SlideShare una empresa de Scribd logo

HATEOAS 101: An Introduction to Hypermedia as the Engine of Application State

Descargar como PPTX, PDF
Apigee | Google Cloud
Apigee | Google Cloud

The document provides an introduction to HATEOAS (Hypermedia as the Engine of Application State), which is one of the constraints of REST. It defines HATEOAS as using hypermedia links in responses to drive application state, rather than through out-of-band information. Popular web APIs often violate HATEOAS by not including these links, unlike web user interfaces which adhere to it. While including links in API responses may be helpful for developers, it does not truly implement HATEOAS unless the links drive the client application state at runtime, rather than the developer deciding application flow. A true HATEOAS client would handle generic RESTful APIs similar to how a feed reader handles synd

Tecnología
1 de 140
HATEOAS 101 An Opinionated Introduction Brian Mulloy Apigee @landlessness @apigee
groups.google.com/group/api-craft
youtube.com/apigee
New! IRC Channel #api-craft on freenode
WARNING: The author may betray a bias against the application of REST constraints to web APIs.
What is HATEOAS?
Hypermedia As The Engine Of Application State
Let’s put HATEOAS in the full context of REST.
The Constraints of REST 1. Client-server 2. Stateless server 3. Cache 4. Uniform interface a. Identification of resources b. Manipulation of resources through representations c. Self-descriptive messages d. Hypermedia as the engine of application state 5. Layered System 6. Code-On-Demand (optional)
Let’s break it down.
The first three constraints…
1. Client-server 2. Stateless server 3. Cache
…give us the client-cache-stateless-server web architecture.
client cache Each request must contain all information. No stored context on the stateless server. server Client has the right to reuse client response data. cache
(we’ll come back to the 4th constraint)
The 5th constraint, Layered System, lets us add features like a gateway, load balancer and firewall.
Each layer Layers can encapsulate provides services legacy services & protect new services from legacy stateless to it’s neighbors. clients. server load stateless client firewall gateway balancer server Each layer cannot stateless "see" beyond it’s server immediate neighbor.
The optional 6th constraint, Code-on-Demand, allows the client to request code from the server & execute it.
Add features to a deployed client, which provides for improved extensibility and configurability client stateless server code Better user-perceived performance and efficiency
Now lets tackle the 4 parts of the 4th constraint, Uniform Interface
With help from the Twitter UI.
a. Resource Identifier identifies the particular resource involved in an interaction between components.
http://twitter.com/#!/jack/status/20
b. Resource Representation represents the state of a resource for transfer between components.
<!DOCTYPE html> <html data-nav-highlight-class-name="highlight-global-nav-home"> <head> <title>Twitter</title> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta charset="utf-8" /> <meta name="description" content="Instantly connect to what&#39;s most important to you. Follow your friends, experts, favorite celebrities, and breaking news." /> <link rel="dns-prefetch" href="http://a0.twimg.com"/> <link rel="dns-prefetch" href="http://api.twitter.com"/> <script type="text/javascript" charset="utf-8"> document.domain = 'twitter.com'; // this will be copied to twttr.appStartTime once our JS has started up document.startTime = new Date().getTime(); var twttr = {}; twttr.versionName = 'phoenix'; twttr.isT1 = true; twttr.didPingKeynote = false; twttr.keynoteTTFTPing = function() { if (!twttr.didPingKeynote && window.location.href.indexOf('keynoteTest') > 0) { var image = document.createElement('img'); image.src = '/images/keynote.gif'; twttr.didPingKeynote = true; } } window.console||function(){var a=["log","debug","info","warn","error","assert","dir","dirxml","group","groupEnd","time","t imeEnd","count","trace","profile","profileEnd"];window.console={};for(var b=0;b<a.length;++b)window.console[a[b]]=function(){}}(); </script> …
c. Self-descriptive messages contains all the information necessary to complete transformations.
GET /#!/jack/status/20 HTTP/1.1 User-Agent: Chrome/18.0.1025.11 Host: twitter.com Accept: text/html
d. Hypermedia as the engine of application state
state state transition transition state transition transition state state
“ The name „Representational State Transfer‟ is intended to evoke an image of how a well-designed Web application behaves: a network of web pages (a virtual state-machine), where the user progresses through the application by selecting links (state transitions), resulting in the next page (representing the next state of the application) being transferred to the user and rendered for their use. -Roy Fielding Architectural Styles and the Design of Network-based Software Architectures Chapter 6
States are web pages.
Transitions are hyperlinks.
The key to implementing HATEOAS is pretty simple
In each response message include the links for the next request message.
REST Interface App Browser App UI Server User App Developer
home connect discover search my profile direct messages google: lists jack‟s first favorite about tweet help retweet reply to keyboard @jack shortcuts turn off retweets settings report @jack for spam sign out add or remove block @jack tweet to @jack Follow @jack @jack new tweet from lists
1 transition in, 32 transitions out
A quick aside
The three greatest inventions of all time are:
Bicycles
Beer
The Hyperlink
With a browser I can start at http://twitter.com
And navigate my way through every state of the entire Twitter application.
It’s amazing!
HATEOAS is not scary.
HATEOAS is the key constraint that makes surfing the web with a browser possible.
Let’s look at HATEOAS and APIs
With help from the Twitter API.
GET /1/statuses/show/20.json HTTP/1.1 Host: api.twitter.com
{ "created_at": "Tue Mar 21 20:50:14 +0000 2006", "id": 20, "id_str": "20", "text": "just setting up my twttr", "source": "web", "truncated": false, "in_reply_to_status_id": null, "in_reply_to_status_id_str": null, "in_reply_to_user_id": null, "in_reply_to_user_id_str": null, "in_reply_to_screen_name": null, "user": { "id": 12, "id_str": "12", "name": "Jack Dorsey", "screen_name": "jack", "location": "San Francisco", "description": "Executive Chairman of Twitter, CEO of Square, a founder of both.", "url": null, "protected": false, "followers_count": 1935426, "friends_count": 1148, "listed_count": 17312, "created_at": "Tue Mar 21 20:50:14 +0000 2006", "favourites_count": 988, "utc_offset": -28800, "time_zone": "Pacific Time (US & Canada)", "geo_enabled": true, "verified": true, "statuses_count": 10894, "lang": "en", "contributors_enabled": true, "is_translator": false, "profile_background_color": "EBEBEB", "profile_background_image_url": "http://a0.twimg.com/images/themes/theme7/bg.gif", "profile_background_image_url_https": "https://si0.twimg.com/images/themes/theme7/bg.gif", "profile_background_tile": false, "profile_image_url": "http://a0.twimg.com/profile_images/1563216547/image_normal.jpg", "profile_image_url_https": "https://si0.twimg.com/profile_images/1563216547/image_normal.jpg", "profile_link_color": "990000", "profile_sidebar_border_color": "DFDFDF", "profile_sidebar_fill_color": "F3F3F3", "profile_text_color": "333333", "profile_use_background_image": true, "show_all_inline_media": true, "default_profile": false, "default_profile_image": false, "following": null, "follow_request_sent": null, "notifications": null }, "geo": null, "coordinates": null, "place": null, "contributors": null, "retweet_count": 5973, "favorited": false, "retweeted": false }
Uh oh. There are zero hyperlinks.
