SlideShare a Scribd company logo

Web Basics: Simple Set of Operations via HTTP API

Download as PPTX, PDF
K
KTH-Applied Information Security Lab Kanwal

The document discusses the basics of web operations using the HTTP API. It explains the four main HTTP operations - GET, POST, PUT, and DELETE and their properties and typical usages. It also provides an overview of REST (Representational State Transfer) and how it uses HTTP and URIs to access resources in a stateless manner through representations. The key constraints that define REST including using a uniform interface, separating resources and representations, and making communications self-descriptive are also summarized.

1 of 21
Web Basics: Operations, via the HTTP API 0 HTTP provides a simple set of operations. Amazingly, all Web exchanges are done using this simple HTTP API: 0 GET 0 Properties: Safe, Idempotent 0 Usage: Retrieving a resource 0 POST 0 Properties: UNSAFE 0 Creating a resource within a collection (resource URI unknown) 0 PUT 0 Properties: Idempotent 0 Usage: Creating or updating a resource at a known URI 0 DELETE 0 Properties: Idempotent 0 Usage: Deleting a resource 2 Umme Habiba: KTH-Applied Information Security Lab SEECS
Resource Oriented Architecture? 0 ROA is the term for REST on HTTP/URI 0 A Service consists of all the resources available within a certain domain of control 0 Since REST is a type of SOA, ROA is an implementation of SOA as well. Umme Habiba: KTH-Applied Information Security Lab SEECS
Web Basics: Simple Set of Operations, via the HTTP API Desired HTTP Header action Target POST / HTTP/1.1 Machine Host: ttp://www.amazon.com Book: DaVince Code Book: Da Vince Code HTTP Credit Card: Visa Number: 123-45-6789 Credit Card: Visa Payload Expiry: 12-04-06 Number: 123-45-6789 Expiry: 12-04-06 Amazon Web Server Data being Posted 4 Umme Habiba: KTH-Applied Information Security Lab SEECS
REST Roy Fielding described REST as an architecture style which attempts “to minimize latency and network communication, while at the same time maximizing the independence and scalability of component implementations" 5 Umme Habiba: KTH-Applied Information Security Lab SEECS
REST - Not a Standard 0 REST is not a standard 0 REST is just a design pattern 0 REST does prescribe the use of standards: 0 HTTP 0 URL 0 XML/HTML/GIF/JPEG/etc. (Resource Representations) 0 text/xml, text/html, image/gif, image/jpeg, etc. (Resource Types, MIME Types) 6 Umme Habiba: KTH-Applied Information Security Lab SEECS
Why is it called "Representational State Transfer? " http://www.boeing.com/aircraft/747 Client Resource Fuel requirements Maintenance schedule ... Boeing747.html The Client references a Web resource using a URL. A representation of the resource is returned (in this case as an HTML document). The representation (e.g., Boeing747.html) places the client in a new state. When the client selects a hyperlink in Boeing747.html, it accesses another resource. The new representation places the client application into yet another state. Thus, the client application transfers state with each resource representation. 7 Umme Habiba: KTH-Applied Information Security Lab SEECS
REST Constraints 0 Important ‘things’ (Noun) are Resources 0 Addressed through a URI 0 Uniform interface (Verb) 0 In HTTP: GET, PUT, POST, DELETE 0 Verb-Noun separation makes integration easier 0 GET /customer/45 Instead of getCustomer(45) OR viewCustomer(45) OR showCustomer(45) 8 Umme Habiba: KTH-Applied Information Security Lab SEECS
REST 0 Create a resource for every service. 0 Separation of resource from representation 0 The data that a Web service returns should link to other data. 0 Resources are identified by URIs 0 Resources are manipulated through their representations 0 Self-descriptive messages 9 Umme Habiba: KTH-Applied Information Security Lab SEECS
