SlideShare a Scribd company logo
1 of 27
Download to read offline
REST != Web API
Dan (Danut) Prisacaru, IASA CITA-A
Sr. Principal Engineer
https://www.linkedin.com/in/danut
https://philosoftware.wordpress.com/
Software Philosopher
Are we speaking the same language?
IASA Pillar: Human Dynamics
1
•Web APIs
•REST
•Patterns and Tools
•… 2
What makes a Web Page
http://www.csszengarden.com/
IASA Pillar: Design
3
What’s in a page?
SPA (Single Page Application)
1. HTML – HyperText Markup Language – is the standard markup language used to create web pages
2. CSS - Cascading Style Sheets is a style sheet language used for describing the look and formatting of a
document written in a markup language.
3. Java Script – (ECMAScript) is a dynamic programming language used as part of web browsers, whose
implementations allow client-side scripts to interact with the user, control the browser, communicate
asynchronously, and alter the document content that is displayed
4. Data - ???
IASA Pillar: Design
4
Web Application Architecture
Client – Server Architecture • The same Server provides the data
• Different kind of clients can consume it
• Browser on a laptop
• Browser on a smart phone / tablet
• Native app on a smart phone /
tablet
• Another Server
• Client specification can require a
different kind of UI
• Data behind may not need to change
API – Application Programming Interface – set of routines, protocols and tools
for building reusable software components.
Web API – set of routines, protocols and tools for building reusable software
Web components.
IASA Pillar: All => Architecture
5
Client – Server Communication
Browser Server
HTML, CSS, JS
Data
Request
HTML, CSS, JS
Data
Response (HTML, CSS, JS)
Request Data
Response (JSON, XML)
GET https://api.example.com/Physicians?name=Smith HTTP/1.1
CorrelationId: 12AF3898-0C1E-4DC4-A1DB-92F65D85B2AB
HTTP/1.1 200 OK
Content-Type: application/json
[ {
"PhysicianKey": 12345,
"LastName": ”Smith",
"FirstName": ”John",
”PrimarySpecialty": ”Internal Medicine”
}]
IASA Pillar: Design
6
Web API Guidelines
PayPal API Style Guide
https://github.com/paypal/api-standards/blob/master/api-style-guide.md
7
Web API Guidelines - continued
Heroku – API Design Guide
https://github.com/interagent/http-api-design
8
9
•Web APIs
•REST
•Patterns and Tools
•… 10
REST: Let’s start with Chapter 5!
https://www.ics.uci.edu/~fielding/pubs/dissertation/rest_arch_style.htm
CHAPTER 5
Representational State Transfer (REST)
This chapter introduces and elaborates the Representational State Transfer (REST) architectural style for
distributed hypermedia systems, describing the software engineering principles guiding REST and the
interaction constraints chosen to retain those principles, while contrasting them to the constraints of
other architectural styles. REST is a hybrid style derived from several of the network-based architectural
styles described in Chapter 3 and combined with additional constraints that define a uniform connector
interface. The software architecture framework of Chapter 1 is used to define the architectural elements
of REST and examine sample process, connector, and data views of prototypical architectures.
5.1 Deriving REST
The design rationale behind the Web architecture can be described by an architectural style consisting of
the set of constraints applied to elements within the architecture. By examining the impact of each
constraint as it is added to the evolving style, we can identify the properties induced by the Web's
constraints. Additional constraints can then be applied to form a new architectural style that better
reflects the desired properties of a modern Web architecture. This section provides a general overview of
REST by walking through the process of deriving it as an architectural style. Later sections will describe in
more detail the specific constraints that compose the REST style.
11
What is REST?
Representational State Transfer
https://www.ics.uci.edu/~fielding/pubs/dissertation/rest_arch_style.htm
Constrain Principle Advantage Trade-off
1. Client-Server Separation of
Concerns
• Improves the UI portability
• Improves scalability
• Allows the components to
evolve independently
2. Stateless
(server)
• Improves: visibility,
reliability, scalability
• may decrease network
performance by increasing the
repetitive data
3. Cache
(intermediaries)
Improves
• network efficiency
• scalability
• user perceived
performance
• can decrease reliability due to stale
data
4. Uniform
Interface
(HTTP is too
generic)
Generality to
the component
interface
• Simplified system
architecture
• Improves the visibility of
interaction
• degrades efficiency - information is
transferred in a standardized form
rather than one which is specific to
an application's needs
5. Layered
Systems
Reduce system
complexity
• Layers can encapsulate
legacy systems
• Protects new systems from
legacy clients
• adds overhead and latency to the
processing of data
• reducing user-perceived
performance
IASA Pillar: Quality Attributes
12
Plato’s Theory of Forms
The World of Ideas
Danut’s
REST
John’s
REST
Chris’
REST
The
Perfect
REST
The Real World
13
Create your own Style!!!
“We should be designing our architecture style to solve the problem we
have and not just grabbing one because it’s the fad.” - Mike Amundsen
14
•Web APIs
•REST
•Patterns and Tools
•… 15
Enterprise Integration Patterns (EIP)
http://www.enterpriseintegrationpatterns.com/
In software engineering, a design pattern is
a general reusable solution to a commonly
occurring problem within a given context in
software design.
EIP Example
Browser Server
HTML, CSS, JS
Data
Request
HTML, CSS, JS
Data
Response (HTML, CSS, JS)
Request Data
Response (JSON, XML)
16
Deployment Viewpoint
Request-Response Integration Pattern
This Viewpoint is meant to help solve the integration issues related to the
Request-Response pattern for which we currently use the ESB/API Gateway
A. Concerns
When integrating two or more applications using the API Gateway, one needs to
be concerned with how all the piece fall into place when deployed to
production. The following is a list of possible questions that need to be
addressed:
1. How does the URL need to be rewritten between different links in the chain
of calls (hops over the network)?
2. In which Security Zone does every machine/server/network appliance sit?
3. How are the automatic failover / load balancing going to be addressed, in
other words scalability?
4. How is the communication going to be secured (Firewalls, SSL, etc.)? 17
Deployment Viewpoint - Continued
B. Stakeholders
Make sure you involve the following stakeholders
1. Enterprise Technology
2. Information Security -> Authentication and Authorization
3. API Gateway Owners
4. Both the producer and the consumer of the services (Web APIs)
5. QA
6. Services & Business owners
18
Deployment Viewpoint - Continued
19
Deployment Viewpoint - Continued
20
Public Web APIs - Constraints
Requirements:
• Expose data for only one set of users
• Authenticate the outside user with Single Sign-on
• Authenticate the back end with the custom login
• Cache the custom authentication token for N minutes to improve the latency
and the user perceived performance
• Use Site Registry Web API to locate the deployment
• Provide logging to trace user’s usage and help troubleshoot problems
21
Tool: CA API Gateway (a.k.a. Layer 7)
API Gateway
Single Sign-on
Web API
Site Registry
Web API
1. Authenticate
User Login
3. Login
Hard and
Expensive
to change
Easier to
change
Cross Cutting
Concerns
Caching
Splunk
Logging
2. Locate Deployment
22
API Portal
23
Developer Portal
https://developer.alaskaair.com/documentation/PublicAPIs#!method_0_0_operation_0_content
24
•Web APIs
•REST
•Patterns and Tools
•Conclusion 25
Conclusion
REST as a Foundation
We start here
Web APIs as Public Contracts
We need to get here
Our Own Architecture StyleWe are missing this!
26
For More Information
Dan (Danut) Prisacaru
http://members.iasaglobal.org/members
https://www.linkedin.com/in/danut
https://philosoftware.wordpress.com
THANK YOU !!!
27

