give me a rest
play

Give Me A REST! Amanda Folson Developer Advocate @ GitLab - PowerPoint PPT Presentation

Jun 21, 2023 •257 likes •709 views

Give Me A REST! Amanda Folson Developer Advocate @ GitLab @AmbassadorAwsum Who Am I to Judge? Developer Advocate at GitLab Average consumer of APIs and IPAs Well RESTed (you can boo at my pun) Professional conference attendee

  1. Give Me A REST! Amanda Folson Developer Advocate @ GitLab @AmbassadorAwsum

  2. Who Am I to Judge? Developer Advocate at GitLab ● Average consumer of APIs and IPAs ● Well RESTed (you can boo at my pun) ● Professional conference attendee and ● tinkerer @AmbassadorAwsum

  3. APIs are Everywhere @AmbassadorAwsum

  4. Great, but why do I care? Provides a uniform interface for interacting with your application ● API allows you to shard off services ● Decouples services ○ Website->API ○ Mobile->API ○ This is cool if you’re into SoA ● I am. ○ @AmbassadorAwsum

  5. Types of Application Programming Interfaces Language/Platform/Library APIs ● Win32 ○ C++ ○ OpenGL ○ Web APIs ● SOAP ○ XML-RPC ○ REST ○ @AmbassadorAwsum

  6. SOAP Stateful ● WS-Security ● Mostly obvious procedures (getRecord, delRecord) ● Need to know procedure name ○ Need to know order of parameters ○ @AmbassadorAwsum

  7. REST Gaining adoption ● HTTP-based (usually) ● No need to know order of parameters in most cases ● Can return XML, JSON, ? ● @AmbassadorAwsum

  8. Sounds Good, Let’s Build! @AmbassadorAwsum

  9. NO @AmbassadorAwsum

  10. “The best design is the simplest one that works.” -Albert Einstein @AmbassadorAwsum

  11. Slow Down Don’t rush into v1, v2, etc. ● Make sure you meet goals ● Involve users/engineers from the start ● This is hard ● @AmbassadorAwsum

  12. Design Immutable blueprint ● Contract between you and users ● SHARE ● The worst feedback is the feedback you don’t hear ○ Account for existing architecture ● Changes should provide actual value not perceived/potential value ● Design for uniformity ● @AmbassadorAwsum

  13. Know Thy Audience Who is this for? ● Us? Internal? ○ Them? Business partners/3rd parties? ○ ??? ○ What’s the incentive? ● @AmbassadorAwsum

  14. Ask! Stakeholders will tell you what they need ● Regardless of version, feedback should make it into your spec ● Build something people want ● @AmbassadorAwsum

  15. Spec Tools API Blueprint ● Swagger ● RAML ● The list goes on… @AmbassadorAwsum

  16. What is REST? Representational State Transfer ● HTTP-based routing and methods ● ○ PUT/GET/POST/etc. Stateless ● No sessions ○ HATEOAS ○ @AmbassadorAwsum

  17. Resources /resource is a gateway to an area of your application ● /users ○ /places ○ /things ○ CRUD actions can be performed on a single resource ● GET vs getUser, getMessage, getThing ○ Use plural nouns, no verbs (GET, CREATE, etc.) ● Can be for a single item or a collection of items ○ @AmbassadorAwsum

  18. Action Verbs @AmbassadorAwsum

  19. GET GET data from a /resource ● You do this daily by browsing the web. Go you. ● Uses query string to tell API what data to retrieve ● Returns 200 if everything’s OK ● It’s not always okay…more on that later ○ @AmbassadorAwsum

  20. POST Used to create/manipulate data ● Relies on a message body being sent vs query string (XML, JSON, ?) ● Returns 201 Created ● Should return URI to newly created resource ● @AmbassadorAwsum

  21. PUT Update a resource ● OVERWRITES EXISTING OBJECT WITH NEW ONE ● You don’t have to allow this, be careful with this because its use is inconsistent across APIs, should ○ be used consistently across resources Return 201 (Created) if you do this ○ Can’t use PUT within the resource itself (/messages) without an ID ○ PUT should never be use to wrangle partial updates ○ @AmbassadorAwsum

