Upload File

embracing http in the era of api’s

69
An evening with Hadi Hariri

Upload: visug

Post on 14-Jul-2015

84 views

Category:

Software


0 download

Report

Tags:

TRANSCRIPT

Page 1: Embracing HTTP in the era of API’s

An evening with

Hadi Hariri

Page 2: Embracing HTTP in the era of API’s

Next event • Next%event:%The%highlights%of%TechEd%2014%%

•  Kurt%Claeys%%•  December%8th%2014%

Page 3: Embracing HTTP in the era of API’s

Prize draw • Put$your$business$card$(or$a$piece$of$paper…$or$a$napkin!)$in$the$box$outside$

• Win$a$DevExpress$DevExtreme$Web$license$

Page 4: Embracing HTTP in the era of API’s

Thanks for partnering with Visug!

Page 5: Embracing HTTP in the era of API’s

And now… • Hadi%Hariri%

•  Embracing*HTTP*in*the*era*of*API’s*•  So*you*write*JavaScript?*Keep*the*crap*out*of*there*then!*

Page 6: Embracing HTTP in the era of API’s

Embracing HTTP in the era of Web API’s

Hadi Hariri

Page 7: Embracing HTTP in the era of API’s

Announcement

Page 8: Embracing HTTP in the era of API’s
Page 9: Embracing HTTP in the era of API’s

With HTTP, your API is your Application

Page 10: Embracing HTTP in the era of API’s

With HTTP, your API is your Application

Page 11: Embracing HTTP in the era of API’s

Two Interfaces

Web Application

User Interface

API

Page 12: Embracing HTTP in the era of API’s

The Advantages

• It’s easy

• No real “other” way

Page 13: Embracing HTTP in the era of API’s

The Disadvantages

• Two Systems to maintain

• API is usually an afterthought

• Limitations of API

Page 14: Embracing HTTP in the era of API’s

One Interface

Web Application

API

Page 15: Embracing HTTP in the era of API’s

One Interface?

NEWMSG(“[email protected]”)

mailto:[email protected]
Page 16: Embracing HTTP in the era of API’s

One Interface

API Web Application

Page 17: Embracing HTTP in the era of API’s

The Advantages

• One Interface

• Single System

• The API is designed from the get-go

Page 18: Embracing HTTP in the era of API’s

The Disadvantages

• The API is designed from the get-go

Page 19: Embracing HTTP in the era of API’s

Is this possible?

Page 20: Embracing HTTP in the era of API’s

Why is this possible? Why now?

• Frameworks Evolve - More push to Client Side

• JavaScript has become a viable language

• HTTP has been undervalued

• REST is now a buzzword

Page 21: Embracing HTTP in the era of API’s

HTTP - Application Protocol

Page 22: Embracing HTTP in the era of API’s

HTTP in the OSI LayerApplication

Presentation

Session

Transport

Network

Data Link

Physical

Application

Page 23: Embracing HTTP in the era of API’s

HTTP 101

Demo of server. Headers / Responses, etc.