More Related Content

What's hot

Domain Driven Analysis and Design
Domain Driven Analysis and DesignDomain Driven Analysis and Design
Domain Driven Analysis and DesignJeppe Cramon
 
SOA Pattern Event Driven Messaging
SOA Pattern Event Driven MessagingSOA Pattern Event Driven Messaging
SOA Pattern Event Driven MessagingWSO2
 
Mulesoft torronto meetup_16
Mulesoft torronto meetup_16Mulesoft torronto meetup_16
Mulesoft torronto meetup_16Anurag Dwivedi
 
Are microservices 'soa done right'?
Are microservices 'soa done right'?Are microservices 'soa done right'?
Are microservices 'soa done right'?Jason Bloomberg
 
Hexagonal architecture - message-oriented software design
Hexagonal architecture  - message-oriented software designHexagonal architecture  - message-oriented software design
Hexagonal architecture - message-oriented software designMatthias Noback
 
Debugging Microservices - key challenges and techniques - Microservices Odesa...
Debugging Microservices - key challenges and techniques - Microservices Odesa...Debugging Microservices - key challenges and techniques - Microservices Odesa...
Debugging Microservices - key challenges and techniques - Microservices Odesa...Lohika_Odessa_TechTalks
 
Application architecture
Application architectureApplication architecture
Application architectureIván Stepaniuk
 
Practical Thin Server Architecture With Dojo Peter Svensson
Practical Thin Server Architecture With Dojo Peter SvenssonPractical Thin Server Architecture With Dojo Peter Svensson
Practical Thin Server Architecture With Dojo Peter Svenssonrajivmordani
 
