Audio from this session is available at https://archive.org/details/rest_apis_with_oauth2
Constructing a successful and simple API is the lifeblood of your developer community, and REST is a simple standard through which this can be accomplished. As we construct our API and need to secure the system to authenticate and track applications making requests, the open standard of OAuth 2 provides us with a secure and open source method of doing just this.
In this talk, we will explore REST and OAuth 2 as standards for building out a secure API infrastructure, exploring many of the architectural decisions that PayPal took in choosing variations in the REST standard and specific implementations of OAuth 2.
4. What a RESTful API isn’t
Our API is RESTful, we support GET,
PUT, POST, and DELETE requests
No…actually you just support
HTTP…like the rest of the web.
5. What a RESTful API is
Honor HTTP request verbs
Use proper HTTP status codes
No version numbering in URIs
Return format via HTTP Accept header
Double Rainbow: Discovery via HATEOAS
17. Making a Call with the Token
public function process_payment($request){
$postvals = $request;
$uri = URI_SANDBOX . "payments/payment";
return self::curl($uri, 'POST', $postvals);
}
18. The Last Considerations
REST and OAuth are specifications,
not religions
Don’t alienate your developers
with security
Open source is your friend