SlideShare ist ein Scribd-Unternehmen logo

API Design Principles for Accelerated Development

Als PPTX, PDF herunterladen
Jonathan LeBlanc
Jonathan LeBlanc

Audio from this presentation is available at https://archive.org/details/api_design One of the largest issues in API architecture development is that the task is often driven by the pragmatic indoctrination of a specification into a product rather than designing around the speed and ease of development, usually due to a separation between the engineering teams and their core developer user base. Extending upon the ideas of API design around developer accelerated development, we will take a deeper look into some of the great techniques delivered to us through the RESTful specification, applying them to developer API consumption practices with the intention of creating efficient best practices for rapid development. Within this talk we will explore what we have learned through reconstructing our API backbone at PayPal for our developer community, including: - API automation practices for code reduction and application longevity - Open security standards that promote developer integration ease and maintain strict security practices - RESTful API architecture best practices for developer centric accelerated development

TechnologieBusiness
1 von 41
API Design Principles For Accelerated Development Jonathan LeBlanc (@jcleblanc) Head of Developer Evangelism PayPal North America
The Exploration of API Design Blank Slate Constraints
Building APIs for Developers
The Tradeoff Decision
Developer efficiency task 1 Lowering perceived latency for developers Lower Perceived Latency
What’s the Tradeoff? System Layering Result Caching
Layering the System Encapsulates legacy systems Simplified components Better load balancing abilities Systems can evolve independently
Separation of Concerns
Stateless System Latency Issues Data Duplication A + B A + C
Caching for Latency Reduction
Developer efficiency task 2 Use HTTP properly – standard request and response types Not Hindering with HTTP
What’s the Tradeoff?
Requests and Responses GET / PUT / POST / DELETE have specific actions Proper status codes and error responses
Don’t do This {"error": "error 10008"} Do This HTTP/1.1 400 Bad Request Content-Length: 35 {"message":"Problems parsing JSON"} Descriptive Messaging
X-Rate-Limit-Limit Number of requests allowed in current period X-Rate-Limit-Remaining Number of remaining requests in current period X-Rate-Limit-Reset Number of seconds left in current period Useful Responses on Rate Limiting
Use Status Cats! http://httpcats.herokuapp.com/ Don’t Want to Use Boring Responses?
Allowing HTTP Overriding curl -i -X POST https://api.sandbox.paypal.com/v1/payments/ -H "Content-Type:application/json" -H "X-HTTP-Method-Override: PUT" Injecting PUT / DELETE methods when HTTP client only supports GET / POST
Action Automation
What’s the Tradeoff? Payload Size Code Length
RESTful API Core Concepts Honor HTTP request verbs Use proper HTTP status codes No version numbering in URIs Return format via HTTP Accept header Double Rainbow: Discovery via HATEOAS
To Version or Not to Version
Uniform Interface Sub-Constraints Resource Identification Resources must be manipulated via representations Self descriptive messages Hypermedia as the engine of application state
How we Normally Consume APIs
Using HATEOAS to Automate
How HATEOAS Works curl -v -X GET https://api.sandbox.paypal.com/v1/payments/authoriz ation/2DC87612EK520411B -H "Content-Type:application/json" -H "Authorization:Bearer ENxom5Fof1KqAffEsXtx1HTEK__KVdIsaCYF8C" You make an API request
"links": [ { "href":"https://api.sandbox.paypal.com/v1/payments/ authorization/6H149011U8307001M", "rel":"self", "method":"GET" },{ "href":"https://api.sandbox.paypal.com/v1/payments/ authorization/6H149011U8307001M/capture", "rel":"capture", "method":"POST" },{ "href":"https://api.sandbox.paypal.com/v1/payments/ authorization/6H149011U8307001M/void", "rel":"void", "method":"POST" } ]
Developer efficiency task 2 Secure Data Resources
What’s the Tradeoff? Security Usability
Some Security Models Proprietary Solution Basic Authentication OAuth 1.0a OAuth 2 / OpenID Connect Cross-Origin Resource Sharing (CORS)
A Modern Approach CORS Client-side SDK OpenID Connect Server-side SDKs
Working on the Server Side SDKs Secure Token Management Simplified Development
Cross Origin Issues and Options Access to other domains / subdomains is restricted (same origin policy) JSONP to request resources across domains Only supports HTTP GET requests Cross-origin resource sharing (CORS) Supports additional range of HTTP requests
Can you use it? http://caniuse.com/cors
How Does it Work? OPTIONS /v1/oauth2/token HTTP/1.1 Origin: http://jcleblanc.com Access-Control-Request-Method: PUT Host: api.sandbox.paypal.com Accept-Language: en-US Connection: keep-alive ... Site sends Origin header to server
How Does it Work? Server responds with matching Access-Control-Allow-Origin header Access-Control-Allow-Origin: http://jcleblanc.com Access-Control-Allow-Methods: GET, POST, PUT Content-Type: text/html; charset=utf-8
Developer efficiency task 4 Offload complexity to the implementing provider Offload Complexity
The Complexities Authentication / Authorization Legacy API support Working between versioning API changes that break implementations Reduction in latency
GET /payment POST /sale POST /payment DELETE /refund GET /getSinglePayment POST /setNewSingleSale POST /addNewSinglePayment DELETE /issueSingleRefund URL Structure, Verbs, and Nouns
Representations on Update / Create { "id": "PAY-17S8410768582940NKEE66EQ", "create_time": "2013-01-31T04:12:02Z", "update_time": "2013-01-31T04:12:04Z", "state": "approved", "intent": "sale", "payer": {...}, "transactions": [{...}], "links": [{...}] } Send enough detail to not have to make another request to the API
API architecture is all about tradeoffs You are not making a perfect system, you are making a perfect system for your developers Bringing it all Together
Thanks! Questions? http://slideshare.net/jcleblanc Jonathan LeBlanc (@jcleblanc) Head of Developer Evangelism PayPal North America

