SlideShare a Scribd company logo

Super simple introduction to REST-APIs (2nd version)

Download as PPTX, PDF
Patrick Savalle, profile picture
Patrick Savalle

This document is a comprehensive introduction to REST APIs, explaining REST as an HTTP design pattern that maps server resources to URLs for client manipulation using HTTP verbs. It outlines the basics of HTTP, REST principles, API design best practices, and authentication methods, emphasizing the importance of treating APIs as products. The document also provides guidance on endpoint structure, interface quality, and implementation strategies for effective REST API development.

Presentations & Public Speaking
Related topics:
Insights on Software Development Data Modelling
1 of 25
Downloaded 21 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Super simple introduction to REST-API’s For programmers By Patrick Savalle (http://patricksavalle.com), software architect
Summary • REST is an HTTP design pattern • REST-APIs map server resources onto URLs • Clients can manipulate resources using HTTP-verbs
CONTENTS 1. HTTP-BASICS 2. REST-BASICS 3. API-BASICS
PART 1 HTTP BASICS
Part 1 - HTTP - URL Every resource has an unique URL that consists of several parts.
Part 1 – HTTP - PROTOCOL HTTP is a plain text conversation between a client and a server. The conversation is based on actions performed on resources which are addressed by URL’s.
Part 1 - HTTP - Request Requests and responses can contain header-fields and a body. Everything is plain text. Headers usually contain metadata or indicate conversation preferences whereas the body contains content.
Part 1 - HTTP – Status codes Every response contains a status code.
PART 2 REST BASICS
There is REST, SOAP, GraphQl and other API-protocols possible on HTTP, why REST? • Every tool that can handle HTTP, can handle REST natively. For instance gateways, web- servers and browsers can effectively cache, route, verify, manipulate REST requests and responses. In short: the whole web supports REST • It is simple and elegant • Even simple (embedded) servers can implement it • Less diversity in technology, you already use HTTP in your stack Part 2 - REST - Why? REST is HTTP ‘done right’. Created by the same designer.
Part 2 - REST – The API VERB + URL = ENDPOINT. All endpoints together form the API.
Part 1 - HTTP - Verbs The actions that can be performed on a resource are called ‘methods’ or ‘verbs’. Below the commonly used verbs (there are many more). POST – create and other non-idempotent operations PUT – replace PATCH – (partial) update DELETE – delete GET – read TRACE – echo HEAD – headers only OPTIONS – CORS preflight Idempotent = no additional effects when called more than once with the same input. In math: f(f(x)) = f(x), e.g. abs(abs(-1)) = abs(-1) = 1
ACTION RESOURCE <verb> https://<host>/<api_version>[/<resource_type>/<instance_id>] GET https://animal.api/1/lions (returns collection) GET https://animal.api/1/lions/4 (returns single lion) POST https://animal.api/1/lions (create new element) PUT https://animal.api/1/lions/4 (updates element) PATCH https://animal.api/1/lions/4 (partial update) DELETE https://animal.api/1/lions (deletes collection) DELETE https://animal.api/1/lions/harry@lion.com (deletes element) GET https://animal.api/1/zoo/33/cage/9/animal/1 GET https://animal.api/1/lions?start=100&count=50 GET https://animal.api/1/lions?id=100&id=103&id=107 (parameter-array) Part 2 - REST – Endpoint structure An endpoint has a very strict URL structure. This is key to ‘REST’. Map your domain resources onto URLs and allow them to be manipulated. Note: like in datamodelling all resources are always PLURAL
Part 2 - REST – Done wrong REST is not SOAP. An URL is NOT a RPC-address or method, it is an universal RESOURCE locator Bad REST API (bad URL’s in general): POST https://domain.com/updateProfile POST https://domain.com/deleteProfile POST https://domain.com/createProfile Good REST API: POST https://domain.com/v1/profiles GET https://domain.com/v1/profiles PUT https://domain.com/v1/profiles/piet@puk.com DELETE https://domain.com/v1/profiles/piet@puk.com GET https://domain.com/v1/profiles/piet@puk.com (Note: this ‘standard’ set is called ‘The Collection Metaphore’)
