Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Skyrocketing Web APIs

791 visualizaciones

Publicado el

There are lots of misconceptions about REST APIs. People think REST is about HTTP, and is not. That developer UX is important, but it will soon be dead.
Here we discuss our approach to REST over HTTP and the difficulties and special scenarios we have found and how we solved them.

Publicado en: Tecnología
  • Sé el primero en comentar

Skyrocketing Web APIs

  1. 1. Skyrocketing Web APIs By making the right decisions Daniel Cerecedo @dcerecedo
  2. 2. Why REST over HTTP?Why REST over HTTP? @dcerecedoByteflair
  3. 3. Why REST over HTTP?Why REST over HTTP? @dcerecedoByteflair The limits of my language mean the limits of my world. Everybody speaks HTTP
  4. 4. Developer UXDeveloper UX @dcerecedoByteflair HTTP is for browsers
  5. 5. Developer UXDeveloper UX @dcerecedoByteflair Developer in mind, not browsers
  6. 6. REST over HTTPREST over HTTP @dcerecedoByteflair Components URIs Verbs StatusCode Body Headers
  7. 7. REST over HTTPREST over HTTP @dcerecedoByteflair Separate resource representation from contextual data Representation Body→ Contextualdata Headers→
  8. 8. REST over HTTPREST over HTTP @dcerecedoByteflair HTTP status code to inform client about the result 2xx Ok→ Other Ko→ 4xx Clienterror→ 5xx Servererror→
  9. 9. REST over HTTPREST over HTTP @dcerecedoByteflair Use best matching HTTP Status codes Add specific application error codes to error responses
  10. 10. @dcerecedoByteflair REST over HTTPREST over HTTP Semantic of an API should be In the URI ...but Everybody thinks Verbs+URIs fit better on HTTP
  11. 11. @dcerecedoByteflair REST over HTTPREST over HTTP
  12. 12. HypermediaHypermedia @dcerecedoByteflair
  13. 13. HypermediaHypermedia @dcerecedoByteflair Applications can be modeled as state machines
  14. 14. @dcerecedoByteflair HypermediaHypermedia
  15. 15. @dcerecedoByteflair HypermediaHypermedia
  16. 16. @dcerecedoByteflair HypermediaHypermedia Model the problem domain Identifydomainresources Identifyresourcestatetransitions
  17. 17. @dcerecedoByteflair HypermediaHypermedia Domain resources Vehicles Users Sessions Resource state transitions Createresources Assignownertovehicle Activatesessionwithdriver&vehicle Deactivatesession
  18. 18. @dcerecedoByteflair HypermediaHypermedia Define resource representation formats Mime Types Define roles for each Hypermedia Control Rel Types
  19. 19. @dcerecedoByteflair HypermediaHypermedia GET / Headers Link: <https://api.domain.com/vehicles>; rel=”vehicles”: <https://api.domain.com/users>; rel=”users”: <https://api.domain.com/sessions>; rel=”sessions” Body ...
  20. 20. @dcerecedoByteflair HypermediaHypermedia GET /vehicles Headers Link: <https://api.domain.com/vehicles?page=1&size=20>; rel=”next” Body [ {...}, {…}, ...] Control links
  21. 21. @dcerecedoByteflair HypermediaHypermedia GET /sessions/1374 Body { …. “vehicle”:”https://api.domain.com/vehicles/1”, “driver”:”https://api.domain.com/users/1” } These are also control links. Use conventions to get full semantics!!
  22. 22. @dcerecedoByteflair HypermediaHypermedia GET /vehicles/1 Body { …. “owner”:”https://api.domain.com/users/1” } Relation types specify the role of the link
  23. 23. @dcerecedoByteflair HypermediaHypermedia GET /sessions/1374 Body { …. “vehicle”:”https://api.domain.com/vehicles/1”, “driver”:”https://api.domain.com/persons/1” }
  24. 24. @dcerecedoByteflair HypermediaHypermedia Let the client discover its resource access level Options
  25. 25. @dcerecedoByteflair HypermediaHypermedia Conventions RelTypes,MediaTypes,Methods,StatusCodes
  26. 26. @dcerecedoByteflair HypermediaHypermedia Think as if you had to write a client and minimize the number of things you have to know about the API beforehand
