RESTful API Design Best Practices Using ASP.NET Web API
Download as pptx, pdf21 likes8,219 views
The document outlines best practices for designing RESTful APIs using ASP.NET, emphasizing simplicity, consistency, and usability for developers. Key topics include HTTP status codes, resource management, versioning, error handling, and the importance of thorough documentation. The speaker advocates for structured error reporting, separation of concerns in code, and adherence to accepted standards to create a robust API experience.
1 of 69
Downloaded 384 times
![{
"invoices": [
{ ... },
{ ... }
]
}
GET
/customers/1234/invoices
GET /customers/1234
?expand=invoices
Within the parent object
Sub-resource strategies
As a separate request Using an expand
parameter
Be consistent, but be flexible when it makes sense
@schneidenbach#NeverRest](https://image.slidesharecdn.com/rest-best-practices-160623142453/85/RESTful-API-Design-Best-Practices-Using-ASP-NET-Web-API-35-320.jpg)
![Paging
GET /customers? page=1 & pageSize=1000
{
"pageNumber": 1,
"results": [...],
"nextPage": "/customers?page=2"
}
Good paging example on my blog: rest.schneids.net
@schneidenbach#NeverRest](https://image.slidesharecdn.com/rest-best-practices-160623142453/85/RESTful-API-Design-Best-Practices-Using-ASP-NET-Web-API-40-320.jpg)
Ad
Recommended
API Testing: The heart of functional testing" with Bj Rollison
API Testing: The heart of functional testing" with Bj RollisonTEST Huddle This webinar, presented by BJ Rollison, discusses API testing as a critical component of functional testing, highlighting its significance in agile development and its differences from unit testing. API testing focuses on functionality below the user interface, aims to identify a variety of bugs, and employs both black box and white box testing approaches. Key advantages of API testing include cost reduction, improved automation stability, and the ability to detect a wider range of issues early in the development process.
RESTful API - Best Practices
RESTful API - Best PracticesTricode (part of Dept) The document outlines best practices for building RESTful APIs, emphasizing the importance of good design, data abstraction, and security. It covers key components such as HTTP verbs, endpoints, response status codes, content types, versioning, and the necessity of documentation. The presentation aims to provide a comprehensive guide for developers to create effective and user-friendly APIs.
Belajar Postman test runner
Belajar Postman test runnerFachrul Choliluddin This document discusses various types of API testing including functionality, usability, reliability, load, creativity, security, proficiency, and documentation testing. It provides two examples of API tests - one to test getting a list of countries and another to test getting details of a single country. Key aspects covered include generating test data, preparing variables, using prepared variables in tests, running test collections, and reviewing test results. The overall document provides guidance on developing comprehensive API tests.
Rest API
Rest APIRohana K Amarakoon The document discusses the architecture of the web and REST APIs, detailing the significance of URIs in addressing resources and providing guidelines for designing user-friendly APIs. It emphasizes the importance of consistent URI structures, request methods, response codes, and proper use of metadata in HTTP communication. Additionally, it highlights the distinctions between various media types and formats, including XML and JSON, for data representation in web services.
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...Yuichi Nakamura The document discusses the implementation of security requirements for banking API systems using open source software (OSS), particularly focusing on the use of OAuth 2.0 and tools like Keycloak and 3scale. It outlines various aspects of authentication, authorization, access control, and compliance with standards like the Financial-grade API (FAPI). The integration of these tools and standards aims to enhance the security infrastructure for banking APIs in Japan, promoting a robust open API environment.
Testing APIs in the Cloud
Testing APIs in the CloudSmartBear The document discusses the importance of APIs in modern business and outlines testing strategies for APIs, particularly in cloud environments. It emphasizes key quality aspects such as functionality, performance, security, and compliance, while also providing recommendations for effective API testing in agile and DevOps settings. Additionally, it highlights the legal and regulatory considerations that must be navigated when testing APIs hosted in the cloud.
Azure Application insights - An Introduction
Azure Application insights - An IntroductionMatthias Güntert The document provides an introduction to Azure Application Insights, detailing its capabilities as an application monitoring solution that collects metrics and logs for both server- and client-side monitoring across Azure and non-Azure environments. It covers monitoring features, smart detection for anomalies, transaction search, log analytics, and various types of availability tests that help assess application performance and user behavior. Tips and tricks are included for implementing best practices in monitoring setup and integration.
Rest api standards and best practices
Rest api standards and best practicesAnkita Mahajan This presentation outlines best practices for developing RESTful web services over HTTP, focusing on naming conventions, URI structure, API versioning, error handling, and response standards. It emphasizes the importance of standard HTTP methods (GET, POST, PUT, DELETE) for CRUD operations and provides guidelines for resource representation and interaction. Key topics include response status codes, managing resources, and ensuring clear communication with clients about resource availability and errors.
Introduction to REST - API
Introduction to REST - APIChetan Gadodia This document provides an overview of HTTP and REST APIs. It describes how HTTP allows sending documents over the web using URLs to identify resources and HTTP verbs like GET, PUT, DELETE and POST. It defines common response codes. It explains that REST stands for Representational State Transfer and relies on a stateless, client-server architecture using the HTTP protocol. The key design constraints of REST include having a uniform interface, being resource-based and using representations to manipulate resources with self-descriptive messages. Benefits include statelessness for scalability, cacheability to improve performance, separating clients from servers, and using a layered system with intermediary servers.
API Testing
API TestingBikash Sharma API testing verifies the functionality, usability, security, and performance of application programming interfaces (APIs). Key aspects to test include input parameters, error handling, response times, authentication, and documentation. Automated testing scripts should be created to regularly test APIs for bugs such as unhandled errors, security vulnerabilities, incorrect responses, and reliability issues. Thorough API testing requires considering parameter combinations, output validation across systems, and exception handling.
Postman: An Introduction for Testers
Postman: An Introduction for TestersPostman This document outlines an introduction to API testing using Postman. It discusses:
1. What API testing is and different types like unit, end-to-end, and contract testing
2. How to send requests and inspect responses in Postman
3. Writing custom tests using snippets and variables to extract data between requests
4. Saving and running tests as collections
5. Additional resources like the Postman community forum and examples for writing tests
Elastic Observability keynote
Elastic Observability keynoteElasticsearch The document outlines a presentation on observability by key executives at Elastic, including forward-looking statements about the company's plans and potential risks. It discusses advancements in product offerings, such as streamlined data onboarding and monitoring solutions, emphasizing user experience and the integration of various operational aspects. It also highlights Elastic's commitment to delivering value while managing costs, and the importance of collaboration between development, operations, and security teams.
All about Office UI Fabric
All about Office UI FabricFabio Franzini Fabio Franzini gave a presentation on Office UI Fabric, Microsoft's front-end framework. He discussed that Fabric provides styles, icons, and components to build experiences that fit seamlessly into Office and Office 365. It is responsive, mobile-first, and integrates with JavaScript frameworks like React and Angular. He showed examples of Microsoft products using Fabric and reviewed how to get started with the different versions of Fabric like Core, React, and JS. Finally, he discussed future plans to update Fabric with Fluent Design and provided resources to learn more about Fabric on GitHub.
ES2015 / ES6: Basics of modern Javascript
ES2015 / ES6: Basics of modern JavascriptWojciech Dzikowski The document outlines the evolution and key features of modern JavaScript, particularly focusing on ES2015 (ES6) as the latest version of ECMAScript. It discusses the goals of ES6, its syntax improvements, and practical applications such as promises and modules. The document emphasizes the importance of using transpilers like Babel to enable ES6 features in current browsers and encourages gradual learning of ES6 functionalities.