How many should there be to respect the HATEOAS constraint?
At least one.
{ "created_at": "Tue Mar 21 20:50:14 +0000 2006", "id": 20, "id_str": "20", "text": "just setting up my twttr", "source": "web", "truncated": false, "in_reply_to_status_id": null, "in_reply_to_status_id_str": null, "in_reply_to_user_id": null, "in_reply_to_user_id_str": null, "in_reply_to_screen_name": null, "user": { "id": 12, "link": ”http://api.twitter.com/1/users/show.json?user_id=12", "id_str": "12", "name": "Jack Dorsey", "screen_name": "jack", "location": "San Francisco", "description": "Executive Chairman of Twitter, CEO of Square, a founder of both.", "url": null, "protected": false, "followers_count": 1935426, "friends_count": 1148, "listed_count": 17312, "created_at": "Tue Mar 21 20:50:14 +0000 2006", "favourites_count": 988, "utc_offset": -28800, "time_zone": "Pacific Time (US & Canada)", "geo_enabled": true, "verified": true, "statuses_count": 10894, "lang": "en", "contributors_enabled": true, "is_translator": false, "profile_background_color": "EBEBEB", "profile_background_image_url": "http://a0.twimg.com/images/themes/theme7/bg.gif", "profile_background_image_url_https": "https://si0.twimg.com/images/themes/theme7/bg.gif", "profile_background_tile": false, "profile_image_url": "http://a0.twimg.com/profile_images/1563216547/image_normal.jpg", "profile_image_url_https": "https://si0.twimg.com/profile_images/1563216547/image_normal.jpg", "profile_link_color": "990000", "profile_sidebar_border_color": "DFDFDF", "profile_sidebar_fill_color": "F3F3F3", "profile_text_color": "333333", "profile_use_background_image": true, "show_all_inline_media": true, "default_profile": false, "default_profile_image": false, "following": null, "follow_request_sent": null, "notifications": null }, "geo": null, "coordinates": null, "place": null, "contributors": null, "retweet_count": 5973, "favorited": false, "retweeted": false }
A few questions.
Now are we HATEOAS compliant?
If we add another link does it change the consuming application’s state machine?
Is it ok for the developer to ignore included links?
Can the developer add out-of-band links to her app?
What happens when an app relies on multiple APIs? Where is the state machine?
If the Twitter API had complied with HATEOAS
When Loren Brichter
Created Tweetie
Would he have been able to decide which user actions to include in his design?
Or would those decisions have been driven by the links in the response from the Twitter API?
Nearly all popular web UIs adhere to HATEOAS.
Nearly all popular web APIs violate HATEOAS.
Why?
Let’s examine the two worlds.
I guarantee hypermedia is engine of app I decide where state I craft the user to click, aka experience, aka change state. state diagram. REST Interface App Browser App UI Server User App Developer
The person who crafts the experience (state diagram) and the app user have the REST interface between them.
And the hypermedia links are given directly to the app user at runtime.
So the hypermedia in each response message is genuinely the engine of application state.
This pattern is not limited to user interfaces.
We see the same pattern for syndication feeds.
I guarantee hypermedia is engine of app state I craft stories, I decide where categories & related to click, aka media, aka state change state. diagram. REST Interface App Feed Reader Feed Content User App Server Publisher
But the world of apps and web APIs seems different.
Interface App App 1 Developer 1 App API Server App User App 2 Developer 2 App App 3 Developer 3
Interface I craft the user experience, I get no aka state diagram. App HATEOAS App 1 I decide where Developer 1 respect. to click, aka change state. App API Server App User App 2 Developer 2 App App 3 Developer 3
The person who crafts the experience (state machine) and the app user do not have the REST interface between them.
And the hypermedia links are not given directly to the app user at runtime.
Instead, the hypermedia are given to the developer at design time.
And the developer decides which states are possible for the app user at runtime.
We need a Yoda moment.
“ You must unlearn what you have learned. -Yoda
I used to call the world of popular, non-HATEOAS, non- SOAP web APIs, Pragmatic REST.
Oops.
How do we answer the questions many API teams are asking
1. Should we go down the HATEOAS path?
As a practical matter, for many teams that previous question is the same as the next question.
2. Should we include links in our responses?
But they have different answers.
1. For an API to be HATEOAS-compliant it requires a client app that is also HATEOAS-compliant.
A user-interface app driven by web APIs would be akin to a feed reader for syndicated content.
But designed to handle generic web APIs.
I guarantee hypermedia is engine of app I decide where state I craft a system of to click, aka interrelated resources, change state. aka state diagram. REST Interface App RESTful API API API Server User Client App Developer ?
Special thanks to @elasticpath for this metaphor.
There are interesting non-UI applications as well.
“ However, the style does not assume that all applications are browsers. In fact, the application details are hidden from the server by the generic connector interface, and thus a user agent could equally be an automated robot performing information retrieval for an indexing service, a personal agent looking for data that matches certain criteria, or a maintenance spider busy patrolling the information for broken references or modified content [39]. -Roy Fielding Architectural Styles and the Design of Network-based Software Architectures Chapter 5
If you’re not going down the HATEOAS client path, should you include links anyway?
2. If you think including links in the API response will be helpful for developers at design time, then go for it.
But I wouldn’t call it HATEOAS because those links are probably not the engine of application state for the app user at run time.
“ If the engine of application state (and hence the API) is not being driven by hypertext, then it cannot be RESTful and cannot be a REST API. Period. Is there some broken manual somewhere that needs to be fixed? -Roy Fielding “REST APIs must be hypertext-driven” Untangled: Musings of Roy T. Fielding
Here’s a call to action
We know what REST with the HATEOAS constraint is and isn’t.
We know what SOAP is and isn’t.
But we don’t have an intellectual framework for the way so many popular apps and web APIs work today.
We need a really smart person
Who cares about web APIs
To examine the constraints of REST
The Constraints of REST 1. Client-server 2. Stateless server 3. Cache 4. Uniform interface a. Identification of resources b. Manipulation of resources through representations c. Self-descriptive messages d. Hypermedia as the engine of application state 5. Layered System 6. Code-On-Demand (optional)
While keeping in mind how custom apps are built by people using web APIs
Interface App App 1 Developer 1 App API Server App User App 2 Developer 2 App App 3 Developer 3
To give us a new foundation
The Constraints of ____ 1. ??? 2. ??? 3. ??? 4. ??? 5. ??? 6. ???
So that we will have a better shared idea of what we’re really doing
We will be able to communicate more effectively
And we will be able to create more value for the planet and the people on it.
But please choose a nice, pronounceable acronym.
Further Exploring • http://steveklabnik.com/ • http://pinboard.in/u:earth2marsh/t:hateoas/ • http://www.ics.uci.edu/~fielding/pubs/dissert ation/top.htm • http://martinfowler.com/articles/richardsonM aturityModel.html • http://timelessrepo.com/haters-gonna- hateoas
Questions?
THANK YOU Subscribe to API webinars at: youtube.com/apigee
THANK YOU IRC #api-craft on freenode
THANK YOU Questions and ideas to: groups.google.com/group/api-craft
THANK YOU Contact me at: @landlessness brian@apigee.com

