Grape is a REST-like API micro-framework for Ruby. It's designed to run on Rack or complement existing web application frameworks such as Rails and Sinatra by providing a simple DSL to easily develop RESTful APIs. It has built-in support for common conventions, including multiple formats, subdomain/prefix restriction, content negotiation, versioning and much more.

• Grape Google Group
• Grape Wiki

You're reading the documentation for the next release of Grape, which should be 0.2.3. The current stable release is 0.2.2.

Grape is available as a gem, to install it just install the gem:

gem install grape 

If you're using Bundler, add the gem to Gemfile.

gem 'grape' 

Run bundle install.

Grape APIs are Rack applications that are created by subclassing Grape::API. Below is a simple example showing some of the more common features of Grape in the context of recreating parts of the Twitter API.

class Twitter::API < Grape::API version 'v1', :using => :header, :vendor => 'twitter' format :json helpers do def current_user @current_user ||= User.authorize!(env) end def authenticate! error!('401 Unauthorized', 401) unless current_user end end resource :statuses do desc "Returns a public timeline." get :public_timeline do Tweet.limit(20) end desc "Returns a personal timeline." get :home_timeline do authenticate! current_user.home_timeline end desc "Returns a tweet." params do requires :id, :type => Integer, :desc => "Tweet id." end get '/show/:id' do Tweet.find(params[:id]) end desc "Creates a tweet." params do requires :status, :type => String, :desc => "Your status." end post :update do authenticate! Tweet.create( :user => current_user, :text => params[:status] ) end end end

The above sample creates a Rack application that can be run from a rackup config.ru file with rackup:

run Twitter::API

And would respond to the following routes:

GET /statuses/public_timeline(.json) GET /statuses/home_timeline(.json) GET /statuses/show/:id(.json) POST /statuses/update(.json) 

In a Rails application, modify config/routes:

mount Twitter::API => "/"

Note that you will need to restart Rails to pick up changes in your API classes (see Issue 131).

You can mount multiple API implementations inside another one. These don't have to be different versions, but may be components of the same API.

class Twitter::API < Grape::API mount Twitter::APIv1 mount Twitter::APIv2 end

There are three strategies in which clients can reach your API's endpoints: :header, :path and :param. The default strategy is :path.

version 'v1', :using => :header, :vendor => 'twitter'

Using this versioning strategy, clients should pass the desired version in the HTTP Accept head.

curl -H Accept=application/vnd.twitter-v1+json http://localhost:9292/statuses/public_timeline 

By default, the first matching version is used when no Accept header is supplied. This behavior is similar to routing in Rails. To circumvent this default behavior, one could use the :strict option. When this option is set to true, a 406 Not Acceptable error is returned when no correct Accept header is supplied.

version 'v1', :using => :path

Using this versioning strategy, clients should pass the desired version in the URL.

curl -H http://localhost:9292/v1/statuses/public_timeline 

version 'v1', :using => :param

Using this versioning strategy, clients should pass the desired version as a request parameter, either in the URL query string or in the request body.

curl -H http://localhost:9292/events?apiver=v1 

The default name for the query parameter is 'apiver' but can be specified using the :parameter option.

version 'v1', :using => :param, :parameter => "v"

curl -H http://localhost:9292/events?v=v1 

You can add a description to API methods and namespaces.

desc "Returns a reticulated spline." get "spline/:id" do Spline.find(params[:id]) end

Request parameters are available through the params hash object. This includes GET and POST parameters, along with any named parameters you specify in your route strings.

get do Article.order(params[:sort_by]) end

Parameters are also populated from the request body on POST and PUT for JSON and XML content-types.

The Request:

curl -d '{"some_key": "some_value"}' 'http://localhost:9292/json_endpoint' -H Content-Type:application/json -v

The Grape Endpoint:

post '/json_endpoint' do params[:some_key] end

You can define validations and coercion options for your parameters using a params block.

params do requires :id, type: Integer optional :name, type: String, regexp: /^[a-z]+$/ group :user do requires :first_name requires :last_name end end get ':id' do # params[:id] is an Integer end

When a type is specified an implicit validation is done after the coercion to ensure the output type is the one declared.

Parameters can be nested using group. In the above example, this means both params[:user][:first_name] and params[:user][:last_name] are required next to params[:id].