Why not plain HTML? 0 Web pages are designed to be understood by people, 0 layout and styling do matter, not just raw data 0 Every URI could have a human-readable and a machine- process-able representation: 0 Web Services clients ask for the machine-readable one 0 Browsers ask for the human-readable. 0 A web page is a representation of a resource 0 URIs tell a client that there's a concept somewhere 0 Clients can then request a specific representation of the concept from the representations the server makes available 10 Umme Habiba: KTH-Applied Information Security Lab SEECS
Why hypertext? 0 Because the links mirror the structure of how a user makes progress through an application 0 The user is in control, thanks to the Back button and other non-local actions 0 In a Web service, the client should be in control in the same sense <order self='http://example.com/customers/1234' > <amount>23</amount> <product ref='http://example.com/products/4554' /> <customer ref='http://example.com/customers/1234' /> </order> 11 Umme Habiba: KTH-Applied Information Security Lab SEECS
What is REST?? 0 Uniform Interface 0 Stateless 0 Cacheable 0 Client-Server 0 Layered System 0 Code on Demand (Optional) 12 Umme Habiba: KTH-Applied Information Security Lab SEECS
Uniform Interface 0 Simplifies & decouples Architecture for better visibility & evovlability. 0 Resource based representation 0 Manipulation of resources through representations 0 Self-descriptive messages 0 Principle of Generality on Interface 0 Con: Degrades efficiency 0 Optimized: Large grain hypermedia transfer 13 Umme Habiba: KTH-Applied Information Security Lab SEECS
Client Server 0 Separation of Concerns 0 Improve Portability of UI 0 Scalability per simple server components 0 Independent evolution 14 Umme Habiba: KTH-Applied Information Security Lab SEECS
Cache 0 Eliminates Client server Interactions, partially or completely 0 Improves Scalability and performance 0 Reduced latency in average 0 Con: Decrease on reliability, cached data may not be the recently updated 15 Umme Habiba: KTH-Applied Information Security Lab SEECS
Layered System 0 Restrict knowledge of system to 1 layer 0 Bounds systems complexity + Encapsulation 0 Intermediaries and load balancing 0 Con: Add overhead and latency 0 Optimized: Pipes & Filters behavior with intermediaries processing partially the message 16 Umme Habiba: KTH-Applied Information Security Lab SEECS
Stateless 0 Statelessness is the key. 0 Necessary state is contained in the request itself. 0 Prevents partial failures 0 No context in server, session in client 0 Visibility, reliability, and scalability 0 Con: Decrease network performance 17 Umme Habiba: KTH-Applied Information Security Lab SEECS
Code On Demand (Optional) 0 Temporary extend or customize client functionality (extensibility- java scripts and java applets) 0 Client simplification 0 Con: Reduces visibility 0 This is the only optional constrain 18 Umme Habiba: KTH-Applied Information Security Lab SEECS
Who is using REST? 0 Google 0 GData, OpenSocial 0 Standards 0 Atom, WebDAV 0 Amazon 0 S3, SimpleDB 0 Microsoft (!) 0 Project Astoria, Web3S 19 Umme Habiba: KTH-Applied Information Security Lab SEECS
Advantages of REST 0 Its architectural constraints when applied as a whole, generate: 0 Scalable component interactions 0 General interfaces 0 Independently deployed connectors 0 Reduced interaction latency 0 Strengthened security 0 Safe encapsulation of legacy systems 0 Separates server implementation from the client's perception of resources 0 Scales well to large numbers of clients 0 Enables transfer of data in streams of unlimited size and type 20 Umme Habiba: KTH-Applied Information Security Lab SEECS
Thank You 21