Recomendados

Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Jen Andre
 
Tomcat
TomcatTomcat
TomcatVenkat Pinagadi
 
Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3NGINX, Inc.
 
Workshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederateWorkshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederateCraig Wu
 
Kafka Security 101 and Real-World Tips
Kafka Security 101 and Real-World Tips Kafka Security 101 and Real-World Tips
Kafka Security 101 and Real-World Tips confluent
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security OverviewSreenivas Makam
 
Introduction to container based virtualization with docker
Introduction to container based virtualization with dockerIntroduction to container based virtualization with docker
Introduction to container based virtualization with dockerBangladesh Network Operators Group
 
SSL
SSLSSL
SSLBadrul Alam bulon
 

Recomendados

Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Jen Andre
 
Tomcat
TomcatTomcat
TomcatVenkat Pinagadi
 
Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3NGINX, Inc.
 
Workshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederateWorkshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederateCraig Wu
 
Kafka Security 101 and Real-World Tips
Kafka Security 101 and Real-World Tips Kafka Security 101 and Real-World Tips
Kafka Security 101 and Real-World Tips confluent
 
Docker Security Overview
Docker Security OverviewDocker Security Overview
Docker Security OverviewSreenivas Makam
 
Introduction to container based virtualization with docker
Introduction to container based virtualization with dockerIntroduction to container based virtualization with docker
Introduction to container based virtualization with dockerBangladesh Network Operators Group
 
SSL
SSLSSL
SSLBadrul Alam bulon
 
Support de cours Spring M.youssfi
Support de cours Spring M.youssfiSupport de cours Spring M.youssfi
Support de cours Spring M.youssfiENSET, Université Hassan II Casablanca
 
Next generation block ciphers
Next generation block ciphersNext generation block ciphers
Next generation block ciphersRoman Oliynykov
 
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...Odinot Stanislas
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...Yuichi Nakamura
 
Docker Networking Tip - Macvlan driver
Docker Networking Tip - Macvlan driverDocker Networking Tip - Macvlan driver
Docker Networking Tip - Macvlan driverSreenivas Makam
 
Support de cours angular
Support de cours angularSupport de cours angular
Support de cours angularENSET, Université Hassan II Casablanca
 
Http vs Https
Http vs HttpsHttp vs Https
Http vs Httpsshikherwalia
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
Site JEE de ECommerce Basé sur Spring IOC MVC Security JPA Hibernate
Site JEE de ECommerce Basé sur Spring IOC MVC Security JPA HibernateSite JEE de ECommerce Basé sur Spring IOC MVC Security JPA Hibernate
Site JEE de ECommerce Basé sur Spring IOC MVC Security JPA HibernateENSET, Université Hassan II Casablanca
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSecuRing
 
Open infradays 2019_msa_k8s
Open infradays 2019_msa_k8sOpen infradays 2019_msa_k8s
Open infradays 2019_msa_k8sHyoungjun Kim
 
YOW2018 Cloud Performance Root Cause Analysis at Netflix
YOW2018 Cloud Performance Root Cause Analysis at NetflixYOW2018 Cloud Performance Root Cause Analysis at Netflix
YOW2018 Cloud Performance Root Cause Analysis at NetflixBrendan Gregg
 
Apache Kafka
Apache Kafka Apache Kafka
Apache Kafka Worapol Alex Pongpech, PhD
 
Mise en oeuvre des Frameworks de Machines et Deep Learning pour les Applicati...
Mise en oeuvre des Frameworks de Machines et Deep Learning pour les Applicati...Mise en oeuvre des Frameworks de Machines et Deep Learning pour les Applicati...
Mise en oeuvre des Frameworks de Machines et Deep Learning pour les Applicati...ENSET, Université Hassan II Casablanca
 
Apache Kafka in the Transportation and Logistics
Apache Kafka in the Transportation and LogisticsApache Kafka in the Transportation and Logistics
Apache Kafka in the Transportation and LogisticsKai Wähner
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
Appalications JEE avec Servlet/JSP
Appalications JEE avec Servlet/JSPAppalications JEE avec Servlet/JSP
Appalications JEE avec Servlet/JSPYouness Boukouchi
 