Web Components and Security
Web Components and SecurityTyler Peterson The document discusses web component security, highlighting best practices and potential vulnerabilities associated with technologies like iframes, HTML imports, and shadow DOM. It emphasizes avoiding iframes due to risks like clickjacking and using modern standards like HTML5 templates and bespoke data binding libraries to mitigate cross-site scripting (XSS) vulnerabilities. The insights advocate for careful implementation of web components to enhance security while acknowledging that risks still persist.
Angular
Angularsridhiya This document summarizes a keynote presentation about Angular 2.0.0. It discusses the growth of the Angular community from 1.5 million users in October 2015 to 1.2 million users in September 2016 for Angular 1 and 623k users for Angular 2 in September 2016. It also outlines Angular's major release cycle and provides an overview of the core features and extensions of the Angular framework.
QA Challenge Accepted 4.0 - Cypress vs. Selenium
QA Challenge Accepted 4.0 - Cypress vs. SeleniumLyudmil Latinov This document compares the Cypress and Selenium testing frameworks. It provides an overview of each framework, including supported languages, browsers, and key differences. The document suggests Cypress may signal the end of an era for Selenium as it provides direct browser control, easier debugging of tests, and support for testing desktop applications like Electron. It highlights some unique features of Cypress, such as controlling application state and network traffic. The presentation ends with a Q&A section.
Building Cloud Native Architectures with Spring
Building Cloud Native Architectures with SpringKenny Bastani The document discusses the transition from monolithic to microservices architectures, emphasizing the cultural and operational challenges of monoliths and the eventual adoption of cloud-native approaches. It highlights tools like Spring Boot and Spring Cloud for building distributed systems, as well as strategies for migrating legacy systems to a microservices architecture without a complete overhaul. The document also outlines the importance of handling domain data and maintaining backward compatibility during the transition to ensure minimal disruption.
Web api
Web apiSudhakar Sharma This document provides an overview of ASP.NET Web API, a framework for building RESTful web services. It discusses key REST concepts like URIs, HTTP verbs, and HATEOAS. It also compares Web API to other technologies like WCF and SOAP, noting advantages of REST such as simpler CRUD operations and standardized development methodology. The document recommends resources like a book on building REST services from start to finish with ASP.NET MVC 4 and Web API.
What is REST API? REST API Concepts and Examples | Edureka
What is REST API? REST API Concepts and Examples | EdurekaEdureka! The document provides an overview of REST API, describing its features, principles, and methods for implementation. It highlights the request-response model, data formats like XML and JSON, and the four main operations: create, read, update, and delete. REST is characterized as an architectural style used in web services, which is stateless and often considered the 'language of the internet.'
REST API and CRUD
REST API and CRUDPrem Sanil A REST API uses HTTP requests with verbs like GET, POST, PUT, and DELETE to perform CRUD (Create, Read, Update, Delete) operations on resources identified by URLs. It provides a lightweight alternative to SOAP that returns data in JSON format and HTTP response codes. Well-known codes include 200 for OK, 201 for Created, 400 for Bad Request, and 404 for Not Found. REST enables building applications and platforms that can easily integrate new interfaces over time.
4 Major Advantages of API Testing
4 Major Advantages of API TestingQASource The document outlines four major advantages of API testing over GUI testing: it is time-effective, language-independent, allows for easy GUI integration, and tests core functionality. API testing can significantly reduce testing time and offers improved test coverage and resource conservation. For more details, additional information can be found in a blog post linked in the document.
REST Easy with Django-Rest-Framework
REST Easy with Django-Rest-FrameworkMarcel Chastain The document provides an overview of Django REST Framework, detailing its components, installation, and functionality for building APIs using REST concepts. It covers core topics such as serializers, API views, viewsets, and URL routing while highlighting the advantages of REST over SOAP. The document also includes customization options and resources for further learning.
B4USolution_API-Testing
B4USolution_API-Testingb4usolution . The document provides an overview of API testing, contrasting SOAP and REST protocols, detailing their differences in architecture, data formats, and performance. It explains the process of API testing, including setup, expected outputs, and best practices, while highlighting the importance of proper testing techniques and documentation. Additionally, it discusses challenges faced in API testing and the types of bugs that can be detected, along with recommended tools for effective testing.
Cypress, Playwright, Selenium, or WebdriverIO? Let the Engineers Speak!
Cypress, Playwright, Selenium, or WebdriverIO? Let the Engineers Speak!Applitools The document summarizes a discussion between several software engineers about test automation challenges and tools. It includes:
1) Names and social media handles of six engineers - Carter Capocaccia, Steve Hernandez, Jose Morales, Andrew Knight, Gleb Bahmutov, and Tally Barak.
2) A list of questions asked during the discussion about biggest challenges, favorite integrations, and aspects of other tools wished to be included in current projects.
3) Links shared by the panelists to resources on Cypress, Playwright, Selenium, WebdriverIO, visual testing and more.
Introduction to Swagger
Introduction to SwaggerKnoldus Inc. The document provides an overview of Swagger, a specification for REST APIs that facilitates interaction without source code access. It details Swagger components, including Swagger Editor, Swagger UI, and Swagger Codegen, alongside instructions on integrating Swagger with Play Framework. Additionally, it covers generating Swagger specifications, important attributes, and techniques for client SDK generation and endpoint management.
NashTech - Azure Application Insights
NashTech - Azure Application InsightsPhi Huynh This document provides an overview of Application Insights and how it can be used to monitor Azure services. It discusses key Application Insights features like performance tracing, alerts, and workbooks. It also covers how Application Insights integrates with tools like Visual Studio and VSTS. The document concludes with a brief discussion of pricing and some limitations.
Kata: Hexagonal Architecture / Ports and Adapters
Kata: Hexagonal Architecture / Ports and Adaptersholsky Hexagonal architecture is a software architecture pattern coined by Alistair Cockburn in 2005 that aims to make applications highly testable by separating the domain and application logic from the outer parts of an application like the user interface and databases. It uses port and adapter interfaces to connect the domain to the outside world which allows replacing external elements for testing purposes and makes the core logic independent of the outside tools and libraries. This decoupling brings benefits like easier testing without external elements, flexibility to change requirements and services, and emergent design.
Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Mario Cardinal The document outlines best practices for architecting web APIs, particularly focusing on RESTful services and resource APIs. It discusses key concepts such as statelessness, uniform interfaces, error handling, security measures, and the importance of proper documentation. Additionally, it emphasizes using HTTP methods and status codes appropriately to enhance API functionality and user experience.
RESTful API Design, Second Edition
RESTful API Design, Second EditionApigee | Google Cloud This document provides guidance on designing RESTful APIs. It recommends using nouns instead of verbs, keeping URLs simple with only two endpoints per resource, and following conventions from leading APIs. Complex variations and optional parameters should be "swept behind the '?'." The document emphasizes designing for application developers by making APIs intuitive, consistent and complete while also accommodating exceptional clients. It suggests adding an API virtualization layer to handle complexity.
More Related Content
What's hot (20)
Introduction to REST - API
Introduction to REST - APIChetan Gadodia This document provides an overview of HTTP and REST APIs. It describes how HTTP allows sending documents over the web using URLs to identify resources and HTTP verbs like GET, PUT, DELETE and POST. It defines common response codes. It explains that REST stands for Representational State Transfer and relies on a stateless, client-server architecture using the HTTP protocol. The key design constraints of REST include having a uniform interface, being resource-based and using representations to manipulate resources with self-descriptive messages. Benefits include statelessness for scalability, cacheability to improve performance, separating clients from servers, and using a layered system with intermediary servers.