Recommended

DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API SecurityJagadish Vemugunta
 
When and Why Would I use Oauth2?
When and Why Would I use Oauth2?When and Why Would I use Oauth2?
When and Why Would I use Oauth2?Dave Syer
 
Microservices Technology Stack
Microservices Technology StackMicroservices Technology Stack
Microservices Technology StackEberhard Wolff
 
User manual of i vms 4200-v2.3.1_20150415
User manual of i vms 4200-v2.3.1_20150415User manual of i vms 4200-v2.3.1_20150415
User manual of i vms 4200-v2.3.1_20150415IsraelGuillen12
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with ZosShiu-Fun Poon
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC securityShiu-Fun Poon
 
OAuth
OAuthOAuth
OAuthAdi Challa
 
Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMStandardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMHasiniG
 

Recommended

DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API SecurityJagadish Vemugunta
 
When and Why Would I use Oauth2?
When and Why Would I use Oauth2?When and Why Would I use Oauth2?
When and Why Would I use Oauth2?Dave Syer
 
Microservices Technology Stack
Microservices Technology StackMicroservices Technology Stack
Microservices Technology StackEberhard Wolff
 
User manual of i vms 4200-v2.3.1_20150415
User manual of i vms 4200-v2.3.1_20150415User manual of i vms 4200-v2.3.1_20150415
User manual of i vms 4200-v2.3.1_20150415IsraelGuillen12
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with ZosShiu-Fun Poon
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC securityShiu-Fun Poon
 
OAuth
OAuthOAuth
OAuthAdi Challa
 
Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMStandardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMHasiniG
 
How to Split Your System into Microservices
How to Split Your System into MicroservicesHow to Split Your System into Microservices
How to Split Your System into MicroservicesEberhard Wolff
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CloudIDSummit
 
WSO2 Charon
WSO2 CharonWSO2 Charon
WSO2 CharonHasiniG
 
Gartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case StudyGartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case StudyCA API Management
 
Enterprise Access Control Patterns for REST and Web APIs Gluecon 2011, Franco...
Enterprise Access Control Patterns for REST and Web APIs Gluecon 2011, Franco...Enterprise Access Control Patterns for REST and Web APIs Gluecon 2011, Franco...
Enterprise Access Control Patterns for REST and Web APIs Gluecon 2011, Franco...CA API Management
 
Deployment Patterns in WSO2 Enterprise Integrator
Deployment Patterns in WSO2 Enterprise IntegratorDeployment Patterns in WSO2 Enterprise Integrator
Deployment Patterns in WSO2 Enterprise IntegratorWSO2
 
Workshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederateWorkshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederateCraig Wu
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5Jesus Perez Franco
 
Easy integration of Bluemix services with your applications
Easy integration of Bluemix services with your applicationsEasy integration of Bluemix services with your applications
Easy integration of Bluemix services with your applicationsJack-Junjie Cai
 
Design Practices for a Secure Azure Solution
Design Practices for a Secure Azure SolutionDesign Practices for a Secure Azure Solution
Design Practices for a Secure Azure SolutionMichele Leroux Bustamante
 
CloudComputing
CloudComputingCloudComputing
CloudComputingAdi Challa
 
Enterprise Access Control Patterns for Rest and Web APIs
Enterprise Access Control Patterns for Rest and Web APIsEnterprise Access Control Patterns for Rest and Web APIs
Enterprise Access Control Patterns for Rest and Web APIsCA API Management
 
OAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitOAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitBrian Campbell
 
Microservices Architecture (MSA) - Presentation made at AEA-MN quarterly even...
Microservices Architecture (MSA) - Presentation made at AEA-MN quarterly even...Microservices Architecture (MSA) - Presentation made at AEA-MN quarterly even...
Microservices Architecture (MSA) - Presentation made at AEA-MN quarterly even...Somasundram Balakrushnan
 
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & Providers
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & ProvidersDEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & Providers
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & ProvidersCisco DevNet
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Gus Fraser
 
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBeyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBrian Campbell
 
Pricing and Revenue Projection in a Cloud-Centric World
Pricing and Revenue Projection in a Cloud-Centric WorldPricing and Revenue Projection in a Cloud-Centric World
Pricing and Revenue Projection in a Cloud-Centric WorldMichele Leroux Bustamante
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack CA API Management
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas WSO2
 
Securing RESTful API
Securing RESTful APISecuring RESTful API
Securing RESTful APIMuhammad Zbeedat
 
REST & RESTful Web Services
REST & RESTful Web ServicesREST & RESTful Web Services
REST & RESTful Web ServicesHalil Burak Cetinkaya
 

More Related Content

What's hot

How to Split Your System into Microservices
How to Split Your System into MicroservicesHow to Split Your System into Microservices
How to Split Your System into MicroservicesEberhard Wolff
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CloudIDSummit
 
WSO2 Charon
WSO2 CharonWSO2 Charon
WSO2 CharonHasiniG
 
Gartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case StudyGartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case StudyCA API Management
 
Enterprise Access Control Patterns for REST and Web APIs Gluecon 2011, Franco...
Enterprise Access Control Patterns for REST and Web APIs Gluecon 2011, Franco...Enterprise Access Control Patterns for REST and Web APIs Gluecon 2011, Franco...
Enterprise Access Control Patterns for REST and Web APIs Gluecon 2011, Franco...CA API Management
 
