Web APIs design: an improvable example

Today I want to speak about the OWM web API 2.5 and its design.

First let me clearly state that I’m writing this post as a “gathering of thoughts” I’ve had during the first draft development of the PyOWM library, and it is not meant to be a negative criticism – but rather a positive review – to the  API architects/developers. I just want to write here my ideas so that the OWM API can be improved in future versions – and I will commit myself to help with this process, if needed.

I found this activity also very educational because it made me think again to all that books and articles I’ve read on the Internet about API design and – good grief – they were damn right!

As I said, developing the PyOWM library I had to write code interfacing with the OWM web API, which basically meant I had to setup an HTTP client and some kind of parsing module in order to read the API’s responses, squeeze useful data out of them and inject data into my custom object model to the benefit of users. These funny tasks lead me, nevertheless, to crash onto a few improvable API design features that made my work unreasonably more complicated and error-prone. And a bug also came into sight.

Be warned: this is a quite long post 😉

Design oddities

I found the following ones:

  1. mismatch between endpoint naming and features that endpoints implement
  2. inconsistent formatting of JSON data returned by different endpoints when queried for the same (or similar) data entities
  3. lack of use of proper status codes in HTTP headers for error signaling
  4. certain endpoints map on 200 (Ok) HTTP status codes also 404 (Not Found) error conditions

And there is something more… I won’t blame anybody  of these, but they really should be taken into account:

  • the API is poorly documented
  • the API is not RESTful

Let’s dig into each point.

Endpoints: naming vs features

The API lets you basically retrieve different weather datasets (observations, forecasts, historic data) about places in the world. The most simple and natural feature for the API is to let you query for the currently observed weather in a location: this can be specified in a twofold manner, either by passing the API a toponym or a lat/lon couple. The related endpoints are:

#Feature: retrieve current weather - location is specified via toponym
#Feature: retrieve current weather - location is specified via lat/lon

Here the naming seems to quite proper with regards to the implemented feature: great!

Things worsen when you consider these API features: find the current weather conditions in all the locations having certain characteristics, such as having toponyms that are similar/equal to a given string or being in the neighborhood of a given lat/lon couple. Here are the related endpoints:

#Feature: retrieve current weathers in all the locations whose names exactly equal to the string "London"
#Feature: retrieve current weathers in all the locations whose names contains the string "London"
#Feature: retrieve current weathers in all the locations in the neighborhoods of a lat/lon couple

Now, this lays down three questions:

  1. what the heck does “neighborhood” mean? The API documentation is silent about this topic. One could suppose that the API is performing a geographic search based on a circle with center into the specified lat/lon couple and a certain radius – and this is effectively what has been done in a prior (and now dismissed) version of the API. But nobody knows if this guess is true and – above all – what is the value for the radius , as it cannot be specified by the user.
  2. we know for sure that behind the API a geocoder is in action (for those who don’t know what a geocoder is: it is a SW module that performs direct mapping between geographic labels – such as addresses, city names, toponyms into a geographic coordinates couple or even a geographic feature on a map. Sometimes geocoders also perform the reverse mapping): for this reason, we have a “smell” here… the “find” endpoint is implementing a geocoder-like feature: it should not be responsibility of the API to behave like that, or at least, if this responsibility is implemented it should be kept separate from the weather data provisioning. So, in my opinion, there should be an endpoint providing geocoding queries and another one providing current weather data on a single location: then, queries for current weather data on X multiple locations can be done with X API requests for current weather on a each single location. You think that users won’t do that? Yes, they shouldn’t: an automatic HTTP client should. Indeed, that’s what APIs are meant to do: automatize 🙂
  3. isn’t the “accurate” parameter unnecessary? A “like” query should also give as results literal word matchings!