API Testing
API TestingBikash Sharma API testing verifies the functionality, usability, security, and performance of application programming interfaces (APIs). Key aspects to test include input parameters, error handling, response times, authentication, and documentation. Automated testing scripts should be created to regularly test APIs for bugs such as unhandled errors, security vulnerabilities, incorrect responses, and reliability issues. Thorough API testing requires considering parameter combinations, output validation across systems, and exception handling.
Postman: An Introduction for Testers
Postman: An Introduction for TestersPostman This document outlines an introduction to API testing using Postman. It discusses:
1. What API testing is and different types like unit, end-to-end, and contract testing
2. How to send requests and inspect responses in Postman
3. Writing custom tests using snippets and variables to extract data between requests
4. Saving and running tests as collections
5. Additional resources like the Postman community forum and examples for writing tests
Elastic Observability keynote
Elastic Observability keynoteElasticsearch The document outlines a presentation on observability by key executives at Elastic, including forward-looking statements about the company's plans and potential risks. It discusses advancements in product offerings, such as streamlined data onboarding and monitoring solutions, emphasizing user experience and the integration of various operational aspects. It also highlights Elastic's commitment to delivering value while managing costs, and the importance of collaboration between development, operations, and security teams.
All about Office UI Fabric
All about Office UI FabricFabio Franzini Fabio Franzini gave a presentation on Office UI Fabric, Microsoft's front-end framework. He discussed that Fabric provides styles, icons, and components to build experiences that fit seamlessly into Office and Office 365. It is responsive, mobile-first, and integrates with JavaScript frameworks like React and Angular. He showed examples of Microsoft products using Fabric and reviewed how to get started with the different versions of Fabric like Core, React, and JS. Finally, he discussed future plans to update Fabric with Fluent Design and provided resources to learn more about Fabric on GitHub.
ES2015 / ES6: Basics of modern Javascript
ES2015 / ES6: Basics of modern JavascriptWojciech Dzikowski The document outlines the evolution and key features of modern JavaScript, particularly focusing on ES2015 (ES6) as the latest version of ECMAScript. It discusses the goals of ES6, its syntax improvements, and practical applications such as promises and modules. The document emphasizes the importance of using transpilers like Babel to enable ES6 features in current browsers and encourages gradual learning of ES6 functionalities.
Web Components and Security
Web Components and SecurityTyler Peterson The document discusses web component security, highlighting best practices and potential vulnerabilities associated with technologies like iframes, HTML imports, and shadow DOM. It emphasizes avoiding iframes due to risks like clickjacking and using modern standards like HTML5 templates and bespoke data binding libraries to mitigate cross-site scripting (XSS) vulnerabilities. The insights advocate for careful implementation of web components to enhance security while acknowledging that risks still persist.
Angular
Angularsridhiya This document summarizes a keynote presentation about Angular 2.0.0. It discusses the growth of the Angular community from 1.5 million users in October 2015 to 1.2 million users in September 2016 for Angular 1 and 623k users for Angular 2 in September 2016. It also outlines Angular's major release cycle and provides an overview of the core features and extensions of the Angular framework.
QA Challenge Accepted 4.0 - Cypress vs. Selenium
QA Challenge Accepted 4.0 - Cypress vs. SeleniumLyudmil Latinov This document compares the Cypress and Selenium testing frameworks. It provides an overview of each framework, including supported languages, browsers, and key differences. The document suggests Cypress may signal the end of an era for Selenium as it provides direct browser control, easier debugging of tests, and support for testing desktop applications like Electron. It highlights some unique features of Cypress, such as controlling application state and network traffic. The presentation ends with a Q&A section.
Building Cloud Native Architectures with Spring
Building Cloud Native Architectures with SpringKenny Bastani The document discusses the transition from monolithic to microservices architectures, emphasizing the cultural and operational challenges of monoliths and the eventual adoption of cloud-native approaches. It highlights tools like Spring Boot and Spring Cloud for building distributed systems, as well as strategies for migrating legacy systems to a microservices architecture without a complete overhaul. The document also outlines the importance of handling domain data and maintaining backward compatibility during the transition to ensure minimal disruption.
Web api
Web apiSudhakar Sharma This document provides an overview of ASP.NET Web API, a framework for building RESTful web services. It discusses key REST concepts like URIs, HTTP verbs, and HATEOAS. It also compares Web API to other technologies like WCF and SOAP, noting advantages of REST such as simpler CRUD operations and standardized development methodology. The document recommends resources like a book on building REST services from start to finish with ASP.NET MVC 4 and Web API.
What is REST API? REST API Concepts and Examples | Edureka
What is REST API? REST API Concepts and Examples | EdurekaEdureka! The document provides an overview of REST API, describing its features, principles, and methods for implementation. It highlights the request-response model, data formats like XML and JSON, and the four main operations: create, read, update, and delete. REST is characterized as an architectural style used in web services, which is stateless and often considered the 'language of the internet.'
REST API and CRUD
REST API and CRUDPrem Sanil A REST API uses HTTP requests with verbs like GET, POST, PUT, and DELETE to perform CRUD (Create, Read, Update, Delete) operations on resources identified by URLs. It provides a lightweight alternative to SOAP that returns data in JSON format and HTTP response codes. Well-known codes include 200 for OK, 201 for Created, 400 for Bad Request, and 404 for Not Found. REST enables building applications and platforms that can easily integrate new interfaces over time.
4 Major Advantages of API Testing
4 Major Advantages of API TestingQASource The document outlines four major advantages of API testing over GUI testing: it is time-effective, language-independent, allows for easy GUI integration, and tests core functionality. API testing can significantly reduce testing time and offers improved test coverage and resource conservation. For more details, additional information can be found in a blog post linked in the document.
REST Easy with Django-Rest-Framework
REST Easy with Django-Rest-FrameworkMarcel Chastain The document provides an overview of Django REST Framework, detailing its components, installation, and functionality for building APIs using REST concepts. It covers core topics such as serializers, API views, viewsets, and URL routing while highlighting the advantages of REST over SOAP. The document also includes customization options and resources for further learning.
B4USolution_API-Testing
B4USolution_API-Testingb4usolution . The document provides an overview of API testing, contrasting SOAP and REST protocols, detailing their differences in architecture, data formats, and performance. It explains the process of API testing, including setup, expected outputs, and best practices, while highlighting the importance of proper testing techniques and documentation. Additionally, it discusses challenges faced in API testing and the types of bugs that can be detected, along with recommended tools for effective testing.
Cypress, Playwright, Selenium, or WebdriverIO? Let the Engineers Speak!
Cypress, Playwright, Selenium, or WebdriverIO? Let the Engineers Speak!Applitools The document summarizes a discussion between several software engineers about test automation challenges and tools. It includes:
1) Names and social media handles of six engineers - Carter Capocaccia, Steve Hernandez, Jose Morales, Andrew Knight, Gleb Bahmutov, and Tally Barak.
2) A list of questions asked during the discussion about biggest challenges, favorite integrations, and aspects of other tools wished to be included in current projects.
3) Links shared by the panelists to resources on Cypress, Playwright, Selenium, WebdriverIO, visual testing and more.
Introduction to Swagger
Introduction to SwaggerKnoldus Inc. The document provides an overview of Swagger, a specification for REST APIs that facilitates interaction without source code access. It details Swagger components, including Swagger Editor, Swagger UI, and Swagger Codegen, alongside instructions on integrating Swagger with Play Framework. Additionally, it covers generating Swagger specifications, important attributes, and techniques for client SDK generation and endpoint management.