Performance Testing
Performance TestingPerformance Testing
Performance TestingAnu Shaji
 
Engage 2019: Modernising Your Domino and XPages Applications
Engage 2019: Modernising Your Domino and XPages Applications Engage 2019: Modernising Your Domino and XPages Applications
Engage 2019: Modernising Your Domino and XPages Applications Paul Withers
 
Unit 1st and 3rd notes of java
Unit 1st and 3rd notes of javaUnit 1st and 3rd notes of java
Unit 1st and 3rd notes of javaNiraj Bharambe
 
Practical Thin Server Architecture With Dojo Sapo Codebits 2008
Practical Thin Server Architecture With Dojo Sapo Codebits 2008Practical Thin Server Architecture With Dojo Sapo Codebits 2008
Practical Thin Server Architecture With Dojo Sapo Codebits 2008codebits
 
Software Architectures, Week 4 - Message-based Architectures, Message Bus
Software Architectures, Week 4 - Message-based Architectures, Message BusSoftware Architectures, Week 4 - Message-based Architectures, Message Bus
Software Architectures, Week 4 - Message-based Architectures, Message BusAngelos Kapsimanis
 
Creating a WebSocket-Chat-Application with Jetty Embedded - Techcamp 2014
Creating a WebSocket-Chat-Application with Jetty Embedded - Techcamp 2014Creating a WebSocket-Chat-Application with Jetty Embedded - Techcamp 2014
Creating a WebSocket-Chat-Application with Jetty Embedded - Techcamp 2014Minh Nguyen Vo Cao
 

What's hot (17)

Domain Driven Analysis and Design
Domain Driven Analysis and DesignDomain Driven Analysis and Design
Domain Driven Analysis and Design
 
SOA Pattern Event Driven Messaging
SOA Pattern Event Driven MessagingSOA Pattern Event Driven Messaging
SOA Pattern Event Driven Messaging
 
Mulesoft torronto meetup_16
Mulesoft torronto meetup_16Mulesoft torronto meetup_16
Mulesoft torronto meetup_16
 
Are microservices 'soa done right'?
Are microservices 'soa done right'?Are microservices 'soa done right'?
Are microservices 'soa done right'?
 
Hexagonal architecture - message-oriented software design
Hexagonal architecture  - message-oriented software designHexagonal architecture  - message-oriented software design
Hexagonal architecture - message-oriented software design
 
Debugging Microservices - key challenges and techniques - Microservices Odesa...
Debugging Microservices - key challenges and techniques - Microservices Odesa...Debugging Microservices - key challenges and techniques - Microservices Odesa...
Debugging Microservices - key challenges and techniques - Microservices Odesa...
 
Cqrs api v2
Cqrs api v2Cqrs api v2
Cqrs api v2
 
Event sourcing
Event sourcingEvent sourcing
Event sourcing
 
Application architecture
Application architectureApplication architecture
Application architecture
 
Practical Thin Server Architecture With Dojo Peter Svensson
Practical Thin Server Architecture With Dojo Peter SvenssonPractical Thin Server Architecture With Dojo Peter Svensson
Practical Thin Server Architecture With Dojo Peter Svensson
 
Performance Testing
Performance TestingPerformance Testing
Performance Testing
 
Engage 2019: Modernising Your Domino and XPages Applications
Engage 2019: Modernising Your Domino and XPages Applications Engage 2019: Modernising Your Domino and XPages Applications
Engage 2019: Modernising Your Domino and XPages Applications
 
Unit 1st and 3rd notes of java
Unit 1st and 3rd notes of javaUnit 1st and 3rd notes of java
Unit 1st and 3rd notes of java
 
Practical Thin Server Architecture With Dojo Sapo Codebits 2008
Practical Thin Server Architecture With Dojo Sapo Codebits 2008Practical Thin Server Architecture With Dojo Sapo Codebits 2008
Practical Thin Server Architecture With Dojo Sapo Codebits 2008
 
Software Architectures, Week 4 - Message-based Architectures, Message Bus
Software Architectures, Week 4 - Message-based Architectures, Message BusSoftware Architectures, Week 4 - Message-based Architectures, Message Bus
Software Architectures, Week 4 - Message-based Architectures, Message Bus
 
All the cool kids....
All the cool kids....All the cool kids....
All the cool kids....
 