Deployment Patterns in WSO2 Enterprise Integrator
Deployment Patterns in WSO2 Enterprise IntegratorDeployment Patterns in WSO2 Enterprise Integrator
Deployment Patterns in WSO2 Enterprise IntegratorWSO2
 
Workshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederateWorkshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederateCraig Wu
 
Easy integration of Bluemix services with your applications
Easy integration of Bluemix services with your applicationsEasy integration of Bluemix services with your applications
Easy integration of Bluemix services with your applicationsJack-Junjie Cai
 
Design Practices for a Secure Azure Solution
Design Practices for a Secure Azure SolutionDesign Practices for a Secure Azure Solution
Design Practices for a Secure Azure SolutionMichele Leroux Bustamante
 
CloudComputing
CloudComputingCloudComputing
CloudComputingAdi Challa
 
Enterprise Access Control Patterns for Rest and Web APIs
Enterprise Access Control Patterns for Rest and Web APIsEnterprise Access Control Patterns for Rest and Web APIs
Enterprise Access Control Patterns for Rest and Web APIsCA API Management
 
OAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitOAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitBrian Campbell
 
Microservices Architecture (MSA) - Presentation made at AEA-MN quarterly even...
Microservices Architecture (MSA) - Presentation made at AEA-MN quarterly even...Microservices Architecture (MSA) - Presentation made at AEA-MN quarterly even...
Microservices Architecture (MSA) - Presentation made at AEA-MN quarterly even...Somasundram Balakrushnan
 
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & Providers
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & ProvidersDEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & Providers
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & ProvidersCisco DevNet
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Gus Fraser
 
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBeyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBrian Campbell
 
Pricing and Revenue Projection in a Cloud-Centric World
Pricing and Revenue Projection in a Cloud-Centric WorldPricing and Revenue Projection in a Cloud-Centric World
Pricing and Revenue Projection in a Cloud-Centric WorldMichele Leroux Bustamante
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack CA API Management
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas WSO2
 

What's hot (20)

How to Split Your System into Microservices
How to Split Your System into MicroservicesHow to Split Your System into Microservices
How to Split Your System into Microservices
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
 
WSO2 Charon
WSO2 CharonWSO2 Charon
WSO2 Charon
 
Gartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case StudyGartner Catalyst Savvis Cloud API Case Study
Gartner Catalyst Savvis Cloud API Case Study
 
Enterprise Access Control Patterns for REST and Web APIs Gluecon 2011, Franco...
Enterprise Access Control Patterns for REST and Web APIs Gluecon 2011, Franco...Enterprise Access Control Patterns for REST and Web APIs Gluecon 2011, Franco...
Enterprise Access Control Patterns for REST and Web APIs Gluecon 2011, Franco...
 
Deployment Patterns in WSO2 Enterprise Integrator
Deployment Patterns in WSO2 Enterprise IntegratorDeployment Patterns in WSO2 Enterprise Integrator
Deployment Patterns in WSO2 Enterprise Integrator
 
Workshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederateWorkshop: Advanced Federation Use-Cases with PingFederate
Workshop: Advanced Federation Use-Cases with PingFederate
 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5
 
Easy integration of Bluemix services with your applications
Easy integration of Bluemix services with your applicationsEasy integration of Bluemix services with your applications
Easy integration of Bluemix services with your applications
 
Design Practices for a Secure Azure Solution
Design Practices for a Secure Azure SolutionDesign Practices for a Secure Azure Solution
Design Practices for a Secure Azure Solution
 
CloudComputing
CloudComputingCloudComputing
CloudComputing
 
Enterprise Access Control Patterns for Rest and Web APIs
Enterprise Access Control Patterns for Rest and Web APIsEnterprise Access Control Patterns for Rest and Web APIs
Enterprise Access Control Patterns for Rest and Web APIs
 
OAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitOAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity Summit
 
Microservices Architecture (MSA) - Presentation made at AEA-MN quarterly even...
Microservices Architecture (MSA) - Presentation made at AEA-MN quarterly even...Microservices Architecture (MSA) - Presentation made at AEA-MN quarterly even...
Microservices Architecture (MSA) - Presentation made at AEA-MN quarterly even...
 