  22. PATCH Updates only the properties provided in the call ● 200 (OK) on successful update ● 304 (Not Modified) if nothing changed ● @AmbassadorAwsum

  23. DELETE Don’t allow on an entire collection (/users or /messages or /places) or limit it ● 200 (OK) if item or collection was deleted ● 204 (No Content) if item or collection was deleted but there’s no body to return ● 202 (Accepted) if request was accepted and deletion was queued (CDN, cache, ● etc.) @AmbassadorAwsum

  24. OPTIONS Not for interacting with data ● Informs clients of available methods ● Return 200 or 204 (No Content) ● You could also return 405 (Method Not Allowed) but why would you do that you ● monster? Useful when method should work on items but not collections within a resource ● (don’t DELETE and collection of users or messages) @AmbassadorAwsum

  25. Content Types Be nice, return more than one! ● JSON and XML are common ○ Different clients have different needs ○ Easy to add new types as needed if you design for this early on ○ If you only allow one type, inform that others aren’t allowed ● Use Content-type: to receive and parse client data ● Can use Accept header to see what format client wants back ● For simplicity you can just send back what they send ● ● @AmbassadorAwsum

  26. Replying Provide information on failures beyond HTTP status codes. ● “API Key does not have access to modify resource” is better than 403 Forbidden alone ○ 200 OK, 201 Created, 204 No Content, 304 Not Modified, 5xx We Screwed Up, Not You ○ HTTP status codes let client decide what to do next ○ No true standardized error message format, but Google Errors and JSON API are trying ○ Not Pokemon ● @AmbassadorAwsum

  27. HATEOAS Hypermedia As The Engine Of Application State ● Hypertext links to other resources (like links on a page) ● ○ Every object has actions to perform Choose your own adventure for navigation/pagination ● Give clients list of actions to take ○ Client tracks state ○ Server provides options to change state ○ HARD ● Requires knowing possible ways to interact with object ○ Clients have to know how to handle this, some will hardcode anyway ● @AmbassadorAwsum

  28. Hypermedia Specs Wishful thinking ● There are no standards for this ● JSON API? Custom? HAL? ● HAL/JSON API are good starting points with wide adoption ● @AmbassadorAwsum

  29. Versioning API is not the time to cowboy deploys/releases ● Design so that you never have to version ● Migrations are hard ● Maintaining n versions ● Deprecate carefully ● Not everyone can update in a weekend ○ @AmbassadorAwsum

  30. When to Version Backwards incompatible changes ● Creating new data models ○ When your API no longer meets you or your users’ needs ● BUT NOT When you add new resources or data fields ● @AmbassadorAwsum

  31. Version in URI https://api.myawesomestuff.com/v1/stuff ● Version is obvious to users ● Relative paths can’t always be hypermedia driven ● @AmbassadorAwsum

  32. Version in Content-type Content-type: application/json+v1 ● Cleaner, not as obvious ● Can default to a version if none is specified ● Devs need to know that they need to send this ● @AmbassadorAwsum

  33. Version in Custom Header Version: 1 ● MyApp: 2.6 ● No standards ● Requires GREAT docs ● Confusing for users who aren’t expecting it ● @AmbassadorAwsum

  34. Caching Ssscccaaallleee ● Cache on API client end ● Cache-control header (public, expires-at, no-cache, max-age), Expires ● Important that this info end up in docs/SDKs ● @AmbassadorAwsum

  35. Authentication Kill Basic Auth ● Keep username/passwords safe ○ OAuth ● Require users to explicitly authorize an app ○ ○ Tricky for some people to implement Restrict auth to HTTPS endpoints ○ ○ Restrict domains allowed to auth MITM attacks, make sure users store tokens well ○ @AmbassadorAwsum