NashTech - Azure Application Insights
NashTech - Azure Application InsightsPhi Huynh This document provides an overview of Application Insights and how it can be used to monitor Azure services. It discusses key Application Insights features like performance tracing, alerts, and workbooks. It also covers how Application Insights integrates with tools like Visual Studio and VSTS. The document concludes with a brief discussion of pricing and some limitations.
Kata: Hexagonal Architecture / Ports and Adapters
Kata: Hexagonal Architecture / Ports and Adaptersholsky Hexagonal architecture is a software architecture pattern coined by Alistair Cockburn in 2005 that aims to make applications highly testable by separating the domain and application logic from the outer parts of an application like the user interface and databases. It uses port and adapter interfaces to connect the domain to the outside world which allows replacing external elements for testing purposes and makes the core logic independent of the outside tools and libraries. This decoupling brings benefits like easier testing without external elements, flexibility to change requirements and services, and emergent design.
Viewers also liked (20)
Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Mario Cardinal The document outlines best practices for architecting web APIs, particularly focusing on RESTful services and resource APIs. It discusses key concepts such as statelessness, uniform interfaces, error handling, security measures, and the importance of proper documentation. Additionally, it emphasizes using HTTP methods and status codes appropriately to enhance API functionality and user experience.
RESTful API Design, Second Edition
RESTful API Design, Second EditionApigee | Google Cloud This document provides guidance on designing RESTful APIs. It recommends using nouns instead of verbs, keeping URLs simple with only two endpoints per resource, and following conventions from leading APIs. Complex variations and optional parameters should be "swept behind the '?'." The document emphasizes designing for application developers by making APIs intuitive, consistent and complete while also accommodating exceptional clients. It suggests adding an API virtualization layer to handle complexity.
REST and ASP.NET Web API (Tunisia)
REST and ASP.NET Web API (Tunisia)Jef Claes REST is an architectural style for building distributed hypermedia systems based on HTTP. The core concepts of REST include resources identified by URIs, representations of those resources exchanged via standard HTTP methods like GET, PUT, POST, and DELETE. Effective REST APIs follow architectural values like performance, scalability, loose coupling, and consistency by making resources and relationships between them accessible over HTTP. ASP.NET Web API is a framework for building RESTful services on .NET. It allows creating HTTP-based services using controllers and attributes, supports content negotiation for XML and JSON, and includes features for error handling, message handlers, dependency injection, and testing.
Some REST Design Patterns
(and Anti-Patterns) - SOA Symposium 2009
Some REST Design Patterns
(and Anti-Patterns) - SOA Symposium 2009Cesare Pautasso This document discusses some REST design patterns and anti-patterns for building RESTful services. It begins with an introduction to REST and a methodology for designing RESTful services. It then presents several common REST design patterns, including entity endpoint, uniform contract, endpoint redirection, content negotiation, and idempotent capability. It concludes by introducing some common anti-patterns to avoid, such as tunneling all requests through GET or POST. The document provides examples to illustrate how each pattern can be applied.
Enterprise REST
Enterprise RESTGanesh Prasad The document outlines a practical approach for implementing Service-Oriented Architecture (SOA) in enterprises using Representational State Transfer (REST) principles. It emphasizes the importance of explicit boundaries, resource identification, and the use of standard HTTP verbs for CRUD operations while addressing concerns about reliability, performance, and asynchronous communications. The presentation is tailored for enterprise architects looking to create a feasible SOA roadmap without the complexities of traditional protocols like SOAP.
The never-ending REST API design debate -- Devoxx France 2016
The never-ending REST API design debate -- Devoxx France 2016Restlet The document discusses best practices for REST API design, including:
1) Using nouns instead of verbs for endpoints, and plural resource names instead of singular. It also recommends snake_case formatting.
2) Properly using HTTP status codes like 201 Created, 202 Accepted, 204 No Content, and providing helpful error responses.
3) Supporting features like pagination, filtering, sorting, searching, and caching responses with headers like ETag and Last-Modified.
4) Discussing approaches for API versioning in the URL, custom headers, or accept headers. The importance of hypermedia and discoverability is also emphasized.
The ASP.NET Web API for Beginners
The ASP.NET Web API for BeginnersKevin Hazzard This document provides an overview and examples for building web APIs with ASP.NET Web API. It discusses Richardson maturity levels, the HTTP request/response processing pipeline, attribute routing, and implementing handlers. It also demonstrates testing Web API controllers with the WebApiTestClient without requiring a running host. Key topics include building controllers, adding OData query support, creating an authorization handler, and following the Arrange, Act, Assert pattern for tests.
REST: From GET to HATEOAS
REST: From GET to HATEOASJos Dirksen The document discusses the creation of RESTful APIs, emphasizing the importance of hypermedia and the HATEOAS (Hypermedia as the Engine of Application State) principle. It outlines the constraints of REST architecture, compares different maturity levels of RESTful APIs, and provides examples to illustrate best practices for API design. The content is opinionated, reflecting the author's perspective on effective REST implementation and interoperability.
ASP.NET WEB API
ASP.NET WEB APIThang Chung This document provides an overview of ASP.NET Web API including:
- A model of REST maturity with 4 levels from plain XML to hypermedia controls.
- The purpose of Web APIs as RESTful HTTP services compared to SOAP.
- Mapping from WCF to the Web API model using controllers, actions, and routing instead of endpoints.
- Features like content negotiation, model binding, and dependency injection supported in the Web API stack.
C# ASP.NET WEB API APPLICATION DEVELOPMENT
C# ASP.NET WEB API APPLICATION DEVELOPMENTDr. Awase Khirni Syed The document provides an introduction to ASP.NET Web API and discusses key concepts related to web services and HTTP including:
1. Web API allows exposing data and services to different devices by taking advantage of full HTTP features like URIs, headers, caching, and supporting various content formats like XML and JSON.
2. SOAP and HTTP are common protocols for implementing web services, with SOAP using HTTP and XML for serialization and HTTP serving as a more lightweight alternative supporting any content over the protocol.
3. Key HTTP concepts discussed include requests, responses, status codes, headers, and the stateless nature of the protocol, with HTTP providing a standard for communication between client and server applications.
Rest API Security
Rest API SecurityStormpath The document outlines various methods of API security, focusing on authentication and authorization techniques for developers using Stormpath. It details HTTP authentication schemes, including basic, digest, bearer tokens, and custom schemes, while emphasizing the importance of secure user credentials and server endpoints. The use of JSON Web Tokens (JWT) is highlighted for efficient stateless authentication, alongside API key management and the implementation of access control rules.
Understanding REST
Understanding RESTNitin Pande - REST (Representational State Transfer) uses HTTP requests to transfer representations of resources between clients and servers. The format of the representation is determined by the content-type header and the interaction with the resource is determined by the HTTP verb used.
- The four main HTTP verbs are GET, PUT, DELETE, and POST. GET retrieves a representation of the resource and is safe, while PUT, DELETE, and POST can modify the resource's state in atomic operations.
- Resources are abstract concepts acted upon by HTTP requests, while representations are the actual data transmitted in responses. The representation may or may not accurately reflect the resource's current state.
REST & RESTful Web Services
REST & RESTful Web ServicesHalil Burak Cetinkaya REST (Representational State Transfer) is an architectural style focused on client-server communication that utilizes resources, identified by unique URIs, to facilitate interaction over HTTP. It promotes statelessness, scalability, and a uniform interface for transferring resource states, making it distinct from traditional protocols like SOAP. REST is widely popular for web services due to its simplicity, flexibility, and efficiency, particularly in modern browser-based applications.