  27. 27. @dcerecedoByteflair HypermediaHypermedia A client and an API do not get decopupled magically
  28. 28. Dynamic viewsDynamic views @dcerecedoByteflair
  29. 29. Dynamic viewsDynamic views @dcerecedoByteflair We need different data access needs for the same resource depending on the security context
  30. 30. Dynamic viewsDynamic views @dcerecedoByteflair AnyUserresourcecanbefullyviewedbyan administrator AloggedinusercanfullyviewhisUserresource Otheruserscanonlyseehispublicdata Scenario
  31. 31. Dynamic viewsDynamic views @dcerecedoByteflair /users/{id} /owner/users/{id} /admin/users/{id} OneURIperrole Scenario
  32. 32. Dynamic viewsDynamic views @dcerecedoByteflair /users/{id} /owner/users/{id} /admin/users/{id} OneURIperrole Scenario
  33. 33. Dynamic viewsDynamic views @dcerecedoByteflair Partitiontheresource Givedifferentroleaccesstoeachpartition Scenario /users/{id} /users/{id}/my-private-data /users/{id}/data-about-me-only-the-admin-knows
  34. 34. Dynamic viewsDynamic views @dcerecedoByteflair OneURIperresource Selectoneviewatruntimedependingonthesecurity context Scenario /users/{id}
  35. 35. Dynamic viewsDynamic views @dcerecedoByteflair 1.Createamechanismtodefineviews 2.Createamechanismtodefineapplicableviewstoa resource 3.Createamechanismtodefinewhichviewtoapply
  36. 36. Dynamic viewsDynamic views @dcerecedoByteflair 1
  37. 37. Dynamic viewsDynamic views @dcerecedoByteflair 1
  38. 38. Dynamic viewsDynamic views @dcerecedoByteflair 2
  39. 39. Dynamic viewsDynamic views @dcerecedoByteflair 3
  40. 40. Updates & ConcurrencyUpdates & Concurrency @dcerecedoByteflair
  41. 41. @dcerecedoByteflair Twoclientsattempttoupdatethesameresource concurrently Representationisthestateoftheapplication Iwanttoavoidthesecondrequesttoupdatearesource fromaninconsistentrepresentation Updates & ConcurrencyUpdates & Concurrency Scenario
  42. 42. @dcerecedoByteflair Compareincomingresourceandexistingresource... Updates & ConcurrencyUpdates & Concurrency Scenario
  43. 43. @dcerecedoByteflair Compareincomingresourceandexistingresource... Ifunequalreject... Updates & ConcurrencyUpdates & Concurrency Scenario
  44. 44. @dcerecedoByteflair Compareincomingresourceandexistingresource... Ifunequalreject... Ifpossibleinformtheuserwhichfieldsviolatedthe precondition Updates & Concurrency Scenario
  45. 45. @dcerecedoByteflair Ifwehavedynamicviews,thenthesameresourcemay havedifferentfieldsfordifferentsecuritycontexts Updates & ConcurrencyUpdates & Concurrency
  46. 46. @dcerecedoByteflair Whatifwedon'twantallfieldstobeupdatable? Whatifweneedfinegrainedaccesscontroltofields? Updates & ConcurrencyUpdates & Concurrency Scenario
  47. 47. @dcerecedoByteflair 1.Weneedamechanismtoassociatesecurity expresionstofields 2.Weneedamechanismtoevaluatesecurity expresionsbeforechangingthevalueofafield Updates & ConcurrencyUpdates & Concurrency
  48. 48. @dcerecedoByteflair Updates & ConcurrencyUpdates & Concurrency 1
  49. 49. @dcerecedoByteflair Updates & ConcurrencyUpdates & Concurrency 2
  50. 50. Async RequestsAsync Requests @dcerecedoByteflair
  51. 51. Async RequestsAsync Requests @dcerecedoByteflair Howdowedealwithtransitionsthatareintrinsically asynchronous?
  52. 52. Async RequestsAsync Requests @dcerecedoByteflair Howdoweidentifyintrinsicallyasynctransitions? Therearestatetransitionsbeyondyourcontrol Itdoesnotmakesensetoreturnaresourcebecausewe don'tknowthestateoftheresourceafterinvokingthe transition
  53. 53. Async RequestsAsync Requests @dcerecedoByteflair Trucksareregularlyreviewedandmarkedforrepairing Scenario Ok Needs Repair Repaired Awaiting
  54. 54. Async RequestsAsync Requests @dcerecedoByteflair Trucksareregularlyreviewedandmarkedforrepairing Scenario Ok Needs Repair Repaired Within my organizations control Awaiting