Namespaces allow parameter definitions and apply to every method within the namespace.

namespace :shelves do params do requires :shelf_id, type: Integer, desc: "A shelf." end namespace ":shelf_id" do desc "Retrieve a book from a shelf." params do requires :book_id, type: Integer, desc: "A book." end get ":book_id" do # params[:shelf_id] defines a shelf # params[:book_id] defines a book end end end

class AlphaNumeric < Grape::Validations::Validator def validate_param!(attr_name, params) unless params[attr_name] =~ /^[[:alnum:]]+$/ throw :error, :status => 400, :message => "#{attr_name}: must consist of alpha-numeric characters" end end end 

params do requires :username, :alpha_numeric => true end

You can also create custom classes that take parameters.

class Length < Grape::Validations::SingleOptionValidator def validate_param!(attr_name, params) unless params[attr_name].length == @option throw :error, :status => 400, :message => "#{attr_name}: must be #{@option} characters long" end end end 

params do requires :name, :length => 5 end

When validation and coercion erros occur an exception of type Grape::Exceptions::ValidationError is raised. If the exception goes uncaught it will respond with a status of 400 and an error message. You can rescue a Grape::Exceptions::ValidationError and respond with a custom response.

rescue_from Grape::Exceptions::ValidationError do |e| Rack::Response.new({ 'status' => e.status, 'message' => e.message, 'param' => e.param }.to_json, e.status) end 

Headers are available through the header helper or the env hash object.

get do content_type = header['Content-type'] ... end

get do error! 'Unauthorized', 401 unless env['HTTP_SECRET_PASSWORD'] == 'swordfish' ... end

Optionally, you can define requirements for your named route parameters using regular expressions. The route will match only if all requirements are met.

get '/show/:id', :requirements => { :id => /[0-9]*/ } do Tweet.find(params[:id]) end

You can define helper methods that your endpoints can use with the helpers macro by either giving a block or a module.

module MyHelpers def say_hello(user) "hey there #{user.name}" end end class API < Grape::API # define helpers with a block helpers do def current_user User.find(params[:user_id]) end end # or mix in a module helpers MyHelpers get '/hello' do # helpers available in your endpoint and filters say_hello(current_user) end end

You can set, get and delete your cookies very simply using cookies method.

class API < Grape::API get '/counter' do cookies[:counter] ||= 0 cookies[:counter] += 1 { :counter => cookies[:counter] } end delete '/counter' do { :result => cookies.delete(:counter) } end end

To set more than value use hash-based syntax.

cookies[:counter] = { :value => 0, :expires => Time.tomorrow, :domain => '.example.com', :path => '/' } cookies[:counter][:value] +=1

You can redirect to a new url temporarily (302) or permanently (301).

redirect "/new_url"

redirect "/new_url", :permanent => true

When you add a route for a resource, a route for the HTTP OPTIONS method will also be added. The response to an OPTIONS request will include an Allow header listing the supported methods.

class API < Grape::API get '/counter' do { :counter => Counter.count } end params do requires :value, :type => Integer, :desc => 'value to add to counter' end put '/counter' do { :counter => Counter.incr(params.value) } end end

curl -v -X OPTIONS http://localhost:3000/counter > OPTIONS /counter HTTP/1.1 > < HTTP/1.1 204 No Content < Allow: OPTIONS, GET, PUT

If a request for a resource is made with an unsupported HTTP method, an HTTP 405 (Method Not Allowed) response will be returned.

curl -X DELETE -v http://localhost:3000/counter/ > DELETE /counter/ HTTP/1.1 > Host: localhost:3000 > < HTTP/1.1 405 Method Not Allowed < Allow: OPTIONS, GET, PUT

You can abort the execution of an API method by raising errors with error!.

error!("Access Denied", 401)

You can also return JSON formatted objects by raising error! and passing a hash instead of a message.

error!({ "error" => "unexpected error", "detail" => "missing widget" }, 500)

Grape can be told to rescue all exceptions and instead return them in txt or json formats.

class Twitter::API < Grape::API rescue_from :all end

You can also rescue specific exceptions.

class Twitter::API < Grape::API rescue_from ArgumentError, NotImplementedError end

The error format can be specified using error_format. Available formats are :json and :txt (default).

class Twitter::API < Grape::API error_format :json end

You can rescue all exceptions with a code block. The rack_response wrapper automatically sets the default error code and content-type.

class Twitter::API < Grape::API rescue_from :all do |e| rack_response({ :message => "rescued from #{e.class.name}" }) end end

You can also rescue specific exceptions with a code block and handle the Rack response at the lowest level.

class Twitter::API < Grape::API rescue_from :all do |e| Rack::Response.new([ e.message ], 500, { "Content-type" => "text/error" }).finish end end

Or rescue specific exceptions.

class Twitter::API < Grape::API rescue_from ArgumentError do |e| Rack::Response.new([ "ArgumentError: #{e.message}" ], 500) end rescue_from NotImplementedError do |e| Rack::Response.new([ "NotImplementedError: #{e.message}" ], 500) end end

Grape::API provides a logger method which by default will return an instance of the Logger class from Ruby's standard library.