Creating a WebSocket-Chat-Application with Jetty Embedded - Techcamp 2014
Creating a WebSocket-Chat-Application with Jetty Embedded - Techcamp 2014Creating a WebSocket-Chat-Application with Jetty Embedded - Techcamp 2014
Creating a WebSocket-Chat-Application with Jetty Embedded - Techcamp 2014
 

Viewers also liked

Developing and deploying applications with Spring Boot and Docker (@oakjug)
Developing and deploying applications with Spring Boot and Docker (@oakjug)Developing and deploying applications with Spring Boot and Docker (@oakjug)
Developing and deploying applications with Spring Boot and Docker (@oakjug)Chris Richardson
 
Microservices Application Simplicity Infrastructure Complexity
Microservices Application Simplicity Infrastructure ComplexityMicroservices Application Simplicity Infrastructure Complexity
Microservices Application Simplicity Infrastructure ComplexityCentric Consulting
 
MicroServices, yet another architectural style?
MicroServices, yet another architectural style?MicroServices, yet another architectural style?
MicroServices, yet another architectural style?ACA IT-Solutions
 
Three layer API Design Architecture
Three layer API Design ArchitectureThree layer API Design Architecture
Three layer API Design ArchitectureHarish Kumar
 
OAuth based reference architecture for API Management
OAuth based reference architecture for API ManagementOAuth based reference architecture for API Management
OAuth based reference architecture for API ManagementWSO2
 
The Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIThe Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIEyal Vardi
 
Decompose that WAR? A pattern language for microservices (@QCON @QCONSP)
Decompose that WAR? A pattern language for microservices (@QCON @QCONSP)Decompose that WAR? A pattern language for microservices (@QCON @QCONSP)
Decompose that WAR? A pattern language for microservices (@QCON @QCONSP)Chris Richardson
 
The Rest Architectural Style
The Rest Architectural StyleThe Rest Architectural Style
The Rest Architectural StyleRobert Wilson
 
Overview of Rest Service and ASP.NET WEB API
Overview of Rest Service and ASP.NET WEB APIOverview of Rest Service and ASP.NET WEB API
Overview of Rest Service and ASP.NET WEB APIPankaj Bajaj
 
Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Mario Cardinal
 
Microservices architecture overview v3
Microservices architecture overview v3Microservices architecture overview v3
Microservices architecture overview v3Dmitry Skaredov
 
A Reference Architecture for IoT
A Reference Architecture for IoT A Reference Architecture for IoT
A Reference Architecture for IoT WSO2
 
IoT Cloud architecture
IoT Cloud architectureIoT Cloud architecture
IoT Cloud architectureMachinePulse
 
Internet of Things and its applications
Internet of Things and its applicationsInternet of Things and its applications
Internet of Things and its applicationsPasquale Puzio
 
3 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 20173 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 2017Drift
 

Viewers also liked (18)

Developing and deploying applications with Spring Boot and Docker (@oakjug)
Developing and deploying applications with Spring Boot and Docker (@oakjug)Developing and deploying applications with Spring Boot and Docker (@oakjug)
Developing and deploying applications with Spring Boot and Docker (@oakjug)
 
Microservices Application Simplicity Infrastructure Complexity
Microservices Application Simplicity Infrastructure ComplexityMicroservices Application Simplicity Infrastructure Complexity
Microservices Application Simplicity Infrastructure Complexity
 
MicroServices, yet another architectural style?
MicroServices, yet another architectural style?MicroServices, yet another architectural style?
MicroServices, yet another architectural style?
 
Three layer API Design Architecture
Three layer API Design ArchitectureThree layer API Design Architecture
Three layer API Design Architecture
 
OAuth based reference architecture for API Management
OAuth based reference architecture for API ManagementOAuth based reference architecture for API Management
OAuth based reference architecture for API Management
 
The Full Power of ASP.NET Web API
The Full Power of ASP.NET Web APIThe Full Power of ASP.NET Web API
The Full Power of ASP.NET Web API
 
Decompose that WAR? A pattern language for microservices (@QCON @QCONSP)
Decompose that WAR? A pattern language for microservices (@QCON @QCONSP)Decompose that WAR? A pattern language for microservices (@QCON @QCONSP)
Decompose that WAR? A pattern language for microservices (@QCON @QCONSP)
 
The Rest Architectural Style
The Rest Architectural StyleThe Rest Architectural Style
The Rest Architectural Style
 
Excellent rest using asp.net web api
Excellent rest using asp.net web apiExcellent rest using asp.net web api
Excellent rest using asp.net web api
 
Overview of Rest Service and ASP.NET WEB API
Overview of Rest Service and ASP.NET WEB APIOverview of Rest Service and ASP.NET WEB API
Overview of Rest Service and ASP.NET WEB API
 
Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.
 