AUTHENTICATION • HTTP BASIC AUTH Client sends user/password in Authenication header with each API-call. Simple, safe, good choice for API-2-API • BEARER TOKEN Get a temporary access token from API, put in Authentication header, simple, safe, good choice for WEB-2-API • OAUTH2 flow Industry standard. Flexible. Safe. Mostly used when authentication is done by an external application (IDP). Often in combination with Bearer Token. Part 2 - REST - Authentication
PART 3 API BASICS
Possible run-time clients of your API: • Other API’s • Web applications and web front ends (like Angular, React, JQuery web apps) • Mobile app’s, desktop applications etc. • Machines, bots, things But not: • Humans  Design an API ‘outside-in’, as a product for a generic client. Not just as the library for your specific front-end. Use scenario’s or use-cases. Part 3 - API – Outside-in Don’t build your API for a specific type of client.
• Base your REST-API on a (the) domain model (you MUST have a domain model for your application, reverse engineer this if it is not present) • Every parent or whole in the model is on a root URL • Every child or part in the model is in an URL relative to its parent or whole • Use the Collection Metaphore, each resource has a standard set of endpoints The relevant desing patterns are described here: https://hersengarage.nl/rest-api-design- as-a-craft-not-an-art-a3fd97ed3ef4 Part 3 - API – Best practice
• Consistent (avoid surprises) • Cohesive (only lists purposeful endpoints) • Complete (has all necessary endpoints for its purpose) • Minimal (only one way to do things) • Encapsulating (hiding implementation details) • Self-explaining • Documented!  Same for all interfaces: class-interfaces, package interface, APIs, etc. Part 3 - API – Interface quality Good interface design is crafmanship.
• The OpenAPI /Swagger file • Support • Functional documentation • A dashboard to register apps / obtain an API-key (API-manager) • Language stubs (Java, PHP, Python, etc.) on Github • A homepage / productpage • A revenue-model / pricing • A launchparty • Hackathons Part 3 - API - Deliverables An API is a product, treat it as such.
Part 3 - API – Swagger / OpenAPI The OpenAPI or ‘Swagger’ definition Industry-standard to specify a REST-API. For an example, see: https://gist.github.com/patricksavalle/fac25ed914dc2e10f256fdba1af9e622 The Swagger definitions are here: https://swagger.io Use the editor at: https://editor.swagger.io Every API comes with a Swagger!
Part 3 - API - Stateless A REST-server must be client-state agnostic! To be flexible and scalable the server needs to be ignorant of client-state or context. A REST-server does not store session data on behalf of the client. Put another way: all necessary context MUST be in the request.
90% of all REST-methods follow the same implementation logic: Request  1. Authentication 2. Authorisation 3. Input validation 4. Actual logic 5. Output filtering  response Part 3 - API - Implementation REST-servers are conceptually extremely simple, keep their implementation equally simple. (No design patterns, no fancy pancy)
Some of the choices only you can make: • Few methods / large responses vs. many methods / small responses Considerations: web clients generally like large aggregated responses tailored to their page structures. Other clients like smaller responses. Etc. There is also the underlying (logical) data model and the ‘natural granularity’ of the problem-domain. In most cases: map the domain model onto URL’s. • Query parameters vs request headers (for instance the API-tokens) In general non-functional data should be in headers. Headers are more easily inspected / used by tools like webservers.. • Hypermedia communication (follow-up URL’s in responses, HATEOAS) Problematic concept, very client dependent. Most API’s don’t have this, why should yours? Part 3 - API – Design choices Good interface design is crafmanship.
• A REST client, e.g. the Chrome POSTMAN plugin (most IDE’s have one as an add-on) • TELNET (the generic HTTP client) • http://www.restapitutorial.com/resources.html • https://github.com/Microsoft/api-guidelines/blob/master/Guidelines.md • http://jsonapi.org/ • https://swagger.io/ • How to build a high quality REST-API: https://hersengarage.nl/rest-api-design-as-a-craft-not-an-art-a3fd97ed3ef4 Part 3 - API - Resources