Empfohlen

The API-Application Semantic Gap
The API-Application Semantic GapThe API-Application Semantic Gap
The API-Application Semantic Gap3scale
 
API Virtualization: Mocking on Steroids
API Virtualization: Mocking on SteroidsAPI Virtualization: Mocking on Steroids
API Virtualization: Mocking on SteroidsSmartBear
 
The API Facade Pattern: Common Patterns - Episode 2
The API Facade Pattern: Common Patterns - Episode 2The API Facade Pattern: Common Patterns - Episode 2
The API Facade Pattern: Common Patterns - Episode 2Apigee | Google Cloud
 
API Test Automation
API Test Automation API Test Automation
API Test Automation SQALab
 
Evaluating and Testing Web APIs
Evaluating and Testing Web APIsEvaluating and Testing Web APIs
Evaluating and Testing Web APIsSmartBear
 
Api Abstraction & Api Chaining
Api Abstraction & Api ChainingApi Abstraction & Api Chaining
Api Abstraction & Api ChainingOwen Rubel
 
Operational API design anti-patterns (Jason Harmon)
Operational API design anti-patterns (Jason Harmon)Operational API design anti-patterns (Jason Harmon)
Operational API design anti-patterns (Jason Harmon)Nordic APIs
 
Postman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioPostman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioHYS Enterprise
 

Empfohlen

The API-Application Semantic Gap
The API-Application Semantic GapThe API-Application Semantic Gap
The API-Application Semantic Gap3scale
 
API Virtualization: Mocking on Steroids
API Virtualization: Mocking on SteroidsAPI Virtualization: Mocking on Steroids
API Virtualization: Mocking on SteroidsSmartBear
 
The API Facade Pattern: Common Patterns - Episode 2
The API Facade Pattern: Common Patterns - Episode 2The API Facade Pattern: Common Patterns - Episode 2
The API Facade Pattern: Common Patterns - Episode 2Apigee | Google Cloud
 
API Test Automation
API Test Automation API Test Automation
API Test Automation SQALab
 
Evaluating and Testing Web APIs
Evaluating and Testing Web APIsEvaluating and Testing Web APIs
Evaluating and Testing Web APIsSmartBear
 
Api Abstraction & Api Chaining
Api Abstraction & Api ChainingApi Abstraction & Api Chaining
Api Abstraction & Api ChainingOwen Rubel
 