ASP.NET WEB API
ASP.NET WEB APIASP.NET WEB API
ASP.NET WEB API
 
Microservices architecture overview v3
Microservices architecture overview v3Microservices architecture overview v3
Microservices architecture overview v3
 
A Reference Architecture for IoT
A Reference Architecture for IoT A Reference Architecture for IoT
A Reference Architecture for IoT
 
IoT Cloud architecture
IoT Cloud architectureIoT Cloud architecture
IoT Cloud architecture
 
IoT architecture
IoT architectureIoT architecture
IoT architecture
 
Internet of Things and its applications
Internet of Things and its applicationsInternet of Things and its applications
Internet of Things and its applications
 
3 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 20173 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 2017
 

Similar to REST != WebAPI

From Web APIs to Cross-Device Web Sites
From Web APIs to Cross-Device Web SitesFrom Web APIs to Cross-Device Web Sites
From Web APIs to Cross-Device Web SitesRestlet
 
APIdays San Francisco, 06/22/2013
APIdays San Francisco, 06/22/2013APIdays San Francisco, 06/22/2013
APIdays San Francisco, 06/22/2013Jerome Louvel
 
IRJET- Rest API for E-Commerce Site
IRJET- Rest API for E-Commerce SiteIRJET- Rest API for E-Commerce Site
IRJET- Rest API for E-Commerce SiteIRJET Journal
 
REST & RESTful APIs: The State of Confusion
REST & RESTful APIs: The State of ConfusionREST & RESTful APIs: The State of Confusion
REST & RESTful APIs: The State of ConfusionGlenn Antoine
 
Fullstack Interview Questions and Answers.pdf
Fullstack Interview Questions and Answers.pdfFullstack Interview Questions and Answers.pdf
Fullstack Interview Questions and Answers.pdfcsvishnukumar
 
4163A - What is Web 2.0.ppt
4163A - What is Web 2.0.ppt4163A - What is Web 2.0.ppt
4163A - What is Web 2.0.pptMatthew Perrins
 
SoC Keynote:The State of the Art in Integration Technology
SoC Keynote:The State of the Art in Integration TechnologySoC Keynote:The State of the Art in Integration Technology
SoC Keynote:The State of the Art in Integration TechnologySrinath Perera
 
Community platform for job seekers | web application for job seekers | case s...
Community platform for job seekers | web application for job seekers | case s...Community platform for job seekers | web application for job seekers | case s...
Community platform for job seekers | web application for job seekers | case s...Mike Taylor
 
Asp.net Web Development.pdf
Asp.net Web Development.pdfAsp.net Web Development.pdf
Asp.net Web Development.pdfFariha Tasnim
 
Asp.net Web Development.pdf
Asp.net Web Development.pdfAsp.net Web Development.pdf
Asp.net Web Development.pdfFariha Tasnim
 
Microservices&ap imanagement
Microservices&ap imanagementMicroservices&ap imanagement
Microservices&ap imanagementpramodkumards
 
Over view of software artitecture
Over view of software artitectureOver view of software artitecture
Over view of software artitectureABDEL RAHMAN KARIM
 
Rest API Automation with REST Assured
Rest API Automation with REST AssuredRest API Automation with REST Assured
Rest API Automation with REST AssuredTO THE NEW Pvt. Ltd.
 
170215 msa intro
170215 msa intro170215 msa intro
170215 msa introSonic leigh
 
Microservices for Enterprises
Microservices for Enterprises Microservices for Enterprises
Microservices for Enterprises Kasun Indrasiri
 
Building Killer RESTful APIs with NodeJs
Building Killer RESTful APIs with NodeJsBuilding Killer RESTful APIs with NodeJs
Building Killer RESTful APIs with NodeJsSrdjan Strbanovic
 
MicroServices-Part-1.pdf
MicroServices-Part-1.pdfMicroServices-Part-1.pdf
MicroServices-Part-1.pdfchanhluc2112
 

Similar to REST != WebAPI (20)

From Web APIs to Cross-Device Web Sites
From Web APIs to Cross-Device Web SitesFrom Web APIs to Cross-Device Web Sites
From Web APIs to Cross-Device Web Sites
 
APIdays San Francisco, 06/22/2013
APIdays San Francisco, 06/22/2013APIdays San Francisco, 06/22/2013
APIdays San Francisco, 06/22/2013
 
IRJET- Rest API for E-Commerce Site
IRJET- Rest API for E-Commerce SiteIRJET- Rest API for E-Commerce Site
IRJET- Rest API for E-Commerce Site
 
REST & RESTful APIs: The State of Confusion
REST & RESTful APIs: The State of ConfusionREST & RESTful APIs: The State of Confusion
REST & RESTful APIs: The State of Confusion
 
Fullstack Interview Questions and Answers.pdf
Fullstack Interview Questions and Answers.pdfFullstack Interview Questions and Answers.pdf
Fullstack Interview Questions and Answers.pdf
 
4163A - What is Web 2.0.ppt
4163A - What is Web 2.0.ppt4163A - What is Web 2.0.ppt
4163A - What is Web 2.0.ppt
 
SoC Keynote:The State of the Art in Integration Technology
SoC Keynote:The State of the Art in Integration TechnologySoC Keynote:The State of the Art in Integration Technology
SoC Keynote:The State of the Art in Integration Technology
 
Community platform for job seekers | web application for job seekers | case s...
Community platform for job seekers | web application for job seekers | case s...Community platform for job seekers | web application for job seekers | case s...
Community platform for job seekers | web application for job seekers | case s...
 
Asp.net Web Development.pdf
Asp.net Web Development.pdfAsp.net Web Development.pdf
Asp.net Web Development.pdf
 
Asp.net Web Development.pdf
Asp.net Web Development.pdfAsp.net Web Development.pdf
Asp.net Web Development.pdf
 
Microservices&ap imanagement
Microservices&ap imanagementMicroservices&ap imanagement
Microservices&ap imanagement
 
Api design part 1
Api design part 1Api design part 1
Api design part 1
 
Over view of software artitecture
Over view of software artitectureOver view of software artitecture
Over view of software artitecture
 
Mvc3 part1
Mvc3   part1Mvc3   part1
Mvc3 part1
 
Rest API Automation with REST Assured
Rest API Automation with REST AssuredRest API Automation with REST Assured
Rest API Automation with REST Assured
 
170215 msa intro
170215 msa intro170215 msa intro
170215 msa intro
 
Mini-Training: Let's have a rest
Mini-Training: Let's have a restMini-Training: Let's have a rest
Mini-Training: Let's have a rest
 
Microservices for Enterprises
Microservices for Enterprises Microservices for Enterprises
Microservices for Enterprises
 
Building Killer RESTful APIs with NodeJs
Building Killer RESTful APIs with NodeJsBuilding Killer RESTful APIs with NodeJs
Building Killer RESTful APIs with NodeJs
 
MicroServices-Part-1.pdf
MicroServices-Part-1.pdfMicroServices-Part-1.pdf
MicroServices-Part-1.pdf
 

Recently uploaded

Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies
 
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Jaydeep Chhasatia
 
How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?AmeliaSmith90
 
Fields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxFields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxJoão Esperancinha
 
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...OnePlan Solutions
 
Enterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze IncEnterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze Incrobinwilliams8624
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadIvo Andreev
 
IA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeIA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeNeo4j
 
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageSales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageDista
 
Deep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampDeep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampVICTOR MAESTRE RAMIREZ
 
Generative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-CouncilGenerative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-CouncilVICTOR MAESTRE RAMIREZ
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionsNirav Modi
 
Streamlining Your Application Builds with Cloud Native Buildpacks
Streamlining Your Application Builds  with Cloud Native BuildpacksStreamlining Your Application Builds  with Cloud Native Buildpacks
Streamlining Your Application Builds with Cloud Native BuildpacksVish Abrams
 
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLBig Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLAlluxio, Inc.
 
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxAutus Cyber Tech
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdfMeon Technology
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024Mind IT Systems
 
Growing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesGrowing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesSoftwareMill
 
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesWatermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesShyamsundar Das
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorShane Coughlan
 

Recently uploaded (20)

Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in Trivandrum
 
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
 
How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?
 
Fields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxFields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptx
 
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
 
Enterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze IncEnterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze Inc
 
Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and Bad
 
IA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG timeIA Generativa y Grafos de Neo4j: RAG time
IA Generativa y Grafos de Neo4j: RAG time
 
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageSales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
 
Deep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampDeep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - Datacamp
 
Generative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-CouncilGenerative AI for Cybersecurity - EC-Council
Generative AI for Cybersecurity - EC-Council
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspections
 
Streamlining Your Application Builds with Cloud Native Buildpacks
Streamlining Your Application Builds  with Cloud Native BuildpacksStreamlining Your Application Builds  with Cloud Native Buildpacks
Streamlining Your Application Builds with Cloud Native Buildpacks
 
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/MLBig Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
Big Data Bellevue Meetup | Enhancing Python Data Loading in the Cloud for AI/ML
 
ERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptxERP For Electrical and Electronics manufecturing.pptx
ERP For Electrical and Electronics manufecturing.pptx
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdf
 
Top Software Development Trends in 2024
Top Software Development Trends in  2024Top Software Development Trends in  2024
Top Software Development Trends in 2024
 
Growing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesGrowing Oxen: channel operators and retries
Growing Oxen: channel operators and retries
 
Watermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security ChallengesWatermarking in Source Code: Applications and Security Challenges
Watermarking in Source Code: Applications and Security Challenges
 
OpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS CalculatorOpenChain Webinar: Universal CVSS Calculator
OpenChain Webinar: Universal CVSS Calculator
 

REST != WebAPI

  • 1. REST != Web API Dan (Danut) Prisacaru, IASA CITA-A Sr. Principal Engineer https://www.linkedin.com/in/danut https://philosoftware.wordpress.com/ Software Philosopher Are we speaking the same language? IASA Pillar: Human Dynamics 1
  • 3. What makes a Web Page http://www.csszengarden.com/ IASA Pillar: Design 3
  • 4. What’s in a page? SPA (Single Page Application) 1. HTML – HyperText Markup Language – is the standard markup language used to create web pages 2. CSS - Cascading Style Sheets is a style sheet language used for describing the look and formatting of a document written in a markup language. 3. Java Script – (ECMAScript) is a dynamic programming language used as part of web browsers, whose implementations allow client-side scripts to interact with the user, control the browser, communicate asynchronously, and alter the document content that is displayed 4. Data - ??? IASA Pillar: Design 4
  • 5. Web Application Architecture Client – Server Architecture • The same Server provides the data • Different kind of clients can consume it • Browser on a laptop • Browser on a smart phone / tablet • Native app on a smart phone / tablet • Another Server • Client specification can require a different kind of UI • Data behind may not need to change API – Application Programming Interface – set of routines, protocols and tools for building reusable software components. Web API – set of routines, protocols and tools for building reusable software Web components. IASA Pillar: All => Architecture 5
  • 6. Client – Server Communication Browser Server HTML, CSS, JS Data Request HTML, CSS, JS Data Response (HTML, CSS, JS) Request Data Response (JSON, XML) GET https://api.example.com/Physicians?name=Smith HTTP/1.1 CorrelationId: 12AF3898-0C1E-4DC4-A1DB-92F65D85B2AB HTTP/1.1 200 OK Content-Type: application/json [ { "PhysicianKey": 12345, "LastName": ”Smith", "FirstName": ”John", ”PrimarySpecialty": ”Internal Medicine” }] IASA Pillar: Design 6
  • 7. Web API Guidelines PayPal API Style Guide https://github.com/paypal/api-standards/blob/master/api-style-guide.md 7
  • 8. Web API Guidelines - continued Heroku – API Design Guide https://github.com/interagent/http-api-design 8
  • 9. 9
  • 11. REST: Let’s start with Chapter 5! https://www.ics.uci.edu/~fielding/pubs/dissertation/rest_arch_style.htm CHAPTER 5 Representational State Transfer (REST) This chapter introduces and elaborates the Representational State Transfer (REST) architectural style for distributed hypermedia systems, describing the software engineering principles guiding REST and the interaction constraints chosen to retain those principles, while contrasting them to the constraints of other architectural styles. REST is a hybrid style derived from several of the network-based architectural styles described in Chapter 3 and combined with additional constraints that define a uniform connector interface. The software architecture framework of Chapter 1 is used to define the architectural elements of REST and examine sample process, connector, and data views of prototypical architectures. 5.1 Deriving REST The design rationale behind the Web architecture can be described by an architectural style consisting of the set of constraints applied to elements within the architecture. By examining the impact of each constraint as it is added to the evolving style, we can identify the properties induced by the Web's constraints. Additional constraints can then be applied to form a new architectural style that better reflects the desired properties of a modern Web architecture. This section provides a general overview of REST by walking through the process of deriving it as an architectural style. Later sections will describe in more detail the specific constraints that compose the REST style. 11
  • 12. What is REST? Representational State Transfer https://www.ics.uci.edu/~fielding/pubs/dissertation/rest_arch_style.htm Constrain Principle Advantage Trade-off 1. Client-Server Separation of Concerns • Improves the UI portability • Improves scalability • Allows the components to evolve independently 2. Stateless (server) • Improves: visibility, reliability, scalability • may decrease network performance by increasing the repetitive data 3. Cache (intermediaries) Improves • network efficiency • scalability • user perceived performance • can decrease reliability due to stale data 4. Uniform Interface (HTTP is too generic) Generality to the component interface • Simplified system architecture • Improves the visibility of interaction • degrades efficiency - information is transferred in a standardized form rather than one which is specific to an application's needs 5. Layered Systems Reduce system complexity • Layers can encapsulate legacy systems • Protects new systems from legacy clients • adds overhead and latency to the processing of data • reducing user-perceived performance IASA Pillar: Quality Attributes 12
  • 13. Plato’s Theory of Forms The World of Ideas Danut’s REST John’s REST Chris’ REST The Perfect REST The Real World 13
  • 14. Create your own Style!!! “We should be designing our architecture style to solve the problem we have and not just grabbing one because it’s the fad.” - Mike Amundsen 14
  • 16. Enterprise Integration Patterns (EIP) http://www.enterpriseintegrationpatterns.com/ In software engineering, a design pattern is a general reusable solution to a commonly occurring problem within a given context in software design. EIP Example Browser Server HTML, CSS, JS Data Request HTML, CSS, JS Data Response (HTML, CSS, JS) Request Data Response (JSON, XML) 16
  • 17. Deployment Viewpoint Request-Response Integration Pattern This Viewpoint is meant to help solve the integration issues related to the Request-Response pattern for which we currently use the ESB/API Gateway A. Concerns When integrating two or more applications using the API Gateway, one needs to be concerned with how all the piece fall into place when deployed to production. The following is a list of possible questions that need to be addressed: 1. How does the URL need to be rewritten between different links in the chain of calls (hops over the network)? 2. In which Security Zone does every machine/server/network appliance sit? 3. How are the automatic failover / load balancing going to be addressed, in other words scalability? 4. How is the communication going to be secured (Firewalls, SSL, etc.)? 17
  • 18. Deployment Viewpoint - Continued B. Stakeholders Make sure you involve the following stakeholders 1. Enterprise Technology 2. Information Security -> Authentication and Authorization 3. API Gateway Owners 4. Both the producer and the consumer of the services (Web APIs) 5. QA 6. Services & Business owners 18
  • 19. Deployment Viewpoint - Continued 19
  • 20. Deployment Viewpoint - Continued 20
  • 21. Public Web APIs - Constraints Requirements: • Expose data for only one set of users • Authenticate the outside user with Single Sign-on • Authenticate the back end with the custom login • Cache the custom authentication token for N minutes to improve the latency and the user perceived performance • Use Site Registry Web API to locate the deployment • Provide logging to trace user’s usage and help troubleshoot problems 21
  • 22. Tool: CA API Gateway (a.k.a. Layer 7) API Gateway Single Sign-on Web API Site Registry Web API 1. Authenticate User Login 3. Login Hard and Expensive to change Easier to change Cross Cutting Concerns Caching Splunk Logging 2. Locate Deployment 22
  • 25. •Web APIs •REST •Patterns and Tools •Conclusion 25
  • 26. Conclusion REST as a Foundation We start here Web APIs as Public Contracts We need to get here Our Own Architecture StyleWe are missing this! 26
  • 27. For More Information Dan (Danut) Prisacaru http://members.iasaglobal.org/members https://www.linkedin.com/in/danut https://philosoftware.wordpress.com THANK YOU !!! 27