Another feature: retrieve weather forecasts for a location. You can get forecasts for every 3-hours of the next 5 days or for every of the next 14 days. Here are the endpoints:

#Feature: retrieve 3h weather forecast for a location
#Feature: retrieve daily weather forecast for a location

Again, questions:

  1. good naming here, but it can be improved. I would use “/forecast/daily” for daily forecast and “/forecast/3h” for 3-hours forecast. A viable alternative could be using a single endpoint “/forecast” along with a “interval=[daily|3h]” query parameter.
  2. only results coming from the daily forecast query can be paged by the user: the user can control how many results are returned by the API through an optional parameter named “cnt”. This is not possible with regards to the 3-hours forecast query: why?
  3. why isn’t it possible to specify a forecast through a lon/lat couple? Maybe it is a design decision, but it creates asimmetry with the previously described API features.
  4. why isn’t it possible to query for weather forecasts for all the locations having name similar to a given string or being in the neighborhood of a specific lon/lat couple? Guess it’s due to API designers laziness…

Same conceptual entities, different JSON representations

Clients of data API expect returned data to be structured using some kind of language or convention and  they also expect that structured data is organized in chunks or logical groups  that clearly convey cohesion and hierarchy. In our specific case, the description language used by the API can either be JSON or XML (but we will only rely on JSON from now on): this is a consolidated practice among the web APIs  and this sounds good. At this point, we want to inspect the JSON returned by a query for current weather data on London,UK:

#Payload of response to request:
#GET http://api.openweathermap.org/data/2.5/weather?q=London,uk
  "coord": {
     "lon": -0.12574,
     "lat": 51.50853 },
  "sys": {
     "country": "GB",
     "sunrise": 1378877413,
     "sunset": 1378923812 },
  "weather": [{
     "id": 521,
     "main": "Rain",
     "description": "proximity shower rain",
     "icon": "09d" }],
  "base": "gdps stations",
  "main": {
       "temp": 288.88,
       "pressure": 1021,
       "humidity": 63,
       "temp_min": 287.15,
       "temp_max": 290.37 },
  "wind": {
       "speed": 4.6,
       "deg": 330 },
  "clouds": {
       "all": 75 },
  "dt": 1378899070,
  "id": 2643743,
  "name": "London",
  "cod": 200

The “coord”, “country”, “id” and “name” JSON root elements refer to a single logical entity: the location for which the current weather is given (London, UK). Can you see it? Wouldn’t have it been better to group all the location info into a single JSON element? For example, like this:

  "coord": {
     "lon": -0.12574,
     "lat": 51.50853 },
  "country": "GB",
  "name": "London",
  "id": 2643743

Another legitimate question is: why location information spread out from the data regarding current weather? Here the API is clearly returning more data than it has been asked for. But what is really obscure is that location info are structured in different ways if returned by different endpoints. In example, if we ask for the daily weather forecast on London,UK we get:

#Payload of response to request:
#GET http://api.openweathermap.org/data/2.5/forecast/daily?q=London
"city" : {
  "coord" : {
     "lat" : 51.50853,
     "lon" : -0.12573999999999999 },
   "country" : "GB",
   "id" : 2643743,
   "name" : "London",
   "population" : 1000000},

Now data is structured! Magic? No: an evil art! And it drives me – and everyone else who is developing  a client library for this API – literally mad to parse the JSON: each endpoint, in practice, needs a specific JSON parser in order to parse the same data entities, and this introduces complexity into the code. Had the data been structured uniformly across the different endpoints, just one parser would be needed.

HTTP status codes are neglected

This is one of the main shortcomings of this API: it does not convey error conditions through a proper use of HTTP status codes. The API users want to receive a 200 (OK) status code in the HTTP response’s header – along with data – whenever a GET request is a hit: this means that the endpoint exists and is correctly invoked by the clients; the same way, users want to receive a 4xx or 5xx status code whenever something goes wrong with their request: this can happen for several reasons, either due to clients or the server itself. But, to be short: a user expects a non-200 status code to be returned whenever something goes wrong with its request.

The OWM API always returns a 200 HTTP status code, no matter what happens. But, if something goes wrong with a client’s request, it returns the right HTTP status code and an explanation message into the HTTP response’s payload! An example: we want to query for current weather on a non-existent location (the folkloristic: “sev082hfrv2qvf2vunr”)

#HTTP request
GET /data/2.5/weather?q=sev082hfrv2qvf2vunr HTTP/1.1
#HTTP response headers
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json; charset=utf-8
#HTTP response payload
{"message":"Error: Not found city","cod":"404"}

The JSON payload is clear: the location has not been found and a 404 (Not Found) error code has been returned. However the code is returned into the payload, so the clients have to first presume that the request was a success, then parse the payload and find out that it wasn’t! The API is mis-using the HTTP protocol, which is a very nasty behaviour for clients and blows the API away from RESTfulness, as well.