Scapy talk
Scapy talkScapy talk
Scapy talkAshwin Patil, GCIH, GCIA, GCFE
 
Dmk bo2 k8
Dmk bo2 k8Dmk bo2 k8
Dmk bo2 k8Dan Kaminsky
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
Why APIs? Second Edition - Webcast Slides
Why APIs? Second Edition - Webcast SlidesWhy APIs? Second Edition - Webcast Slides
Why APIs? Second Edition - Webcast SlidesApigee | Google Cloud
 
Rest and the hypermedia constraint
Rest and the hypermedia constraintRest and the hypermedia constraint
Rest and the hypermedia constraintInviqa
 

Más contenido relacionado

La actualidad más candente

Next generation block ciphers
Next generation block ciphersNext generation block ciphers
Next generation block ciphersRoman Oliynykov
 
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...Odinot Stanislas
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...Yuichi Nakamura
 
Docker Networking Tip - Macvlan driver
Docker Networking Tip - Macvlan driverDocker Networking Tip - Macvlan driver
Docker Networking Tip - Macvlan driverSreenivas Makam
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSecuRing
 
Open infradays 2019_msa_k8s
Open infradays 2019_msa_k8sOpen infradays 2019_msa_k8s
Open infradays 2019_msa_k8sHyoungjun Kim
 
YOW2018 Cloud Performance Root Cause Analysis at Netflix
YOW2018 Cloud Performance Root Cause Analysis at NetflixYOW2018 Cloud Performance Root Cause Analysis at Netflix
YOW2018 Cloud Performance Root Cause Analysis at NetflixBrendan Gregg
 
Mise en oeuvre des Frameworks de Machines et Deep Learning pour les Applicati...
Mise en oeuvre des Frameworks de Machines et Deep Learning pour les Applicati...Mise en oeuvre des Frameworks de Machines et Deep Learning pour les Applicati...
Mise en oeuvre des Frameworks de Machines et Deep Learning pour les Applicati...ENSET, Université Hassan II Casablanca
 
Apache Kafka in the Transportation and Logistics
Apache Kafka in the Transportation and LogisticsApache Kafka in the Transportation and Logistics
Apache Kafka in the Transportation and LogisticsKai Wähner
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
Appalications JEE avec Servlet/JSP
Appalications JEE avec Servlet/JSPAppalications JEE avec Servlet/JSP
Appalications JEE avec Servlet/JSPYouness Boukouchi
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 

La actualidad más candente (20)

Support de cours Spring M.youssfi
Support de cours Spring M.youssfiSupport de cours Spring M.youssfi
Support de cours Spring M.youssfi
 
Next generation block ciphers
Next generation block ciphersNext generation block ciphers
Next generation block ciphers
 
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...
 
Docker Networking Tip - Macvlan driver
Docker Networking Tip - Macvlan driverDocker Networking Tip - Macvlan driver
Docker Networking Tip - Macvlan driver
 
Support de cours angular
Support de cours angularSupport de cours angular
Support de cours angular
 
Http vs Https
Http vs HttpsHttp vs Https
Http vs Https
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
 
Site JEE de ECommerce Basé sur Spring IOC MVC Security JPA Hibernate
Site JEE de ECommerce Basé sur Spring IOC MVC Security JPA HibernateSite JEE de ECommerce Basé sur Spring IOC MVC Security JPA Hibernate
Site JEE de ECommerce Basé sur Spring IOC MVC Security JPA Hibernate
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
 
Open infradays 2019_msa_k8s
Open infradays 2019_msa_k8sOpen infradays 2019_msa_k8s
Open infradays 2019_msa_k8s
 
YOW2018 Cloud Performance Root Cause Analysis at Netflix
YOW2018 Cloud Performance Root Cause Analysis at NetflixYOW2018 Cloud Performance Root Cause Analysis at Netflix
YOW2018 Cloud Performance Root Cause Analysis at Netflix
 
Apache Kafka
Apache Kafka Apache Kafka
Apache Kafka
 
Mise en oeuvre des Frameworks de Machines et Deep Learning pour les Applicati...
Mise en oeuvre des Frameworks de Machines et Deep Learning pour les Applicati...Mise en oeuvre des Frameworks de Machines et Deep Learning pour les Applicati...
Mise en oeuvre des Frameworks de Machines et Deep Learning pour les Applicati...
 
Apache Kafka in the Transportation and Logistics
Apache Kafka in the Transportation and LogisticsApache Kafka in the Transportation and Logistics
Apache Kafka in the Transportation and Logistics
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
 
Appalications JEE avec Servlet/JSP
Appalications JEE avec Servlet/JSPAppalications JEE avec Servlet/JSP
Appalications JEE avec Servlet/JSP
 
Scapy talk
Scapy talkScapy talk
Scapy talk
 
Dmk bo2 k8
Dmk bo2 k8Dmk bo2 k8
Dmk bo2 k8
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 

Destacado

Why APIs? Second Edition - Webcast Slides
Why APIs? Second Edition - Webcast SlidesWhy APIs? Second Edition - Webcast Slides
Why APIs? Second Edition - Webcast SlidesApigee | Google Cloud
 
Rest and the hypermedia constraint
Rest and the hypermedia constraintRest and the hypermedia constraint
Rest and the hypermedia constraintInviqa
 
The Internet as Web Services: introduction to ReST
The Internet as Web Services: introduction to ReSTThe Internet as Web Services: introduction to ReST
The Internet as Web Services: introduction to ReSTBruno Kessler Foundation
 
RESTful services
RESTful servicesRESTful services
RESTful servicesgouthamrv
 
Learn REST in 18 Slides
Learn REST in 18 SlidesLearn REST in 18 Slides
Learn REST in 18 SlidesSuraj Gupta
 
REST-API introduction for developers
REST-API introduction for developersREST-API introduction for developers
REST-API introduction for developersPatrick Savalle
 

Destacado (9)

Why APIs? Second Edition - Webcast Slides
Why APIs? Second Edition - Webcast SlidesWhy APIs? Second Edition - Webcast Slides
Why APIs? Second Edition - Webcast Slides
 