RESTful Web Services
RESTful Web ServicesChristopher Bartling The document discusses REST (REpresentational State Transfer), an architectural style for building distributed systems. It covers REST concepts like resources, representations, URIs, HTTP methods, caching, and versioning. It provides guidance on designing RESTful APIs, including determining resources, supported methods, and return codes. Content negotiation and tools for testing REST APIs are also mentioned.
Design Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIsStormpath The document outlines best practices for designing RESTful APIs using JSON, focusing on identity management and access control. It emphasizes principles such as scalability, security, and ease of use, while detailing resource handling, interaction methods, and error management. Key topics include HATEOAS, resource representation, and proper use of HTTP methods for CRUD operations.
Best practices for RESTful web service design
Best practices for RESTful web service designRamin Orujov Ramin Orujov presents best practices for designing RESTful web services, covering fundamentals of REST, resource naming conventions, representations, HTTP methods, error handling, versioning, paging, searching and filtering, security, caching and scalability. The presentation provides guidelines for each of these areas and references additional resources for further information.
Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Stormpath The document outlines best practices for securing REST APIs, focusing on user management, authentication methods, and security workflows. It emphasizes using OAuth 1.0a or OAuth 2 with MAC, avoiding basic authentication, and implementing proper authorization checks along with secure API key management. Additionally, it covers the importance of TLS, configuration management, and efficient storage of sensitive data to protect against vulnerabilities.
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management The document discusses best practices for securing APIs and identifies three key areas: parameterization, identity, and cryptography. It notes that APIs have a larger attack surface than traditional web apps due to more direct parameterization. It recommends rigorous input and output validation, schema validation, and constraining HTTP methods and URIs. For identity, it advises using real security tokens like OAuth instead of API keys alone. It also stresses the importance of proper cryptography, like using SSL everywhere and following best practices for key management and PKI. The overall message is that APIs require different security practices than traditional web apps.
ASP.NET Web API
ASP.NET Web APIPietro Libro Il documento tratta delle API web in ASP.NET, coprendo concetti come REST e SOAP, la sicurezza delle API e il risolutore di dipendenze. Viene descritto il funzionamento delle API RESTful e le loro caratteristiche, come statelessness e accessibilità attraverso operazioni HTTP. Inoltre, si menzionano strumenti e risorse necessarie per sviluppare con ASP.NET e si offrono riferimenti utili per ulteriori studi.
[S lide] java_sig-spring-framework
[S lide] java_sig-spring-frameworkptlong96 The Spring Framework aims to make J2EE development easier and more productive by providing an inversion of control container and aspect-oriented programming. It addresses requirements across application tiers rather than focusing on a single tier. The Spring Framework's goals include eliminating the need for "glue" code between tiers, facilitating unit testing and object-oriented best practices, and providing an alternative to Enterprise JavaBeans for many applications.
Ad
Similar to RESTful API Design Best Practices Using ASP.NET Web API (20)
API Description Languages
API Description LanguagesAkana The document provides an overview of API Description Languages (API DL) and their significance in developing and managing RESTful APIs, highlighting options such as Swagger, RAML, and WSDL. It discusses the advantages and disadvantages of each language, as well as their community support, design approaches, and use cases. Additionally, it emphasizes the importance of documentation and the potential challenges in keeping it synchronized with production code.
API Description Languages
API Description LanguagesAkana This document discusses API description languages (APIs), comparing Swagger and RAML. It provides an overview of each specification and demonstrates how to define a sample wishlist API using Swagger via swagger-node-express and RAML. While both work well for RESTful APIs, RAML allows for more robust modeling and top-down design capabilities. The document considers issues like documentation approaches and generating documentation from code versus design.
API 101 - Understanding APIs
API 101 - Understanding APIs3scale The document is a transcript from an API 101 workshop that provides an introduction to APIs. In the workshop, two presenters discuss what APIs are, the business benefits of APIs, REST architecture, and tips for API design and developer success. They cover topics such as API history, how APIs enable applications and services, examples of companies that built platforms using APIs, REST principles like HTTP verbs and response formats, and best practices for marketing and supporting developers. The workshop includes presentations, examples, and opportunities for audience Q&A.
API 101 - Understanding APIs.
API 101 - Understanding APIs.Kirsten Hunter The document is a transcript from an API 101 workshop. It provides an introduction to APIs and discusses what they are, their history, examples of how APIs work, and best practices for designing, marketing, and supporting APIs. The workshop consisted of presentations and discussions from multiple speakers on topics including the business benefits of APIs, REST architecture, and strategies for API and developer success.
Documenting Your API
Documenting Your APIMailjet The document outlines a presentation by Mailjet's developer evangelist regarding the importance of APIs in product development, emphasizing the need for quality documentation and a seamless onboarding experience for developers. It discusses various documentation tools and platforms, including Jekyll, Swagger, and Slate, highlighting their features and pros and cons. The document also posits aims for consistency and community involvement in improving documentation processes while inviting audience engagement on common documentation challenges.
"Design and Test First"-Workflow für REST APIs
"Design and Test First"-Workflow für REST APIsMarkus Decke The document discusses the importance of a structured workflow for designing, coding, testing, and documenting REST APIs, emphasizing the role of tools like Swagger and RAML in reducing errors and improving specifications. It outlines a 'tooled' workflow where design, test, code, and documentation are interconnected and suggests automation to streamline the process. Examples and references to various Swagger tools and related resources are provided to support the implementation of this workflow.
Web Server Application Logs LTEC2013
Web Server Application Logs LTEC2013Michal Špaček 1) Web developers build web applications that run on the internet and are accessed through URLs, but these applications can be vulnerable to SQL injection attacks if user input is not sanitized properly.
2) Both web servers and web applications should write log files of requests to help with debugging, performance, and security issues like data breaches.
3) Logging has challenges related to disk space, performance, and reviewing the logs, but reviewing logs can help web developers act as "digital forensics guys" and detect breaches early by searching logs for keywords.
API 101 Workshop from APIStrat Conference
API 101 Workshop from APIStrat ConferenceKirsten Hunter The document provides an overview of APIs, including their definition, historical context, and applications in business and technology. It discusses key topics such as API design, marketing, and developer support, aiming to equip participants with the knowledge needed to effectively use and implement APIs. The workshop emphasizes interaction and encourages participants to engage and ask questions throughout the session.
Punta Dreamin 17 Generic Apex and Tooling Api
Punta Dreamin 17 Generic Apex and Tooling ApiAdam Olshansky The document discusses the use of generic programming in Apex and the Tooling API for Salesforce, focusing on the differences between static and dynamic code. It highlights the advantages and disadvantages of dynamic coding and emphasizes the need for developers to understand user-specific dependencies to write effective code. Additionally, it provides information on potential tools and resources for building applications using dynamic Apex and the Tooling API.
API's - Successes to Replicate. Pitfalls to Avoid.
API's - Successes to Replicate. Pitfalls to Avoid.Inman News The document provides advice on designing APIs based on the author's experience creating real estate APIs over 10+ years. Some key lessons include:
- Design APIs as products - listen to customers, provide value, make it easy to use
- Design for API users, not just your own needs - understand user intents and use cases
- Start simply and focus on usability - prioritize essential functionality over flexibility
- Engage with users and iterate based on feedback to continuously improve the API
API101 Workshop - APIStrat Amsterdam 2014
API101 Workshop - APIStrat Amsterdam 20143scale The document provides an overview of APIs, including their definitions, historical context, and business and technical cases for using them. It highlights the importance of API design, marketing, and developer support to ensure successful implementation. Additionally, it covers REST principles, response formats, and the significance of authentication and authorization.
API's - Successes to Replicate. Pitfalls to Avoid.
API's - Successes to Replicate. Pitfalls to Avoid.Peter Goldey The document discusses the evolution of real estate APIs and emphasizes the need to design them with user intent and usability in mind. It highlights important considerations for API development, such as understanding client use cases, using standard practices, and fostering effective communication between the API and its users. Additionally, it provides a series of do's and don’ts to ensure API effectiveness and efficiency.
APIdays Paris 2019 - API Descriptions as Product Code by Phil Sturgeon, Stopl...
APIdays Paris 2019 - API Descriptions as Product Code by Phil Sturgeon, Stopl...apidays The document discusses common questions about API descriptions and OpenAPI specifications. It provides answers and examples for questions such as whether to design APIs first or code first, what tools support OpenAPI v3.0, why there are no visual editors, how to create documentation and mocks, and how to keep code and documentation in sync. It also discusses using API descriptions for validation by reusing the specifications in middleware, avoiding multiple sources of truth, and enabling validation at the client-side using JSON Schema.
BDD to the Bone: Using Behave and Selenium to Test-Drive Web Applications
BDD to the Bone: Using Behave and Selenium to Test-Drive Web ApplicationsPatrick Viafore The document outlines a testing framework for URL shorteners using Behavior-Driven Development (BDD) with Behave and Selenium, emphasizing the importance of user requirements. It highlights the key functionalities, such as shortening URLs, redirecting users, and tracking accesses, while discussing various testing scenarios using Gherkin syntax. Additionally, it addresses challenges in acceptance testing and the need for continuous communication with customers to ensure software meets their demands.
Liferay as a headless platform
Liferay as a headless platform Jorge Ferrer The document discusses Liferay's approach to headless software, emphasizing the importance of secure hypermedia APIs that cater to various users and devices. It outlines the advantages of API-driven business models, the security and control measures, such as OAuth 2.0 for authorization, and the importance of designing APIs for reusability and standardization. Additionally, it presents guidelines for developing customizable APIs and highlights Liferay's commitment to creating efficient, decoupled, and evolvable API infrastructures.
Scaling Machine Learning Systems up to Billions of Predictions per Day
Scaling Machine Learning Systems up to Billions of Predictions per DayCarmine Paolino The document discusses challenges and solutions in scaling machine learning systems to handle billions of predictions daily, with a focus on software development principles. It highlights the importance of understanding 'listing quality' in terms of image features such as light quality and sharpness, and emphasizes that being 'feature complete' doesn't equate to being production-ready. Key lessons learned include the necessity of traffic management, limitations in processing, and the importance of handling failures efficiently.
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...OWASP Kyiv The document discusses cryptography and security. It argues that most users want cryptography solutions that are simple, easy to use, cross-platform, and avoid common mistakes rather than new algorithms. It promotes the idea of "boring crypto" that just works without needing upgrades. It also discusses different options for implementing cryptography like crypto libraries, systems, and boxed solutions and how to choose the right approach for a given use case.
Look, Ma! No servers! Serverless application development with MongoDB Stitch
Look, Ma! No servers! Serverless application development with MongoDB StitchLauren Hayward Schaefer The document discusses serverless application development using MongoDB Stitch, emphasizing its advantages such as reduced infrastructure needs, cost efficiency, and speed. It details the functionalities of Query Anywhere, functions, and triggers, and highlights successful case studies demonstrating significant improvements in delivery speed and cost savings. Additionally, it announces related sessions and resources for further learning about MongoDB Stitch.
Ibm_interconnect_restapi_workshop
Ibm_interconnect_restapi_workshopShubhra Kar This document provides an overview of Shubhra Kar's presentation on using Node.js to build APIs and hyperscale the API economy. The presentation discusses using Node.js for mobile/omni-channel backends, high performance ESBs, and IoT. It also covers why Node.js is well-suited for APIs, which Node.js framework to choose, design patterns, and how to code and deploy an API in 10 minutes. The document includes graphs comparing Node.js performance to other solutions and discusses trends around microservices and decomposing monolithic APIs.
MongoDB World 2019: Look, Ma, No Servers! Serverless Application Development ...
MongoDB World 2019: Look, Ma, No Servers! Serverless Application Development ...MongoDB This document summarizes a talk about serverless application development using MongoDB Stitch. The talk discusses what serverless and Stitch are, how to use Stitch's QueryAnywhere, Functions, and Triggers features, and how to deploy serverless code. Serverless applications can reduce infrastructure management, allow independent deployments, and only charge for resources used. MongoDB Stitch is a platform that allows building serverless applications using MongoDB as the database with features like serverless functions and mobile sync capabilities.
Ad
Recently uploaded (20)
MOVIE RECOMMENDATION SYSTEM, UDUMULA GOPI REDDY, Y24MC13085.pptx
MOVIE RECOMMENDATION SYSTEM, UDUMULA GOPI REDDY, Y24MC13085.pptxMaharshi Mallela Movie recommendation system is a software application or algorithm designed to suggest movies to users based on their preferences, viewing history, or other relevant factors. The primary goal of such a system is to enhance user experience by providing personalized and relevant movie suggestions.
From Data Preparation to Inference: How Alluxio Speeds Up AI
From Data Preparation to Inference: How Alluxio Speeds Up AIAlluxio, Inc. Alluxio Webinar
June 17, 2025
For more Alluxio Events: https://www.alluxio.io/events/
Speaker:
Jingwen Ouyang (Sr. Product Manager @ Alluxio)
In this talk, Jingwen Ouyang, Senior Product Manager at Alluxio, will share how Alluxio make it easy to share and manage data from any storage to any compute engine in any environment with high performance and low cost for your model training, model inference, and model distribution workload.
Canva Pro Crack Free Download 2025-FREE LATEST
Canva Pro Crack Free Download 2025-FREE LATESTgrete1122g 🌍📱👉COPY & PASTE LINK >> https://click4pc.com/after-verification-click-go-to-download-page/
Canva Pro PC Crack is a practical design app to create beautiful montages and compositions with a lot of resources on the platform.
Simplify Task, Team, and Project Management with Orangescrum Work
Simplify Task, Team, and Project Management with Orangescrum WorkOrangescrum Streamline project workflows, team collaboration, and time tracking with orangescrum work, your all-in-one tool for smarter and faster project execution.
Zoneranker’s Digital marketing solutions
Zoneranker’s Digital marketing solutionsreenashriee Zoneranker offers expert digital marketing services tailored for businesses in Theni. From SEO and PPC to social media and content marketing, we help you grow online. Partner with us to boost visibility, leads, and sales.
Open Source Software Development Methods
Open Source Software Development MethodsVICTOR MAESTRE RAMIREZ Open Source Software Development Methods
Streamlining CI/CD with FME Flow: A Practical Guide
Streamlining CI/CD with FME Flow: A Practical GuideSafe Software Join us as we explore how to deploy a fault-tolerant FME Flow installation using FME Flow’s IaC templates alongside Terraform, AWS, and GitHub in a CI/CD workflow. This session will also cover how to leverage FME’s CI/CD capabilities for FME Flow upgrades and FME object migration between different environments, ensuring seamless automation and scalability.
CodeCleaner: Mitigating Data Contamination for LLM Benchmarking
CodeCleaner: Mitigating Data Contamination for LLM Benchmarkingarabelatso The pdf version of "CodeCleaner: Mitigating Data Contamination for LLM Benchmarking" presented in Internetware 2025.
Best Practice for LLM Serving in the Cloud
Best Practice for LLM Serving in the CloudAlluxio, Inc. Alluxio Webinar
June 17, 2025
For more Alluxio Events: https://www.alluxio.io/events/
Speaker:
Nilesh Agarwal (Co-founder & CTO @ Inferless)
Nilesh Agarwal, co-founder & CTO at Inferless, shares insights on accelerating LLM inference in the cloud using Alluxio, tackling key bottlenecks like slow model weight loading from S3 and lengthy container startup time. Inferless uses Alluxio as a three-tier cache system that dramatically cuts model load time by 10x.
Download Adobe Illustrator Crack free for Windows 2025?
Download Adobe Illustrator Crack free for Windows 2025?grete1122g COPY & PASTE LINK 👉👉👉 https://click4pc.com/after-verification-click-go-to-download-page/
Adobe Illustrator CC Crack will make your illustration level upgrade by moving toward real modification purpose using adobe pro tools there ..
Key Challenges in Troubleshooting Customer On-Premise Applications
Key Challenges in Troubleshooting Customer On-Premise ApplicationsTier1 app When applications are deployed in customer-managed environments, resolving performance issues becomes a hidden battle. Limited access to logs, delayed responses, and vague problem descriptions make root cause analysis incredibly challenging.
In this presentation, we walk through:
The six most common hurdles faced in on-prem troubleshooting
A practical 360° artifact collection strategy using the open-source yc-360 script
Real-world case studies covering transaction timeouts, CPU spikes, and intermittent HTTP 502 errors
Benefits of structured data capture in reducing investigation time and improving communication with customers
✅ Whether you're supporting enterprise clients or building tools for distributed environments, this deck offers a practical roadmap to make on-prem issue resolution faster and less frustrating.
Introduction to Agile Frameworks for Product Managers.pdf
Introduction to Agile Frameworks for Product Managers.pdfAli Vahed As a Product Manager, having a solid understanding of Agile frameworks is essential, whether you are joining an established team or helping shape a new one.
Agile is not just a delivery method; it is a mind set that directly impacts how products are built, iterated, and brought to market. Knowing the strengths and trade-offs of each framework enables you to collaborate more effectively with teams, foster alignment, and drive meaningful outcomes.
Simply put, Agile fluency helps you lead with clarity in fast-paced, ever-changing environments.
The next few slides are simple ‘STUDY CARDS’ to help you learn or refresh your understanding of a few popular Agile frameworks.
Modern Platform Engineering with Choreo - The AI-Native Internal Developer Pl...
Modern Platform Engineering with Choreo - The AI-Native Internal Developer Pl...WSO2 Building and operating internal platforms has become increasingly complex — sprawling toolchains, rising costs, and fragmented developer experiences are slowing teams down. It’s time for a new approach.
This slide deck explores modern platform engineering with Choreo, WSO2’s AI-native Internal Developer Platform as a Service. Discover how you can streamline platform operations, empower your developers, and drive faster innovation — all while reducing complexity and cost.
Learn more: https://wso2.com/choreo/platform-engineering/
Enable Your Cloud Journey With Microsoft Trusted Partner | IFI Tech
Enable Your Cloud Journey With Microsoft Trusted Partner | IFI TechIFI Techsolutions Start your cloud journey with IFI Tech—Microsoft’s trusted partner delivering secure, scalable Azure solutions tailored for your business.
Advance Doctor Appointment Booking App With Online Payment
Advance Doctor Appointment Booking App With Online PaymentAxisTechnolabs https://www.slideshare.net/slideshow/advance-doctor-appointment-booking-app-with-online-payment/280654375
Y - Recursion The Hard Way GopherCon EU 2025
Y - Recursion The Hard Way GopherCon EU 2025Eleanor McHugh In most modern programming languages, including Go, it's possible for a function to call itself recursively. It's such a mainstream technique that we've come to take it for granted.
But what if functions couldn't call themselves?
There's a branch of mathematics called Combinatorics which answers just these kinds of questions, and this presentation takes these ideas and phrases them in Go to teach a deeper view of computation through the medium of code.
The Anti-Masterclass Live - Peak of Data & AI 2025
The Anti-Masterclass Live - Peak of Data & AI 2025Safe Software Even the most experienced FME users still make mistakes, and that includes us. And that's okay because making mistakes makes you better. Come join and learn from us as we run down the most common ones so you can lift yourself to a higher level of FME workflow development. Based on decades of experience using and teaching FME, our tips can save you a lot of time, frustration and bad data.
Building Geospatial Data Warehouse for GIS by GIS with FME
Building Geospatial Data Warehouse for GIS by GIS with FMESafe Software Data warehouses are often considered the backbone of data-driven decision-making. However, traditional implementations can struggle to meet the iterative and dynamic demands of GIS operations, particularly for Iterative Cross-Division Data Integration (ICDI) processes. At WVDOT, we faced this challenge head-on by designing a Geospatial Data Warehouse (GDW) tailored to the needs of GIS. In this talk, we’ll share how WVDOT developed a metadata-driven, SESSI-based (Simplicity, Expandability, Spatiotemporality, Scalability, Inclusivity) GDW that transforms how we manage and leverage spatial data. Key highlights include: - Simplifying data management with a lean schema structure. - Supporting ad hoc source data variations using JSON for flexibility. - Scaling for performance with RDBMS partitioning and materialized views. - Empowering users with FME Flow-based self-service metadata tools.We’ll showcase real-world use cases, such as pavement condition data and LRS-based reporting, and discuss how this approach is elevating GIS as an integrative framework across divisions. Attendees will walk away with actionable insights on designing GIS-centric data systems that combine the best of GIS and data warehouse methodologies.
Azure AI Foundry: The AI app and agent factory
Azure AI Foundry: The AI app and agent factoryMaxim Salnikov Discover how Azure AI Foundry is transforming the way organizations innovate and operate. This session explores the pivotal role of AI in reshaping business processes, enhancing employee experiences, and redefining customer engagement. Attendees will gain insights into the strategic value of AI investments, including the measurable returns and the growing momentum behind generative AI experimentation.
The talk introduces the emerging paradigm of agentic AI - intelligent agents that are revolutionizing how we build, manage, and interact with software. Through real-world examples, the session demonstrates how Azure AI Foundry empowers teams to design, customize, and scale AI applications and agents, unlocking new levels of efficiency and creativity across industries.