“Not found” is different from “Found but no data available”

The improper usage of HTTP status codes is particularly problematic in the case of queries to historic weather data registred by meteostations. A meteostation is identified by a unique integer number and when historic data is queried, the API returns a JSON list of data measurements for the desired meteostation. So, an empty list means: no data for the desired meteostation. Now, if I want to get historic data for a station that is not present in the API’s meteostations collection (like, say, station number -2147483648), I get:

#HTTP request
GET /data/2.5/history/station?id=-2147483648&type=tick HTTP/1.1
#HTTP response headers
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json; charset=utf-8
#HTTP response payload
"calctime":" tick = 0.294 total=0.2954",

Again, a 200 status code (that means: “Ok, everything went smoothly”) and – surprisingly – an empty data list. What I would have expected is a 404 HTTP status code, telling me: “Hey, this station is not listed in my meteostations database”! So in this case, an error condition is wrongly mapped onto a non-error condition. And what if I query for an existing meteostation and it has no data available? How can I discern the “not found” case from the “found but no data available” case?


Command-line software design: 5 more advices

Ok, folks, ready to take off with 5 more CLMs (Command-Line Modules) design advices?  This is part II of a posts strip, part I (with the first 5 advices) is in my previous post.

1. Provide meaningful messages

AKA: “What am I doing? I am existing…”

Your CLM should provide insight into what it is currently doing. The difficult part is to decide how much detail you want to provide to the user…and you might argue: “Ok, but you can always use log level filtering and then let the user decide the verbosity” – this is perfectly right, but I’m talking about on-screen messages. My advice is to print out a specific message which conveys what the CLM is currently doing, with a detail level which should be just enough for the user not to say “It is talking rubbish”! So, what is really vital is that you avoid using simple and generalistic messages like “Computing” or “Executing” and – on the other hand – that you avoid using hyper-detailed expressions such as “Inverting matrix – computing determinant of the 3rd 2×2 submatrixif they are not meaningful to the user. Of course if the focus of your CLM is matricial inversion that shall be fine, but it shouldn’t be if your CLM is – in example – focused on a higher-level problem which is solved using matricial inversion.

…And, please, never print out the raw counters in nested for loops. It happened to me just a couple of days ago to run an image-processing CLM provided by a project partner: this was the output of a successful run

claudio@laptop:~$ python img_processing_clm.py input.tif output.tif
Conversion to 8bit took 23.567 seconds
#2000 or so more lines
The variance computation took 367.145 seconds

Each and every row index is printed out….It is just irritating!!!

2. Gracefully fail

AKA: “I don’t want to see each blood drop spreading from your wound”

As a CLM user, would you prefer seeing this:

claudio@laptop:~$ python myclm.py /var/clmdata/testoutdir  #we are missing the first parameter
  Traceback (most recent call last):
  File "myclm.py", line 3, in <module>
  inputfile = sys.argv[1]
  IndexError: list index out of range
claudio@laptop:~$ echo $?

..or this?

claudio@laptop:~$ python myclm.py /var/clmdata/testoutdir  #we are missing the first parameter
  ERROR: you must specify an input file
    myclm.py <inputfile_path> <output_path>
claudio@laptop:~$ echo $?

The correct answer would be: none of them! But you can’t expect that your CLM is working fine every time. So it is important to let users know what reasons made the CLM stop running. A nice design choice is to detect possible error conditions and treat them so that your CLM “says something of interest” and terminates with a known exit status: this can be done quite easily if you use languages (eg: Java, Python, etc..) that provide formal exception/error handling constructs – in other terms, the usual try/catch blocks.
Graceful failures are delightful for the user, but may not the best approach to handle error situations while you are still writing your CLM because they may not give you enough information if you need to debug. So my advice is to add them only when you are pretty sure that you won’t make further heavy changes or do any more refactoring on your CLM.

