SlideShare una empresa de Scribd logo

Super simple introduction to REST-APIs (2nd version)

Descargar como PPTX, PDF
Patrick Savalle
Patrick Savalle

See also: https://hersengarage.nl/rest-api-design-as-a-craft-not-an-art-a3fd97ed3ef4 An API in an interface or client-server-contract and REST is an HTTP design pattern. A REST-API is the de facto standard in web interface. It maps server resources onto URLs and allows CRUD-like manipulations of those (Create-Read-Update-Delete). In this presentation we cover the basics of: - The HTTP protocol - The REST design pattern - The API

Presentaciones y charlas públicas
1 de 25
Super simple introduction to REST-API’s For programmers By Patrick Savalle (http://patricksavalle.com), software architect
Summary • REST is an HTTP design pattern • REST-APIs map server resources onto URLs • Clients can manipulate resources using HTTP-verbs
CONTENTS 1. HTTP-BASICS 2. REST-BASICS 3. API-BASICS
PART 1 HTTP BASICS
Part 1 - HTTP - URL Every resource has an unique URL that consists of several parts.
Part 1 – HTTP - PROTOCOL HTTP is a plain text conversation between a client and a server. The conversation is based on actions performed on resources which are addressed by URL’s.
Part 1 - HTTP - Request Requests and responses can contain header-fields and a body. Everything is plain text. Headers usually contain metadata or indicate conversation preferences whereas the body contains content.
Part 1 - HTTP – Status codes Every response contains a status code.
PART 2 REST BASICS
There is REST, SOAP, GraphQl and other API-protocols possible on HTTP, why REST? • Every tool that can handle HTTP, can handle REST natively. For instance gateways, web- servers and browsers can effectively cache, route, verify, manipulate REST requests and responses. In short: the whole web supports REST • It is simple and elegant • Even simple (embedded) servers can implement it • Less diversity in technology, you already use HTTP in your stack Part 2 - REST - Why? REST is HTTP ‘done right’. Created by the same designer.
Part 2 - REST – The API VERB + URL = ENDPOINT. All endpoints together form the API.
Part 1 - HTTP - Verbs The actions that can be performed on a resource are called ‘methods’ or ‘verbs’. Below the commonly used verbs (there are many more). POST – create and other non-idempotent operations PUT – replace PATCH – (partial) update DELETE – delete GET – read TRACE – echo HEAD – headers only OPTIONS – CORS preflight Idempotent = no additional effects when called more than once with the same input. In math: f(f(x)) = f(x), e.g. abs(abs(-1)) = abs(-1) = 1
ACTION RESOURCE <verb> https://<host>/<api_version>[/<resource_type>/<instance_id>] GET https://animal.api/1/lions (returns collection) GET https://animal.api/1/lions/4 (returns single lion) POST https://animal.api/1/lions (create new element) PUT https://animal.api/1/lions/4 (updates element) PATCH https://animal.api/1/lions/4 (partial update) DELETE https://animal.api/1/lions (deletes collection) DELETE https://animal.api/1/lions/harry@lion.com (deletes element) GET https://animal.api/1/zoo/33/cage/9/animal/1 GET https://animal.api/1/lions?start=100&count=50 GET https://animal.api/1/lions?id=100&id=103&id=107 (parameter-array) Part 2 - REST – Endpoint structure An endpoint has a very strict URL structure. This is key to ‘REST’. Map your domain resources onto URLs and allow them to be manipulated. Note: like in datamodelling all resources are always PLURAL
Part 2 - REST – Done wrong REST is not SOAP. An URL is NOT a RPC-address or method, it is an universal RESOURCE locator Bad REST API (bad URL’s in general): POST https://domain.com/updateProfile POST https://domain.com/deleteProfile POST https://domain.com/createProfile Good REST API: POST https://domain.com/v1/profiles GET https://domain.com/v1/profiles PUT https://domain.com/v1/profiles/piet@puk.com DELETE https://domain.com/v1/profiles/piet@puk.com GET https://domain.com/v1/profiles/piet@puk.com (Note: this ‘standard’ set is called ‘The Collection Metaphore’)
AUTHENTICATION • HTTP BASIC AUTH Client sends user/password in Authenication header with each API-call. Simple, safe, good choice for API-2-API • BEARER TOKEN Get a temporary access token from API, put in Authentication header, simple, safe, good choice for WEB-2-API • OAUTH2 flow Industry standard. Flexible. Safe. Mostly used when authentication is done by an external application (IDP). Often in combination with Bearer Token. Part 2 - REST - Authentication
PART 3 API BASICS
Possible run-time clients of your API: • Other API’s • Web applications and web front ends (like Angular, React, JQuery web apps) • Mobile app’s, desktop applications etc. • Machines, bots, things But not: • Humans  Design an API ‘outside-in’, as a product for a generic client. Not just as the library for your specific front-end. Use scenario’s or use-cases. Part 3 - API – Outside-in Don’t build your API for a specific type of client.
• Base your REST-API on a (the) domain model (you MUST have a domain model for your application, reverse engineer this if it is not present) • Every parent or whole in the model is on a root URL • Every child or part in the model is in an URL relative to its parent or whole • Use the Collection Metaphore, each resource has a standard set of endpoints The relevant desing patterns are described here: https://hersengarage.nl/rest-api-design- as-a-craft-not-an-art-a3fd97ed3ef4 Part 3 - API – Best practice
• Consistent (avoid surprises) • Cohesive (only lists purposeful endpoints) • Complete (has all necessary endpoints for its purpose) • Minimal (only one way to do things) • Encapsulating (hiding implementation details) • Self-explaining • Documented!  Same for all interfaces: class-interfaces, package interface, APIs, etc. Part 3 - API – Interface quality Good interface design is crafmanship.
• The OpenAPI /Swagger file • Support • Functional documentation • A dashboard to register apps / obtain an API-key (API-manager) • Language stubs (Java, PHP, Python, etc.) on Github • A homepage / productpage • A revenue-model / pricing • A launchparty • Hackathons Part 3 - API - Deliverables An API is a product, treat it as such.
Part 3 - API – Swagger / OpenAPI The OpenAPI or ‘Swagger’ definition Industry-standard to specify a REST-API. For an example, see: https://gist.github.com/patricksavalle/fac25ed914dc2e10f256fdba1af9e622 The Swagger definitions are here: https://swagger.io Use the editor at: https://editor.swagger.io Every API comes with a Swagger!
Part 3 - API - Stateless A REST-server must be client-state agnostic! To be flexible and scalable the server needs to be ignorant of client-state or context. A REST-server does not store session data on behalf of the client. Put another way: all necessary context MUST be in the request.
90% of all REST-methods follow the same implementation logic: Request  1. Authentication 2. Authorisation 3. Input validation 4. Actual logic 5. Output filtering  response Part 3 - API - Implementation REST-servers are conceptually extremely simple, keep their implementation equally simple. (No design patterns, no fancy pancy)
Some of the choices only you can make: • Few methods / large responses vs. many methods / small responses Considerations: web clients generally like large aggregated responses tailored to their page structures. Other clients like smaller responses. Etc. There is also the underlying (logical) data model and the ‘natural granularity’ of the problem-domain. In most cases: map the domain model onto URL’s. • Query parameters vs request headers (for instance the API-tokens) In general non-functional data should be in headers. Headers are more easily inspected / used by tools like webservers.. • Hypermedia communication (follow-up URL’s in responses, HATEOAS) Problematic concept, very client dependent. Most API’s don’t have this, why should yours? Part 3 - API – Design choices Good interface design is crafmanship.
• A REST client, e.g. the Chrome POSTMAN plugin (most IDE’s have one as an add-on) • TELNET (the generic HTTP client) • http://www.restapitutorial.com/resources.html • https://github.com/Microsoft/api-guidelines/blob/master/Guidelines.md • http://jsonapi.org/ • https://swagger.io/ • How to build a high quality REST-API: https://hersengarage.nl/rest-api-design-as-a-craft-not-an-art-a3fd97ed3ef4 Part 3 - API - Resources