More Related Content

PPTX
REST-API's for architects and managers
Patrick Savalle
 
PDF
REST-API overview / concepts
Patrick Savalle
 
PPTX
Design API using RAML - basics
kunal vishe
 
PDF
Api presentation
Tiago Cardoso
 
PDF
RAML
Shanky Gupta
 
PDF
REST API and CRUD
Prem Sanil
 
PPSX
Rest api standards and best practices
Ankita Mahajan
 
PPTX
An Introduction To REST API
Aniruddh Bhilvare
 
REST-API's for architects and managers
Patrick Savalle
 
REST-API overview / concepts
Patrick Savalle
 
Design API using RAML - basics
kunal vishe
 
Api presentation
Tiago Cardoso
 
RAML
Shanky Gupta
 
REST API and CRUD
Prem Sanil
 
Rest api standards and best practices
Ankita Mahajan
 
An Introduction To REST API
Aniruddh Bhilvare
 

What's hot (20)

PPTX
What is an API?
Muhammad Zuhdi
 
PPTX
Beautiful REST and JSON APIs - Les Hazlewood
jaxconf
 
PPT
Introduction to the Web API
Brad Genereaux
 
PPTX
Basic auth implementation using raml in mule
Adithya Kuchan
 
PPTX
API design principles for accelerated development
Jonathan LeBlanc
 
PPTX
Api Testing
Vishwanath KC
 
PPTX
REST API Design & Development
Ashok Pundit
 
ODP
Creating Web Services with Zend Framework - Matthew Turland
Matthew Turland
 
PDF
REST API Doc Best Practices
Marta Rauch
 
PPTX
Postman. From simple API test to end to end scenario
HYS Enterprise
 
PDF
Restful api design
Mizan Riqzia
 
PPTX
API Design- Best Practices
Prakash Bhandari
 
PPT
APITalkMeetupSharable
Obaidur (OB) Rashid
 
PDF
Spring REST Docs: Documenting RESTful APIs using your tests - Devoxx
JWORKS powered by Ordina
 
PDF
API Testing. Streamline your testing process.
Andrey Oleynik
 
PPTX
API Testing Using REST Assured with TestNG
Siddharth Sharma
 
PPTX
Test in Rest. API testing with the help of Rest Assured.
Artem Korchevyi
 
PPTX
CakeFest 2013 - A-Z REST APIs
anthony_putignano
 
PPT
Benefits of the CodeIgniter Framework
Toby Beresford
 
PPTX
Fundamentals of software 2 | Test Case | Test Suite | Test Plan | Test Scenario
Siddharth Sharma
 
What is an API?
Muhammad Zuhdi
 
Beautiful REST and JSON APIs - Les Hazlewood
jaxconf
 
Introduction to the Web API
Brad Genereaux
 
Basic auth implementation using raml in mule
Adithya Kuchan
 
API design principles for accelerated development
Jonathan LeBlanc
 
Api Testing
Vishwanath KC
 
REST API Design & Development
Ashok Pundit
 
Creating Web Services with Zend Framework - Matthew Turland
Matthew Turland
 
REST API Doc Best Practices
Marta Rauch
 
Postman. From simple API test to end to end scenario
HYS Enterprise
 
Restful api design
Mizan Riqzia
 
API Design- Best Practices
Prakash Bhandari
 
APITalkMeetupSharable
Obaidur (OB) Rashid
 
Spring REST Docs: Documenting RESTful APIs using your tests - Devoxx
JWORKS powered by Ordina
 
API Testing. Streamline your testing process.
Andrey Oleynik
 
API Testing Using REST Assured with TestNG
Siddharth Sharma
 
Test in Rest. API testing with the help of Rest Assured.
Artem Korchevyi
 
CakeFest 2013 - A-Z REST APIs
anthony_putignano
 
Benefits of the CodeIgniter Framework
Toby Beresford
 
Fundamentals of software 2 | Test Case | Test Suite | Test Plan | Test Scenario
Siddharth Sharma
 
Ad

Similar to Super simple introduction to REST-APIs (2nd version) (20)

PPTX
REST-API introduction for developers
Patrick Savalle
 
PPTX
REST API Best Practices & Implementing in Codeigniter
Sachin G Kulkarni
 
PPTX
ASP.NET Mvc 4 web api
Tiago Knoch
 
PPTX
automated-automation-of-rest-apis.pptx
Aditya274010
 
PPTX
RESTful web APIs (build, document, manage)
Cisco DevNet
 
PDF
REST APIs
Arthur De Magalhaes
 
PDF
Rest with Spring
Eugen Paraschiv
 
PDF
REST - Why, When and How? at AMIS25
Jon Petter Hjulstad
 
PDF
Creating a RESTful api without losing too much sleep
Mike Anderson
 
PDF
Business Applications Integration In The Cloud
Anna Brzezińska
 
PPTX
API Docs with OpenAPI 3.0
Fabrizio Ferri-Benedetti
 
PPTX
Day02 a pi.
ABDEL RAHMAN KARIM
 
PDF
MuleSoft Surat Virtual Meetup#21 - MuleSoft API and RAML Design Best Practice...
Jitendra Bafna
 
PDF
Crafting APIs
Tatiana Al-Chueyr
 
PPTX
JDK8 Streams
Bansilal Haudakari
 
PDF
Practices and tools for building better APIs
NLJUG
 
PDF
Practices and tools for building better API (JFall 2013)
Peter Hendriks
 
PDF
Hia 1691-using iib-to_support_api_economy
Andrew Coleman
 
PPTX
Documenting REST APIs
Tom Johnson
 
PDF
REST API Basics
Tharindu Weerasinghe
 
REST-API introduction for developers
Patrick Savalle
 
REST API Best Practices & Implementing in Codeigniter
Sachin G Kulkarni
 
ASP.NET Mvc 4 web api
Tiago Knoch
 
automated-automation-of-rest-apis.pptx
Aditya274010
 
RESTful web APIs (build, document, manage)
Cisco DevNet
 
REST APIs
Arthur De Magalhaes
 
Rest with Spring
Eugen Paraschiv
 
REST - Why, When and How? at AMIS25
Jon Petter Hjulstad
 
Creating a RESTful api without losing too much sleep
Mike Anderson
 
Business Applications Integration In The Cloud
Anna Brzezińska
 
API Docs with OpenAPI 3.0
Fabrizio Ferri-Benedetti
 
Day02 a pi.
ABDEL RAHMAN KARIM
 
MuleSoft Surat Virtual Meetup#21 - MuleSoft API and RAML Design Best Practice...
Jitendra Bafna
 
Crafting APIs
Tatiana Al-Chueyr
 
JDK8 Streams
Bansilal Haudakari
 
Practices and tools for building better APIs
NLJUG
 
Practices and tools for building better API (JFall 2013)
Peter Hendriks
 
Hia 1691-using iib-to_support_api_economy
Andrew Coleman
 
Documenting REST APIs
Tom Johnson
 
REST API Basics
Tharindu Weerasinghe
 
Ad

More from Patrick Savalle (14)

PDF
REST-API design patterns
Patrick Savalle
 
PPTX
State of technology and innovation (2017 edition)
Patrick Savalle
 
PPTX
A bitcoin and blockchain primer
Patrick Savalle
 
PPTX
A quick review of (near future) disruptions and innovations.
Patrick Savalle
 
