who is using your app
    1. Safely storing and checking credentials
    2. Using tokens to identify users
    3. Enforcing authentication on all resources
    4. Testing around authentication (mocking/faking)
  4. Databases: Storing and accessing data
    1. ORMs
    2. Disposable databases for testing
    3. Migrations (tracking schema changes)
  5. API Design: Making your services easy to use
    1. Defining API resources
    2. Basic operations (CRUD)
    3. API spec and dev UI
    4. Testing the API
  6. Authorization: Ensuring people only access their data
    1. Framework for expandable permissions
    2. Enforcing authorization checks on endpoints
  7. Asynchronous Tasks: Don't slow down your users
    1. Starting async jobs from requests
    2. Running periodic tasks
    3. Email Notifications
  8. Preparing for Production: Adding more stability
    1. Production servers
    2. Database technologies
    3. Containers (Docker)
    4. Security headers
    5. Version management (changelog)
    6. Logging
  9. Deploying: Getting you app out there
    1. Infrastructure as code
    2. DNS
    3. Load balancing
    4. Managing secrets
    5. Multiple environments
    6. Alarms/notifications when problems occur
    7. Manual and continuous deployment
  10. Consuming the API: Actually using the thing
    1. Using the UI
    2. Using API tools (Postman)
    3. Generating client libraries
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .