Este documento presenta OpenAPI 3.0.2 como estándar para documentar APIs de forma interoperable. Explica cómo OpenAPI puede usarse para documentar APIs existentes, definir contratos de API antes de implementarlas, o generar documentación a partir de servicios existentes. También cubre herramientas de OpenAPI, casos de uso comunes, y tendencias como la adopción del estándar por gobiernos y empresas para promover la interoperabilidad.
Swagger is an open source software framework backed by
a large ecosystem of tools that helps developers
design, build, document and consume RESTful Web
services.
Swagger is a simple yet powerful representation of your RESTful API. With the largest ecosystem of API tooling on the planet, thousands of developers are supporting Swagger in almost every modern programming language and deployment environment. With a Swagger-enabled API, you get interactive documentation, client SDK generation and discoverability.
OpenAPI 3.0, And What It Means for the Future of SwaggerSmartBear
OpenAPI 3.0, which is based on the original Swagger 2.0 specification, is meant to provide a standard format to unify how an industry defines and describes RESTful APIs.
The release of OAS 3.0 marks a significant milestone in the growth of the API economy — bringing together collaborators from across industries, to evolve the specification to meet the needs of API developers and consumers across the world in an open and transparent manner.
We hosted a free Swagger training: OpenAPI 3.0, And What it Means for the Future of Swagger. More than 2,000 people signed up to learn more about the new specification, and to find out about what’s coming next for Swagger and SwaggerHub!
You can watch the full recording of the presentation here: https://swaggerhub.com/blog/api-resources/openapi-3-0-video-tutorial/
This slide deck gives an introduction to OAuth 2.0, starting with some concepts, explaining the flow plus a few hints. The reminder of the slides are about implementing an OAuth 2.0 server using the Apache Amber library (renamed to Apache Oltu lately). My impression is that many developers shy away as soon as they hear "security" and so I did not only want to talk about the concepts of OAuth 2.0 but also wanted to show how easily you can implement an OAuth 2.0 server ... hope it reduces the fear of contact a bit ... ;-)
Swagger is an open source software framework backed by
a large ecosystem of tools that helps developers
design, build, document and consume RESTful Web
services.
Swagger is a simple yet powerful representation of your RESTful API. With the largest ecosystem of API tooling on the planet, thousands of developers are supporting Swagger in almost every modern programming language and deployment environment. With a Swagger-enabled API, you get interactive documentation, client SDK generation and discoverability.
OpenAPI 3.0, And What It Means for the Future of SwaggerSmartBear
OpenAPI 3.0, which is based on the original Swagger 2.0 specification, is meant to provide a standard format to unify how an industry defines and describes RESTful APIs.
The release of OAS 3.0 marks a significant milestone in the growth of the API economy — bringing together collaborators from across industries, to evolve the specification to meet the needs of API developers and consumers across the world in an open and transparent manner.
We hosted a free Swagger training: OpenAPI 3.0, And What it Means for the Future of Swagger. More than 2,000 people signed up to learn more about the new specification, and to find out about what’s coming next for Swagger and SwaggerHub!
You can watch the full recording of the presentation here: https://swaggerhub.com/blog/api-resources/openapi-3-0-video-tutorial/
This slide deck gives an introduction to OAuth 2.0, starting with some concepts, explaining the flow plus a few hints. The reminder of the slides are about implementing an OAuth 2.0 server using the Apache Amber library (renamed to Apache Oltu lately). My impression is that many developers shy away as soon as they hear "security" and so I did not only want to talk about the concepts of OAuth 2.0 but also wanted to show how easily you can implement an OAuth 2.0 server ... hope it reduces the fear of contact a bit ... ;-)
An introduction to a popular framework for Service Oriented REST APIs, Proof of Concepts and Rapid Development. Swagger is a indispensable tool for Software Engineers, Developers and Architects.
Watch the live demo of Apigee's API platform to learn how to:
- easily configure and manage new APIs and enforce security with minimal impact to backend services
- create, manage and monetize API products
- extend API Services to increase flexibility and tailor to business requirements with JavaScript, Java, Python, and Node.js
- provide developers easy, yet secure access to explore, test, and deploy APIs
- use end-to-end visibility across the digital value chain to monitor, measure, and manage success
With special guests Ron Ratovsky and Darrel Miller from the OpenAPI Initiative's Technical Steering Committee, this SmartBear webinar session covered the history of Swagger and the OpenAPI Specification, and all the latest changes in OAS 3.1.
This is a presentation which describe the big picture of the Rest API. In this presentation I simply describe the theories with practical examples. Hope this presentation will cover the overall Rest API domain.
An introduction to api testing | David TzemachDavid Tzemach
WHAT IS API?
MOTIVATION TO TEST API
WHAT IS AN API TESTING?
WHAT TESTS SHOULD BE PERFORMED ON API’S
WHAT ARE THE TYPES OF DEFECTS THAT API TESTING WILL HELP REMOVE?
WHAT ARE THE CHALLENGES OF API TESTING?
OpenAPI is an the emerging standard for creating, managing and consuming REST APIs. Previously named Swagger, in the last year has been adopted by the Linux Foundation and gained the support of companies like Google, Microsoft, IBM, Paypal, etc. to become a de-facto standard for APIs. In this talk we will review 3 uses cases to apply OpenAPI to enhance and speed-up our developments to create OpenAPI compliant APIs.
The API acronym is everywhere on the Internet. It seems like every great company offers an API. But what is it exactly?
This deck will present you the very concept of API with a simple metaphor, and then will take four exemples of very popular APIs integrated by more popular websites (Airbnb, Uber, etc...).
A deck by Sébastien Saunier, CTO @ Le Wagon (https://www.lewagon.com)
This intermediate-level Postman training is geared specifically for API testers and other stakeholders invested in the health of your APIs, including product managers, business managers, DevOps practitioners, and more.
“Continuous quality” is a holistic mindset for API testing, and in this session, we’ll discuss continuous quality principles as we walk through some advanced testing workflows and recommended practices for testing in Postman.
API Management Part 1 - An Introduction to Azure API ManagementBizTalk360
Building APIs is not just about technology. APIs enable many new business opportunities, but only if done correctly. Enter API Management platforms to provide the building blocks behind a successful API program. As a result of lucrative opportunities, many Software vendors have emerged or pivoted from their SOA management roots to provide API Management capabilities.
In this session, Kent will introduce you to Microsoft’s Azure API Management platform by providing an overview that highlights its capabilities and the opportunities that emerge for organizations. As part of this presentation, Kent will demonstrate how developers can create their first API and discuss strategies for transforming existing services to leverage Azure API Management.
This presentation will consist of general guidance on API Management, an Azure API Management portal walk-through and demos that re-enforce the concepts that were introduced.
An introduction to a popular framework for Service Oriented REST APIs, Proof of Concepts and Rapid Development. Swagger is a indispensable tool for Software Engineers, Developers and Architects.
Watch the live demo of Apigee's API platform to learn how to:
- easily configure and manage new APIs and enforce security with minimal impact to backend services
- create, manage and monetize API products
- extend API Services to increase flexibility and tailor to business requirements with JavaScript, Java, Python, and Node.js
- provide developers easy, yet secure access to explore, test, and deploy APIs
- use end-to-end visibility across the digital value chain to monitor, measure, and manage success
With special guests Ron Ratovsky and Darrel Miller from the OpenAPI Initiative's Technical Steering Committee, this SmartBear webinar session covered the history of Swagger and the OpenAPI Specification, and all the latest changes in OAS 3.1.
This is a presentation which describe the big picture of the Rest API. In this presentation I simply describe the theories with practical examples. Hope this presentation will cover the overall Rest API domain.
An introduction to api testing | David TzemachDavid Tzemach
WHAT IS API?
MOTIVATION TO TEST API
WHAT IS AN API TESTING?
WHAT TESTS SHOULD BE PERFORMED ON API’S
WHAT ARE THE TYPES OF DEFECTS THAT API TESTING WILL HELP REMOVE?
WHAT ARE THE CHALLENGES OF API TESTING?
OpenAPI is an the emerging standard for creating, managing and consuming REST APIs. Previously named Swagger, in the last year has been adopted by the Linux Foundation and gained the support of companies like Google, Microsoft, IBM, Paypal, etc. to become a de-facto standard for APIs. In this talk we will review 3 uses cases to apply OpenAPI to enhance and speed-up our developments to create OpenAPI compliant APIs.
The API acronym is everywhere on the Internet. It seems like every great company offers an API. But what is it exactly?
This deck will present you the very concept of API with a simple metaphor, and then will take four exemples of very popular APIs integrated by more popular websites (Airbnb, Uber, etc...).
A deck by Sébastien Saunier, CTO @ Le Wagon (https://www.lewagon.com)
This intermediate-level Postman training is geared specifically for API testers and other stakeholders invested in the health of your APIs, including product managers, business managers, DevOps practitioners, and more.
“Continuous quality” is a holistic mindset for API testing, and in this session, we’ll discuss continuous quality principles as we walk through some advanced testing workflows and recommended practices for testing in Postman.
API Management Part 1 - An Introduction to Azure API ManagementBizTalk360
Building APIs is not just about technology. APIs enable many new business opportunities, but only if done correctly. Enter API Management platforms to provide the building blocks behind a successful API program. As a result of lucrative opportunities, many Software vendors have emerged or pivoted from their SOA management roots to provide API Management capabilities.
In this session, Kent will introduce you to Microsoft’s Azure API Management platform by providing an overview that highlights its capabilities and the opportunities that emerge for organizations. As part of this presentation, Kent will demonstrate how developers can create their first API and discuss strategies for transforming existing services to leverage Azure API Management.
This presentation will consist of general guidance on API Management, an Azure API Management portal walk-through and demos that re-enforce the concepts that were introduced.
Mada metodología ágil de desarrollo de apisCloudAppi
MADA es la primera metodología que ordena un poco los pasos a seguir para poder desarrollar APis de calidad. Para ello, se analizará como realizar un documento funcional que explique correctamente la API, como se debe implementar fakes para que los developers puedan empezar a desarrollar sus Aplicaciones aunque no tengamos nada desarrollado, como implementar la API, y además, como validarla utilizando herramientas como SOAPui. Además, se analizará aspectos muy importantes como la generación de documentación, casos de prueba y SDKs. Todo ello se debe utilizar uno de los lenguajes de definición de APIs, como SWAGGER, RAML O API BLUEPRINT. En este caso, se utilizará RAML para realizar los ejemplos.
Workshop sobre APIs realizado el 27 de abril en el Centro de Innovación de BBVA. En este evento hemos visto los detalles del funcionamiento, gestión de errores y conceptos de seguridad aplicados a APIs.
Presentación que muestra como definir una API Rest con RAML, definiendo los servicios GET/PUT/POST... Se utilizarán las herramientas de Mulesoft para diseñar la API con ApiDesigner
Diapositivas correspondientes a la parte sobre la plataforma de desarrollo Google App Engine del curso de extensión universitaria "Cloud Computing. Desarrollo de Aplicaciones y Minería Web", celebrado en la Escuela Universitaria de Ingeniería Informática de Oviedo
Descubriendo Ruby on Rails (Desarrollo Agil de Aplicaciones Web)lenny
Esta es la presentación correspondiente a la charla "Descubriendo Ruby on Rails: Desarrollo Agil de Aplicaciones Web" dictada el 5 de Junio de 2007 por Juan Maria Martinez Arce y Carlos Kozuszko, ambos miembros de INSIGNIA (www.insignia4u.com); en el marco de la "Semana de la Ingenieria 2007".
Tutoriales - Explorando AWS con Java.
Aprende a descubrir los diferentes servicios que ofrece AWS para explotar por medio de Java a través de la capa gratuita.
dotnetMalaga-2020 Gestión de la configuración en aplicaciones WebPedro J. Molina
Charla impartida en dotnetMalaga el 2022.11.12 en la Facultad de Informática de Málaga.
Gestión de la configuración en aplicaciones Web. Como empaquetar, versionar y configurar nuestro software en un ambiente empresarial para minimizar errores y máximizar la seguridad de operación.
Session talk presented at Innosoft 2022.11.11 University of Sevilla.
Presented the concept of Infrastructure as Core and its practical approach using Hashicorp Terraform a a tool to provision in the cloud. Examples with AWS are provided in a Guthub repository.
LangDev 2022 Metamodeling on the Web with EssentialPedro J. Molina
Slides for LangDev 2022. Talk.
http://langdevcon.org/
Pedro J. Molina: Essential 2.0 & Meow: Model Editors on the Web
Essential is a Language Workbench and tooling for implementing Model Driven tools on .NET initiated in 2008.
During this time the tool has been adapted to create metamodels, models, templates and model transformation in a complete integrated development environment (IDE). Essential has been used with success to prototype, create and evolve high-quality commercial code-generators.
In the last years, works to migrate Essential to the Web (version 2.0) has been performed to allow using its potential for cloud-based application and in the browser. Quid is one of the first tools created using Essential for Web. Moreover, Essential 2.0 is totally web-based and parsers and model editors has been recreated from scratch into TypeScript to fully embrace the Web platform and provide easy tooling for creating modeling environments on the Web. In this sense, Meow is a companion library for Essential to allow dynamically edit models on the web enforcing an arbitrary Essential Metamodel. Bindings for importing and exporting EMF ECore Models are provided to make it easy to reuse models.
Talk sharing career paths and experiences on Startups, Academia, & Industry to PhD students considering setting up a Startup.
Some advice to my younger self for building a startup.
Talk to Lowcomote's PhD Student on 2021.11.04.
By: Pedro J. Molina PhD. founder at Metadev S.L.
Presentación en Jornada “Ingeniería del Software Dirigida por Modelos en la industria” el 2019-11-25
https://mde-network.github.io/events/mde-industry-day
MDE permite construir aplicaciones de modo estructurado, trazable y repetible. Estas buenas propiedades son ideales para la construcción de software seguro. Las técnicas de generación de código permiten garantizar cumplimento de normativa y forzado de políticas de seguridad. Se ilustran ejemplos industriales de su uso.
Charla impartida del 12 de mayo de 2018 en SuperSEC, Almería, España.
Charla impartida en el Sevilla Developers Conference el 18 de febrero de 2017. Introducción a Microservicios, tecnologías, casos de uso y stacks en diversos lenguajes.
Introducción al framework Angular 2 para el desarrollo de aplicaciones Web. Revisión a sus conceptos principales y su alineación con el estándar Web Components.
Charla impartida el 26 de enero de 2017 para SevillaJS.
Hivepod permite construir y desplegar servidores de aplicación en nube a partir de modelos de datos de usuarios basados en hojas de calculo. Esta presentación preparada para el grupo de usuarios de R en Sevilla (2015.12.02) muestra como usarlo en escenarios de OpenData y para trabajo estádistico.
Escaneo y eliminación de malware en el equiponicromante2000
El malware tiene muchas caras, y es que los programas maliciosos se reproducen en los ordenadores de diferentes formas. Ya se trate de virus, de programas espía o de troyanos, la presencia de software malicioso en los sistemas informáticos siempre debería evitarse. Aquí te muestro como trabaja un anti malware a la hora de analizar tu equipo
Si bien los hospitales conjuntan a profesionales de salud que atienden a la población, existe un equipo de organización, coordinación y administración que permite que los cuidados clínicos se otorguen de manera constante y sin obstáculos.
Mario García Baltazar, director del área de Tecnología (TI) del Hospital Victoria La Salle, relató la manera en la que el departamento que él lidera, apoyado en Cirrus y Estela, brinda servicio a los clientes internos de la institución e impulsa una experiencia positiva en el paciente.
Conoce el Hospital Victoria La Salle
Ubicado en Ciudad Victoria, Tamaulipas, México
Inició operaciones en el 2016
Forma parte del Consorcio Mexicanos de Hospitales
Hospital de segundo nivel
21 habitaciones para estancia
31 camas censables
13 camillas
2 quirófanos
+174 integrantes en su plantilla
+120 equipos médicos de alta tecnología
+900 pacientes atendidos
Servicios de +20 especialidades
Módulos utilizados de Cirrus
HIS
EHR
ERP
Estela - Business Intelligence
8. API
Servicio para que otros los
consuman
Descripción técnica (orientado a
devs)
Promueve la interoperación de
sistemas mediante contratos claros
y perdurables en el tiempo
Application Programmer Interface
10. APIs agnósticas de lenguaje
1. CORBA >> C + IDL
2. SOA >> XML + SOAP + WDSL …
3. REST >> JSON + HTTP
11. Breve Historia
2011.09 Swagger 1.0
2015.03 SmartBear compra Swagger
2016.01 SmartBear dona Swagger a Linux Fund.
2016.01 OpenAPI 2.0 / Linux Foundation
2017.07 OpenAPI 3.0
2018.10 OpenAPI 3.0.2
12.
13. OpenAPI Initiative
Herramientas
Editor http://editor.swagger.io
Explorador de APIs http://petstore.swagger.io
Validador https://online.swagger.io/validator
Generadores opensource para
skeletons para backends
proxies para clientes o front-end
http://swagger.io/swagger-codegen
14. Casos de uso
1. API Legada
2. Contrato primero
3. Dirigida por el servicio
15. 1. API Legada
Documentar un API existente
Construcción del contrato
http://editor.swagger.io
Validación
Resultados:
API documentada
Generación de SDKs para cliente
API
16. 1. API Legada. Ejemplo
¿Es Nieves un nombre de hombre o de mujer?
Servicio web para descubrirlo
http://www.jerolba.com/mujeres-y-hombres-y-serverless
GET https://us-central1-hombre-o-mujer.cloudfunctions.net/gender?name=nieves
Créditos: Jerónimo López @jerolba
API
17. openapi: ‘3.0.2'
info:
version: "1.0.1"
title: Hombre o mujer.
tags:
- name: Gender
description: API para género for frecuencia estadística.
1. API Legada. Contrato API
http://bit.ly/gender-openapi3
18. paths:
/gender:
get:
description: |
Devuelve la probabilidad de que el nombre sea de mujer u hombre.
parameters:
- name: name
in: query
description: Nombre de la persona
required: true
schema:
type: string
responses:
# Response code
‘200’:
description: Respuesta con exito
content:
application/json:
schema:
$ref: ‘#/definitions/GenderResponse’
1. API Legada. Contrato API
'404':
description: Not found
content:
application/json:
schema:
$ref:
'#/components/schemas/GenderNotFoundResponse'
19. totalMale:
type: number
format: int32
totalFemale:
type: number
format: int32
GenderNotFoundResponse:
required:
- name
- gender
properties:
name:
type: string
gender:
type: string
components:
schemas:
GenderResponse:
required:
- name
- gender
- probability
- totalMale
- totalFemale
properties:
name:
type: string
gender:
type: string
probability:
type: number
format: float
1. API Legada. Contrato API
20. 2. Contrato Primero
La especificación se escribe en primer lugar
http://editor.swagger.io
Puede generarse:
un skeleton para el backend
Un proxy o SDK para el cliente
Permite paralelizar el trabajo en backend y frontend.
Los cambios al contrato pueden versionarse
adecuadamente.
API Cliente
23. 3. Dirigida por el servicio
El servicio define el contrato
La especificación del API en formato OpenAPI se genera por
una librería que hace reflexión sobre el servicio.
Requiere cuidado para no romper la compatibilidad del API.
Ejemplo: https://openapi3.herokuapp.com
Fuente: https://github.com/pjmolina/event-backend
API Cliente
25. API ManagementTools
Aportar una capa que se
coloca por delante del API
Gestionada por 3ºs
Aporta:
Autenticación, Autorización
Seguridad basada en roles
Protección frente a ataques DOS
Monetización: cobro por
Escalado
Auditoría
Métricas de uso, analíticas
Ejemplos
3scale
Apigee
Mashape Kong
CA 7Layers
Azure API Management
IBM Bluemix API
Management
WSO
26. Escalabilidad en APIs
API sin estado
Con un balanceador de carga
en el frontal (como p.e.
nginx o ha-proxy)
Que distribuye el trafico a N
(con N>=2) servidores
DNS, SSL y certificados se
configuran solo en el
balanceador
api
lb api
api
#0
#1
#2
443
80
28. Estandarización de APIs
Gobierno de Holanda
Estandarizo OpenAPI 3.0 a nivel nacional (2018.05) https://www.linkedin.com/pulse/why-
dutch-government-standardised-openapi-3x-dimitri-van-hees/
Gobierno de Canadá, British Columbia
https://catalogue.data.gov.bc.ca/group/bc-government-api-registry
En estudio por la Comisión Europea. Considerando estandarizarlo en toda la
UE.
eBay publica todas su APIs en formato OpenAPI 3.0
Stripe https://github.com/stripe/openapi
AWS
29. OpenAPI, la Banca y Fintech
Directiva Europea PSD2
Directiva para Pagos Digitales
Mercado Único de Pagos en la UE
Servicios de iniciación de Pagos (PIS)
Servicios de información de cuenta (AIS)
https://www.bbva.com/es/lo-saber-la-psd2/
https://www.swift.com/news-events/press-
releases/swift-creates-financial-sector-api-
blueprint
30. OpenAPI Roadmap
JSON Schema
Overlays
Firmado y encriptado de peticiones: JOSE
Más métodos de Autenticación (Certs, OAuth2 scopes)
Multisegment Paths
Message based API
Roadmap para 3.1:
https://github.com/OAI/OpenAPI-Specification/issues/1466
31. CAL Profile
CAL Profile https://github.com/metadevpro/cal
Se aceptan contribuciones (Issues, Pull Requests, etc.)
Recomendaciones para APIs REST sobre OpenAPI
Implementaciones de Referencia
NodeJS + TypeScript https://github.com/metadevpro/alba-node
dotNet Core https://github.com/metadevpro/alba-netcore