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & Providers
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & ProvidersDEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & Providers
DEVNET-1128 Cisco Intercloud Fabric NB Api's for Business & Providers
 
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13
 
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure WebBeyond Bearer: Token Binding as the Foundation for a More Secure Web
Beyond Bearer: Token Binding as the Foundation for a More Secure Web
 
Pricing and Revenue Projection in a Cloud-Centric World
Pricing and Revenue Projection in a Cloud-Centric WorldPricing and Revenue Projection in a Cloud-Centric World
Pricing and Revenue Projection in a Cloud-Centric World
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
 
The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas The WSO2 Identity Server - An answer to your common XACML dilemmas
The WSO2 Identity Server - An answer to your common XACML dilemmas
 

Similar to Web Basics: Simple Set of Operations via HTTP API

Fullstack Interview Questions and Answers.pdf
Fullstack Interview Questions and Answers.pdfFullstack Interview Questions and Answers.pdf
Fullstack Interview Questions and Answers.pdfcsvishnukumar
 
4163A - What is Web 2.0.ppt
4163A - What is Web 2.0.ppt4163A - What is Web 2.0.ppt
4163A - What is Web 2.0.pptMatthew Perrins
 
Rest api best practices – comprehensive handbook
Rest api best practices – comprehensive handbookRest api best practices – comprehensive handbook
Rest api best practices – comprehensive handbookKaty Slemon
 
Www architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionWww architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionAustina Francis
 
IBM Hybrid Cloud Integration UCC Talk, 21st November 2018
IBM Hybrid Cloud Integration UCC Talk, 21st November 2018IBM Hybrid Cloud Integration UCC Talk, 21st November 2018
IBM Hybrid Cloud Integration UCC Talk, 21st November 2018Michael O'Sullivan
 
GlueCon 2018: Are REST APIs Still Relevant Today?
GlueCon 2018: Are REST APIs Still Relevant Today?GlueCon 2018: Are REST APIs Still Relevant Today?
GlueCon 2018: Are REST APIs Still Relevant Today?LaunchAny
 
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Codit
 
Talking to 25% of the web - In-depth report and analysis on the WordPress RES...
Talking to 25% of the web - In-depth report and analysis on the WordPress RES...Talking to 25% of the web - In-depth report and analysis on the WordPress RES...
Talking to 25% of the web - In-depth report and analysis on the WordPress RES...Stephane Beladaci
 
Container Days: Architecting Modern Apps on AWS
Container Days: Architecting Modern Apps on AWSContainer Days: Architecting Modern Apps on AWS
Container Days: Architecting Modern Apps on AWSTara Walker
 
Serverless Architecture
Serverless ArchitectureServerless Architecture
Serverless ArchitectureElana Krasner
 
EduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationEduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationChristian Glahn
 
Hia 1691-using iib-to_support_api_economy
Hia 1691-using iib-to_support_api_economyHia 1691-using iib-to_support_api_economy
Hia 1691-using iib-to_support_api_economyAndrew Coleman
 

Similar to Web Basics: Simple Set of Operations via HTTP API (20)

Securing RESTful API
Securing RESTful APISecuring RESTful API
Securing RESTful API
 
REST & RESTful Web Services
REST & RESTful Web ServicesREST & RESTful Web Services
REST & RESTful Web Services
 
Fullstack Interview Questions and Answers.pdf
Fullstack Interview Questions and Answers.pdfFullstack Interview Questions and Answers.pdf
Fullstack Interview Questions and Answers.pdf
 
sMash_for_zOS-users
sMash_for_zOS-userssMash_for_zOS-users
sMash_for_zOS-users
 
4163A - What is Web 2.0.ppt
4163A - What is Web 2.0.ppt4163A - What is Web 2.0.ppt
4163A - What is Web 2.0.ppt
 
Rest api best practices – comprehensive handbook
Rest api best practices – comprehensive handbookRest api best practices – comprehensive handbook
Rest api best practices – comprehensive handbook
 
Www architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protectionWww architecture,cgi, client server security, protection
Www architecture,cgi, client server security, protection
 
REST full API Design
REST full API DesignREST full API Design
REST full API Design
 
IBM Hybrid Cloud Integration UCC Talk, 21st November 2018
IBM Hybrid Cloud Integration UCC Talk, 21st November 2018IBM Hybrid Cloud Integration UCC Talk, 21st November 2018
IBM Hybrid Cloud Integration UCC Talk, 21st November 2018
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
 
GlueCon 2018: Are REST APIs Still Relevant Today?
GlueCon 2018: Are REST APIs Still Relevant Today?GlueCon 2018: Are REST APIs Still Relevant Today?
GlueCon 2018: Are REST APIs Still Relevant Today?
 
