![](\"http:\/\/unknownerror.org\/opensource\/intridea\/grape\/grape.png\")
<\/p>\n<\/p>\n
![](\"http:\/\/img.shields.io\/gem\/v\/grape.svg\")
![](\"http:\/\/img.shields.io\/travis\/intridea\/grape.svg\")
![](\"http:\/\/gemnasium.com\/intridea\/grape.svg\")
![](\"http:\/\/codeclimate.com\/github\/intridea\/grape.svg\")
![](\"http:\/\/inch-ci.org\/github\/intridea\/grape.svg\")
<\/p>\n
Grape is a REST-like API micro-framework for Ruby. It\u2019s designed to run on Rack or complement existing web application frameworks such as Rails and Sinatra by providing a simple DSL to easily develop RESTful APIs. It has built-in support for common conventions, including multiple formats, subdomain\/prefix restriction, content negotiation, versioning and much more.<\/p>\n
You\u2019re reading the documentation for the next release of Grape, which should be 0.11.1. Please read UPGRADING when upgrading from a previous version. The current stable release is 0.11.0.<\/p>\n
Grape is available as a gem, to install it just install the gem:<\/p>\n
gem install grape\n<\/code><\/pre>\nIf you\u2019re using Bundler, add the gem to Gemfile.<\/p>\n
gem 'grape'\n<\/code><\/pre>\nRun bundle install<\/code>.<\/p>\nBasic Usage<\/h2>\n
Grape APIs are Rack applications that are created by subclassing Grape::API<\/code>. Below is a simple example showing some of the more common features of Grape in the context of recreating parts of the Twitter API.<\/p>\nmodule Twitter\n class API < Grape::API\n version 'v1', using: :header, vendor: 'twitter'\n format :json\n prefix :api\n\n helpers do\n def current_user\n @current_user ||= User.authorize!(env)\n end\n\n def authenticate!\n error!('401 Unauthorized', 401) unless current_user\n end\n end\n\n resource :statuses do\n desc \"Return a public timeline.\"\n get :public_timeline do\n Status.limit(20)\n end\n\n desc \"Return a personal timeline.\"\n get :home_timeline do\n authenticate!\n current_user.statuses.limit(20)\n end\n\n desc \"Return a status.\"\n params do\n requires :id, type: Integer, desc: \"Status id.\"\n end\n route_param :id do\n get do\n Status.find(params[:id])\n end\n end\n\n desc \"Create a status.\"\n params do\n requires :status, type: String, desc: \"Your status.\"\n end\n post do\n authenticate!\n Status.create!({\n user: current_user,\n text: params[:status]\n })\n end\n\n desc \"Update a status.\"\n params do\n requires :id, type: String, desc: \"Status ID.\"\n requires :status, type: String, desc: \"Your status.\"\n end\n put ':id' do\n authenticate!\n current_user.statuses.find(params[:id]).update({\n user: current_user,\n text: params[:status]\n })\n end\n\n desc \"Delete a status.\"\n params do\n requires :id, type: String, desc: \"Status ID.\"\n end\n delete ':id' do\n authenticate!\n current_user.statuses.find(params[:id]).destroy\n end\n end\n end\nend\n<\/code><\/pre>\nMounting<\/h2>\nRack<\/h3>\n
The above sample creates a Rack application that can be run from a rackup config.ru<\/code> file with rackup<\/code>:<\/p>\nrun Twitter::API\n<\/code><\/pre>\nAnd would respond to the following routes:<\/p>\n
GET \/api\/statuses\/public_timeline\nGET \/api\/statuses\/home_timeline\nGET \/api\/statuses\/:id\nPOST \/api\/statuses\nPUT \/api\/statuses\/:id\nDELETE \/api\/statuses\/:id\n<\/code><\/pre>\nGrape will also automatically respond to HEAD and OPTIONS for all GET, and just OPTIONS for all other routes.<\/p>\n
ActiveRecord without Rails<\/h3>\n
If you want to use ActiveRecord within Grape, you will need to make sure that ActiveRecord\u2019s connection pool is handled correctly.<\/p>\n