To log messages from within an endpoint, you need to define a helper to make the logger available in the endpoint context.

class API < Grape::API helpers do def logger API.logger end end get '/hello' do logger.info "someone said hello" "hey there" end end

You can also set your own logger.

class MyLogger def warning(message) puts "this is a warning: #{message}" end end class API < Grape::API logger MyLogger.new helpers do def logger API.logger end end get '/hello' do logger.warning "someone said hello" "hey there" end end

By default, Grape supports XML, JSON, Atom, RSS, and text content-types. Serialization takes place automatically.

Your API can declare additional types to support. Response format is determined by the request's extension, an explicit format parameter in the query string, or Accept header.

Custom formatters for additional types can be defined with a proc or by method pointer.

class Twitter::API < Grape::API content_type :xls, "application/vnd.ms-excel" formatter :xls, lambda { |object| object.to_fancy_xls } end

You can also set the default format. The order for choosing the format is the following.

• Use the file extension, if specified. If the file is .json, choose the JSON format.
• Use the value of the format parameter in the query string, if specified.
• Use the format set by the format option, if specified.
• Attempt to find an acceptable format from the Accept header.
• Use the default format, if specified by the default_format option.
• Default to :txt otherwise.

class Twitter::API < Grape::API format :json end

class Twitter::API < Grape::API default_format :json end

You can override the content-type by setting the Content-Type header.

class API < Grape::API get '/script' do content_type "application/javascript" "var x = 1;" end end

Entities are a reusable means for converting Ruby objects to API responses. Entities can be used to conditionally include fields, nest other entities, and build ever larger responses, using inheritance.

Entities inherit from Grape::Entity, and define a simple DSL. Exposures can use runtime options to determine which fields should be visible, these options are available to :if, :unless, and :proc. The option keys :version and :collection will always be defined. The :version key is defined as api.version. The :collection key is boolean, and defined as true if the object presented is an array.

• expose SYMBOLS
  • define a list of fields which will always be exposed
• expose SYMBOLS, HASH
  • HASH keys include :if, :unless, :proc, :as, :using, :format_with, :documentation
    • :if and :unless accept hashes (passed during runtime) or procs (arguments are object and options)
• expose SYMBOL, { :format_with => :formatter }
  • expose a value, formatting it first
  • :format_with can only be applied to one exposure at a time
• expose SYMBOL, { :as => "alias" }
  • Expose a value, changing its hash key from SYMBOL to alias
  • :as can only be applied to one exposure at a time
• expose SYMBOL BLOCK
  • block arguments are object and options
  • expose the value returned by the block
  • block can only be applied to one exposure at a time

module API module Entities class User < Grape::Entity expose :first_name, :last_name expose :field, :documentation => { :type => "string", :desc => "words go here" } expose :email, :if => { :type => :full } expose :user_type, user_id, :if => lambda{ |user,options| user.confirmed? } expose(:name) { |user,options| [ user.first_name, user.last_name ].join(' ')} expose :latest_status, :using => API::Status, :as => :status end end end module API module Entities class UserDetailed < API::Entities::User expose :account_id end end end

Grape ships with a DSL to easily define entities within the context of an existing class:

class User include Grape::Entity::DSL entity :name, :email do expose :advanced, if: :conditional end end

The above will automatically create a User::Entity class and define properties on it according to the same rules as above. If you only want to define simple exposures you don't have to supply a block and can instead simply supply a list of comma-separated symbols.

Once an entity is defined, it can be used within endpoints, by calling present. The present method accepts two arguments, the object to be presented and the options associated with it. The options hash must always include :with, which defines the entity to expose.

If the entity includes documentation it can be included in an endpoint's description.

module API class Users < Grape::API version 'v1' desc 'User index', { :object_fields => API::Entities::User.documentation } get '/users' do @users = User.all type = current_user.admin? ? :full : :default present @users, with: API::Entities::User, :type => type end end end

In addition to separately organizing entities, it may be useful to put them as namespaced classes underneath the model they represent. For example:

class User def entity Entity.new(self) end class Entity < Grape::Entity expose :name, :email end end

If you organize your entities this way, Grape will automatically detect the Entity class and use it to present your models. In this example, if you added present User.new to your endpoint, Grape would automatically detect that there is a User::Entity class and use that as the representative entity. This can still be overridden by using the :with option or an explicit represents call.

