I have different questions about a full architecture idea. I hope someone with great experience could help me out because I am pretty much getting stuck in all possibilities.

I'm planning to rewrite a community website. Our customer wants to make use of native mobile apps in the future. So I will need to take this into account. Because of this I have decided to create a 100% REST API architecture based on the PHP framework Kohana. I have choosen Kohana because this makes scaling the internal API to a other server very easily without much extra effort. (Kohana threats internal url requests not as HTTP so there isn't much overhead in the beginning and can scale to HTTP with some minor code changes).

At first the API will be private, but later on we might make it public to let more services connect to us easily.

De basic REST structure is as follow:

1. /cats
2. /cats/1
3. /cats/1/custom

'custom' could be 'childs' for instance.

same goes for:

1. /ads
2. /bids
3. /users
4. /banners
5. etc..

These are perfect entities for the API because the mobile app will definitely use all this functionality.

So we can conclude the core of the website is REST. So basically I want to make the website a client of the API just like the native app in the future. This way maintenance seems much easier.

What worries me though is the fact that there is much more than this (managing uploaded files, invoicing, automails for invoicing, automails for ads and so on). Uploading files needs to go through the website to the API. Is this common practice? If I do not do this, the website would do upload logic, which makes the site no client anymore and the app itself. Hence the mobile app can't even upload and both API and website need to know the upload folder (duplicate logic).

I thought of creating the following modules:

1. community-api
2. community-website

Api seems to be the core then. But.... what about cronjobs etc? Actually they should not be part of the website, as this is just a 'client'. I feel they should interact directly with the model or API. So basically the API gets more like a gateway to the core and thought I need this:

1. community-core
   • Models
   • Cronjobs
   • Auto Mailings (part of cronjobs)
     • Invoices etc
2. community-api
   • Interact with models in core through HTTP
3. community-website
   • Website
   • Admin

The core cronjobs are a exception to the REST structure. They are the only one that can change data without going through the api. At least that was my idea because they belong in the core and API is on top of the core.

But by design that seems just wrong. Manipulating should only go through the API!

Alternative:

1. community-core
   • Models
2. community-api
   • Interact with models in core through HTTP
3. community business
   • Cronjobs
   • Auto Mailings (part of cronjobs)
     • Invoices etc
4. community-website
   • Website
   • Admin

This look better by design to me.
_{(source: mauserrifle.nl)}

Main Questions

1)

Should cronjobs manipulate through the API or Core models?

2)

My invoice cronjob needs a template pretty much the style of main website of course. But if my cronjob is part of business or core it won't have knowledge of my main website. What makes sense to solve this?

3)

My website will be using mustache as a template engine. (both php and javascript can parse these templates). I thought using the api directly for ajax calls but then realized:

The site gets data from api, formats timestamps to dates (Y-m-d) for the template and then renders. If I let javascript call the api directly, javascript must have logic too (formatting). This is duplicate code! Feels like the only solution is calling the website for ajax (which calls the api and formats) and returns the formatted json. Am I right?

But.... simple calls like deleting a ad can go through the api directly (e.g. DELETE: /ads/1

I get a mix of calls....

Any better solution for this?

4)

Overall: Is my architecture too complex? Any alternatives I should consider?

I would love to hear your feedback!

Once I've heard that a good way to develop a web application is to develop an API-Centric Web Application. The thing is, to me, if you couple the main service to the public API, building an API-Centric application, you lose the whole point of developing a public API at all.

This doesn't seem logical to me.

Yes, the API and the website and what ever might come next are separate things and website should be a client to the API itself but since it will simplify things greate, I believe that you should RE-USE the domain-classes to build and base your web-site logic. This way you can use all the same code base and handle all your issues including ads, invoicing and of course file uploads with ease.

For the public API, it should be on a separate box if possible re-using the same domain classes but with different authentication methods so that whatever problem might occur, it won't affect the main service.

Your cron-jobs should only be used to fire the call through the API itself and those calls should be made on the main app (website through the API)

If you build your website without repeating-yourself, as in, using the same code as the base and wrapping the web-app around it, you won't have the issue raising in q#2.

Same thing applies for question number 3. If you wrap the website around the API, the website can use the api itself without being a separate entity.

Your architecture seems complex but if you do these things, it will be simple. ;-)

Good luck!

REST is just one way to initiate a request. Your core code that processes the request shouldn't be tightly coupled to the REST interface, or HTTP for that matter. I would advise designing your REST API as a simple mapper to an include file or something similar. Your cron could then bypass the whole REST API and just include the file directly. Separate the request interface from the code that does the actual processing.