Tải bản đầy đủ - 0 (trang)
Chapter 19. Integrating with Third-Party APIs

Chapter 19. Integrating with Third-Party APIs

Tải bản đầy đủ - 0trang

thanks to the additional HTTP requests. If page performance is important to you (and

it should be, especially for mobile users), you should carefully consider how you inte‐

grate social media.

That said, the code that enables a Facebook “Like” button or a “Tweet” button leverages

in-browser cookies to post on the user’s behalf. Moving this functionality to the backend

would be difficult (and, in some instances, impossible). So if that is functionality you

need, linking in the appropriate third-party library is your best option, even though it

can affect your page performance. One saving grace is that the Facebook and Twitter

APIs are so ubiquitous that there’s a high probability that your browser already has them

cached, in which case there will be little effect on performance.

Searching for Tweets

Let’s say that we want to mention the top 10 most recent tweets that contain the hashtag

#meadowlarktravel. We could use a frontend component to do this, but it will involve

additional HTTP requests. Furthermore, if we do it on the backend, we have the option

of caching the tweets for performance. Also, if we do the searching on the backend, we

can “blacklist” uncharitable tweets, which would be more difficult on the frontend.

Twitter, like Facebook, allows you to create apps. It’s something of a misnomer: a Twitter

app doesn’t do anything (in the traditional sense). It’s more like a set of credentials that

you can use to create the actual app on your site. The easiest and most portable way to

access the Twitter API is to create an app and use it to get access tokens.

Create a Twitter app by going to http://dev.twitter.com. Click your user icon in the upperlefthand corner, and then select “My applications.” Click “Create a new application,” and

follow the instructions. Once you have an application, you’ll see that you now have a

consumer key and a consumer secret. The consumer secret, as the name implies, should

be kept secret: do not ever include this in responses sent to the client. If a third party

were to get access to this secret, they could make requests on behalf of your application,

which could have unfortunate consequences for you if the use is malicious.

Now that we have a consumer key and consumer secret, we can communicate with the

Twitter REST API.

To keep our code tidy, we’ll put our Twitter code in a module called lib/twitter.js:

var https = require('https');

module.exports = function(twitterOptions){

return {

search: function(query, count, cb){







Chapter 19: Integrating with Third-Party APIs

This pattern should be starting to become familiar to you. Our module exports a func‐

tion into which the caller passes a configuration object. What’s returned is an object

containing methods. In this way, we can add functionality to our module. Currently,

we’re only providing a search method. Here’s how we will be using the library:

var twitter = require('./lib/twitter')({

consumerKey: credentials.twitter.consumerKey,

consumerSecret: credentials.twitter.consumerSecret,


twitter.search('#meadowlarktravel', 10, function(result){

// tweets will be in result.statuses


(Don’t forget to put a twitter property with consumerKey and consumerSecret in your

credentials.js file.)

Before we implement the search method, we must provide some functionality to au‐

thenticate ourselves to Twitter. The process is simple: we use HTTPS to request an access

token based on our consumer key and consumer secret. We only have to do this once:

currently, Twitter does not expire access tokens (though you can invalidate them man‐

ually). Since we don’t want to request an access token every time, we’ll cache the access

token so we can reuse it.

The way we’ve constructed our module allows us to create private functionality that’s

not available to the caller. Specifically, the only thing that’s available to the caller is

module.exports. Since we’re returning a function, only that function is available to the

caller. Calling that function results in an object, and only the properties of that object

are available to the caller. So we’re going to create a variable accessToken, which we’ll

use to cache our access token, and a getAccessToken function that will get the access

token. The first time it’s called, it will make a Twitter API request to get the access token.

Subsequent calls will simply return the value of accessToken:

var https = require('https');

module.exports = function(twitterOptions){

// this variable will be invisible outside of this module

var accessToken;

// this function will be invisible outside of this module

function getAccessToken(cb){

if(accessToken) return cb(accessToken);

// TODO: get access token


return {

search: function(query, count, cb){


Social Media






Because getAccessToken may require an asynchronous call to the Twitter API, we have

to provide a callback, which will be invoked when the value of accessToken is valid.