Recomendados

REST-API's for architects and managers
REST-API's for architects and managersREST-API's for architects and managers
REST-API's for architects and managers
Patrick Savalle
 
REST-API overview / concepts
REST-API overview / conceptsREST-API overview / concepts
REST-API overview / concepts
Patrick Savalle
 
Design API using RAML - basics
Design API using RAML - basicsDesign API using RAML - basics
Design API using RAML - basics
kunal vishe
 
Api presentation
Api presentationApi presentation
Api presentation
Tiago Cardoso
 
RAML
RAMLRAML
RAML
Shanky Gupta
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUD
Prem Sanil
 
Rest api standards and best practices
Rest api standards and best practicesRest api standards and best practices
Rest api standards and best practices
Ankita Mahajan
 
An Introduction To REST API
An Introduction To REST APIAn Introduction To REST API
An Introduction To REST API
Aniruddh Bhilvare
 

Recomendados

REST-API's for architects and managers
REST-API's for architects and managersREST-API's for architects and managers
REST-API's for architects and managers
Patrick Savalle
 
REST-API overview / concepts
REST-API overview / conceptsREST-API overview / concepts
REST-API overview / concepts
Patrick Savalle
 
Design API using RAML - basics
Design API using RAML - basicsDesign API using RAML - basics
Design API using RAML - basics
kunal vishe
 
Api presentation
Api presentationApi presentation
Api presentation
Tiago Cardoso
 
RAML
RAMLRAML
RAML
Shanky Gupta
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUD
Prem Sanil
 
Rest api standards and best practices
Rest api standards and best practicesRest api standards and best practices
Rest api standards and best practices
Ankita Mahajan
 
An Introduction To REST API
An Introduction To REST APIAn Introduction To REST API
An Introduction To REST API
Aniruddh Bhilvare
 
What is an API?
What is an API?What is an API?
What is an API?
Muhammad Zuhdi
 
Beautiful REST and JSON APIs - Les Hazlewood
Beautiful REST and JSON APIs - Les HazlewoodBeautiful REST and JSON APIs - Les Hazlewood
Beautiful REST and JSON APIs - Les Hazlewood
jaxconf
 
Introduction to the Web API
Introduction to the Web APIIntroduction to the Web API
Introduction to the Web API
Brad Genereaux
 
Basic auth implementation using raml in mule
Basic auth implementation using raml in muleBasic auth implementation using raml in mule
Basic auth implementation using raml in mule
Adithya Kuchan
 
API design principles for accelerated development
API design principles for accelerated developmentAPI design principles for accelerated development
API design principles for accelerated development
Jonathan LeBlanc
 
Api Testing
Api TestingApi Testing
Api Testing
Vishwanath KC
 
REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & Development
Ashok Pundit
 
Creating Web Services with Zend Framework - Matthew Turland
Creating Web Services with Zend Framework - Matthew TurlandCreating Web Services with Zend Framework - Matthew Turland
Creating Web Services with Zend Framework - Matthew Turland
Matthew Turland
 
REST API Doc Best Practices
REST API Doc Best PracticesREST API Doc Best Practices
REST API Doc Best Practices
Marta Rauch
 
Postman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioPostman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenario
HYS Enterprise
 
Restful api design
Restful api designRestful api design
Restful api design
Mizan Riqzia
 
API Design- Best Practices
API Design- Best PracticesAPI Design- Best Practices
API Design- Best Practices
Prakash Bhandari
 
APITalkMeetupSharable
APITalkMeetupSharableAPITalkMeetupSharable
APITalkMeetupSharable
Obaidur (OB) Rashid
 
Spring REST Docs: Documenting RESTful APIs using your tests - Devoxx
Spring REST Docs: Documenting RESTful APIs using your tests - DevoxxSpring REST Docs: Documenting RESTful APIs using your tests - Devoxx
Spring REST Docs: Documenting RESTful APIs using your tests - Devoxx
JWORKS powered by Ordina
 
API Testing. Streamline your testing process.
API Testing. Streamline your testing process.API Testing. Streamline your testing process.
API Testing. Streamline your testing process.
Andrey Oleynik
 
API Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNGAPI Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNG
Siddharth Sharma
 
Test in Rest. API testing with the help of Rest Assured.
Test in Rest. API testing with the help of Rest Assured.Test in Rest. API testing with the help of Rest Assured.
Test in Rest. API testing with the help of Rest Assured.
Artem Korchevyi
 
CakeFest 2013 - A-Z REST APIs
CakeFest 2013 - A-Z REST APIsCakeFest 2013 - A-Z REST APIs
CakeFest 2013 - A-Z REST APIs
anthony_putignano
 
Benefits of the CodeIgniter Framework
Benefits of the CodeIgniter FrameworkBenefits of the CodeIgniter Framework
Benefits of the CodeIgniter Framework
Toby Beresford
 
Fundamentals of software 2 | Test Case | Test Suite | Test Plan | Test Scenario
Fundamentals of software 2 | Test Case | Test Suite | Test Plan | Test ScenarioFundamentals of software 2 | Test Case | Test Suite | Test Plan | Test Scenario
Fundamentals of software 2 | Test Case | Test Suite | Test Plan | Test Scenario
Siddharth Sharma
 
REST-API introduction for developers
REST-API introduction for developersREST-API introduction for developers
REST-API introduction for developers
Patrick Savalle
 
REST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in CodeigniterREST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in Codeigniter
Sachin G Kulkarni
 

Más contenido relacionado

La actualidad más candente

API design principles for accelerated development
API design principles for accelerated developmentAPI design principles for accelerated development
API design principles for accelerated development
Jonathan LeBlanc
 
Creating Web Services with Zend Framework - Matthew Turland
Creating Web Services with Zend Framework - Matthew TurlandCreating Web Services with Zend Framework - Matthew Turland
Creating Web Services with Zend Framework - Matthew Turland
Matthew Turland
 
Spring REST Docs: Documenting RESTful APIs using your tests - Devoxx
Spring REST Docs: Documenting RESTful APIs using your tests - DevoxxSpring REST Docs: Documenting RESTful APIs using your tests - Devoxx
Spring REST Docs: Documenting RESTful APIs using your tests - Devoxx
JWORKS powered by Ordina
 
CakeFest 2013 - A-Z REST APIs
CakeFest 2013 - A-Z REST APIsCakeFest 2013 - A-Z REST APIs
CakeFest 2013 - A-Z REST APIs
anthony_putignano
 

La actualidad más candente (20)

What is an API?
What is an API?What is an API?
What is an API?
 
Beautiful REST and JSON APIs - Les Hazlewood
Beautiful REST and JSON APIs - Les HazlewoodBeautiful REST and JSON APIs - Les Hazlewood
Beautiful REST and JSON APIs - Les Hazlewood
 
Introduction to the Web API
Introduction to the Web APIIntroduction to the Web API
Introduction to the Web API
 
Basic auth implementation using raml in mule
Basic auth implementation using raml in muleBasic auth implementation using raml in mule
Basic auth implementation using raml in mule
 
API design principles for accelerated development
API design principles for accelerated developmentAPI design principles for accelerated development
API design principles for accelerated development
 
Api Testing
Api TestingApi Testing
Api Testing
 
REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & Development
 
Creating Web Services with Zend Framework - Matthew Turland
Creating Web Services with Zend Framework - Matthew TurlandCreating Web Services with Zend Framework - Matthew Turland
Creating Web Services with Zend Framework - Matthew Turland
 
REST API Doc Best Practices
REST API Doc Best PracticesREST API Doc Best Practices
REST API Doc Best Practices
 
Postman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioPostman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenario
 
Restful api design
Restful api designRestful api design
Restful api design
 
API Design- Best Practices
API Design- Best PracticesAPI Design- Best Practices
API Design- Best Practices
 
APITalkMeetupSharable
APITalkMeetupSharableAPITalkMeetupSharable
APITalkMeetupSharable
 
Spring REST Docs: Documenting RESTful APIs using your tests - Devoxx
Spring REST Docs: Documenting RESTful APIs using your tests - DevoxxSpring REST Docs: Documenting RESTful APIs using your tests - Devoxx
Spring REST Docs: Documenting RESTful APIs using your tests - Devoxx
 
API Testing. Streamline your testing process.
API Testing. Streamline your testing process.API Testing. Streamline your testing process.
API Testing. Streamline your testing process.
 
API Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNGAPI Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNG
 
Test in Rest. API testing with the help of Rest Assured.
Test in Rest. API testing with the help of Rest Assured.Test in Rest. API testing with the help of Rest Assured.
Test in Rest. API testing with the help of Rest Assured.
 
CakeFest 2013 - A-Z REST APIs
CakeFest 2013 - A-Z REST APIsCakeFest 2013 - A-Z REST APIs
CakeFest 2013 - A-Z REST APIs
 
Benefits of the CodeIgniter Framework
Benefits of the CodeIgniter FrameworkBenefits of the CodeIgniter Framework
Benefits of the CodeIgniter Framework
 
Fundamentals of software 2 | Test Case | Test Suite | Test Plan | Test Scenario
Fundamentals of software 2 | Test Case | Test Suite | Test Plan | Test ScenarioFundamentals of software 2 | Test Case | Test Suite | Test Plan | Test Scenario
Fundamentals of software 2 | Test Case | Test Suite | Test Plan | Test Scenario
 

Similar a Super simple introduction to REST-APIs (2nd version)

automated-automation-of-rest-apis.pptx
automated-automation-of-rest-apis.pptxautomated-automation-of-rest-apis.pptx
automated-automation-of-rest-apis.pptx
Aditya274010
 
Creating a RESTful api without losing too much sleep
Creating a RESTful api without losing too much sleepCreating a RESTful api without losing too much sleep
Creating a RESTful api without losing too much sleep
Mike Anderson
 
Practices and tools for building better APIs
Practices and tools for building better APIsPractices and tools for building better APIs
Practices and tools for building better APIs
NLJUG
 
Practices and tools for building better API (JFall 2013)
Practices and tools for building better API (JFall 2013)Practices and tools for building better API (JFall 2013)
Practices and tools for building better API (JFall 2013)
Peter Hendriks
 

Similar a Super simple introduction to REST-APIs (2nd version) (20)

REST-API introduction for developers
REST-API introduction for developersREST-API introduction for developers
REST-API introduction for developers
 
REST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in CodeigniterREST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in Codeigniter
 
ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web api
 
automated-automation-of-rest-apis.pptx
automated-automation-of-rest-apis.pptxautomated-automation-of-rest-apis.pptx
automated-automation-of-rest-apis.pptx
 
RESTful web APIs (build, document, manage)
RESTful web APIs (build, document, manage)RESTful web APIs (build, document, manage)
RESTful web APIs (build, document, manage)
 
REST APIs
REST APIsREST APIs
REST APIs
 
Rest with Spring
Rest with SpringRest with Spring
Rest with Spring
 
REST - Why, When and How? at AMIS25
REST - Why, When and How? at AMIS25REST - Why, When and How? at AMIS25
REST - Why, When and How? at AMIS25
 
Creating a RESTful api without losing too much sleep
Creating a RESTful api without losing too much sleepCreating a RESTful api without losing too much sleep
Creating a RESTful api without losing too much sleep
 
Business Applications Integration In The Cloud
Business Applications Integration In The CloudBusiness Applications Integration In The Cloud
Business Applications Integration In The Cloud
 
API Docs with OpenAPI 3.0
API Docs with OpenAPI 3.0API Docs with OpenAPI 3.0
API Docs with OpenAPI 3.0
 
Day02 a pi.
Day02 a pi.Day02 a pi.
Day02 a pi.
 
MuleSoft Surat Virtual Meetup#21 - MuleSoft API and RAML Design Best Practice...
MuleSoft Surat Virtual Meetup#21 - MuleSoft API and RAML Design Best Practice...MuleSoft Surat Virtual Meetup#21 - MuleSoft API and RAML Design Best Practice...
MuleSoft Surat Virtual Meetup#21 - MuleSoft API and RAML Design Best Practice...
 