Page 24: Embracing HTTP in the era of API’s

Let’s talk API

Page 25: Embracing HTTP in the era of API’s

POST /domain.com/appServices 200 OK

Page 26: Embracing HTTP in the era of API’s

We can do better

Page 27: Embracing HTTP in the era of API’s

Multiple Endpoints

Page 28: Embracing HTTP in the era of API’s

POST /domain.com/calculateAge 200 OK

POST /domain.com/getCustomers 200 OK

Page 29: Embracing HTTP in the era of API’s

Typical CRUD Apps

• Create

• Read

• Update

• Delete

Page 30: Embracing HTTP in the era of API’s

Typical CRUD Apps

• Create - POST

• Read - GET

• Update - PUT

• Delete - DELETE

* Don’t take this literally…

Page 31: Embracing HTTP in the era of API’s

200 OKPOST /domain.com/customer

GET /domain.com/customer/1 200 OK

Page 32: Embracing HTTP in the era of API’s

DemoResponse with Json

Page 33: Embracing HTTP in the era of API’s

Verbs

• Client-Side Support

• Hidden Field with POST

• Query Parameter with GET/POST

• X-Http-Method-Override Header

Page 34: Embracing HTTP in the era of API’s

Allowed Verbs

• Not every resource allows every method

• Allows you to restrict what can be done

Page 35: Embracing HTTP in the era of API’s

DemoAuto Options

Page 36: Embracing HTTP in the era of API’s

Creating Resource and Location Headers

200 OKPOST /domain.com/customer

Page 37: Embracing HTTP in the era of API’s

DemoLocation Headers

Page 38: Embracing HTTP in the era of API’s

Errors

500 Internal Server ErrorPOST /domain.com/customer

Page 39: Embracing HTTP in the era of API’s

Status CodesStatus Code

Description200 OK201 Created. New resource202 Accepted. Async Ops301 Moved Permanently. 302 Found. (Used for Redirect)304 Not Modified. Conditional GET400 Bad Request401 Unauthorized403 Forbidden404 Not Found405 Method Not allowed. Control Flow409 Conflict500 Internal Server Error501 Not Implemented503 Service unavailable….

Page 40: Embracing HTTP in the era of API’s

Let’s talk Interfaces

Page 41: Embracing HTTP in the era of API’s

GET /checkvist.com/checklists/440751

Page 42: Embracing HTTP in the era of API’s

GET /checkvist.com/checklists/440751

Page 43: Embracing HTTP in the era of API’s

Resource Representation

Page 44: Embracing HTTP in the era of API’s

URL Extension

http://domain.com/customer/25.json

http://domain.com/news/article1.es

URL Query Parameters

http://domain.com/customer/25?format=json

Accept Headers

Content Negotiation

Page 45: Embracing HTTP in the era of API’s

DemoSingle Entry. Single Representation

Page 46: Embracing HTTP in the era of API’s

DemoManual Content Negotiation

Page 47: Embracing HTTP in the era of API’s

DemoAuto Content Negotiation

Page 48: Embracing HTTP in the era of API’s

Performance and Reliability

Page 49: Embracing HTTP in the era of API’s

Making things reliable

Safe and Idempotent Verbs

Page 50: Embracing HTTP in the era of API’s

Caching Built In

• Max-Age

• Expires

• Conditional GETs (ETags)

Demo of Caching

Page 51: Embracing HTTP in the era of API’s

DemoE-Tags

Page 52: Embracing HTTP in the era of API’s

Let’s talk Program State

Page 53: Embracing HTTP in the era of API’s

HATEOAS

Page 54: Embracing HTTP in the era of API’s

Hypermedia

Page 55: Embracing HTTP in the era of API’s
Page 56: Embracing HTTP in the era of API’s
Page 57: Embracing HTTP in the era of API’s

Hypermedia

POST /domain.com/order

Page 58: Embracing HTTP in the era of API’s

Media Types• XML and Microformats

• Existing Format:s ATOM

• Custom Formats:

Content-Type: application/vnd.company.doman+xml

• JSON:

• HAL

• JSON-DL

Page 59: Embracing HTTP in the era of API’s

State Maintenance

• State is pushed to client

• Server cannot maintain state

• What about Cookies?

Page 60: Embracing HTTP in the era of API’s

Added Benefit of Discoverability

• Known Entities - It’s all a resource

• Known Operations - Constraint on Verbs

• Known Representations - Same Resource

• Hypermedia Navigation - Know next steps

Page 61: Embracing HTTP in the era of API’s

Let’s talk Versioning

Page 62: Embracing HTTP in the era of API’s

Versioning

• URL Versioning

GET /domain.com/api/v1/customer

• Custom Header

X-Version: 2

• Accept Header

Accept: application/vnd.mytype.v2+json

Page 63: Embracing HTTP in the era of API’s

Let’s talk Security

Page 64: Embracing HTTP in the era of API’s

Options

• HTTP

• HTTPS

• Digest

• OAuth

• Federated Security

Page 65: Embracing HTTP in the era of API’s

Let’s talk ReST

Page 66: Embracing HTTP in the era of API’s

Richardson Maturity Model

Level 3:

Hypermedia

Level 2: HTTP Verbs

Level 1: Resources

Level 0:POX

Page 67: Embracing HTTP in the era of API’s

Summary

• HTTP API == Application Interface

• You can have HTTP API and not be ReSTful

• ReSTFul systems over certain benefits when abiding by certain constraints

Page 68: Embracing HTTP in the era of API’s

Recommended Reading

Page 69: Embracing HTTP in the era of API’s

Thank you@hhariri

[email protected]


Creating RESTful API’s with Grails and Spring Security

The developer’s guide to the SkyDrive API’s

Multithread API’s Adam Piotrowski Grzegorz Jabłoński Lecture III

Mobile Application Development with JUCE and Native API’s

Geo API’s #WIN or #FAIL

Standardizing web-services Swedish development of open API’s Niklas Holmgren

Overview of API’s Guidance · Overview of API’s Guidance Documents on Hydraulic Fracturing Thank you! Stephanie Meadows American Petroleum Institute 1220 L Street, NW Washington,

Introducing the new SystemVerilog 3.1 C API’s

API’s and Identity: Enabling Optum to become the HealthCare cloud

Unix file api’s

and software. particularly obsessed with wireless. degree ... CON 27/DEF CON 27... · data leaks sharing is caring! App API’s using HTTP Found in the DEFCON 25 dataset this API

Agoria Embracing Technology Embracing Ambition

Api’s abertos

API’s, Db2’s Native REST Support and z/OS Connectconferences.gse.org.uk/attachments/presentations/jZw1uO_150974158… · API’s, Db2’s Native REST Support and z/OS Connect

API’S GLOBAL INDUSTRY SERVICES/media/APIWebsite/products-and-services/API_… · API’S GLOBAL INDUSTRY SERVICES API drives safety, environmental protection, and sustainability

Sustainable Production of Advanced Intermediates and API’s ......Sustainable Production of Advanced Intermediates and API’s Using Bio- and Homogeneous Catalysis . ... (also regulatory)

Por que api’s

API’s. They’re snazzy.. API’s are nifty. Human/Computer: GUI AS Computer/More complex Computer: API

Play%framework2 · 2012-05-29 · e.g. Java Servlet API’s HTTP session (which isn’t actually part of HTTP) State belongs in other tiers HTTP client, server cache or database Web

CSE 403 Spring 2014 Jackson Roberts · OWASP Top 10 CWE Top 25 Provide resources for you to learn more. HTML, JavaScript and the DOM ... Mobile Apps and HTTP API’s How are mobile

API’S GLOBAL INDUSTRY SERVICES

Moxie API Documentation · Moxie API Documentation, Release 0.1 1.2Authentication Authentication within Moxie API’s is done with HMAC. This means HTTP requests on these API’s

with 3rd party API’s Integrating Drupal

ESTUDIO COMPARATIVO DE LOS API’s DE …repositorio.espe.edu.ec/bitstream/21000/5104/1/T-ESPE...2.13 Ventajas y desventajas del uso de API’s de búsqueda como parte fundamental

CETIF - DIGITAL BANKING HUB...The value of GFT’s API Governance Framework Governance Process Design API’s life cycle definition (Global/Local) API’s conceptual model for the

API’s and Micro Services 0.5

HTML5 Security API’s Proposal WG3 Report Section IV.A 1 DSTAC WG3 Report HTML5 Security API’s Proposal

Working with Amorphous API’s - fysikaalinenfarmasia.fi · Working with Amorphous API’s Edwin Aret Avantium Technologies BV Drug Development of Tomorrow Tuohilampi / Vihti, Finland

API’s Emerging Issues Task Force and the journey to

Multithread API’s

Big Data API’s and Analytics

Best Practices, Optimized Interfaces, API’s designed for ... · Best Practices, Optimized Interfaces, API’s designed for Storing Massive Quantities of ... made it difficult to

Indu...impurity profiling of api’s using rp hplc as per

Thomas Jefferson University...API’s – Standards Based API’s • Networks can be developed – Passive Networks are created automatically based on current or past relationships

Multithread API’s Adam Piotrowski Grzegorz Jabłoński Lecture IV