  55. 55. Async RequestsAsync Requests @dcerecedoByteflair Trucksareregularlyreviewedandmarkedforrepairing Scenario Ok Needs Repair Repaired Within my organizations control Awaiting PUT/trucks/6/repair 202Accepted
  56. 56. Async RequestsAsync Requests @dcerecedoByteflair Trucksareregularlyreviewedandmarkedforrepairing Scenario Ok Needs Repair Repaired Within my organizations control Awaiting PUT/trucks/6/repair 202Accepted
  57. 57. Async RequestsAsync Requests @dcerecedoByteflair Howdowedealwithtaskintensivestatetransitions?
  58. 58. Async RequestsAsync Requests @dcerecedoByteflair Howdowedealwithtaskintensivestatetransitions? Wemakethemasync
  59. 59. @dcerecedoByteflair Flexibility & DecouplingFlexibility & Decoupling
  60. 60. @dcerecedoByteflair Flexibility & DecouplingFlexibility & Decoupling MediationRouter+MessageBroker
  61. 61. @dcerecedoByteflair Flexibility & DecouplingFlexibility & Decoupling Mail Template From To Subject Template name Amazon Mailchimp Elastic Mail Scenario
  62. 62. @dcerecedoByteflair Flexibility & DecouplingFlexibility & Decoupling Scenario
  63. 63. @dcerecedoByteflair Flexibility & DecouplingFlexibility & Decoupling Scenario
  64. 64. @dcerecedoByteflair Speakinginsilver i18ni18n
  65. 65. @dcerecedoByteflair Speakinginsilver i18ni18n GET /i18n/es_ES Body { “country” : “ES”, “lang”: “es”, “data” : { “key”: “localized message”, ….} } SinglePageApp
  66. 66. @dcerecedoByteflair API SpecificationAPI Specification
  67. 67. @dcerecedoByteflair
  68. 68. Byteflair SwaggerSwagger APIAPI SpecificationSpecification Swagger editor: http://editor.swagger.io/ En local: https://github.com/Byteflair/docker-swagger-editor docker pull byteflair/swagger-editor docker run -d -p <port>:9000 byteflair/swagger-editor
  69. 69. Byteflair RAMLRAML APIAPI SpecificationSpecification API Designer: http://api-portal.anypoint.mulesoft.com/raml/api-designer Imagen Docker: https://github.com/Byteflair/docker-raml-editor docker pull byteflair/raml-editor docker run -d -p <port>:9013 byteflair/raml-editor
  70. 70. @dcerecedoByteflair Oauth 2 CheatsheetOauth 2 Cheatsheet
  71. 71. @dcerecedoByteflair Oauth 2 CheatsheetOauth 2 Cheatsheet Client&User User Client Trusted Untrusted
  72. 72. @dcerecedoByteflair Oauth 2 CheatsheetOauth 2 Cheatsheet Client&User User Client Resource Owner Credentials Trusted UntrustedMy trusted native app
  73. 73. @dcerecedoByteflair Oauth 2 CheatsheetOauth 2 Cheatsheet Client&User User Client Client Credentials Resource Owner Credentials Trusted Untrusted A server app or CLI
  74. 74. @dcerecedoByteflair Oauth 2 CheatsheetOauth 2 Cheatsheet Client&User User Client Authorization Code Client Credentials Resource Owner Credentials Trusted Untrusted Third party apps
  75. 75. @dcerecedoByteflair Oauth 2 CheatsheetOauth 2 Cheatsheet Client&User User Client Authorization Code Implicit Client Credentials Resource Owner Credentials Trusted Untrusted My single page app
  76. 76. @dcerecedoByteflair Packaging & MonetizingPackaging & Monetizing
  77. 77. @dcerecedoByteflair HowtoofferdifferentproductsontopofthesameAPI? PackagingPackaging
  78. 78. @dcerecedoByteflair HowtoofferdifferentproductsontopofthesameAPI? BUNDLING subsetsoffunctionality PackagingPackaging
  79. 79. @dcerecedoByteflair HowtoofferdifferentproductsontopofthesameAPI? BUNDLING subsetsoffunctionality THROTTLING request PackagingPackaging
  80. 80. @dcerecedoByteflair HowtoofferdifferentproductsontopofthesameAPI? BUNDLING subsetsoffunctionality THROTTLING request PackagingPackaging Needs a proxy and means of updating policies
  81. 81. @dcerecedoByteflair MonetizingMonetizing
  82. 82. @dcerecedoByteflair ToolsTools
  83. 83. ToolsTools @dcerecedoByteflair
  84. 84. @dcerecedoByteflair “Weapons should be adapted to your personal qualities and be one you can handle” Miyamoto Mushashi
  85. 85. @dcerecedoByteflair Don'tbecomean extremist
  86. 86. ?Daniel Cerecedo @dcerecedo Thanks Gracias

×