Crafting APIs
Crafting APIsCrafting APIs
Crafting APIs
 
JDK8 Streams
JDK8 StreamsJDK8 Streams
JDK8 Streams
 
Practices and tools for building better APIs
Practices and tools for building better APIsPractices and tools for building better APIs
Practices and tools for building better APIs
 
Practices and tools for building better API (JFall 2013)
Practices and tools for building better API (JFall 2013)Practices and tools for building better API (JFall 2013)
Practices and tools for building better API (JFall 2013)
 
Hia 1691-using iib-to_support_api_economy
Hia 1691-using iib-to_support_api_economyHia 1691-using iib-to_support_api_economy
Hia 1691-using iib-to_support_api_economy
 
Documenting REST APIs
Documenting REST APIsDocumenting REST APIs
Documenting REST APIs
 
REST API Basics
REST API BasicsREST API Basics
REST API Basics
 

Más de Patrick Savalle

The future of work, a whitepaper
The future of work, a whitepaperThe future of work, a whitepaper
The future of work, a whitepaper
Patrick Savalle
 
TeamPark book (english) part 1, vision and inspiration
TeamPark book (english) part 1, vision and inspirationTeamPark book (english) part 1, vision and inspiration
TeamPark book (english) part 1, vision and inspiration
Patrick Savalle
 
Build the socially integrated organization with the TeamPark-method
Build the socially integrated organization with the TeamPark-methodBuild the socially integrated organization with the TeamPark-method
Build the socially integrated organization with the TeamPark-method
Patrick Savalle
 
Building Intelligent Organizations with Sogeti TeamPark
Building Intelligent Organizations with Sogeti TeamParkBuilding Intelligent Organizations with Sogeti TeamPark
Building Intelligent Organizations with Sogeti TeamPark
Patrick Savalle
 

Más de Patrick Savalle (14)

REST-API design patterns
REST-API design patternsREST-API design patterns
REST-API design patterns
 
State of technology and innovation (2017 edition)
State of technology and innovation (2017 edition)State of technology and innovation (2017 edition)
State of technology and innovation (2017 edition)
 
A bitcoin and blockchain primer
A bitcoin and blockchain primerA bitcoin and blockchain primer
A bitcoin and blockchain primer
 
A quick review of (near future) disruptions and innovations.
A quick review of (near future) disruptions and innovations.A quick review of (near future) disruptions and innovations.
A quick review of (near future) disruptions and innovations.
 
Bitcoin presentation deltalloyd
Bitcoin presentation deltalloydBitcoin presentation deltalloyd
Bitcoin presentation deltalloyd
 
The future of work, a whitepaper
The future of work, a whitepaperThe future of work, a whitepaper
The future of work, a whitepaper
 
TeamPark book (english) part 1, vision and inspiration
TeamPark book (english) part 1, vision and inspirationTeamPark book (english) part 1, vision and inspiration
TeamPark book (english) part 1, vision and inspiration
 
TeamPark book (english) part 2, platform and method
TeamPark book (english) part 2, platform and methodTeamPark book (english) part 2, platform and method
TeamPark book (english) part 2, platform and method
 
TeamPark: platform en methode
TeamPark: platform en methodeTeamPark: platform en methode
TeamPark: platform en methode
 
TeamPark: inspiratie en visie
TeamPark: inspiratie en visieTeamPark: inspiratie en visie
TeamPark: inspiratie en visie
 
Social Platform Design
Social Platform DesignSocial Platform Design
Social Platform Design
 
Build the socially integrated organization with the TeamPark-method
Build the socially integrated organization with the TeamPark-methodBuild the socially integrated organization with the TeamPark-method
Build the socially integrated organization with the TeamPark-method
 
TeamPark: Alternatieve presentatie (NL)
TeamPark: Alternatieve presentatie (NL)TeamPark: Alternatieve presentatie (NL)
TeamPark: Alternatieve presentatie (NL)
 
Building Intelligent Organizations with Sogeti TeamPark
Building Intelligent Organizations with Sogeti TeamParkBuilding Intelligent Organizations with Sogeti TeamPark
Building Intelligent Organizations with Sogeti TeamPark
 