The easiest way to achieve that is by using ActiveRecord\u2019s ConnectionManagement<\/code> middleware in your config.ru<\/code> before mounting Grape, e.g.:<\/p>\nuse ActiveRecord::ConnectionAdapters::ConnectionManagement\n\nrun Twitter::API\n<\/code><\/pre>\nAlongside Sinatra (or other frameworks)<\/h3>\n
If you wish to mount Grape alongside another Rack framework such as Sinatra, you can do so easily using Rack::Cascade<\/code>:<\/p>\n# Example config.ru\n\nrequire 'sinatra'\nrequire 'grape'\n\nclass API < Grape::API\n get :hello do\n { hello: \"world\" }\n end\nend\n\nclass Web < Sinatra::Base\n get '\/' do\n \"Hello world.\"\n end\nend\n\nuse Rack::Session::Cookie\nrun Rack::Cascade.new [API, Web]\n<\/code><\/pre>\nRails<\/h3>\n
Place API files into app\/api<\/code>. Rails expects a subdirectory that matches the name of the Ruby module and a file name that matches the name of the class. In our example, the file name location and directory for Twitter::API<\/code> should be app\/api\/twitter\/api.rb<\/code>.<\/p>\nModify application.rb<\/code>:<\/p>\nconfig.paths.add File.join('app', 'api'), glob: File.join('**', '*.rb')\nconfig.autoload_paths += Dir[Rails.root.join('app', 'api', '*')]\n<\/code><\/pre>\nModify config\/routes<\/code>:<\/p>\nmount Twitter::API => '\/'\n<\/code><\/pre>\nAdditionally, if the version of your Rails is 4.0+ and the application uses the default model layer of ActiveRecord, you will want to use the hashie-forbidden_attributes gem. This gem disables the security feature of strong_params<\/code> at the model layer, allowing you the use of Grape\u2019s own params validation instead.<\/p>\n# Gemfile\ngem \"hashie-forbidden_attributes\"\n<\/code><\/pre>\nSee below for additional code that enables reloading of API changes in development.<\/p>\n
Modules<\/h3>\n
You can mount multiple API implementations inside another one. These don\u2019t have to be different versions, but may be components of the same API.<\/p>\n
class Twitter::API < Grape::API\n mount Twitter::APIv1\n mount Twitter::APIv2\nend\n<\/code><\/pre>\nYou can also mount on a path, which is similar to using prefix<\/code> inside the mounted API itself.<\/p>\nclass Twitter::API < Grape::API\n mount Twitter::APIv1 => '\/v1'\nend\n<\/code><\/pre>\nVersioning<\/h2>\n
There are four strategies in which clients can reach your API\u2019s endpoints: :path<\/code>, :header<\/code>, :accept_version_header<\/code> and :param<\/code>. The default strategy is :path<\/code>.<\/p>\nPath<\/h3>\nversion 'v1', using: :path\n<\/code><\/pre>\nUsing this versioning strategy, clients should pass the desired version in the URL.<\/p>\n
curl http:\/\/localhost:9292\/v1\/statuses\/public_timeline\n<\/code><\/pre>\nHeader<\/h3>\nversion 'v1', using: :header, vendor: 'twitter'\n<\/code><\/pre>\nUsing this versioning strategy, clients should pass the desired version in the HTTP Accept<\/code> head.<\/p>\ncurl -H Accept:application\/vnd.twitter-v1+json http:\/\/localhost:9292\/statuses\/public_timeline\n<\/code><\/pre>\nBy default, the first matching version is used when no Accept<\/code> header is supplied. This behavior is similar to routing in Rails. To circumvent this default behavior, one could use the :strict<\/code> option. When this option is set to true<\/code>, a 406 Not Acceptable<\/code> error is returned when no correct Accept<\/code> header is supplied.<\/p>\nWhen an invalid Accept<\/code> header is supplied, a 406 Not Acceptable<\/code> error is returned if the :cascade<\/code> option is set to false<\/code>. Otherwise a 404 Not Found<\/code> error is returned by Rack if no other route matches.<\/p>\nHTTP Status Code<\/h3>\n