3. Organize your CLM folder

AKA: “I am the Borg … I bring order to chaos” (Borg Queen – Star Trek: First Contact)

Order in organizing your code is good. This translates directly into the fact that a well-structured CMS is easy to understand and modify, and can be efficiently used in a small amount of time. My advice is to adhere to widely adopted or standard program folder structuration patterns: I usually have my CLM’s folder in this fashion

  |--bin/     #Binaries: main CLM program and dependancies
  |--doc/     #Documentation about CLM usage/installation
  |--src/     #Source files
  |--static/  #Static data: config files, static inputs, etc.
  `--test/    #Tests

4. Minimize filesystem usage and leverage temporary folders

AKA: “Forbidden: you don’t have enough permissions to write the file”

As a general advice, don’t rely on the safety of filesystem operations. If your CLM needs to store intermediate data try to do that in-memory, and if it’s not possible and therefore you are compelled to use the filesystem, your target should be to put the least complexity between your CLM and your data. Reading data from filesystems seldom is a problem, but writing often is, and the amount of adversities you might face depends on a variety of factors such as the architecture (never tried to write in a folder for which you don’t have ‘w’ permissions?), the possible concurrency in data modification, the remoteness of the target filesystem and so on.

Another misused – but smooth and clever – technique is to leverage temporary folder support provided by the operating systems. In my experience with bash programming, I’ve always seen people doing local computations as follows: input files are copied into the same folder of the executing binaries, then intermediate files are written in that folder (usually, a lot  of files), and in case of successful CLM end intermediate files are deleted. This always made me angry, because often their programs were  buggy and therefore never got to their natural end, which forced me to press CTRL+C…leaving all of those intermediate files undeleted in the folder. And this meant: I myself would have to delete them!!! :-$ To solve this issue, I simply suggested those people to leverage the “mktemp” Linux command, which creates a temporary folder with a pseudo-random name under /tmp and returns its name: one can then use this folder to do whatever she/he likes – i.e. writing the CLM execution’s intermediate rubbish.

It’s as easy as follows:

claudio@laptop:~$ tempdir=$(mktemp)
claudio@laptop:~$ echo $tempdir

5. Leverage absolute paths

AKA: “Time – as well as folder location – is relative”

When you provide paths as arguments for CLMs it is a very good practice to give them in an absolute fashion. If you give absolute paths, there’s a pretty good chance that your CLM  addresses files and folders in the right way. And my advice is: always handle absolute paths internally to your command-line softwares…in fact, this will prevent you from using terrible solutions like the “cd” (change directory) command, which will mess the whole thing up if you are using relative paths because the root folder they are resolved against changes!

A little coding exercise: let us write a small bash script (copier.bash) that takes reads a file and echoes its contents to a file named “results.out” which will be created in a directory of our choice. We want it to have this interface:

copier.bash <inputfile_path> <output_path>

and here is the code (as you can see I’m using the “cat” executable which lies in the /bin path on my Linux system):




cd "$bindir"
cat "$inputfile" > "$outputdir/result.out"

Now if we setup the environment like this:

claudio@laptop:~$ cd /opt/copier
claudio@laptop:~$ mkdir output  #we create the output folder
claudio@laptop:~$ tree .
|-- copier.bash
`-- output
1 directory, 1 file
claudio@laptop:~$ echo "italia has got talent" > input.txt #we create the input file
claudio@laptop:~$ bash copier.bash input.txt output        #we run the script
copier.bash: line 9: output/result.out: No such file or directory

As we expected, the “cd” inside our script is messing up everything and the bash shell is complaining about the fact that after it, it is impossible to find the “output” subfolder (which, in absolute terms, is: “/bin/output” !!!)

Also the following command-line fail:

claudio@laptop:~$ bash copier.bash input.txt /opt/copier/output
cat: input.txt: No such file or directory

This time it’s the “cat” executable complaining for the missing input.txt file, which it expects to be here: “/bin/input.txt

The right way of running this script would be:

claudio@laptop:~$ bash copier.bash /opt/copier/input.txt /opt/copier/output
claudio@laptop:~$ cat output/result.out
italia has got talent

You can see that: one must know in advance that absolute paths must be used. And consider that we were lucky to have a textual CLM, what if we had a compiled one? Lesson learn: never use “cd” and leverage absolute paths!

Command-line software design: 5 advices

During the last years I developed several command-line utility tools, using several languages and for different environments. Attempts, learning and – of course – errors led me to clear my mind up and to adopt a series of design guidelines which I find very useful for any kind of command-line tool development – ranging from the simplest script to the most articulated modules – and which I’m willing to share. As you’ll notice, the guidelines can be generalized, as they simply represent common sense approaches in SW design!