Último

Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
David Celestin
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
raffaeleoman
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
amilabibi1
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
Kayode Fayemi
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
Kayode Fayemi
 

Último (15)

Digital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of DrupalDigital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of Drupal
 
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
 
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdfSOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 

Super simple introduction to REST-APIs (2nd version)

  • 1. Super simple introduction to REST-API’s For programmers By Patrick Savalle (http://patricksavalle.com), software architect
  • 2. Summary • REST is an HTTP design pattern • REST-APIs map server resources onto URLs • Clients can manipulate resources using HTTP-verbs
  • 5. Part 1 - HTTP - URL Every resource has an unique URL that consists of several parts.
  • 6. Part 1 – HTTP - PROTOCOL HTTP is a plain text conversation between a client and a server. The conversation is based on actions performed on resources which are addressed by URL’s.
  • 7. Part 1 - HTTP - Request Requests and responses can contain header-fields and a body. Everything is plain text. Headers usually contain metadata or indicate conversation preferences whereas the body contains content.
  • 8. Part 1 - HTTP – Status codes Every response contains a status code.
  • 10. There is REST, SOAP, GraphQl and other API-protocols possible on HTTP, why REST? • Every tool that can handle HTTP, can handle REST natively. For instance gateways, web- servers and browsers can effectively cache, route, verify, manipulate REST requests and responses. In short: the whole web supports REST • It is simple and elegant • Even simple (embedded) servers can implement it • Less diversity in technology, you already use HTTP in your stack Part 2 - REST - Why? REST is HTTP ‘done right’. Created by the same designer.
  • 11. Part 2 - REST – The API VERB + URL = ENDPOINT. All endpoints together form the API.
  • 12. Part 1 - HTTP - Verbs The actions that can be performed on a resource are called ‘methods’ or ‘verbs’. Below the commonly used verbs (there are many more). POST – create and other non-idempotent operations PUT – replace PATCH – (partial) update DELETE – delete GET – read TRACE – echo HEAD – headers only OPTIONS – CORS preflight Idempotent = no additional effects when called more than once with the same input. In math: f(f(x)) = f(x), e.g. abs(abs(-1)) = abs(-1) = 1
  • 13. ACTION RESOURCE <verb> https://<host>/<api_version>[/<resource_type>/<instance_id>] GET https://animal.api/1/lions (returns collection) GET https://animal.api/1/lions/4 (returns single lion) POST https://animal.api/1/lions (create new element) PUT https://animal.api/1/lions/4 (updates element) PATCH https://animal.api/1/lions/4 (partial update) DELETE https://animal.api/1/lions (deletes collection) DELETE https://animal.api/1/lions/harry@lion.com (deletes element) GET https://animal.api/1/zoo/33/cage/9/animal/1 GET https://animal.api/1/lions?start=100&count=50 GET https://animal.api/1/lions?id=100&id=103&id=107 (parameter-array) Part 2 - REST – Endpoint structure An endpoint has a very strict URL structure. This is key to ‘REST’. Map your domain resources onto URLs and allow them to be manipulated. Note: like in datamodelling all resources are always PLURAL
  • 14. Part 2 - REST – Done wrong REST is not SOAP. An URL is NOT a RPC-address or method, it is an universal RESOURCE locator Bad REST API (bad URL’s in general): POST https://domain.com/updateProfile POST https://domain.com/deleteProfile POST https://domain.com/createProfile Good REST API: POST https://domain.com/v1/profiles GET https://domain.com/v1/profiles PUT https://domain.com/v1/profiles/piet@puk.com DELETE https://domain.com/v1/profiles/piet@puk.com GET https://domain.com/v1/profiles/piet@puk.com (Note: this ‘standard’ set is called ‘The Collection Metaphore’)
  • 15. AUTHENTICATION • HTTP BASIC AUTH Client sends user/password in Authenication header with each API-call. Simple, safe, good choice for API-2-API • BEARER TOKEN Get a temporary access token from API, put in Authentication header, simple, safe, good choice for WEB-2-API • OAUTH2 flow Industry standard. Flexible. Safe. Mostly used when authentication is done by an external application (IDP). Often in combination with Bearer Token. Part 2 - REST - Authentication