Operational API design anti-patterns (Jason Harmon)
Operational API design anti-patterns (Jason Harmon)Operational API design anti-patterns (Jason Harmon)
Operational API design anti-patterns (Jason Harmon)Nordic APIs
 
Postman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioPostman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioHYS Enterprise
 
Mocking APIs Collaboratively with Postman
Mocking APIs Collaboratively with PostmanMocking APIs Collaboratively with Postman
Mocking APIs Collaboratively with PostmanNordic APIs
 
Scala & Swagger at Wordnik
Scala & Swagger at WordnikScala & Swagger at Wordnik
Scala & Swagger at WordnikTony Tam
 
Api testing
Api testingApi testing
Api testingKeshav Kashyap
 
API Security with Postman and Qualys
API Security with Postman and QualysAPI Security with Postman and Qualys
API Security with Postman and QualysPostman
 
Api Design
Api DesignApi Design
Api DesignJason Harmon
 
A Tasty deep-dive into Open API Specification Links
A Tasty deep-dive into Open API Specification LinksA Tasty deep-dive into Open API Specification Links
A Tasty deep-dive into Open API Specification LinksTony Tam
 
API for Beginners
API for BeginnersAPI for Beginners
API for BeginnersGustavo De Vita
 
Web API testing : A quick glance
Web API testing : A quick glanceWeb API testing : A quick glance
Web API testing : A quick glanceDhanalaxmi K
 
Automate REST API Testing
Automate REST API TestingAutomate REST API Testing
Automate REST API TestingTechWell
 
Common Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using PostmanCommon Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using PostmanPostman
 
Pain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywherePain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywhereNordic APIs
 
API Design Principles for Accelerated Development
API Design Principles for Accelerated DevelopmentAPI Design Principles for Accelerated Development
API Design Principles for Accelerated DevelopmentJonathan LeBlanc
 
Herding Microservices – the Atlassian Way
Herding Microservices – the Atlassian WayHerding Microservices – the Atlassian Way
Herding Microservices – the Atlassian WayAtlassian
 
Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)Nordic APIs
 
How To Design A Good A P I And Why It Matters G O O G L E
How To Design A Good A P I And Why It Matters G O O G L EHow To Design A Good A P I And Why It Matters G O O G L E
How To Design A Good A P I And Why It Matters G O O G L Eguestbe92f4
 
IO State In Distributed API Architecture
IO State In Distributed API ArchitectureIO State In Distributed API Architecture
IO State In Distributed API ArchitectureOwen Rubel
 
API 101 - Understanding APIs
API 101 - Understanding APIsAPI 101 - Understanding APIs
API 101 - Understanding APIs3scale
 
App & API Monitoring: Building a 5-Star Reputation for your Apps
App & API Monitoring: Building a 5-Star Reputation for your AppsApp & API Monitoring: Building a 5-Star Reputation for your Apps
App & API Monitoring: Building a 5-Star Reputation for your AppsApigee | Google Cloud
 
Golden Rules of API Design
Golden Rules of API DesignGolden Rules of API Design
Golden Rules of API DesignDavid Koelle
 
Rest in practice
Rest in practiceRest in practice
Rest in practiceIan Brennan
 
Test and Protect Your API
Test and Protect Your APITest and Protect Your API
Test and Protect Your APISmartBear
 
The Fundamentals of Platform Strategy: Creating Genuine Value with APIs
The Fundamentals of Platform Strategy: Creating Genuine Value with APIsThe Fundamentals of Platform Strategy: Creating Genuine Value with APIs
The Fundamentals of Platform Strategy: Creating Genuine Value with APIs3scale
 

Weitere ähnliche Inhalte

Was ist angesagt?

Mocking APIs Collaboratively with Postman
Mocking APIs Collaboratively with PostmanMocking APIs Collaboratively with Postman
Mocking APIs Collaboratively with PostmanNordic APIs
 
Scala & Swagger at Wordnik
Scala & Swagger at WordnikScala & Swagger at Wordnik
Scala & Swagger at WordnikTony Tam
 
API Security with Postman and Qualys
API Security with Postman and QualysAPI Security with Postman and Qualys
API Security with Postman and QualysPostman
 
A Tasty deep-dive into Open API Specification Links
A Tasty deep-dive into Open API Specification LinksA Tasty deep-dive into Open API Specification Links
A Tasty deep-dive into Open API Specification LinksTony Tam
 