Here I’m reporting just a few in “humurous” terms Sorriso (I’ll share more with you in future posts as they come out from oblivion).

From now on, CLM = Command Line Module

1. Provide a synopsis describing the module’s purposes

AKA: “What am I supposed to do with you, weird little script?”

It might sound strange but one of the most recurring difficulties I’ve ever had when using CLM written by others (fellow workers, project partners) is to understand what they actually do. As all lazy users, I hate asking people what is the aim of a CLM and the last thing on Earth for discovering would be looking at the code itself! That’s the reason why I always put a “synopsis” in my CLMs’ help messages and comment headers, just like this:

import os, sys
help_msg = """
        counts the number of words contained into the provided
        input file and prints it on standard output
        python wordscounter.py <input_file>

This way, I’m just letting users – and you yourself could be among them – know exactly what my CLM is going to do, and save them a lot of headaches. This state of intentions is also useful for you as a developer, as you could use it as a top-down problem analysis trace to go through when coding down your CLM. Had your CLM any side effect (eg: modify files, erase DB tables, etc), let the users know via the synopsis as well. Provide a short and effective synopsis.

2. Minimize the module’s responsibilities

AKA: “Largo al factotum” [air from Gioacchino Rossini’s “Il Barbiere di Siviglia”, scene II, act I]

As you certainly know, OOP teaches to identify programming units (classes) by spotting single responsibilities into the program’s main frame. This means that a class should go with one – and possibly only one – responsibility: this helps writing clean, testable and well-designed code. This should be our aim when designing and coding ANY piece of software, also CLMs: the piece of software should do just one thing, and in the best possible way. In the world of CLMs, things tend to get a little bit fuzzy when complexity grows up, as CMLs are meant as a quick tools to accomplish multiple repetitive and boring tasks – therefore the word “multiple” here is not handshaking with OOP dogmas at all.

So, what to do? I firmly believe that our code should not behave like Figaro in “Il Barbiere di Siviglia”: it should not be meant to do everything!!! Please consider the pluses of modular software: reusability, ease of use, composability, testability…in a single word: quality!

My personal advice is that you code complex CLMs using a top-down approach which – in a way – resembles OOP’s one. You should first try to break down your main task into sub-steps and then code each sub-step into a separate CLM or into a separate function of your main CLM (it’s up to you to decide which approach is the best one, depending also on the programming language you are using).  Functions and small scripts are easy to be called, can be tested and documented on their own; functions can be collected into libraries and imported by client codes, as well as small scripts can be used stand-alone or can be imported by bigger modules.

By the way, I usually don’t rely on OOP when coding simple or medium-complexity CLMs, but there are cases when this is more than an advantage.

3. Provide open interfaces

AKA: “Dont’ work out of my sight”

I recently worked on a Python wrapper for a complicated .exe file, let’s call it example.exe. This executable takes a few parameters, runs an algorithm and finally outputs 3 different curves in a tabular format. This module was provided me as a Commercial-Off-The-Shelf, which means that I could not modify it nor I have its source code.

They told me: “It’s so easy! You just need to invoke the executable using this command-line:”

C:\> example.exe

I could already smell that lots of work would be needed. The following questions came instantly to my mind:

  1. how can I state the CLM’s inputs? what are they, files, strings, directories? how many of them? in which order?
  2. how can I state the CLM’s outputs? what are they, files, strings, directories? how many of them? in which order?
  3. is the CLM going to need additional configuration resources (eg: files)?
  4. is the CLM going to write logfiles or other kinds of additional resources? how can I state them?

Ok, let’s put an end to the tale: I investigated a little bit further and discovered that example.exe was reading an input file containing lots of parameters (many of them were optional) and wrote the output data into a file which was arbitrarily put into the .exe’s folder and whose name was arbitrarily given. This is a complete mess! This crap needs wrapping and its creators need to be publicly humiliated!

This is the typical situation when the CLM does not have an open interface. I’m referring to “interface” of the CLM as to the way you can launch it by a certain enviroment (bash shell, python interpreter, command prompt, etc): as a user, your desire is to provide all of the input stuff to your module and obtain all of the output stuff you EXPECT. And this is where many CLMs fall.