  36. Security Treat users as hostile ● Don’t rely on single method ● Apply layers of security ● Permissions-based API keys/UAC ○ Per app, not per account. Will depend on your architecture ■ DNSBL ○ Content length/depth limits ○ ¿Recursive? ■ SQL injection ○ Rate limit/throttling ○ @AmbassadorAwsum

  37. Prototyping Laravel/Lumen, Flask, Rails, Mojolicious ● RESTful HTTP routing ○ Zero to API in ~1hr ○ Specs ● ○ Apiary, Mockable, RAML Frameworks allow importing of specs ○ ○ Some spec tools can autogenerate SDKs for you (APIMatic) Chrome REST API client, Postman, jsfiddle ● @AmbassadorAwsum

  38. Now what? @AmbassadorAwsum

  39. Maintenance Plan to maintain API, SDKs, docs ● Don’t launch and leave ● Allocate maintenance resources ● Community? Paid service? ● @AmbassadorAwsum

  40. Things Bad People Do Log in to view API docs ● Counter to open source mentality to use docs as a lead generation tool ○ Use HTTP (needs more S) ● No documentation ● Require name/password in URL structure ● ○ Can be saved in browser/CLI which is very insecure @AmbassadorAwsum

  41. SDKs Nice when these are provided to users ● Should have maintenance plan like API ● Need to be kept in sync ● Should be made by language experts ● @AmbassadorAwsum

  42. Documentation API is useless if no one knows how to use it ● NEEDS to be part of design process ● All inclusive ● Errors/methods/parameters ○ Reference and tutorial ○ In sync with changes to API ○ Include how to get help ● Open source is nice ● ● @AmbassadorAwsum

  43. The best API is the one that exists. @AmbassadorAwsum

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

28 Come to me, all you who are weary and burdened, and I will give you rest. 29 Take my yoke upon

28 Come to me, all you who are weary and burdened, and I will give you rest. 29 Take my yoke upon

28 Come to me, all you who are weary and burdened, and I will give you rest. 29 Take my yoke upon you and learn from me, for I am gentle and humble in heart, and you will find rest for your souls. 30 For my yoke is easy and my burden is light.

402 views • 5 slides
PROMISES OF GOD Come to me, all you who are weary and burdened, and I will give you rest. Take my

PROMISES OF GOD Come to me, all you who are weary and burdened, and I will give you rest. Take my

PROMISES OF GOD Come to me, all you who are weary and burdened, and I will give you rest. Take my yoke upon you and learn from me, for I am gentle and humble in heart, and you will find rest for your souls. For my yoke is easy and my burden is

318 views • 16 slides
Outline What is ReST ? Constraints in ReST REST Architecture Components Features of

Outline What is ReST ? Constraints in ReST REST Architecture Components Features of

Outline What is ReST ? Constraints in ReST REST Architecture Components Features of ReST applications Example of requests in REST & SOAP Complex REST request REST Server response Real REST examples REST Design

603 views • 34 slides
Come to me, all who are tired from carrying heavy loads, and I will give you rest. Matthew

Come to me, all who are tired from carrying heavy loads, and I will give you rest. Matthew

Come to me, all who are tired from carrying heavy loads, and I will give you rest. Matthew 11:8 Are you tired? Worn out? Burned out on religion? Come to me. Get away with me and youll recover your life. Ill show you how to take

487 views • 21 slides
REST API What it means to be RESTful What is REST REST stands for REpresentational State

REST API What it means to be RESTful What is REST REST stands for REpresentational State

REST API What it means to be RESTful What is REST REST stands for REpresentational State Transfer It is neither a standard nor a protocol REST is not HTTP , although because of HTTPs prevalence and popularity the two tend to go

708 views • 11 slides
Introduction to REST Web REST Web Services Characteristics Services Principle of REST Web

Introduction to REST Web REST Web Services Characteristics Services Principle of REST Web

Introduction to REST Web Services 2/14/2009 Agenda What is REST? Introduction to REST Web REST Web Services Characteristics Services Principle of REST Web Services Design Semantic of HTTP/1.1 Operations Asst. Prof. Dr. Kanda