  • 17. Possible run-time clients of your API: • Other API’s • Web applications and web front ends (like Angular, React, JQuery web apps) • Mobile app’s, desktop applications etc. • Machines, bots, things But not: • Humans  Design an API ‘outside-in’, as a product for a generic client. Not just as the library for your specific front-end. Use scenario’s or use-cases. Part 3 - API – Outside-in Don’t build your API for a specific type of client.
  • 18. • Base your REST-API on a (the) domain model (you MUST have a domain model for your application, reverse engineer this if it is not present) • Every parent or whole in the model is on a root URL • Every child or part in the model is in an URL relative to its parent or whole • Use the Collection Metaphore, each resource has a standard set of endpoints The relevant desing patterns are described here: https://hersengarage.nl/rest-api-design- as-a-craft-not-an-art-a3fd97ed3ef4 Part 3 - API – Best practice
  • 19. • Consistent (avoid surprises) • Cohesive (only lists purposeful endpoints) • Complete (has all necessary endpoints for its purpose) • Minimal (only one way to do things) • Encapsulating (hiding implementation details) • Self-explaining • Documented!  Same for all interfaces: class-interfaces, package interface, APIs, etc. Part 3 - API – Interface quality Good interface design is crafmanship.
  • 20. • The OpenAPI /Swagger file • Support • Functional documentation • A dashboard to register apps / obtain an API-key (API-manager) • Language stubs (Java, PHP, Python, etc.) on Github • A homepage / productpage • A revenue-model / pricing • A launchparty • Hackathons Part 3 - API - Deliverables An API is a product, treat it as such.
  • 21. Part 3 - API – Swagger / OpenAPI The OpenAPI or ‘Swagger’ definition Industry-standard to specify a REST-API. For an example, see: https://gist.github.com/patricksavalle/fac25ed914dc2e10f256fdba1af9e622 The Swagger definitions are here: https://swagger.io Use the editor at: https://editor.swagger.io Every API comes with a Swagger!
  • 22. Part 3 - API - Stateless A REST-server must be client-state agnostic! To be flexible and scalable the server needs to be ignorant of client-state or context. A REST-server does not store session data on behalf of the client. Put another way: all necessary context MUST be in the request.
  • 23. 90% of all REST-methods follow the same implementation logic: Request  1. Authentication 2. Authorisation 3. Input validation 4. Actual logic 5. Output filtering  response Part 3 - API - Implementation REST-servers are conceptually extremely simple, keep their implementation equally simple. (No design patterns, no fancy pancy)
  • 24. Some of the choices only you can make: • Few methods / large responses vs. many methods / small responses Considerations: web clients generally like large aggregated responses tailored to their page structures. Other clients like smaller responses. Etc. There is also the underlying (logical) data model and the ‘natural granularity’ of the problem-domain. In most cases: map the domain model onto URL’s. • Query parameters vs request headers (for instance the API-tokens) In general non-functional data should be in headers. Headers are more easily inspected / used by tools like webservers.. • Hypermedia communication (follow-up URL’s in responses, HATEOAS) Problematic concept, very client dependent. Most API’s don’t have this, why should yours? Part 3 - API – Design choices Good interface design is crafmanship.
  • 25. • A REST client, e.g. the Chrome POSTMAN plugin (most IDE’s have one as an add-on) • TELNET (the generic HTTP client) • http://www.restapitutorial.com/resources.html • https://github.com/Microsoft/api-guidelines/blob/master/Guidelines.md • http://jsonapi.org/ • https://swagger.io/ • How to build a high quality REST-API: https://hersengarage.nl/rest-api-design-as-a-craft-not-an-art-a3fd97ed3ef4 Part 3 - API - Resources

Notas del editor

  1. In the basis HTTP is a text oriented protocol. You can use TELNET to construct and send requests.
  2. Verbs indicate the action on the URL in the request. All verbs: https://www.iana.org/assignments/http-methods/http-methods.xhtml