1 / 49

An Introduction into the Web API

Web API

IntegratorBrad
Download Presentation

An Introduction into the Web API

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Introduction into the Web API Brad Genereaux | @integratorbrad | about.me/integratorbrad Web Developers P2P : February 2014

  2. Topics • API • REST • Security • Web • Integration

  3. Housekeeping • About Me (Brad Genereaux) • Healthcare and API developer • Integration Architect at Agfa Healthcare • Blogger about all the API things • Discussion and questions • Hold on to them for the end

  4. The API Application Programming Interface

  5. What is an API? • Methods to access data and workflow from an application without using the application itself

  6. API Example vs

  7. Why an API? • Not all users are the same • Some want: • Some want / need: • And their needs and wants are ever shifting

  8. An API Stack

  9. … sounds like a good framework for Web …

  10. The REST REpresentational State Transfer

  11. Source: http://www.slideshare.net/jmusser/j-musser-apishotnotgluecon2012

  12. What is REST? Client server model Stateless Idempotency Cacheable Layered System Uniform interface

  13. Why REST? Scalable Fault-tolerant Recoverable Secure Loosely coupled

  14. What systems support REST? Clients Browsers Mobile Apps Desktop Apps Servers “Capable of HTTP” Java-based .Net-based PHP Ruby Perl Etc.

  15. Three levels of REST • Level 1 : Resources • Level 2 : Verbs • Level 3 : HATEOAS

  16. Resources, Level 1 REST • /users • /users/integratorbrad • /users/integratorbrad/tweets • /users/integratorbrad/tweets/1

  17. Verbs, Level 2 REST • CRUD

  18. What is CRUD? Standard database operations:C reateR eadU pdateD elete

  19. Verbs, Level 2 REST • CRUD • GET /tweets (as opposed to /givemethetweets) • POST /appointments (as opposed to /createnewtweet) • PUT /appointments/1 (as opposed to /updatetweet/1) • DELETE /appointments/1 (as opposed to /removetweet/1)

  20. RESTful Methods • There are other methods less used (HEAD, OPTIONS, PATCH) for other purposes • Representations of an item are specified by the media type (MIME type) Source: http://www.slideshare.net/jmusser/j-musser-apishotnotgluecon2012

  21. HATEOAS, Level 3 REST Hypermedia as the engine of application state "links": [ { "rel": "UserInfo", "href": "https://.../user/12345678" }, { "rel": "Tweets", "href": "https://.../tweet/87654321" }, { "rel": "Messages", "href": "https://.../msgs/11223344" }] "ids" : [ 12345678, 87654321, 11223344]

  22. Data Formats (XML and JSON) • XML (135 characters):<tweets> <tweet type="text" id="1"> <text>REST is great!</text> </tweet> <tweet type="text" id="2"> <text>APIs forever!</text> </tweet></tweets> • JSON (109 characters):{ "tweets": [ {"type": "text", "id": "1", "text": "REST is great!"}, {"type": "text", "id": "2", "text": "APIs forever!"} ]} • XML can be validated (XML Schema), stylized (XSL), traversed (XPath), queried (XQuery), transformed (XSLT), and namespaced • JSON is easier

  23. What makes for good REST? Self-documenting Nouns in path, verbs by HTTP Complexity under the “?” i.e., /tweets/?contains=API Errors use HTTP error code mechanism As simple as possible, but no simpler

  24. REST Alternatives Source: http://www.slideshare.net/jmusser/j-musser-apishotnotgluecon2012

  25. Important : Know your TTFHW !

  26. API Worst Practices 10. Poor error handling 9. Ignoring HTTP rules 8. Exposing your underlying data model 7. Security complexity 6. Unexpected release cycles 5. Poor developer experience 4. Expecting an MVC to give you a great API 3. Assuming if you build it, they will come 2. Inadequate support 1. Poor documentation Source: http://www.slideshare.net/jmusser/j-musser-apishotnotgluecon2012

  27. Authentication and Authorization • Authentication : Who • Authorization : What they are allowed to do • Not your job, but your responsibility

  28. Security

  29. Security Frameworks OAuth Authorizing services OpenID Facebook, Google LDAP Enterprise authentication

  30. Application Security Threats Source: http://en.wikipedia.org/wiki/Application_security

  31. SQL Injection Consider the following pseudo-code: String topic = request.getParameter(“topic"); SQLCommand sql = new SQLCommand("select * from tweets where topic like ‘" + topic + "%’") So what happens if the parameter is: API REST h3ck0rz’; drop table tweets; -- Source: http://xkcd.com/327/

  32. The Web

  33. HTML5 • “HyperText Markup Language” • Characterized by the DOM (document object model) Completely ubiquitous across the Internet <html> <body> <h1>Hello World</h1> </body></html>

  34. HTML5 • HTML “5” is somewhat of buzzword • New features • Canvas allows for rapid UI painting, real-time hardware-accelerated gaming and media streaming • Access to hardware like cameras and gyroscopes • Can function offline and store data

  35. JavaScript • Multi-paradigm weakly-typed scripting language • Used most often hand-in-hand with HTML • Not Java, at all (syntax based on C) • Example:alert (“Hello World!”); • Able to manipulate the DOM and interact with the browser environment

  36. CSS • “Cascading Style Sheets” • Allows for advanced stylization of content • Example:.giant { font-size: 72px; color: blue;} • Classes can be applied to many tags at once, and kept separately (allows rapid customizations) • CSS3 adds considerable new features (gradiency, rounded corners, drop shadows, etc.)

  37. AJAX “Asynchronous JavaScript and XML” Group of technologies that allow for robust client interactions without reloading web pages HTML and CSS for presentation DOM for display and interaction of data XML for data interchange XMLHttpRequest for asynchronous communication JavaScript to bring these technologies together AJAX is the key to consuming REST

  38. jQuery • “jQuery is a fast and concise JavaScript Library that simplifies HTML document traversing, event handling, animating, and Ajax interactions for rapid web development.” • Example:$(“#h1”).html(“Hello World!”); • jQuery tests against many browser platforms and solves a lot of the problems that supporting many platforms introduces

  39. Other Frameworks • UI Frameworks (Bootstrap, Foundation) • MVC Frameworks (Angular, Backbone) • Tooling (Yeoman, Lineman) • Documentation (Apiary, Swagger) • No shortage of options

  40. Integration

  41. API Popularity (2012) (from http://www.slideshare.net/jmusser/open-apis-whats-hot-whats-not-12506063 )

  42. Some REST API Examples Facebook Twitter Twilio Demo?

  43. Facebook Graph API Every object has an ID: Objects can be searched: Objects can be updated:

  44. Twitter REST API

  45. Twilio

  46. Demo?

  47. If This, Then That API Integration Website - http://ifttt.com/

  48. Need more REST? • Programmable Web (http://programmableweb.com) • Crafting Interfaces that Developers Love (http://offers.apigee.com/api-design-ebook-rr/) • API Craft Google Group (https://groups.google.com/forum/#!forum/api-craft)

  49. Discussion - Questions Brad Genereaux | @integratorbrad | about.me/integratorbrad

More Related