PPTX
Bitcoin presentation deltalloyd
Patrick Savalle
 
PDF
The future of work, a whitepaper
Patrick Savalle
 
PDF
TeamPark book (english) part 1, vision and inspiration
Patrick Savalle
 
PDF
TeamPark book (english) part 2, platform and method
Patrick Savalle
 
PDF
TeamPark: platform en methode
Patrick Savalle
 
PDF
TeamPark: inspiratie en visie
Patrick Savalle
 
PPTX
Social Platform Design
Patrick Savalle
 
PPTX
Build the socially integrated organization with the TeamPark-method
Patrick Savalle
 
PPTX
TeamPark: Alternatieve presentatie (NL)
Patrick Savalle
 
PPTX
Building Intelligent Organizations with Sogeti TeamPark
Patrick Savalle
 
REST-API design patterns
Patrick Savalle
 
State of technology and innovation (2017 edition)
Patrick Savalle
 
A bitcoin and blockchain primer
Patrick Savalle
 
A quick review of (near future) disruptions and innovations.
Patrick Savalle
 
Bitcoin presentation deltalloyd
Patrick Savalle
 
The future of work, a whitepaper
Patrick Savalle
 
TeamPark book (english) part 1, vision and inspiration
Patrick Savalle
 
TeamPark book (english) part 2, platform and method
Patrick Savalle
 
TeamPark: platform en methode
Patrick Savalle
 
TeamPark: inspiratie en visie
Patrick Savalle
 
Social Platform Design
Patrick Savalle
 
Build the socially integrated organization with the TeamPark-method
Patrick Savalle
 
TeamPark: Alternatieve presentatie (NL)
Patrick Savalle
 
Building Intelligent Organizations with Sogeti TeamPark
Patrick Savalle
 

Recently uploaded (20)

PPTX
3RD-Q 2022_EMPLOYEE RELATION - Copy.pptx
GCCHR
 
PPTX
ART-APP-REPORT-FINctrwxsg f fuy L-na.pptx
ajp27480
 
PPTX
Hydrogel Based delivery Cancer Treatment
sgsayan31
 
PPTX
PHIL.-ASTRONOMY-AND-NAVIGATION of ..pptx
ajp27480
 
PPTX
Module_4_Updated_Presentation CORRUPTION AND GRAFT IN THE PHILIPPINES.pptx
MagnificoDionicio
 
PPTX
BIOLOGY TISSUE PPT CLASS 9 PROJECT PUBLIC
iamsrinjandatta
 
PPTX
PurpoaiveCommunication for students 02.pptx
RaizaMarquez
 
PPTX
NORMAN_RESEARCH_PRESENTATION.in education
JustineMaluma
 
PPTX
Effective_Handling_Information_Presentation.pptx
HarisKaimKhani
 
PPTX
Tablets And Capsule Preformulation Of Paracetamol
sgsayan31
 
PPTX
FINAL TEST 3C_OCTAVIA RAMADHANI SANTOSO-1.pptx
itsvialalalla
 
PPTX
ANICK 6 BIRTHDAY....................................................
Raju RJ
 
PPTX
Introduction-to-Food-Packaging-and-packaging -materials.pptx
pragyanlahkar16
 
DOC
LSTM毕业证学历认证,利物浦大学毕业证学历认证怎么认证
acoqwo
 
DOCX
"Project Management: Ultimate Guide to Tools, Techniques, and Strategies (2025)"
Myplanningtemplates
 
PPTX
Sustainable Forest Management ..SFM.pptx
HameedNazeer
 
PPT
First Aid Training Presentation Slides.ppt
WilliamMigoya
 
PPTX
Tour Presentation Educational Activity.pptx
PaulineAngeliqueBere
 
PDF
Yusen Logistics Group Sustainability Report 2024.pdf
byrongeorge73
 
PDF
Nykaa-Strategy-Case-Fixing-Retention-UX-and-D2C-Engagement (1).pdf
VaibhavBansal926958
 
