1 / 17

Public Facing API’s

Public Facing API’s. Simon Free Senior Developer. Topics. What are APIs? Why would you create an API? What can you do with APIs? How are APIs created with ColdFusion Planning Rules Pitfalls Security Development Strategies. What are APIs?. Application Programming Interface

minty
Download Presentation

Public Facing API’s

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Public FacingAPI’s • Simon Free • Senior Developer

  2. Topics • What are APIs? • Why would you create an API? • What can you do with APIs? • How are APIs created with ColdFusion • Planning • Rules • Pitfalls • Security • Development Strategies

  3. What are APIs? • Application Programming Interface • A collection of methods, functions, procedures or protocols available to developers • They can be private, public or on limited access • A gateway into your system

  4. Why would you create an API? • Allow for code reuse and / or service reuse • Allow for access via different mediums • Increase use of your product (think twitter) • Allow your product to be combined with another product (Mash-ups) • Let the community to do all the work for you :-)

  5. What can you do with an API? • Pretty much anything! • Post and return data • Return small and large amounts of data • Open up a security hole in your system a mile wide that will allow people to steal all your data, access the client database and cause you to have endless amounts of legal problems and eventually drive you to php or worse, .NET

  6. How are APIs created with CF? • cfc’s with access set to remote • Usually a singular cfc is the access point • Other cfc’s can be accessed via the access cfc (similar to a facade)

  7. Planning • Think of all technologies • Think of common tasks and make them one call • Limit the number of calls needed • Create a standardized data return structure • If there is an error should that break the mold? How are they going to be handled? • Document

  8. Rules • Return XML • For success and failure keep the same structure • Keep function names the same style • Only have necessary functions set to remote • Add hints, comments and display names • DOCUMENT!!!!

  9. Pitfalls • Can not rely on the session scope • If you are not using cfc’s already you will spend a lot of re-factoring • Fulfilling everyones needs without overloading on data • Over complicating the process for the user • Opening up a potential security hole • lack of DOCUMENTATION!!!!!!!

  10. Security • The biggest security risk is YOU! • Do not give detailed error messages • Track # of incorrect logins and block people if necessary • Use a token authentication system • Never pass back session information

  11. Security cont. • When returning an ID use uuid • Don’t return sensitive information • Try and limit the amount of data returned (say 50 records)

  12. Development Strategies One Pot

  13. Development Strategies Facade

  14. Development Strategies Facade

  15. Development Strategies Half and Half

  16. Code Time!

  17. Thats All! • Questions or Comments? • simon@simonfree.com • Slides will be posted at: • http://www.simonfree.com

More Related