Rest and the hypermedia constraint
Rest and the hypermedia constraintRest and the hypermedia constraint
Rest and the hypermedia constraint
 
The Internet as Web Services: introduction to ReST
The Internet as Web Services: introduction to ReSTThe Internet as Web Services: introduction to ReST
The Internet as Web Services: introduction to ReST
 
REST & RESTful Web Services
REST & RESTful Web ServicesREST & RESTful Web Services
REST & RESTful Web Services
 
RESTful services
RESTful servicesRESTful services
RESTful services
 
Introduction To REST
Introduction To RESTIntroduction To REST
Introduction To REST
 
Learn REST in 18 Slides
Learn REST in 18 SlidesLearn REST in 18 Slides
Learn REST in 18 Slides
 
REST-API introduction for developers
REST-API introduction for developersREST-API introduction for developers
REST-API introduction for developers
 
REST Presentation
REST PresentationREST Presentation
REST Presentation
 

Similar a HATEOAS 101: An Introduction to Hypermedia as the Engine of Application State

Authentication and authorization in res tful infrastructures
Authentication and authorization in res tful infrastructuresAuthentication and authorization in res tful infrastructures
Authentication and authorization in res tful infrastructuresCorley S.r.l.
 
Web Apps and more
Web Apps and moreWeb Apps and more
Web Apps and moreYan Shi
 
Web app and more
Web app and moreWeb app and more
Web app and morefaming su
 
Putting Microservices on a Diet: with Istio!
Putting Microservices on a Diet: with Istio!Putting Microservices on a Diet: with Istio!
Putting Microservices on a Diet: with Istio!QAware GmbH
 
IE 8 et les standards du Web - Chris Wilson - Paris Web 2008
IE 8 et les standards du Web - Chris Wilson - Paris Web 2008IE 8 et les standards du Web - Chris Wilson - Paris Web 2008
IE 8 et les standards du Web - Chris Wilson - Paris Web 2008Association Paris-Web
 
W3 conf hill-html5-security-realities
W3 conf hill-html5-security-realitiesW3 conf hill-html5-security-realities
W3 conf hill-html5-security-realitiesBrad Hill
 
Connect + Docker + AWS = Bitbucket Pipelines
Connect + Docker + AWS = Bitbucket PipelinesConnect + Docker + AWS = Bitbucket Pipelines
Connect + Docker + AWS = Bitbucket PipelinesAtlassian
 
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersWebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersViktor Gamov
 
Cross-site scripting (XSS) Attacks Cross-site scripting (XSS) .docx
Cross-site scripting (XSS) Attacks Cross-site scripting (XSS) .docxCross-site scripting (XSS) Attacks Cross-site scripting (XSS) .docx
Cross-site scripting (XSS) Attacks Cross-site scripting (XSS) .docxmydrynan
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
Evolving your Data Access with MongoDB Stitch - Drew Di Palma
Evolving your Data Access with MongoDB Stitch - Drew Di PalmaEvolving your Data Access with MongoDB Stitch - Drew Di Palma
Evolving your Data Access with MongoDB Stitch - Drew Di PalmaMongoDB
 
Programming For Google Wave
Programming For Google WaveProgramming For Google Wave
Programming For Google WaveRodrigo Borges
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?Graham Charters
 
Top 10 Web Hacks 2012
Top 10 Web Hacks 2012Top 10 Web Hacks 2012
Top 10 Web Hacks 2012Matt Johansen
 
Watch How the Giants Fall
Watch How the Giants FallWatch How the Giants Fall
Watch How the Giants Falljtmelton
 
Server side programming bt0083
Server side programming bt0083Server side programming bt0083
Server side programming bt0083Divyam Pateriya
 
GWT Web Socket and data serialization
GWT Web Socket and data serializationGWT Web Socket and data serialization
GWT Web Socket and data serializationGWTcon
 
CONFidence 2015: The Top 10 Web Hacks of 2014 - Matt Johansen, Johnathan Kuskos
CONFidence 2015: The Top 10 Web Hacks of 2014 - Matt Johansen, Johnathan KuskosCONFidence 2015: The Top 10 Web Hacks of 2014 - Matt Johansen, Johnathan Kuskos
CONFidence 2015: The Top 10 Web Hacks of 2014 - Matt Johansen, Johnathan KuskosPROIDEA
 

Similar a HATEOAS 101: An Introduction to Hypermedia as the Engine of Application State (20)

Authentication and authorization in res tful infrastructures
Authentication and authorization in res tful infrastructuresAuthentication and authorization in res tful infrastructures
Authentication and authorization in res tful infrastructures
 
Web Apps and more
Web Apps and moreWeb Apps and more
Web Apps and more
 
Web app and more
Web app and moreWeb app and more
Web app and more
 
Putting Microservices on a Diet: with Istio!
Putting Microservices on a Diet: with Istio!Putting Microservices on a Diet: with Istio!
Putting Microservices on a Diet: with Istio!
 
IE 8 et les standards du Web - Chris Wilson - Paris Web 2008
IE 8 et les standards du Web - Chris Wilson - Paris Web 2008IE 8 et les standards du Web - Chris Wilson - Paris Web 2008
IE 8 et les standards du Web - Chris Wilson - Paris Web 2008
 
W3 conf hill-html5-security-realities
W3 conf hill-html5-security-realitiesW3 conf hill-html5-security-realities
W3 conf hill-html5-security-realities
 
Connect + Docker + AWS = Bitbucket Pipelines
Connect + Docker + AWS = Bitbucket PipelinesConnect + Docker + AWS = Bitbucket Pipelines
Connect + Docker + AWS = Bitbucket Pipelines
 
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersWebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
 
Cross-site scripting (XSS) Attacks Cross-site scripting (XSS) .docx
Cross-site scripting (XSS) Attacks Cross-site scripting (XSS) .docxCross-site scripting (XSS) Attacks Cross-site scripting (XSS) .docx
Cross-site scripting (XSS) Attacks Cross-site scripting (XSS) .docx
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Evolving your Data Access with MongoDB Stitch - Drew Di Palma
Evolving your Data Access with MongoDB Stitch - Drew Di PalmaEvolving your Data Access with MongoDB Stitch - Drew Di Palma
Evolving your Data Access with MongoDB Stitch - Drew Di Palma
 