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
 
Talking to 25% of the web - In-depth report and analysis on the WordPress RES...
Talking to 25% of the web - In-depth report and analysis on the WordPress RES...Talking to 25% of the web - In-depth report and analysis on the WordPress RES...
Talking to 25% of the web - In-depth report and analysis on the WordPress RES...
 
Container Days: Architecting Modern Apps on AWS
Container Days: Architecting Modern Apps on AWSContainer Days: Architecting Modern Apps on AWS
Container Days: Architecting Modern Apps on AWS
 
REST APIs
REST APIsREST APIs
REST APIs
 
Serverless Architecture
Serverless ArchitectureServerless Architecture
Serverless Architecture
 
APITalkMeetupSharable
APITalkMeetupSharableAPITalkMeetupSharable
APITalkMeetupSharable
 
EduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationEduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and Implementation
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
 
Hia 1691-using iib-to_support_api_economy
Hia 1691-using iib-to_support_api_economyHia 1691-using iib-to_support_api_economy
Hia 1691-using iib-to_support_api_economy
 

Web Basics: Simple Set of Operations via HTTP API

  • 1.
  • 2. Web Basics: Operations, via the HTTP API 0 HTTP provides a simple set of operations. Amazingly, all Web exchanges are done using this simple HTTP API: 0 GET 0 Properties: Safe, Idempotent 0 Usage: Retrieving a resource 0 POST 0 Properties: UNSAFE 0 Creating a resource within a collection (resource URI unknown) 0 PUT 0 Properties: Idempotent 0 Usage: Creating or updating a resource at a known URI 0 DELETE 0 Properties: Idempotent 0 Usage: Deleting a resource 2 Umme Habiba: KTH-Applied Information Security Lab SEECS
  • 3. Resource Oriented Architecture? 0 ROA is the term for REST on HTTP/URI 0 A Service consists of all the resources available within a certain domain of control 0 Since REST is a type of SOA, ROA is an implementation of SOA as well. Umme Habiba: KTH-Applied Information Security Lab SEECS
  • 4. Web Basics: Simple Set of Operations, via the HTTP API Desired HTTP Header action Target POST / HTTP/1.1 Machine Host: ttp://www.amazon.com Book: DaVince Code Book: Da Vince Code HTTP Credit Card: Visa Number: 123-45-6789 Credit Card: Visa Payload Expiry: 12-04-06 Number: 123-45-6789 Expiry: 12-04-06 Amazon Web Server Data being Posted 4 Umme Habiba: KTH-Applied Information Security Lab SEECS
  • 5. REST Roy Fielding described REST as an architecture style which attempts “to minimize latency and network communication, while at the same time maximizing the independence and scalability of component implementations" 5 Umme Habiba: KTH-Applied Information Security Lab SEECS
  • 6. REST - Not a Standard 0 REST is not a standard 0 REST is just a design pattern 0 REST does prescribe the use of standards: 0 HTTP 0 URL 0 XML/HTML/GIF/JPEG/etc. (Resource Representations) 0 text/xml, text/html, image/gif, image/jpeg, etc. (Resource Types, MIME Types) 6 Umme Habiba: KTH-Applied Information Security Lab SEECS
  • 7. Why is it called "Representational State Transfer? " http://www.boeing.com/aircraft/747 Client Resource Fuel requirements Maintenance schedule ... Boeing747.html The Client references a Web resource using a URL. A representation of the resource is returned (in this case as an HTML document). The representation (e.g., Boeing747.html) places the client in a new state. When the client selects a hyperlink in Boeing747.html, it accesses another resource. The new representation places the client application into yet another state. Thus, the client application transfers state with each resource representation. 7 Umme Habiba: KTH-Applied Information Security Lab SEECS
  • 8. REST Constraints 0 Important ‘things’ (Noun) are Resources 0 Addressed through a URI 0 Uniform interface (Verb) 0 In HTTP: GET, PUT, POST, DELETE 0 Verb-Noun separation makes integration easier 0 GET /customer/45 Instead of getCustomer(45) OR viewCustomer(45) OR showCustomer(45) 8 Umme Habiba: KTH-Applied Information Security Lab SEECS