By default Grape returns a 200 status code for GET<\/code>-Requests and 201 for POST<\/code>-Requests. You can use status<\/code> to query and set the actual HTTP Status Code<\/p>\npost do\n status 202\n\n if status == 200\n # do some thing\n end\nend\n<\/code><\/pre>\nYou can also use one of status codes symbols that are provided by Rack utils<\/p>\n
post do\n status :no_content\nend\n<\/code><\/pre>\nAccept-Version Header<\/h3>\nversion 'v1', using: :accept_version_header\n<\/code><\/pre>\nUsing this versioning strategy, clients should pass the desired version in the HTTP Accept-Version<\/code> header.<\/p>\ncurl -H \"Accept-Version:v1\" http:\/\/localhost:9292\/statuses\/public_timeline\n<\/code><\/pre>\nBy default, the first matching version is used when no Accept-Version<\/code> header is supplied. This behavior is similar to routing in Rails. To circumvent this default behavior, one could use the :strict<\/code> option. When this option is set to true<\/code>, a 406 Not Acceptable<\/code> error is returned when no correct Accept<\/code> header is supplied.<\/p>\nParam<\/h3>\nversion 'v1', using: :param\n<\/code><\/pre>\nUsing this versioning strategy, clients should pass the desired version as a request parameter, either in the URL query string or in the request body.<\/p>\n
curl http:\/\/localhost:9292\/statuses\/public_timeline?apiver=v1\n<\/code><\/pre>\nThe default name for the query parameter is \u2018apiver\u2019 but can be specified using the :parameter<\/code> option.<\/p>\nversion 'v1', using: :param, parameter: \"v\"\n<\/code><\/pre>\ncurl http:\/\/localhost:9292\/statuses\/public_timeline?v=v1\n<\/code><\/pre>\nDescribing Methods<\/h2>\n
You can add a description to API methods and namespaces.<\/p>\n
desc \"Returns your public timeline.\" do\n detail 'more details'\n params API::Entities::Status.documentation\n success API::Entities::Entity\n failure [[401, 'Unauthorized', \"Entities::Error\"]]\n named 'My named route'\n headers [XAuthToken: {\n description: 'Valdates your identity',\n required: true\n },\n XOptionalHeader: {\n description: 'Not really needed',\n required: false\n }\n ]\nend\nget :public_timeline do\n Status.limit(20)\nend\n<\/code><\/pre>\n\ndetail<\/code>: A more enhanced description<\/li>\nparams<\/code>: Define parameters directly from an Entity<\/code><\/li>\nsuccess<\/code>: (former entity) The Entity<\/code> to be used to present by default this route<\/li>\nfailure<\/code>: (former http_codes) A definition of the used failure HTTP Codes and Entities<\/li>\nnamed<\/code>: A helper to give a route a name and find it with this name in the documentation Hash<\/li>\nheaders<\/code>: A definition of the used Headers<\/li>\n<\/ul>\nParameters<\/h2>\n
Request parameters are available through the params<\/code> hash object. This includes GET<\/code>, POST<\/code> and PUT<\/code> parameters, along with any named parameters you specify in your route strings.<\/p>\nget :public_timeline do\n Status.order(params[:sort_by])\nend\n<\/code><\/pre>\nParameters are automatically populated from the request body on POST<\/code> and PUT<\/code> for form input, JSON and XML content-types.<\/p>\nThe request:<\/p>\n
curl -d '{\"text\": \"140 characters\"}' 'http:\/\/localhost:9292\/statuses' -H Content-Type:application\/json -v\n<\/code><\/pre>\nThe Grape endpoint:<\/p>\n