Api
ApiApi
Api
 
Programming For Google Wave
Programming For Google WaveProgramming For Google Wave
Programming For Google Wave
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
 
Top 10 Web Hacks 2012
Top 10 Web Hacks 2012Top 10 Web Hacks 2012
Top 10 Web Hacks 2012
 
Google Web Toolkit
Google Web ToolkitGoogle Web Toolkit
Google Web Toolkit
 
Watch How the Giants Fall
Watch How the Giants FallWatch How the Giants Fall
Watch How the Giants Fall
 
Server side programming bt0083
Server side programming bt0083Server side programming bt0083
Server side programming bt0083
 
GWT Web Socket and data serialization
GWT Web Socket and data serializationGWT Web Socket and data serialization
GWT Web Socket and data serialization
 
CONFidence 2015: The Top 10 Web Hacks of 2014 - Matt Johansen, Johnathan Kuskos
CONFidence 2015: The Top 10 Web Hacks of 2014 - Matt Johansen, Johnathan KuskosCONFidence 2015: The Top 10 Web Hacks of 2014 - Matt Johansen, Johnathan Kuskos
CONFidence 2015: The Top 10 Web Hacks of 2014 - Matt Johansen, Johnathan Kuskos
 

Más de Apigee | Google Cloud

Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs Apigee | Google Cloud
 
AccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First WorldAccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First WorldApigee | Google Cloud
 
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Apigee | Google Cloud
 
The Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management MarketThe Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management MarketApigee | Google Cloud
 
Managing the Complexity of Microservices Deployments
Managing the Complexity of Microservices DeploymentsManaging the Complexity of Microservices Deployments
Managing the Complexity of Microservices DeploymentsApigee | Google Cloud
 
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessApigee | Google Cloud
 
Adapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet KapoorAdapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet KapoorApigee | Google Cloud
 
Adapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg BrailAdapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg BrailApigee | Google Cloud
 
Adapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant JhingranAdapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant JhingranApigee | Google Cloud
 
London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!Apigee | Google Cloud
 

Más de Apigee | Google Cloud (20)

How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
 
Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)
 
Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs
 
Apigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee Demo: API Platform Overview
Apigee Demo: API Platform Overview
 
Ticketmaster at a glance
Ticketmaster at a glanceTicketmaster at a glance
Ticketmaster at a glance
 
AccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First WorldAccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First World
 
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?
 
Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2
 
The Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management MarketThe Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management Market
 
Walgreens at a glance
Walgreens at a glanceWalgreens at a glance
Walgreens at a glance
 
Apigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee Edge: Intro to Microgateway
Apigee Edge: Intro to Microgateway
 
Managing the Complexity of Microservices Deployments
Managing the Complexity of Microservices DeploymentsManaging the Complexity of Microservices Deployments
Managing the Complexity of Microservices Deployments
 
Pitney Bowes at a glance
Pitney Bowes at a glancePitney Bowes at a glance
Pitney Bowes at a glance
 
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices Success
 
Adapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet KapoorAdapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet Kapoor
 
Adapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg BrailAdapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg Brail
 
Adapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant JhingranAdapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant Jhingran
 
London Adapt or Die: Opening Keynot
London Adapt or Die: Opening KeynotLondon Adapt or Die: Opening Keynot
London Adapt or Die: Opening Keynot
 
London Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynoteLondon Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynote
 
London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!
 

Último

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Último (20)