Web API testing : A quick glance
Web API testing : A quick glanceWeb API testing : A quick glance
Web API testing : A quick glanceDhanalaxmi K
 
Automate REST API Testing
Automate REST API TestingAutomate REST API Testing
Automate REST API TestingTechWell
 
Common Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using PostmanCommon Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using PostmanPostman
 
Pain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywherePain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywhereNordic APIs
 
API Design Principles for Accelerated Development
API Design Principles for Accelerated DevelopmentAPI Design Principles for Accelerated Development
API Design Principles for Accelerated DevelopmentJonathan LeBlanc
 
Herding Microservices – the Atlassian Way
Herding Microservices – the Atlassian WayHerding Microservices – the Atlassian Way
Herding Microservices – the Atlassian WayAtlassian
 
Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)Nordic APIs
 
How To Design A Good A P I And Why It Matters G O O G L E
How To Design A Good A P I And Why It Matters G O O G L EHow To Design A Good A P I And Why It Matters G O O G L E
How To Design A Good A P I And Why It Matters G O O G L Eguestbe92f4
 
IO State In Distributed API Architecture
IO State In Distributed API ArchitectureIO State In Distributed API Architecture
IO State In Distributed API ArchitectureOwen Rubel
 
API 101 - Understanding APIs
API 101 - Understanding APIsAPI 101 - Understanding APIs
API 101 - Understanding APIs3scale
 
App & API Monitoring: Building a 5-Star Reputation for your Apps
App & API Monitoring: Building a 5-Star Reputation for your AppsApp & API Monitoring: Building a 5-Star Reputation for your Apps
App & API Monitoring: Building a 5-Star Reputation for your AppsApigee | Google Cloud
 
Golden Rules of API Design
Golden Rules of API DesignGolden Rules of API Design
Golden Rules of API DesignDavid Koelle
 
Rest in practice
Rest in practiceRest in practice
Rest in practiceIan Brennan
 

Was ist angesagt? (20)

Mocking APIs Collaboratively with Postman
Mocking APIs Collaboratively with PostmanMocking APIs Collaboratively with Postman
Mocking APIs Collaboratively with Postman
 
Scala & Swagger at Wordnik
Scala & Swagger at WordnikScala & Swagger at Wordnik
Scala & Swagger at Wordnik
 
Api testing
Api testingApi testing
Api testing
 
API Security with Postman and Qualys
API Security with Postman and QualysAPI Security with Postman and Qualys
API Security with Postman and Qualys
 
Api Design
Api DesignApi Design
Api Design
 
A Tasty deep-dive into Open API Specification Links
A Tasty deep-dive into Open API Specification LinksA Tasty deep-dive into Open API Specification Links
A Tasty deep-dive into Open API Specification Links
 
API for Beginners
API for BeginnersAPI for Beginners
API for Beginners
 
Web API testing : A quick glance
Web API testing : A quick glanceWeb API testing : A quick glance
Web API testing : A quick glance
 
Automate REST API Testing
Automate REST API TestingAutomate REST API Testing
Automate REST API Testing
 
Common Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using PostmanCommon Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using Postman
 
Pain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywherePain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re Everywhere
 
API Design Principles for Accelerated Development
API Design Principles for Accelerated DevelopmentAPI Design Principles for Accelerated Development
API Design Principles for Accelerated Development
 
Herding Microservices – the Atlassian Way
Herding Microservices – the Atlassian WayHerding Microservices – the Atlassian Way
Herding Microservices – the Atlassian Way
 
Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)
 
How To Design A Good A P I And Why It Matters G O O G L E
How To Design A Good A P I And Why It Matters G O O G L EHow To Design A Good A P I And Why It Matters G O O G L E
How To Design A Good A P I And Why It Matters G O O G L E
 
IO State In Distributed API Architecture
IO State In Distributed API ArchitectureIO State In Distributed API Architecture
IO State In Distributed API Architecture
 
API 101 - Understanding APIs
API 101 - Understanding APIsAPI 101 - Understanding APIs
API 101 - Understanding APIs
 