Now that we’ve established the basic structure, let’s implement getAccessToken:

function getAccessToken(cb){

if(accessToken) return cb(accessToken);

var bearerToken = Buffer(

encodeURIComponent(twitterOptions.consumerKey) + ':' +



var options = {

hostname: 'api.twitter.com',

port: 443,

method: 'POST',

path: '/oauth2/token?grant_type=client_credentials',

headers: {

'Authorization': 'Basic ' + bearerToken,



https.request(options, function(res){

var data = '';

res.on('data', function(chunk){

data += chunk;


res.on('end', function(){

var auth = JSON.parse(data);

if(auth.token_type!=='bearer') {

console.log('Twitter auth failed.');



accessToken = auth.access_token;





The details of constructing this call are available on Twitter’s developer documentation

page for application-only authentication. Basically, we have to construct a bearer token

that’s a base64-encoded combination of the consumer key and consumer secret. Once

we’ve constructed that token, we can call the /oauth2/token API with the Authoriza

tion header containing the bearer token to request an access token. Note that we must

use HTTPS: if you attempt to make this call over HTTP, you are transmitting your secret

key unencrypted, and the API will simply hang up on you.



Chapter 19: Integrating with Third-Party APIs

Once we receive the full response from the API (we listen for the end event of the

response stream), we can parse the JSON, make sure the token type is bearer, and be

on our merry way. We cache the access token, then invoke the callback.

Now that we have a mechanism for obtaining an access token, we can make API calls.

So let’s implement our search method:

search: function(query, count, cb){


var options = {

hostname: 'api.twitter.com',

port: 443,

method: 'GET',

path: '/1.1/search/tweets.json?q=' +

encodeURIComponent(query) +

'&count=' + (count || 10),

headers: {

'Authorization': 'Bearer ' + accessToken,



https.request(options, function(res){

var data = '';

res.on('data', function(chunk){

data += chunk;


res.on('end', function(){






Rendering Tweets

Now we have the ability to search tweets…so how do we display them on our site?

Largely, it’s up to you, but there are some things to consider. Twitter has an interest in

making sure its data is used in a manner consistent with the brand. To that end, it does

have display requirements, which employ functional elements you must include to dis‐

play a tweet.

There is some wiggle room in the requirements (for example, if you’re displaying on a

device that doesn’t support images, you don’t have to include the avatar image), but for

the most part, you’ll end up with something that looks very much like an embedded

tweet. It’s a lot of work, and there is a way around it…but it involves linking to Twitter’s

widget library, which is the very HTTP request we’re trying to avoid.

If you need to display tweets, your best bet is to use the Twitter widget library, even

though it incurs an extra HTTP request (again, because of Twitter’s ubiquity, that

resource is probably already cached by the browser, so the performance hit may be

Social Media



negligible). For more complicated use of the API, you’ll still have to access the REST

API from the backend, so you will probably end up using the REST API in concert with

frontend scripts.

Let’s continue with our example: we want to display the top 10 tweets that mention the

hashtag #meadowlarktravel. We’ll use the REST API to search for the tweets and the

Twitter widget library to display them. Since we don’t want to run up against usage limits

(or slow down our server), we’ll cache the tweets and the HTML to display them for 15


We’ll start by modifying our Twitter library to include a method embed, which gets the

HTML to display a tweet (make sure you have var querystring = require('query

string'); at the top of the file):

embed: function(statusId, options, cb){

if(typeof options==='function') {

cb = options;

options = {};


options.id = statusId;


var requestOptions = {

hostname: 'api.twitter.com',

port: 443,

method: 'GET',

path: '/1.1/statuses/oembed.json?' +


headers: {

'Authorization': 'Bearer ' + accessToken,



https.request(requestOptions, function(res){

var data = '';

res.on('data', function(chunk){

data += chunk;


res.on('end', function(){






Now we’re ready to search for, and cache, tweets. In our main app file, let’s create an

object to store the cache:

var topTweets = {

count: 10,

lastRefreshed: 0,

refreshInterval: 15 * 60 * 1000,



Chapter 19: Integrating with Third-Party APIs

tweets: [],


Next we’ll create a function to get the top tweets. If they’re already cached, and the cache

hasn’t expired, we simply return topTweets.tweets. Otherwise, we perform a search

and then make repeated calls to embed to get the embeddable HTML. Because of this

last bit, we’re going to introduce a new concept: promises. A promise is a technique for

managing asynchronous functionality. An asynchronous function will return immedi‐

ately, but we can create a promise that will resolve once the asynchronous part has been

completed. We’ll use the Q promises library, so make sure you run npm install --save

q and put var Q = require(q); at the top of your app file. Here’s the function:

function getTopTweets(cb){

if(Date.now() < topTweets.lastRefreshed + topTweets.refreshInterval)

return cb(topTweets.tweets);

twitter.search('#meadowlarktravel', topTweets.count, function(result){

var formattedTweets = [];

var promises = [];

var embedOpts = { omit_script: 1 };


var deferred = Q.defer();

twitter.embed(status.id_str, embedOpts, function(embed){







topTweets.lastRefreshed = Date.now();

cb(topTweets.tweets = formattedTweets);




If you’re new to asynchronous programming, this may seem very alien to you, so let’s

take a moment and analyze what’s happening here. We’ll examine a simplified example,

where we do something to each element of a collection asynchronously.