Entities with duplicate exposure names and conditions will silently overwrite one another. In the following example, when object.check equals "foo", only field_a will be exposed. However, when object.check equals "bar" both field_b and foo will be exposed.

module API module Entities class User < Grape::Entity expose :field_a, :foo, :if => lambda { |object, options| object.check == "foo" } expose :field_b, :foo, :if => lambda { |object, options| object.check == "bar" } end end end

This can be problematic, when you have mixed collections. Using respond_to? is safer.

module API module Entities class User < Grape::Entity expose :field_a, :if => lambda { |object, options| object.check == "foo" } expose :field_b, :if => lambda { |object, options| object.check == "bar" } expose :foo, :if => lambda { |object, options| object.respond_to?(:foo) } end end end

Grape routes can be reflected at runtime. This can notably be useful for generating documentation.

Grape exposes arrays of API versions and compiled routes. Each route contains a route_prefix, route_version, route_namespace, route_method, route_path and route_params. The description and the optional hash that follows the API path may contain any number of keys and its values are also accessible via dynamically-generated route_[name] functions.

TwitterAPI::versions # yields [ 'v1', 'v2' ] TwitterAPI::routes # yields an array of Grape::Route objects TwitterAPI::routes[0].route_version # yields 'v1' TwitterAPI::routes[0].route_description # etc.

It's possible to retrieve the information about the current route from within an API call with route.

class MyAPI < Grape::API desc "Returns a description of a parameter." params do requires :id, :type => Integer, :desc => "Identity." end get "params/:id" do route.route_params[params[:id]] # yields the parameter description end end

Grape by default anchors all request paths, which means that the request URL should match from start to end to match, otherwise a 404 Not Found is returned. However, this is sometimes not what you want, because it is not always known upfront what can be expected from the call. This is because Rack-mount by default anchors requests to match from the start to the end, or not at all. Rails solves this problem by using a :anchor => false option in your routes. In Grape this option can be used as well when a method is defined.

For instance when you're API needs to get part of an URL, for instance:

class UrlAPI < Grape::API namespace :urls do get '/(*:url)', :anchor => false do some_data end end end

This will match all paths starting with '/urls/'. There is one caveat though: the params[:url] parameter only holds the first part of the request url. Luckily this can be circumvented by using the described above syntax for path specification and using the PATH_INFO Rack environment variable, using env["PATH_INFO"]. This will hold everything that comes after the '/urls/' part.

You can test a Grape API with RSpec by making HTTP requests and examining the response.

Use rack-test and define your API as app.

require 'spec_helper' describe Twitter::API do include Rack::Test::Methods def app Twitter::API end describe Twitter::API do describe "GET /api/v1/statuses" do it "returns an empty array of statuses" do get "/api/v1/statuses" last_response.status.should == 200 JSON.parse(response.body).should == [] end end describe "GET /api/v1/statuses/:id" do it "returns a status by id" do status = Status.create! get "/api/v1/statuses/#{status.id}" last_response.body.should == status.to_json end end end end

require 'spec_helper' describe Twitter::API do describe "GET /api/v1/statuses" do it "returns an empty array of statuses" do get "/api/v1/statuses" response.status.should == 200 JSON.parse(response.body).should == [] end end describe "GET /api/v1/statuses/:id" do it "returns a status by id" do status = Status.create! get "/api/v1/statuses/#{status.id}" resonse.body.should == status.to_json end end end

In Rails, HTTP request tests would go into the spec/request group. You may want your API code to go into app/api - you can match that layout under spec by adding the following in spec/spec_helper.rb.

RSpec.configure do |config| config.include RSpec::Rails::RequestExampleGroup, :type => :request, :example_group => { :file_path => /spec\/api/ } end

Grape is work of dozens of contributors. You're encouraged to submit pull requests, propose features and discuss issues.

• Fork the project
• Write tests for your new feature or a test that reproduces a bug
• Implement your feature or make a bug fix
• Do not mess with Rakefile, version or history
• Commit, push and make a pull request. Bonus points for topic branches.

MIT License. See LICENSE for details.

Copyright (c) 2010-2012 Michael Bleigh, and Intridea, Inc.