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

HATEOAS 101: An Introduction to Hypermedia as the Engine of Application State

  • 1. HATEOAS 101 An Opinionated Introduction Brian Mulloy Apigee @landlessness @apigee
  • 4. New! IRC Channel #api-craft on freenode
  • 5. WARNING: The author may betray a bias against the application of REST constraints to web APIs.
  • 7.
  • 8. Hypermedia As The Engine Of Application State
  • 9. Let’s put HATEOAS in the full context of REST.
  • 10. The Constraints of REST 1. Client-server 2. Stateless server 3. Cache 4. Uniform interface a. Identification of resources b. Manipulation of resources through representations c. Self-descriptive messages d. Hypermedia as the engine of application state 5. Layered System 6. Code-On-Demand (optional)
  • 12. The first three constraints…
  • 13. 1. Client-server 2. Stateless server 3. Cache
  • 14. …give us the client-cache-stateless-server web architecture.
  • 15. client cache Each request must contain all information. No stored context on the stateless server. server Client has the right to reuse client response data. cache
  • 16. (we’ll come back to the 4th constraint)
  • 17. The 5th constraint, Layered System, lets us add features like a gateway, load balancer and firewall.
  • 18. Each layer Layers can encapsulate provides services legacy services & protect new services from legacy stateless to it’s neighbors. clients. server load stateless client firewall gateway balancer server Each layer cannot stateless "see" beyond it’s server immediate neighbor.
  • 19. The optional 6th constraint, Code-on-Demand, allows the client to request code from the server & execute it.
  • 20. Add features to a deployed client, which provides for improved extensibility and configurability client stateless server code Better user-perceived performance and efficiency
  • 21. Now lets tackle the 4 parts of the 4th constraint, Uniform Interface
  • 22. With help from the Twitter UI.
  • 23. a. Resource Identifier identifies the particular resource involved in an interaction between components.
  • 25. b. Resource Representation represents the state of a resource for transfer between components.
  • 26. <!DOCTYPE html> <html data-nav-highlight-class-name="highlight-global-nav-home"> <head> <title>Twitter</title> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta charset="utf-8" /> <meta name="description" content="Instantly connect to what&#39;s most important to you. Follow your friends, experts, favorite celebrities, and breaking news." /> <link rel="dns-prefetch" href="http://a0.twimg.com"/> <link rel="dns-prefetch" href="http://api.twitter.com"/> <script type="text/javascript" charset="utf-8"> document.domain = 'twitter.com'; // this will be copied to twttr.appStartTime once our JS has started up document.startTime = new Date().getTime(); var twttr = {}; twttr.versionName = 'phoenix'; twttr.isT1 = true; twttr.didPingKeynote = false; twttr.keynoteTTFTPing = function() { if (!twttr.didPingKeynote && window.location.href.indexOf('keynoteTest') > 0) { var image = document.createElement('img'); image.src = '/images/keynote.gif'; twttr.didPingKeynote = true; } } window.console||function(){var a=["log","debug","info","warn","error","assert","dir","dirxml","group","groupEnd","time","t imeEnd","count","trace","profile","profileEnd"];window.console={};for(var b=0;b<a.length;++b)window.console[a[b]]=function(){}}(); </script> …
  • 27. c. Self-descriptive messages contains all the information necessary to complete transformations.
  • 28. GET /#!/jack/status/20 HTTP/1.1 User-Agent: Chrome/18.0.1025.11 Host: twitter.com Accept: text/html
  • 29. d. Hypermedia as the engine of application state
  • 30.
  • 31. state state transition transition state transition transition state state
  • 32. The name „Representational State Transfer‟ is intended to evoke an image of how a well-designed Web application behaves: a network of web pages (a virtual state-machine), where the user progresses through the application by selecting links (state transitions), resulting in the next page (representing the next state of the application) being transferred to the user and rendered for their use. -Roy Fielding Architectural Styles and the Design of Network-based Software Architectures Chapter 6
  • 33. States are web pages.
  • 35. The key to implementing HATEOAS is pretty simple
  • 36. In each response message include the links for the next request message.
  • 37. REST Interface App Browser App UI Server User App Developer
  • 38.
  • 39. home connect discover search my profile direct messages google: lists jack‟s first favorite about tweet help retweet reply to keyboard @jack shortcuts turn off retweets settings report @jack for spam sign out add or remove block @jack tweet to @jack Follow @jack @jack new tweet from lists
  • 40. 1 transition in, 32 transitions out
  • 42. The three greatest inventions of all time are:
  • 44. Beer
  • 46. With a browser I can start at http://twitter.com
  • 47. And navigate my way through every state of the entire Twitter application.
  • 49. HATEOAS is not scary.
  • 50.
  • 51. HATEOAS is the key constraint that makes surfing the web with a browser possible.
  • 52. Let’s look at HATEOAS and APIs
  • 53. With help from the Twitter API.
  • 55. { "created_at": "Tue Mar 21 20:50:14 +0000 2006", "id": 20, "id_str": "20", "text": "just setting up my twttr", "source": "web", "truncated": false, "in_reply_to_status_id": null, "in_reply_to_status_id_str": null, "in_reply_to_user_id": null, "in_reply_to_user_id_str": null, "in_reply_to_screen_name": null, "user": { "id": 12, "id_str": "12", "name": "Jack Dorsey", "screen_name": "jack", "location": "San Francisco", "description": "Executive Chairman of Twitter, CEO of Square, a founder of both.", "url": null, "protected": false, "followers_count": 1935426, "friends_count": 1148, "listed_count": 17312, "created_at": "Tue Mar 21 20:50:14 +0000 2006", "favourites_count": 988, "utc_offset": -28800, "time_zone": "Pacific Time (US & Canada)", "geo_enabled": true, "verified": true, "statuses_count": 10894, "lang": "en", "contributors_enabled": true, "is_translator": false, "profile_background_color": "EBEBEB", "profile_background_image_url": "http://a0.twimg.com/images/themes/theme7/bg.gif", "profile_background_image_url_https": "https://si0.twimg.com/images/themes/theme7/bg.gif", "profile_background_tile": false, "profile_image_url": "http://a0.twimg.com/profile_images/1563216547/image_normal.jpg", "profile_image_url_https": "https://si0.twimg.com/profile_images/1563216547/image_normal.jpg", "profile_link_color": "990000", "profile_sidebar_border_color": "DFDFDF", "profile_sidebar_fill_color": "F3F3F3", "profile_text_color": "333333", "profile_use_background_image": true, "show_all_inline_media": true, "default_profile": false, "default_profile_image": false, "following": null, "follow_request_sent": null, "notifications": null }, "geo": null, "coordinates": null, "place": null, "contributors": null, "retweet_count": 5973, "favorited": false, "retweeted": false }
  • 56. Uh oh. There are zero hyperlinks.
  • 57. How many should there be to respect the HATEOAS constraint?