post '\/statuses' do\n Status.create!(text: params[:text])\nend\n<\/code><\/pre>\nMultipart POSTs and PUTs are supported as well.<\/p>\n
The request:<\/p>\n
curl --form image_file='@image.jpg;type=image\/jpg' http:\/\/localhost:9292\/upload\n<\/code><\/pre>\nThe Grape endpoint:<\/p>\n
post \"upload\" do\n # file in params[:image_file]\nend\n<\/code><\/pre>\nIn the case of conflict between either of:<\/p>\n
\n- route string parameters<\/li>\n
GET<\/code>, POST<\/code> and PUT<\/code> parameters<\/li>\n- the contents of the request body on
POST<\/code> and PUT<\/code><\/li>\n<\/ul>\nroute string parameters will have precedence.<\/p>\n
Declared<\/h4>\n
Grape allows you to access only the parameters that have been declared by your params<\/code> block. It filters out the params that have been passed, but are not allowed. Let\u2019s have the following api:<\/p>\nformat :json\n\npost 'users\/signup' do\n { \"declared_params\" => declared(params) }\nend\n<\/code><\/pre>\nIf we do not specify any params, declared will return an empty Hashie::Mash instance.<\/p>\n
Request<\/strong><\/p>\ncurl -X POST -H \"Content-Type: application\/json\" localhost:9292\/users\/signup -d '{\"user\": {\"first_name\":\"first name\", \"last_name\": \"last name\"}}'\n<\/code><\/pre>\nResponse<\/strong><\/p>\n{\n \"declared_params\": {}\n}\n\n<\/code><\/pre>\nOnce we add parameters requirements, grape will start returning only the declared params.<\/p>\n
format :json\n\nparams do\n requires :user, type: Hash do\n requires :first_name, type: String\n requires :last_name, type: String\n end\nend\n\npost 'users\/signup' do\n { \"declared_params\" => declared(params) }\nend\n<\/code><\/pre>\nRequest<\/strong><\/p>\ncurl -X POST -H \"Content-Type: application\/json\" localhost:9292\/users\/signup -d '{\"user\": {\"first_name\":\"first name\", \"last_name\": \"last name\", \"random\": \"never shown\"}}'\n<\/code><\/pre>\nResponse<\/strong><\/p>\n{\n \"declared_params\": {\n \"user\": {\n \"first_name\": \"first name\",\n \"last_name\": \"last name\"\n }\n }\n}\n<\/code><\/pre>\nReturned hash is a Hashie::Mash instance so you can access parameters via dot notation:<\/p>\n
declared(params).user == declared(params)[\"user\"]\n<\/code><\/pre>\nInclude missing<\/h4>\n
By default declared(params)<\/code> returns parameters that has nil<\/code> value. If you want to return only the parameters that have any value, you can use the include_missing<\/code> option. By default it is true<\/code>. Let\u2019s have the following api:<\/p>\nformat :json\n\nparams do\n requires :first_name, type: String\n optional :last_name, type: String\nend\n\npost 'users\/signup' do\n { \"declared_params\" => declared(params, include_missing: false) }\nend\n<\/code><\/pre>\nRequest<\/strong><\/p>\ncurl -X POST -H \"Content-Type: application\/json\" localhost:9292\/users\/signup -d '{\"user\": {\"first_name\":\"first name\", \"random\": \"never shown\"}}'\n<\/code><\/pre>\nResponse with include_missing:false<\/strong><\/p>\n{\n \"declared_params\": {\n \"user\": {\n \"first_name\": \"first name\"\n }\n }\n}\n<\/code><\/pre>\nResponse with include_missing:true<\/strong><\/p>\n{\n \"declared_params\": {\n \"first_name\": \"first name\",\n \"last_name\": null\n }\n}\n<\/code><\/pre>\nIt also works on nested hashes:<\/p>\n