App & API Monitoring: Building a 5-Star Reputation for your Apps
App & API Monitoring: Building a 5-Star Reputation for your AppsApp & API Monitoring: Building a 5-Star Reputation for your Apps
App & API Monitoring: Building a 5-Star Reputation for your Apps
 
Golden Rules of API Design
Golden Rules of API DesignGolden Rules of API Design
Golden Rules of API Design
 
Rest in practice
Rest in practiceRest in practice
Rest in practice
 

Andere mochten auch

Test and Protect Your API
Test and Protect Your APITest and Protect Your API
Test and Protect Your APISmartBear
 
The Fundamentals of Platform Strategy: Creating Genuine Value with APIs
The Fundamentals of Platform Strategy: Creating Genuine Value with APIsThe Fundamentals of Platform Strategy: Creating Genuine Value with APIs
The Fundamentals of Platform Strategy: Creating Genuine Value with APIs3scale
 
APIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside OutAPIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside Out3scale
 
How to use Donuts and Onions for Scaling API Programs
How to use Donuts and Onions for Scaling API ProgramsHow to use Donuts and Onions for Scaling API Programs
How to use Donuts and Onions for Scaling API Programs3scale
 
Take Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice ArchitectureTake Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice Architecture3scale
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentationsflynn073
 
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...Publicis Sapient Engineering
 
Integrating, exposing and managing distributed data with RESTful APIs and op...
Integrating, exposing and managing distributed data with RESTful APIs and op...Integrating, exposing and managing distributed data with RESTful APIs and op...
Integrating, exposing and managing distributed data with RESTful APIs and op...3scale
 

Andere mochten auch (9)

Test and Protect Your API
Test and Protect Your APITest and Protect Your API
Test and Protect Your API
 
The Fundamentals of Platform Strategy: Creating Genuine Value with APIs
The Fundamentals of Platform Strategy: Creating Genuine Value with APIsThe Fundamentals of Platform Strategy: Creating Genuine Value with APIs
The Fundamentals of Platform Strategy: Creating Genuine Value with APIs
 
APIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside OutAPIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside Out
 
How to use Donuts and Onions for Scaling API Programs
How to use Donuts and Onions for Scaling API ProgramsHow to use Donuts and Onions for Scaling API Programs
How to use Donuts and Onions for Scaling API Programs
 
Oracle api gateway overview
Oracle api gateway overviewOracle api gateway overview
Oracle api gateway overview
 
Take Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice ArchitectureTake Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice Architecture
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentation
 
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
 
Integrating, exposing and managing distributed data with RESTful APIs and op...
Integrating, exposing and managing distributed data with RESTful APIs and op...Integrating, exposing and managing distributed data with RESTful APIs and op...
Integrating, exposing and managing distributed data with RESTful APIs and op...
 

Ähnlich wie API Design Principles for Accelerated Development

Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
 
Service approach for development Rest API in Symfony2
Service approach for development Rest API in Symfony2Service approach for development Rest API in Symfony2
Service approach for development Rest API in Symfony2Sumy PHP User Grpoup
 
Secure RESTful API Automation With JavaScript
Secure RESTful API Automation With JavaScriptSecure RESTful API Automation With JavaScript
Secure RESTful API Automation With JavaScriptJonathan LeBlanc
 
Progressive web apps
Progressive web appsProgressive web apps
Progressive web appsFastly
 
Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Mario Cardinal
 
Do not automate GUI testing
Do not automate GUI testingDo not automate GUI testing
Do not automate GUI testingAtila Inovecký
 
Eric Beland Ajax Load Testing Considerations
Eric Beland Ajax Load Testing ConsiderationsEric Beland Ajax Load Testing Considerations
Eric Beland Ajax Load Testing ConsiderationsAjax Experience 2009
 
Ajax Load Testing Concerns By Eric Beland
Ajax Load Testing Concerns By Eric BelandAjax Load Testing Concerns By Eric Beland
Ajax Load Testing Concerns By Eric BelandTestomatix
 
How APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile EnvironmentsHow APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile EnvironmentsWSO2
 
Rest api standards and best practices
Rest api standards and best practicesRest api standards and best practices
Rest api standards and best practicesAnkita Mahajan
 
RESTful SOA - 中科院暑期讲座
RESTful SOA - 中科院暑期讲座RESTful SOA - 中科院暑期讲座
RESTful SOA - 中科院暑期讲座Li Yi
 