RESTful API Design Best Practices Using ASP.NET Web API
- 1. #NeverRest RESTful API Design Best Practices Using ASP.NET Web API Spencer Schneidenbach @schneidenbach
- 2. Slides, links, and more at rest.schneids.net @schneidenbach#NeverRest
- 4. Developers have the power of choice @schneidenbach#NeverRest
- 5. Long-term benefits @schneidenbach#NeverRest Go from 0 to “make magic happen” Learn stuff and manage exceptions
- 6. Developers have the power of choice @schneidenbach#NeverRest
- 7. Developers have an opportunity create something better than the competition @schneidenbach#NeverRest
- 8. API Design is UX for Developers @schneidenbach#NeverRest
- 9. This quote sums it up nicely If you don’t make usability a priority, you’ll never have to worry about scalability. -Kirsten Hunter @synedra @schneidenbach#NeverRest
- 13. There’s No Silver Bullet @schneidenbach#NeverRest
- 14. What is REST? Representational State Transfer @schneidenbach#NeverRest
- 15. Uniform Interface Code on Demand (optional) Layered StatelessCacheableClient-Server The Six Constraints of REST @schneidenbach#NeverRest
- 16. Resource identification Uniform Interface constraint Content-Type: application/json Resource manipulation with representations Self-descriptive Hypermedia as the engine of application state (HATEOAS) GET /employees/1234 PUT /employees/1234 @schneidenbach#NeverRest
- 17. What is a RESTful API? RESTful API == an API that follows REST architecture Term has been sort of co-opted REST != JSON REST != HTTP Lots of people say “REST API” when they really mean HTTP JSON API @schneidenbach#NeverRest
- 18. Pragmatic REST RESTful API != Good API @schneidenbach#NeverRest
- 19. Do what makes sense. Throw out the rest. Is that vague enough for you? @schneidenbach#NeverRest
- 21. Designing your RESTful API I HAVE ONE RULE… okay I actually have two rules @schneidenbach#NeverRest
- 22. (or, Keep it Simple, Stupid) @schneidenbach#NeverRest
- 23. KISS Don’t be creative. Provide what is necessary – no more, no less. Use a handful of HTTP status codes. @schneidenbach#NeverRest
- 24. 403 Forbidden (aka you can’t do that) 401 Unauthorized (aka not authenticated) 404 Not Found 400 Bad Request201 Created200 OK Good HTTP Codes @schneidenbach#NeverRest
- 25. KISS { "id": 1234, "active": true, "nameId": 345 } { "id": 345, "name": "Acme" } Customer API Name API GET /customers/1234 GET /names/345 @schneidenbach#NeverRest
- 26. KISS That’s TWO REQUESTS per GET That’s TWO REQUESTS per POST What’s the point? @schneidenbach#NeverRest
- 27. Don’t let your specific implementations leak if they are hard to use or understand. @schneidenbach#NeverRest
- 28. KISS { "id": 1234, "active": true, "name": "Acme" } Customer API GET /customers/1234 @schneidenbach#NeverRest
- 31. Second big rule – Be Consistent Be consistent with accepted best practices. Be consistent with yourself. @schneidenbach#NeverRest
- 33. Don’t mutate data with GETs. @schneidenbach#NeverRest
- 34. Resource identification Nouns vs. verbs Basically, use plural nouns @schneidenbach#NeverRest
- 35. { "invoices": [ { ... }, { ... } ] } GET /customers/1234/invoices GET /customers/1234 ?expand=invoices Within the parent object Sub-resource strategies As a separate request Using an expand parameter Be consistent, but be flexible when it makes sense @schneidenbach#NeverRest
- 38. Filtering $filter=(name eq 'Milk' or name eq 'Eggs') and price lt 2.55 @schneidenbach#NeverRest
- 39. Sorting and filtering for free Google “OData web api” @schneidenbach#NeverRest
- 40. Paging GET /customers? page=1 & pageSize=1000 { "pageNumber": 1, "results": [...], "nextPage": "/customers?page=2" } Good paging example on my blog: rest.schneids.net @schneidenbach#NeverRest
- 41. Do I need to sort/page/filter? Maybe! What do your consumers need? @schneidenbach#NeverRest
- 42. Versioning Your APIs should stand a test of time @schneidenbach#NeverRest
- 43. Versioning GET /customers Host: contoso.com Accept: application/json X-Api-Version: 1 @schneidenbach#NeverRest POST /customers Host: contoso.com Accept: application/json X-Api-Version: 2.0
- 44. Versioning Use URL versioning @schneidenbach#NeverRest GET /v1/customers Host: contoso.com Accept: application/json
- 45. Error reporting Errors are going to happen. How will you manage them? @schneidenbach#NeverRest
- 46. Error reporting { "name": "Arana Software" } @schneidenbach#NeverRest Requires name and state POST /vendors 400 Bad Request Content-Type: application/json "State is required." { "firstName": "Spencer" } Requires first and last name POST /employees 400 Bad Request Content-Type: application/json { "errorMessage": "Your request was invalid." }
- 48. Error reporting Make finding and fixing errors as easy on your consumer as possible. @schneidenbach#NeverRest
- 50. Use SSL. Don’t roll your own encryption. Pick an auth strategy that isn’t Basic. @schneidenbach#NeverRest Security
- 51. Ok, time for some code examples and practical advise @schneidenbach#NeverRest
- 60. Separation of concerns @schneidenbach#NeverRest Controllers should know “where,” not ”how.”
- 63. Validation Validate. Validate. Validate. @schneidenbach#NeverRest Separate validation logic from object. Google Fluent Validation
- 64. Controller Good Architecture Request Handler/ServiceValidator Enforce separation of concerns for maintainability and testability. Google MediatR
- 66. Documentation A good API lives and dies by its documentation. (you should tweet that out) @schneidenbach#NeverRest
- 67. Maintaining your API Vendor: “Hey, we’ve made some under-the-cover changes to our endpoint. It shouldn’t impact you, but let us know if it breaks something.” Us: ”Okay. Can you release it to test first so we can run our integration tests against the endpoint and make sure everything works?” Vendor: ”Well, actually we need it ASAP, so we’re releasing to prod in an hour.” @schneidenbach#NeverRest
- 68. Maintaining your API Fix bugs and optimize. Don’t introduce breaking changes like removing properties. @schneidenbach#NeverRest
- 69. Thank you! Slides, resources at rest.schneids.net schneids.net @schneidenbach
Editor's Notes
- #4: As an integrator, I see a lot of APIs that are good. I see far more that are bad. I’ve seen good SOAP APIs and bad ”REST” APIs.
- #5: Developers have the ultimate power – the power to choose. The power to influence. When you need to use a service, you want that service to be consistent, easy to use, and well-documented, among other things.
- #6: Developers have the ultimate power – the power to choose. The power to influence. When you need to use a service, you want that service to be consistent, easy to use, and well-documented, among other things.
- #7: Developers have the ultimate power – the power to choose. The power to influence. When you need to use a service, you want that service to be consistent, easy to use, and well-documented, among other things.
- #8: Think about the business you’re in. Think about the services your business could provide to external consumers if you have an API. Now think about your competition. A good API can means the difference between a lead and a customer.
- #9: Think about the business you’re in. Think about the services your business could provide to external consumers if you have an API. Now think about your competition. A good API can means the difference between a lead and a customer.
- #13: Simple means simple for your users. Think about the effort put into creating a user interface that’s easy to use. Making it easy for developers to consume your API is not a trivial task. Requires lots of thinking, research, and design. Not to mention good documentation!
- #14: There’s no silver bullet, or one answer, to your API problems. Sometimes you’re limited by scalability.
- #15: It’s the architecture of the web
- #24: Error codes/API structure/HTTP principles (GET vs POST)
- #32: Error codes/API structure/HTTP principles (GET vs POST)
- #43: Note that I said A test of time, not THE test of time. An API should be built with some kind of lifecycle in mind. You will end up rewriting it later and
- #50: Encryption – use SSL, don’t roll your own (tell story about substitution cypher) Authentication – talk about Basic vs OAuth
- #51: Error codes/API structure/HTTP principles (GET vs POST)
- #58: Controllers should know who needs to do something, not how to do it Maintains a separation of concerns Much more broken down and testable
- #59: Controllers should know who needs to do something, not how to do it Maintains a separation of concerns Much more broken down and testable
- #60: Controllers should know who needs to do something, not how to do it Maintains a separation of concerns Much more broken down and testable
- #62: Controllers should know who needs to do something, not how to do it Maintains a separation of concerns Much more broken down and testable
- #69: Error codes/API structure/HTTP principles (GET vs POST)
- #70: Great resource: https://github.com/Microsoft/api-guidelines/blob/master/Guidelines.md