In Figure 19-1, I’ve assigned arbitrary execution steps. They’re arbitrary in that the first

async block could be step 23 or 50 or 500, depending on how many other things are

going on in your application; likewise, the second async block could happen at any time

(but, thanks to promises, we know it has to happen after the first block).

Social Media



Figure 19-1. Promises

In step 1, we create an array to store our promises, and in step 2, we start iterating over

our collection of things. Note that even though forEach takes a function, it is not

asynchronous: the function will be called synchronously for each item in the collection,

which is why we know that step 3 is inside the function. In step 4, we call api.async,

which represents a method that works asynchronously. When it’s done, it will invoke

the callback you pass in. Note that console.log(num) will not be step 4: that’s because

asynchronous function hasn’t had a chance to finish and invoke the callback. Instead,

line 5 executes (simply adding the promise we’ve created to the array), and then starts

again (step 6 will be the same line as step 3). Once the iteration has completed (three

times), the forEach loop is over, and line 12 executes. Line 12 is special: it says, “when

all the promises have resolved, then execute this function.” In essence, this is another

asynchronous function, but this one won’t execute until all three of our calls to

api.async complete. Line 13 executes, and something is printed to the console. So even

though console.log(num) appears before console.log('other stuff…') in the code,

“other stuff ” will be printed first. After line 13, “other stuff ” happens. At some point,

there will be nothing left to do, and the JavaScript engine will start looking for other

things to do. So it proceeds to execute our first asynchronous function: when that’s done,

the callback is invoked, and we’re at steps 23 and 24. Those two lines will be repeated

two more times. Once all the promises have been resolved, then (and only then) can we

get to step 35.

Asynchronous programming (and promises) can take a while to wrap your head

around, but the payoff is worth it: you’ll find yourself thinking in entirely new, more

productive ways.



Chapter 19: Integrating with Third-Party APIs


Geocoding refers to the process of taking a street address or place name (Bletchley Park,

Sherwood Drive, Bletchley, Milton Keynes MK3 6EB, UK) and converting it to geo‐

graphic coordinates (latitude 51.9976597, longitude –0.7406863). If your application is

going to be doing any kind of geographic calculation—distances or directions—or dis‐

playing a map, then you’ll need geographic coordinates.

You may be used to seeing geographic coordinates specified in de‐

grees, minutes, and seconds (DMS). Geocoding APIs and mapping

services use a single floating-point number for latitude and longi‐

tude. If you need to display DMS coordinates, see http://en.wikipe


Geocoding with Google

Both Google and Bing offer excellent REST services for Geocoding. We’ll be using

Google for our example, but the Bing service is very similar. First, let’s create a module


var http = require('http');

module.exports = function(query, cb){

var options = {

hostname: 'maps.googleapis.com',

path: '/maps/api/geocode/json?address=' +

encodeURIComponent(query) + '&sensor=false',


http.request(options, function(res){

var data = '';

res.on('data', function(chunk){

data += chunk;


res.on('end', function(){

data = JSON.parse(data);


cb(null, data.results[0].geometry.location);

} else {

cb("No results found.", null);





Now we have a function that will contact the Google API to geocode an address. If it

can’t find an address (or fails for any other reason), an error will be returned. The API




can return multiple addresses. For example, if you search for “10 Main Street” without

specifying a city, state, or postal code, it will return dozens of results. Our implemen‐

tation simply picks the first one. The API returns a lot of information, but all we’re

currently interested in are the coordinates. You could easily modify this interface to

return more information. See the Google geocoding API documentation for more in‐

formation about the data the API returns. Note that we included &sensor=false in the

API request: this is a required field that should be set to true for devices that have a

location sensor, such as mobile phones. Your server is probably not location aware, so

it should be set to false.

Usage restrictions

Both Google and Bing have usage limits for their geocoding API to prevent abuse, but

they’re very high. At the time of writing, Google’s limit is 2,500 requests per 24-hour

period. Google’s API also requires that you use Google Maps on your website. That is,

if you’re using Google’s service to geocode your data, you can’t turn around and display

that information on a Bing map without violating the terms of service. Generally, this

is not an onerous restriction, as you probably wouldn’t be doing geocoding unless you

intended to display locations on a map. However, if you like Bing’s maps better than

Google’s, or vice versa, you should be mindful of the terms of service and use the ap‐

propriate API.