522 views • 12 slides
Preparing a REST API Rules of REST APIs, API patterns, Typical CRUD operations Rules for a REST

Preparing a REST API Rules of REST APIs, API patterns, Typical CRUD operations Rules for a REST

Preparing a REST API Rules of REST APIs, API patterns, Typical CRUD operations Rules for a REST API Recall : REST Representational State Transfer o REST is statelessit has no idea of any current user state or history o API

535 views • 17 slides
EARLY Everything YOUR CHILD learns in the first two years influences the rest of his or her

EARLY Everything YOUR CHILD learns in the first two years influences the rest of his or her

Learning starts EARLY Everything YOUR CHILD learns in the first two years influences the rest of his or her life. What can you do to STIMULATE your childs DEVELOPMENT? Here are SIX WAYS to give your child a head start SING

367 views • 13 slides
Rest for the Restless (or Finding Rest in a Family Tree) Matthew 1:1-17 3 Promises of Rest for

Rest for the Restless (or Finding Rest in a Family Tree) Matthew 1:1-17 3 Promises of Rest for

Overview [not in slides] Rest for the Restless (or Finding Rest in a Family Tree) Matthew 1:1-17 3 Promises of Rest for the Restless 1. God promises rest in his righteousness 2. God promises rest in his presence 3. God promises rest in his

92 views • 5 slides
presentation kit leave the rest to us SM leave the rest to us SM centrally located leave the

presentation kit leave the rest to us SM leave the rest to us SM centrally located leave the

presentation kit leave the rest to us SM leave the rest to us SM centrally located leave the rest to us SM easy access to any places leave the rest to us SM exterior leave the rest to us SM lobby leave the rest to us SM lobby lounge

521 views • 18 slides
Developers Nicole Schmidt and Rob Kraft Agenda Lucity REST API introduction Lucity REST

Developers Nicole Schmidt and Rob Kraft Agenda Lucity REST API introduction Lucity REST

Lucity for Application Developers Nicole Schmidt and Rob Kraft Agenda Lucity REST API introduction Lucity REST API Recent Changes REST Client Applications Explained Web Hooks Other Options Future Plans Lucity REST API

498 views • 22 slides
Topics RPC vs. REST: What's the What makes an API truly REST best practices difference

Topics RPC vs. REST: What's the What makes an API truly REST best practices difference

Topics RPC vs. REST: What's the What makes an API truly REST best practices difference and why does it RESTful? (Constraints and (common problems and matter? interface) their solutions) Planning and developing Drupal services

632 views • 28 slides
RESTful Web Services Stefan Marr Agenda What is REST? The Bookmark Example Principles of REST

RESTful Web Services Stefan Marr Agenda What is REST? The Bookmark Example Principles of REST

RESTful Web Services Stefan Marr Agenda What is REST? The Bookmark Example Principles of REST Web Service Design Semantic of HTTP/1.1 Operations SOAP vs. REST Style Assets and Drawbacks Security Public Web Services HPI, Seminar Advanced

330 views • 10 slides
REST Web-based APIs REST Representational State Transfer Style of web software

REST Web-based APIs REST Representational State Transfer Style of web software

REST Web-based APIs REST Representational State Transfer Style of web software architecture that simplifies application Not a standard, but a design pattern REST Take all resources for web application (data, files, functions)

722 views • 22 slides
Continuations continued: the REST of the computation Anton van Straaten appsolutions.com 1

Continuations continued: the REST of the computation Anton van Straaten appsolutions.com 1

Continuations continued: the REST of the computation Anton van Straaten appsolutions.com 1 REST - The 10-second overview "the name given to the architecture of the World Wide Web by Roy Fielding." -- rest-discuss Following REST

789 views • 59 slides
FROM 00s TO 20s: FROM REST ful to gRPC Gianfranco Reppucci @giefferre Data Engineer WHAT

FROM 00s TO 20s: FROM REST ful to gRPC Gianfranco Reppucci @giefferre Data Engineer WHAT

FROM 00s TO 20s: FROM REST ful to gRPC Gianfranco Reppucci @giefferre Data Engineer WHAT THIS TALK IS ABOUT BEFORE REST S O A P Common Object Request Simple Object Broker Architecture Access Protocol REST: REpresentational State

792 views • 44 slides
Writing REST APIs with OpenAPI and Swagger Ada Stphane Carrez FOSDEM 2018 OpenAPI and Swagger

Writing REST APIs with OpenAPI and Swagger Ada Stphane Carrez FOSDEM 2018 OpenAPI and Swagger

Writing REST APIs with OpenAPI and Swagger Ada Stphane Carrez FOSDEM 2018 OpenAPI and Swagger Ada Introduction to OpenAPI and Swagger Writing a REST Ada client Writing a REST Ada server Handling security with OAuth2 Demo

970 views • 37 slides
Advanced Java API for RESTful Web Services (JAX-RS) Jakub Podlek Jersey Tech Lead, Oracle

Advanced Java API for RESTful Web Services (JAX-RS) Jakub Podlek Jersey Tech Lead, Oracle

Advanced Java API for RESTful Web Services (JAX-RS) Jakub Podlek Jersey Tech Lead, Oracle Agenda The current status of JAX-RS JAX-RS basics in one slide Selected topics The future of JAX-RS Q&A What this Presentation

856 views • 38 slides
REST: From GET to HATEOAS or how to create RESTful APIs 2 Who

REST: From GET to HATEOAS or how to create RESTful APIs 2 Who

JPoint REST: From GET to HATEOAS or how to create RESTful APIs 2 Who am I? ~ just some java guy ~ Jos Dirksen Interests Books Architect @ JPoint Java &

942 views • 53 slides
Qt a Qt and W nd WebSe bService rvices Tim Dewhirst <tim@kdab.com> WARNING! Acronym

Qt a Qt and W nd WebSe bService rvices Tim Dewhirst <tim@kdab.com> WARNING! Acronym

Qt a Qt and W nd WebSe bService rvices Tim Dewhirst <tim@kdab.com> WARNING! Acronym Heavy Overview What are they? History Popular service types Qt Clients Servers What are they? W3C: "a software system

618 views • 39 slides
WORDY Giovanni Luca Lo Magno lomagno.gl@virgilio.it University of Palermo SWire at a glance

WORDY Giovanni Luca Lo Magno lomagno.gl@virgilio.it University of Palermo SWire at a glance

2017 German Stata Users Group meeting Berlin, June 23 Connecting Stata to the rest of the world via SWire : several applications including SWordy, an Office add-in to facilitate interaction between Microsoft Word and Stata WORDY Giovanni Luca

1.86k views • 152 slides
Building a Killer REST Client for Your REST+JSON API Les

Building a Killer REST Client for Your REST+JSON API Les

Building a Killer REST Client for Your REST+JSON API Les Hazlewood @lhazlewood Apache Shiro Project Chair CTO, Stormpath stormpath.com @lhazlewood |

701 views • 59 slides
Rest Service with Intellij Overview Download IntellIj and run as Administrator Setup

Rest Service with Intellij Overview Download IntellIj and run as Administrator Setup

Rest Service with Intellij Overview Download IntellIj and run as Administrator Setup Server Create Project Create Artifact Check Artifact to server Add Java Code Compile Add Server Download Glass Fish

565 views • 14 slides
Practical Memory Safety with REST KANAD SINHA & SIMHA SETHUMADHAVAN COLUMBIA UNIVERSITY Is

Practical Memory Safety with REST KANAD SINHA & SIMHA SETHUMADHAVAN COLUMBIA UNIVERSITY Is

Practical Memory Safety with REST KANAD SINHA & SIMHA SETHUMADHAVAN COLUMBIA UNIVERSITY Is memory safety relevant? In 2017, 55% of remote-code execution causing bugs in Microsoft due to memory errors Is memory safety relevant? Yes!

827 views • 47 slides

More recommend