You should always provide open interfaces: this means that your CLM should not use or write anything without letting you explicitly specifying it! So, my advice is that you design your CLM’s interface clearly using the following best practices:

  • specifiy all the parameters (even if you end with a long command-line, don’t worry)
  • when giving names to parameters, try to provide meaningful and speficific designations  so that users can instantly understand what a parameter name stands for
  • the interface should accept the least information letting the module work (no unuseful info!)
  • avoid duplicating parameters: don’t provide many times the same value (especially under different names: that would be ugly to discover)
  • input parameters come first, output parameters come after inputs
  • logfiles come at the end and could also be omitted – as the runtime environments (eg: bash, prompt) provide ways redirect messages to files
  • configfiles come at the end as well: use them only if you have a high number of parameters (tens)

4. Provide help

AKA: “No one can hear you cry in space”

“Ok, I’m willing to launch this fucking CLM but I really don’t know how to…where are the docs? Oh damn, they just gave me the binary, no documentation…so what do I do now?” How many times did you think something similar to this?

No one should cry loud in the dark in order to get help (which – more than often – won’t come), because every CLM should have a help switch! It’s such a simple and wise trick: embed in your CLM one or more help strings that can help users to know how to invoke execution. The more is the help message verbose, the better for your user. I suggest you to include in your help messages the following sections:

  • Synopsis – (see Advice n.1)
  • Usage  – how to launch the CLM, in other words the command-line interface along with parameters explanation)
  • Usage examples [optional] – two or three command-line invocation examples
  • Prerequisites – anything your CLM is relying on…watch out: don’t exceed with them. If something goes wrong and one or more prerequisites are missing, your module must signal this lack using exit codes
  • Help switch [optional] – tells how to print the help message
  • Exit codes – a list of error conditions your CLM could encounter. Each category has an associated number (zero is reserved for successful execution)
  • Authors, Copyright [optional] – if you really want/need to sign your “creation”

At this point, one should ask herself/himself: “Ok, when I execute it for the first time, how can I know how to print the help message?”. This question should be answered by making as simple as possible the printing of help message by the users. So, I suggest to provide help messages whenever a user provides no parameters to your CLM (only – of course – if your CLM do have one or more parameters) or whenever switches such as [ help | -help | h | -h | /? ] are provided.

Example of help message in Python:

import sys
help_msg = """
     counts the number of words contained into the provided
     input file and prints it on standard output
     python wordscounter.py <input_file>
     <input_file> = the text file whose words are to be counted
     you can print this message using one of the followings
     python wordscounter.py
     python wordscounter.py [ help | /? ]
   Exit codes:
    -1 - showed help
     0 - successful execution
     1 - input file does not exist
     2 - input file is not a file
     3 - input file is not a text file
    90 - internal error"""
if len(sys.argv) == 1:
  print help_msg
elif len(sys.argv) == 2 and sys.argv[1] == 'help' or sys.argv[1] == '/?':
  print help_msg

5. Tell the user what is happening

AKA: “It’s thinking, I will have a cofee in the meantime”

How many times I started a CLM with a terminal looking like this:

claudio@laptop:~$ bash install.bash package.tar.gz

and after minutes or tens of minutes the terminal looked like this:

claudio@laptop:~$ bash install.bash package.tar.gz

How many times? Countless! This is because the module is not telling me what it is currently doing. This way, I can not state how much it will take for it to complete the task, I can not even know whether it’s performing well or not and I can not know at which stage of the whole computation it is running… I can not schedule my time, as I depend on the module’s outputs, therefore I will be less productive!

So the basic advice is: whenever the tool starts to do something new (e.g: enters a specific computational stage, starts parsing parameters, writing output files or inverting matrices or whatever) please print something onscreen and/or onto a logfile. This will save a lot of headaches to the CLM’s users and it will be easy also for recognize that bugs are coming (such as execution stuck into infinite loops). I suggest you to make your CLM verbose, but not  “gossipy”: you don’t have to make it echo out every single line of code that is executed (and if you really need to, use something like: bash -x)

Another idea is to make your CLM print the amount of work (percentage?) done against the overall, better if along with a gross estimation of the time needed to complete the task: this is very useful when dealing with long-running tasks such as matrices inversion, recursive algorithms, and so on.