Geocoding Your Data

Let’s say Meadowlark Travel is now selling Oregon-themed products (T-shirts, mugs,

etc.) through dealers, and we want “find a dealer” functionality on our website, but we

don’t have coordinate information for our dealers, only street addresses. This is where

we’ll want to leverage a geocoding API.

Before we start, there are two things to consider. Initially, we’ll probably have some

number of dealers already in the database. We’ll want to geocode those dealers in bulk.

But what happens in the future when we add new dealers, or dealer addresses change?

As it happens, both cases can be handled with the same code, but there are complications

to consider. The first is usage limits. If we have more than 2,500 dealers, we’ll have to

break up our initial geocoding over multiple days to avoid Google’s API limits. Also, it

may take a long time to do the initial bulk geocoding, and we don’t want our users to

have to wait an hour or more to see a map of dealers! After the initial bulk geocoding,

however, we can handle new dealers trickling in, as well as dealers who have changed

addresses. Let’s start with our dealer model, in models/dealer.js:

var mongoose = require('mongoose');

var dealerSchema = mongoose.Schema({

name: String,

address1: String,


| Chapter 19: Integrating with Third-Party APIs

address2: String,

city: String,

state: String,

zip: String,

country: String,

phone: String,

website: String,

active: Boolean,

geocodedAddress: String,

lat: Number,

lng: Number,


dealerSchema.methods.getAddress = function(lineDelim){

if(!lineDelim) lineDelim = '

var addr = this.address1;

if(this.address2 && this.address2.match(/\S/))

addr += lineDelim + this.address2;

addr += lineDelim + this.city + ', ' +

this.state + this.zip;

addr += lineDelim + (this.country || 'US');

return addr;


var Dealer = mongoose.model("Dealer", dealerSchema);

module.exports = Dealer;

We can populate the database (either by transforming an existing spreadsheet, or man‐

ual data entry) and ignore the geocodedAddress, lat, and lng fields. Now that we’ve

got the database populated, we can get to the business of geocoding.

We’re going to take an approach similar to what we did for Twitter caching. Since we

were caching only 10 tweets, we simply kept the cache in memory. The dealer infor‐

mation could be significantly larger, and we want it cached for speed, but we don’t want

to do it in memory. We do, however, want to do it in a way that’s super fast on the client

side, so we’re going to create a JSON file with the data.

Let’s go ahead and create our cache:

var dealerCache = {

lastRefreshed: 0,

refreshInterval: 60 * 60 * 1000,

jsonUrl: '/dealers.json',

geocodeLimit: 2000,

geocodeCount: 0,

geocodeBegin: 0,


dealerCache.jsonFile = __dirname +

'/public' + dealerCache.jsonUrl;

First we’ll create a helper function that geocodes a given Dealer model and saves the

result to the database. Note that if the current address of the dealer matches what was




last geocoded, we simply do nothing and return. This method, then, is very fast if the

dealer coordinates are up-to-date:

function geocodeDealer(dealer){

var addr = dealer.getAddress(' ');

if(addr===dealer.geocodedAddress) return;

// already geocoded

if(dealerCache.geocodeCount >= dealerCache.geocodeLimit){

// has 24 hours passed since we last started geocoding?

if(Date.now() > dealerCache.geocodeCount + 24 * 60 * 60 * 1000){

dealerCache.geocodeBegin = Date.now();

dealerCache.geocodeCount = 0;

} else {

// we can't geocode this now: we've

// reached our usage limit




geocode(addr, function(err, coords){

if(err) return console.log('Geocoding failure for ' + addr);

dealer.lat = coords.lat;

dealer.lng = coords.lng;




We could add geocodeDealer as a method of the Dealer model.

However, since it has a dependency on our geocoding library, we are

opting to make it its own function.

Now we can create a function to refresh the dealer cache. This operation can take a while

(especially the first time), but we’ll deal with that in a second:

dealerCache.refresh = function(cb){

if(Date.now() > dealerCache.lastRefreshed + dealerCache.refreshInterval){

// we need to refresh the cache

Dealer.find({ active: true }, function(err, dealers){

if(err) return console.log('Error fetching dealers: '+


// geocodeDealer will do nothing if coordinates are up-to-date


// we now write all the dealers out to our cached JSON file

fs.writeFileSync(dealerCache.jsonFile, JSON.stringify(dealers));

// all done -- invoke callback


| Chapter 19: Integrating with Third-Party APIs

Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 19. Integrating with Third-Party APIs

Tải bản đầy đủ ngay(0 tr)