Editor's Notes

  1. It’s about decoupling and separation of concerns!!! The text is the same, the visuals are different.
  2. 1, 2 & 3 – it’s about evolvability of different “concerns” How much do we care about data? Is the server just our “slave”? Before SPA (almost) everything was generated on the server. The “UI first” design approach dictates the interface between the Browsers and the backend when it comes to data.
  3. Server to Server communication – one “kind of” Web API Client to Server communication – a different kind of Web API Should the server provide the same Web API to all? Is Content Negotiation the right solution? Some say that REST is “server driven” while the old SOAP/RPC way was client driven thus the “nightmare of versioning”.
  4. The HTTP GET verb, the resource, the content-type, the rules to build them Resource /Physicians or GetPhysicians? PhysicianKey or PhysicianID? The Server is built using different: .NET, Java, PHP, Ruby, etc. => we need a common language MVC – separation of concerns => design * controller is a traffic cop – content negotiation – C selects the view * model is THE app * view is what serializes the data in a certain way: application / json for Web APIs (mostly)
  5. Web API as the public interface between two systems, the public contract.
  6. What is REST? It’s a lot more than HTTP Verbs and Resources, it’s a Software Architecture Style
  7. Caching => Quality Attributes! Uniform Interface => Web API Heated on-line discussions about REST, was Fielding’s dissertation too “esoteric”. Should we define our own “pragmatic REST”? Some people do that but they still talk only about HTTP Verbs, resources as nouns, religious debate about versioning and so on. visibility, reliability, scalability => quality attributes => trade offs => you gain in one place, you compromise somewhere else. REST is for THE Whole
  8. REST is too generic Stop whining and create your own. How about the Quality Attributes of your back end? “Why RMM Level-3 REST is not enough” Mike Amundsen – director of the API Academy, CA Technologies
  9. With mobile RR is not efficient enough so pub-sub is coming (e.g. MQTT)
  10. Web API servers had their own custom authentication mechanism. The API Gateway solve the impedance mismatch between the Single Sign-on and the custom auth.
  11. Are we falling back to the old RPC way of thinking?