I recently received the following book from Wiley:

I haven’t had a chance to read it yet so this will be a placeholder for a future review.

Links to other reviews

Review

A complete review will follow later.

I lent this book to a coworker who promised to read it for me. 😀

The following is based on a skim of the book.

This book is about web services, in particular those that center around a mashup and are generally user-centric. Smart Web 2.0 companies use on an interrelated set of web services in order to add functionality on their site and they publish the same for other web companies to use. For instance, YouTube uses the Plaxo Address Book widget to import contacts into their site. (Which sometimes leads to hilariously archetypal BoingBoing posts: the type where they scoop something and then issue a retraction in the very next update which voids everything.)

The book is divided into two parts. The first part defines the terms and then covers a specific type of Web API, the RSS/Atom feed. It then goes through a tutorial on how to consume and produce this feed.

The second part of the book covers REST and SOAP APIs and then shows how to consume some specific ones published by third parties: Google, Amazon, FedEx, eBay, PayPal, NOAA/NWS, Flickr, and del.icio.us. The last chapter shows how to create a web service.

My main criticism with the structure is that there appears to be not enough time spent on how to produce Web APIs. In particular, at least a chapter should be devoted to a tutorial on how to abstract the publication of your APIs so that they can expose REST/XML, REST/JSON, SOAP, and XMLRPC automatically. This is how many of the third parties work.

An unrelated criticism is that I wish Paul wrote a book twice as long as this one and devoted the next 340 pages on the widget (both consumption and production). In my opinion, things like Google AdSense, Amazon AStore, and the earlier-mentioned Plaxo Address Book Widget are as new and powerful in a different way as the concept of a Web API is from the more traditional enterprise SOAP! Okay, maybe that’s another book for another time…

I think that a chapter should be devoted to security considerations of APIs. I should mention that the book devotes 10 pages or so in the beginning of the Web API production chapter. The issue I have is that it only covers authentication. I think it’d be interesting to mention how this security policy might interact with the other ones in your site. In particular it’d be nice if Paul showed a Cross Site Request Forgery, perhaps with an actual example of a security hole in one of the previously mentioned 3rd party APIs. Besides, I was always curious about if you can do any sort of injection into Bloglines and things like that.

Another thing I’d have liked is a discussion on the business considerations of Web APIs. In many ways, REST has flourished while SOAP has languished. Why? Why would a company want to consume a web service? Why would they produce their own? Paul makes the business case for this within the first five pages, but doesn’t touch these issues again in the book. (I could be wrong, I have only skimmed it.)

Obviously, business cases aren’t important if you’re “just a lowly PHP developer.” But in today’s Web 2.0 world, who is?

Other than that, it looks to be a good tutorial that will get the PHP developer up and running very quick with the concepts of Web APIs (both as a consumer and producer of them). Odds are you will want to interact with one of the third party services Paul specifically mentions. Even if not, they do run the gamut of the sort of services you might see out in the wild. For instance, if you payment gateway isn’t PayPal, it you should still be able to handle it easily after practicing on the ones he shows you.

Today, you really can’t do user-centric web development and I’m glad these books are coming out.

I’d like to thank Ashley Zurcher of Wiley for scoring me a free copy of this book.

Curiosity

I wonder: how does this book differ from Professional Development with Web APIs? I mean besides the “with PHP” part? Very confusing.

I don’t think I’ve actually met the author yet. The author is Paul Reinheimer who is a member of the PHP Security Consortium. I mention that because he is listed as a co-author of a 400 page security tome, which is different from the 528 page one I teased a couple months ago. (Remember, this is WROX so the print is large and there are a lot of code samples, 400 WROX pages = 250 normal pages.)

(BTW, Chris Shiflett is listed as the co-author on Amazon. Ignore that. He and Dave Mercer were the technical editors, not the authors.)

Speaking of Professional PHP5 Security, who is the dude next to Paul? Because I just saw Christian and Ben at OSCON and neither look like that. Is that what Ben looks like without the glasses? I’m so confused!

In any case, based on the authors, I’d recommend that book if you want something heavier than one by Chris Shiflett or by Ilia Alshenetsky. (I have the former and I’m pretty sure the latter is good.)