REST-API introduction for developers
REST-API introduction for developersREST-API introduction for developers
REST-API introduction for developersPatrick Savalle
 

Ähnlich wie API Design Principles for Accelerated Development (20)

Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
 
Designing JavaScript APIs
Designing JavaScript APIsDesigning JavaScript APIs
Designing JavaScript APIs
 
Service approach for development Rest API in Symfony2
Service approach for development Rest API in Symfony2Service approach for development Rest API in Symfony2
Service approach for development Rest API in Symfony2
 
Secure RESTful API Automation With JavaScript
Secure RESTful API Automation With JavaScriptSecure RESTful API Automation With JavaScript
Secure RESTful API Automation With JavaScript
 
ASP.NET WEB API Training
ASP.NET WEB API TrainingASP.NET WEB API Training
ASP.NET WEB API Training
 
Progressive web apps
Progressive web appsProgressive web apps
Progressive web apps
 
Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.
 
Do not automate GUI testing
Do not automate GUI testingDo not automate GUI testing
Do not automate GUI testing
 
CSG 2012
CSG 2012CSG 2012
CSG 2012
 
Eric Beland Ajax Load Testing Considerations
Eric Beland Ajax Load Testing ConsiderationsEric Beland Ajax Load Testing Considerations
Eric Beland Ajax Load Testing Considerations
 
Ajax Load Testing Concerns By Eric Beland
Ajax Load Testing Concerns By Eric BelandAjax Load Testing Concerns By Eric Beland
Ajax Load Testing Concerns By Eric Beland
 
Crafting APIs
Crafting APIsCrafting APIs
Crafting APIs
 
Web api
Web apiWeb api
Web api
 
Talking to Web Services
Talking to Web ServicesTalking to Web Services
Talking to Web Services
 
How APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile EnvironmentsHow APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile Environments
 
Rest api standards and best practices
Rest api standards and best practicesRest api standards and best practices
Rest api standards and best practices
 
RESTful SOA - 中科院暑期讲座
RESTful SOA - 中科院暑期讲座RESTful SOA - 中科院暑期讲座
RESTful SOA - 中科院暑期讲座
 
Gohan
GohanGohan
Gohan
 
Servlets
ServletsServlets
Servlets
 
REST-API introduction for developers
REST-API introduction for developersREST-API introduction for developers
REST-API introduction for developers
 

Mehr von Jonathan LeBlanc

JavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the ClientJavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the ClientJonathan LeBlanc
 
Improving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data InsightsImproving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data InsightsJonathan LeBlanc
 
Better Data with Machine Learning and Serverless
Better Data with Machine Learning and ServerlessBetter Data with Machine Learning and Serverless
Better Data with Machine Learning and ServerlessJonathan LeBlanc
 
Best Practices for Application Development with Box
Best Practices for Application Development with BoxBest Practices for Application Development with Box
Best Practices for Application Development with BoxJonathan LeBlanc
 
Box Platform Developer Workshop
Box Platform Developer WorkshopBox Platform Developer Workshop
Box Platform Developer WorkshopJonathan LeBlanc
 
Modern Cloud Data Security Practices
Modern Cloud Data Security PracticesModern Cloud Data Security Practices
Modern Cloud Data Security PracticesJonathan LeBlanc
 
Understanding Box UI Elements
Understanding Box UI ElementsUnderstanding Box UI Elements
Understanding Box UI ElementsJonathan LeBlanc
 
Understanding Box applications, tokens, and scoping
Understanding Box applications, tokens, and scopingUnderstanding Box applications, tokens, and scoping
Understanding Box applications, tokens, and scopingJonathan LeBlanc
 
The Future of Online Money: Creating Secure Payments Globally
The Future of Online Money: Creating Secure Payments GloballyThe Future of Online Money: Creating Secure Payments Globally
The Future of Online Money: Creating Secure Payments GloballyJonathan LeBlanc
 
Modern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensJonathan LeBlanc
 
Creating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from ScratchCreating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from ScratchJonathan LeBlanc
 
Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaJonathan LeBlanc
 
Protecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsJonathan LeBlanc
 
Node.js Authentication and Data Security
Node.js Authentication and Data SecurityNode.js Authentication and Data Security
Node.js Authentication and Data SecurityJonathan LeBlanc
 
PHP Identity and Data Security
PHP Identity and Data SecurityPHP Identity and Data Security
PHP Identity and Data SecurityJonathan LeBlanc
 
Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaJonathan LeBlanc
 
Protecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsJonathan LeBlanc
 
Future of Identity, Data, and Wearable Security
Future of Identity, Data, and Wearable SecurityFuture of Identity, Data, and Wearable Security
Future of Identity, Data, and Wearable SecurityJonathan LeBlanc
 

Mehr von Jonathan LeBlanc (20)

JavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the ClientJavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the Client
 
Improving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data InsightsImproving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data Insights
 
Better Data with Machine Learning and Serverless
Better Data with Machine Learning and ServerlessBetter Data with Machine Learning and Serverless
Better Data with Machine Learning and Serverless
 
Best Practices for Application Development with Box
Best Practices for Application Development with BoxBest Practices for Application Development with Box
Best Practices for Application Development with Box
 
Box Platform Overview
Box Platform OverviewBox Platform Overview
Box Platform Overview
 
Box Platform Developer Workshop
Box Platform Developer WorkshopBox Platform Developer Workshop
Box Platform Developer Workshop
 
Modern Cloud Data Security Practices
Modern Cloud Data Security PracticesModern Cloud Data Security Practices
Modern Cloud Data Security Practices
 
Box Authentication Types
Box Authentication TypesBox Authentication Types
Box Authentication Types
 
Understanding Box UI Elements
Understanding Box UI ElementsUnderstanding Box UI Elements
Understanding Box UI Elements
 
Understanding Box applications, tokens, and scoping
Understanding Box applications, tokens, and scopingUnderstanding Box applications, tokens, and scoping
Understanding Box applications, tokens, and scoping
 
The Future of Online Money: Creating Secure Payments Globally
The Future of Online Money: Creating Secure Payments GloballyThe Future of Online Money: Creating Secure Payments Globally
The Future of Online Money: Creating Secure Payments Globally
 
Modern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web Tokens
 
Creating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from ScratchCreating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from Scratch
 
Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
 
Protecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile Payments
 
Node.js Authentication and Data Security
Node.js Authentication and Data SecurityNode.js Authentication and Data Security
Node.js Authentication and Data Security
 
PHP Identity and Data Security
PHP Identity and Data SecurityPHP Identity and Data Security
PHP Identity and Data Security
 
Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
 
Protecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile Payments
 
Future of Identity, Data, and Wearable Security
Future of Identity, Data, and Wearable SecurityFuture of Identity, Data, and Wearable Security
Future of Identity, Data, and Wearable Security
 

Kürzlich hochgeladen

Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 

Kürzlich hochgeladen (20)

Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 

API Design Principles for Accelerated Development

Hinweis der Redaktion

  1. At the end of the day, we need to be designing for the developers
  2. API system standards vs. efficient developmentREST is all about the tradeoffs
  3. Lowering perceived latency for developers
  4. Reduction in system layeringCaching can reduce reliability (stale data)
  5. Protects new systems from legacy APIs
  6. Layering the system to separate legacy systems
  7. Use HTTP properly – standard request and response types
  8. http://stackoverflow.com/questions/16022624/examples-of-http-api-rate-limiting-http-response-headers
  9. curl -i -H "Accept: application/json" -H "X-HTTP-Method-Override: DELETE" -X POST http://192.168.0.3:8090/persons/person/1
  10. Heavier payloads being sent throughReduction in developer code size & scalable architecture
  11. A lot of debate on whether versioning should go in the headers or URLhttp://www.vinaysahni.com/best-practices-for-a-pragmatic-restful-api#versioninghttp://stackoverflow.com/questions/389169/best-practices-for-api-versioning
  12. Use HTTP properly – standard request and response types
  13. JSONP can cause XSS issues where the external site is compromised, CORS allows websites to manually parse responses to ensure security
  14. Offload complexity to the implementing provider
  15. Nouns are good, verbs are badhttps://blog.apigee.com/detail/restful_api_design_nouns_are_good_verbs_are_bad