  • 59. { "created_at": "Tue Mar 21 20:50:14 +0000 2006", "id": 20, "id_str": "20", "text": "just setting up my twttr", "source": "web", "truncated": false, "in_reply_to_status_id": null, "in_reply_to_status_id_str": null, "in_reply_to_user_id": null, "in_reply_to_user_id_str": null, "in_reply_to_screen_name": null, "user": { "id": 12, "link": ”http://api.twitter.com/1/users/show.json?user_id=12", "id_str": "12", "name": "Jack Dorsey", "screen_name": "jack", "location": "San Francisco", "description": "Executive Chairman of Twitter, CEO of Square, a founder of both.", "url": null, "protected": false, "followers_count": 1935426, "friends_count": 1148, "listed_count": 17312, "created_at": "Tue Mar 21 20:50:14 +0000 2006", "favourites_count": 988, "utc_offset": -28800, "time_zone": "Pacific Time (US & Canada)", "geo_enabled": true, "verified": true, "statuses_count": 10894, "lang": "en", "contributors_enabled": true, "is_translator": false, "profile_background_color": "EBEBEB", "profile_background_image_url": "http://a0.twimg.com/images/themes/theme7/bg.gif", "profile_background_image_url_https": "https://si0.twimg.com/images/themes/theme7/bg.gif", "profile_background_tile": false, "profile_image_url": "http://a0.twimg.com/profile_images/1563216547/image_normal.jpg", "profile_image_url_https": "https://si0.twimg.com/profile_images/1563216547/image_normal.jpg", "profile_link_color": "990000", "profile_sidebar_border_color": "DFDFDF", "profile_sidebar_fill_color": "F3F3F3", "profile_text_color": "333333", "profile_use_background_image": true, "show_all_inline_media": true, "default_profile": false, "default_profile_image": false, "following": null, "follow_request_sent": null, "notifications": null }, "geo": null, "coordinates": null, "place": null, "contributors": null, "retweet_count": 5973, "favorited": false, "retweeted": false }
  • 61. Now are we HATEOAS compliant?
  • 62. If we add another link does it change the consuming application’s state machine?
  • 63. Is it ok for the developer to ignore included links?
  • 64. Can the developer add out-of-band links to her app?
  • 65. What happens when an app relies on multiple APIs? Where is the state machine?
  • 66. If the Twitter API had complied with HATEOAS
  • 68.
  • 70.
  • 71. Would he have been able to decide which user actions to include in his design?
  • 72.
  • 73. Or would those decisions have been driven by the links in the response from the Twitter API?
  • 74.
  • 75.
  • 76. Nearly all popular web UIs adhere to HATEOAS.
  • 77. Nearly all popular web APIs violate HATEOAS.
  • 78. Why?
  • 79. Let’s examine the two worlds.
  • 80. I guarantee hypermedia is engine of app I decide where state I craft the user to click, aka experience, aka change state. state diagram. REST Interface App Browser App UI Server User App Developer
  • 81. The person who crafts the experience (state diagram) and the app user have the REST interface between them.
  • 82. And the hypermedia links are given directly to the app user at runtime.
  • 83. So the hypermedia in each response message is genuinely the engine of application state.
  • 84. This pattern is not limited to user interfaces.
  • 85. We see the same pattern for syndication feeds.
  • 86. I guarantee hypermedia is engine of app state I craft stories, I decide where categories & related to click, aka media, aka state change state. diagram. REST Interface App Feed Reader Feed Content User App Server Publisher
  • 87. But the world of apps and web APIs seems different.
  • 88. Interface App App 1 Developer 1 App API Server App User App 2 Developer 2 App App 3 Developer 3
  • 89. Interface I craft the user experience, I get no aka state diagram. App HATEOAS App 1 I decide where Developer 1 respect. to click, aka change state. App API Server App User App 2 Developer 2 App App 3 Developer 3
  • 90. The person who crafts the experience (state machine) and the app user do not have the REST interface between them.
  • 91. And the hypermedia links are not given directly to the app user at runtime.
  • 92. Instead, the hypermedia are given to the developer at design time.
  • 93. And the developer decides which states are possible for the app user at runtime.
  • 94. We need a Yoda moment.
  • 95.
  • 96. “ You must unlearn what you have learned. -Yoda
  • 97. I used to call the world of popular, non-HATEOAS, non- SOAP web APIs, Pragmatic REST.
  • 98. Oops.
  • 99. How do we answer the questions many API teams are asking
  • 100. 1. Should we go down the HATEOAS path?
  • 101. As a practical matter, for many teams that previous question is the same as the next question.
  • 102. 2. Should we include links in our responses?
  • 103. But they have different answers.
  • 104. 1. For an API to be HATEOAS-compliant it requires a client app that is also HATEOAS-compliant.
  • 105. A user-interface app driven by web APIs would be akin to a feed reader for syndicated content.
  • 106. But designed to handle generic web APIs.
  • 107. I guarantee hypermedia is engine of app I decide where state I craft a system of to click, aka interrelated resources, change state. aka state diagram. REST Interface App RESTful API API API Server User Client App Developer ?
  • 108. Special thanks to @elasticpath for this metaphor.
  • 109. There are interesting non-UI applications as well.
  • 110. However, the style does not assume that all applications are browsers. In fact, the application details are hidden from the server by the generic connector interface, and thus a user agent could equally be an automated robot performing information retrieval for an indexing service, a personal agent looking for data that matches certain criteria, or a maintenance spider busy patrolling the information for broken references or modified content [39]. -Roy Fielding Architectural Styles and the Design of Network-based Software Architectures Chapter 5
  • 111. If you’re not going down the HATEOAS client path, should you include links anyway?
  • 112. 2. If you think including links in the API response will be helpful for developers at design time, then go for it.
  • 113.
  • 114. But I wouldn’t call it HATEOAS because those links are probably not the engine of application state for the app user at run time.
  • 115. If the engine of application state (and hence the API) is not being driven by hypertext, then it cannot be RESTful and cannot be a REST API. Period. Is there some broken manual somewhere that needs to be fixed? -Roy Fielding “REST APIs must be hypertext-driven” Untangled: Musings of Roy T. Fielding
  • 116.
  • 117. Here’s a call to action
  • 118. We know what REST with the HATEOAS constraint is and isn’t.
  • 119. We know what SOAP is and isn’t.
  • 120. But we don’t have an intellectual framework for the way so many popular apps and web APIs work today.
  • 121. We need a really smart person
  • 122. Who cares about web APIs
  • 123. To examine the constraints of REST
  • 124. The Constraints of REST 1. Client-server 2. Stateless server 3. Cache 4. Uniform interface a. Identification of resources b. Manipulation of resources through representations c. Self-descriptive messages d. Hypermedia as the engine of application state 5. Layered System 6. Code-On-Demand (optional)
  • 125. While keeping in mind how custom apps are built by people using web APIs
  • 126. Interface App App 1 Developer 1 App API Server App User App 2 Developer 2 App App 3 Developer 3
  • 127. To give us a new foundation
  • 128. The Constraints of ____ 1. ??? 2. ??? 3. ??? 4. ??? 5. ??? 6. ???
  • 129. So that we will have a better shared idea of what we’re really doing
  • 130. We will be able to communicate more effectively
  • 131. And we will be able to create more value for the planet and the people on it.
  • 132.
  • 133. But please choose a nice, pronounceable acronym.
  • 134.
  • 135. Further Exploring • http://steveklabnik.com/ • http://pinboard.in/u:earth2marsh/t:hateoas/ • http://www.ics.uci.edu/~fielding/pubs/dissert ation/top.htm • http://martinfowler.com/articles/richardsonM aturityModel.html • http://timelessrepo.com/haters-gonna- hateoas
  • 137. THANK YOU Subscribe to API webinars at: youtube.com/apigee
  • 139. THANK YOU Questions and ideas to: groups.google.com/group/api-craft
  • 140. THANK YOU Contact me at: @landlessness brian@apigee.com

Notas del editor

  1. Creative Commons Attribution-Share Alike 3.0 United States License
  2. http://www.flickr.com/photos/kmakice/2478522449/
  3. http://www.flickr.com/photos/kmakice/2478522449/