  • 9. REST 0 Create a resource for every service. 0 Separation of resource from representation 0 The data that a Web service returns should link to other data. 0 Resources are identified by URIs 0 Resources are manipulated through their representations 0 Self-descriptive messages 9 Umme Habiba: KTH-Applied Information Security Lab SEECS
  • 10. Why not plain HTML? 0 Web pages are designed to be understood by people, 0 layout and styling do matter, not just raw data 0 Every URI could have a human-readable and a machine- process-able representation: 0 Web Services clients ask for the machine-readable one 0 Browsers ask for the human-readable. 0 A web page is a representation of a resource 0 URIs tell a client that there's a concept somewhere 0 Clients can then request a specific representation of the concept from the representations the server makes available 10 Umme Habiba: KTH-Applied Information Security Lab SEECS
  • 11. Why hypertext? 0 Because the links mirror the structure of how a user makes progress through an application 0 The user is in control, thanks to the Back button and other non-local actions 0 In a Web service, the client should be in control in the same sense <order self='http://example.com/customers/1234' > <amount>23</amount> <product ref='http://example.com/products/4554' /> <customer ref='http://example.com/customers/1234' /> </order> 11 Umme Habiba: KTH-Applied Information Security Lab SEECS
  • 12. What is REST?? 0 Uniform Interface 0 Stateless 0 Cacheable 0 Client-Server 0 Layered System 0 Code on Demand (Optional) 12 Umme Habiba: KTH-Applied Information Security Lab SEECS
  • 13. Uniform Interface 0 Simplifies & decouples Architecture for better visibility & evovlability. 0 Resource based representation 0 Manipulation of resources through representations 0 Self-descriptive messages 0 Principle of Generality on Interface 0 Con: Degrades efficiency 0 Optimized: Large grain hypermedia transfer 13 Umme Habiba: KTH-Applied Information Security Lab SEECS
  • 14. Client Server 0 Separation of Concerns 0 Improve Portability of UI 0 Scalability per simple server components 0 Independent evolution 14 Umme Habiba: KTH-Applied Information Security Lab SEECS
  • 15. Cache 0 Eliminates Client server Interactions, partially or completely 0 Improves Scalability and performance 0 Reduced latency in average 0 Con: Decrease on reliability, cached data may not be the recently updated 15 Umme Habiba: KTH-Applied Information Security Lab SEECS
  • 16. Layered System 0 Restrict knowledge of system to 1 layer 0 Bounds systems complexity + Encapsulation 0 Intermediaries and load balancing 0 Con: Add overhead and latency 0 Optimized: Pipes & Filters behavior with intermediaries processing partially the message 16 Umme Habiba: KTH-Applied Information Security Lab SEECS
  • 17. Stateless 0 Statelessness is the key. 0 Necessary state is contained in the request itself. 0 Prevents partial failures 0 No context in server, session in client 0 Visibility, reliability, and scalability 0 Con: Decrease network performance 17 Umme Habiba: KTH-Applied Information Security Lab SEECS
  • 18. Code On Demand (Optional) 0 Temporary extend or customize client functionality (extensibility- java scripts and java applets) 0 Client simplification 0 Con: Reduces visibility 0 This is the only optional constrain 18 Umme Habiba: KTH-Applied Information Security Lab SEECS
  • 19. Who is using REST? 0 Google 0 GData, OpenSocial 0 Standards 0 Atom, WebDAV 0 Amazon 0 S3, SimpleDB 0 Microsoft (!) 0 Project Astoria, Web3S 19 Umme Habiba: KTH-Applied Information Security Lab SEECS
  • 20. Advantages of REST 0 Its architectural constraints when applied as a whole, generate: 0 Scalable component interactions 0 General interfaces 0 Independently deployed connectors 0 Reduced interaction latency 0 Strengthened security 0 Safe encapsulation of legacy systems 0 Separates server implementation from the client's perception of resources 0 Scales well to large numbers of clients 0 Enables transfer of data in streams of unlimited size and type 20 Umme Habiba: KTH-Applied Information Security Lab SEECS
  • 21. Thank You 21