format :json\n\nparams do\n requires :user, :type => Hash do\n requires :first_name, type: String\n optional :last_name, type: String\n requires :address, :type => Hash do\n requires :city, type: String\n optional :region, type: String\n end\n end\nend\n\npost 'users\/signup' do\n { \"declared_params\" => declared(params, include_missing: false) }\nend\n<\/code><\/pre>\nRequest<\/strong><\/p>\ncurl -X POST -H \"Content-Type: application\/json\" localhost:9292\/users\/signup -d '{\"user\": {\"first_name\":\"first name\", \"random\": \"never shown\", \"address\": { \"city\": \"SF\"}}}'\n<\/code><\/pre>\nResponse with include_missing:false<\/strong><\/p>\n{\n \"declared_params\": {\n \"user\": {\n \"first_name\": \"first name\",\n \"address\": {\n \"city\": \"SF\"\n }\n }\n }\n}\n<\/code><\/pre>\nResponse with include_missing:true<\/strong><\/p>\n{\n \"declared_params\": {\n \"user\": {\n \"first_name\": \"first name\",\n \"last_name\": null,\n \"address\": {\n \"city\": \"Zurich\",\n \"region\": null\n }\n }\n }\n}\n<\/code><\/pre>\nNote that an attribute with a nil<\/code> value is not considered missing<\/em> and will also be returned when include_missing<\/code> is set to false<\/code>:<\/p>\nRequest<\/strong><\/p>\ncurl -X POST -H \"Content-Type: application\/json\" localhost:9292\/users\/signup -d '{\"user\": {\"first_name\":\"first name\", \"last_name\": null, \"address\": { \"city\": \"SF\"}}}'\n<\/code><\/pre>\nResponse with include_missing:false<\/strong><\/p>\n{\n \"declared_params\": {\n \"user\": {\n \"first_name\": \"first name\",\n \"last_name\": null,\n \"address\": { \"city\": \"SF\"}\n }\n }\n}\n<\/code><\/pre>\nParameter Validation and Coercion<\/h2>\n
You can define validations and coercion options for your parameters using a params<\/code> block.<\/p>\nparams do\n requires :id, type: Integer\n optional :text, type: String, regexp: \/^[a-z]+$\/\n group :media do\n requires :url\n end\n optional :audio do\n requires :format, type: Symbol, values: [:mp3, :wav, :aac, :ogg], default: :mp3\n end\n mutually_exclusive :media, :audio\nend\nput ':id' do\n # params[:id] is an Integer\nend\n<\/code><\/pre>\nWhen a type is specified an implicit validation is done after the coercion to ensure the output type is the one declared.<\/p>\n
Optional parameters can have a default value.<\/p>\n
params do\n optional :color, type: String, default: 'blue'\n optional :random_number, type: Integer, default: -> { Random.rand(1..100) }\n optional :non_random_number, type: Integer, default: Random.rand(1..100)\nend\n<\/code><\/pre>\nNote that default values will be passed through to any validation options specified. The following example will always fail if :color<\/code> is not explicitly provided.<\/p>\nparams do\n optional :color, type: String, default: 'blue', values: ['red', 'green']\nend\n<\/code><\/pre>\nThe correct implementation is to ensure the default value passes all validations.<\/p>\n
params do\n optional :color, type: String, default: 'blue', values: ['blue', 'red', 'green']\nend\n<\/code><\/pre>\nValidation of Nested Parameters<\/h4>\n
Parameters can be nested using group<\/code> or by calling requires<\/code> or optional<\/code> with a block. In the above example, this means params[:media][:url]<\/code> is required along with params[:id]<\/code>, and params[:audio][:format]<\/code> is required only if params[:audio]<\/code> is present. With a block, group<\/code>, requires<\/code> and optional<\/code> accept an additional option type<\/code> which can be either Array<\/code> or Hash<\/code>, and defaults to Array<\/code>. Depending on the value, the nested parameters will be treated either as values of a hash or as values of hashes in an array.<\/p>\n