3RD-Q 2022_EMPLOYEE RELATION - Copy.pptx
GCCHR
 
ART-APP-REPORT-FINctrwxsg f fuy L-na.pptx
ajp27480
 
Hydrogel Based delivery Cancer Treatment
sgsayan31
 
PHIL.-ASTRONOMY-AND-NAVIGATION of ..pptx
ajp27480
 
Module_4_Updated_Presentation CORRUPTION AND GRAFT IN THE PHILIPPINES.pptx
MagnificoDionicio
 
BIOLOGY TISSUE PPT CLASS 9 PROJECT PUBLIC
iamsrinjandatta
 
PurpoaiveCommunication for students 02.pptx
RaizaMarquez
 
NORMAN_RESEARCH_PRESENTATION.in education
JustineMaluma
 
Effective_Handling_Information_Presentation.pptx
HarisKaimKhani
 
Tablets And Capsule Preformulation Of Paracetamol
sgsayan31
 
FINAL TEST 3C_OCTAVIA RAMADHANI SANTOSO-1.pptx
itsvialalalla
 
ANICK 6 BIRTHDAY....................................................
Raju RJ
 
Introduction-to-Food-Packaging-and-packaging -materials.pptx
pragyanlahkar16
 
LSTM毕业证学历认证,利物浦大学毕业证学历认证怎么认证
acoqwo
 
"Project Management: Ultimate Guide to Tools, Techniques, and Strategies (2025)"
Myplanningtemplates
 
Sustainable Forest Management ..SFM.pptx
HameedNazeer
 
First Aid Training Presentation Slides.ppt
WilliamMigoya
 
Tour Presentation Educational Activity.pptx
PaulineAngeliqueBere
 
Yusen Logistics Group Sustainability Report 2024.pdf
byrongeorge73
 
Nykaa-Strategy-Case-Fixing-Retention-UX-and-D2C-Engagement (1).pdf
VaibhavBansal926958
 

Super simple introduction to REST-APIs (2nd version)

  • 1. Super simple introduction to REST-API’s For programmers By Patrick Savalle (http://patricksavalle.com), software architect
  • 2. Summary • REST is an HTTP design pattern • REST-APIs map server resources onto URLs • Clients can manipulate resources using HTTP-verbs
  • 5. Part 1 - HTTP - URL Every resource has an unique URL that consists of several parts.
  • 6. Part 1 – HTTP - PROTOCOL HTTP is a plain text conversation between a client and a server. The conversation is based on actions performed on resources which are addressed by URL’s.
  • 7. Part 1 - HTTP - Request Requests and responses can contain header-fields and a body. Everything is plain text. Headers usually contain metadata or indicate conversation preferences whereas the body contains content.
  • 8. Part 1 - HTTP – Status codes Every response contains a status code.
  • 10. There is REST, SOAP, GraphQl and other API-protocols possible on HTTP, why REST? • Every tool that can handle HTTP, can handle REST natively. For instance gateways, web- servers and browsers can effectively cache, route, verify, manipulate REST requests and responses. In short: the whole web supports REST • It is simple and elegant • Even simple (embedded) servers can implement it • Less diversity in technology, you already use HTTP in your stack Part 2 - REST - Why? REST is HTTP ‘done right’. Created by the same designer.
  • 11. Part 2 - REST – The API VERB + URL = ENDPOINT. All endpoints together form the API.
  • 12. Part 1 - HTTP - Verbs The actions that can be performed on a resource are called ‘methods’ or ‘verbs’. Below the commonly used verbs (there are many more). POST – create and other non-idempotent operations PUT – replace PATCH – (partial) update DELETE – delete GET – read TRACE – echo HEAD – headers only OPTIONS – CORS preflight Idempotent = no additional effects when called more than once with the same input. In math: f(f(x)) = f(x), e.g. abs(abs(-1)) = abs(-1) = 1
  • 13. ACTION RESOURCE <verb> https://<host>/<api_version>[/<resource_type>/<instance_id>] GET https://animal.api/1/lions (returns collection) GET https://animal.api/1/lions/4 (returns single lion) POST https://animal.api/1/lions (create new element) PUT https://animal.api/1/lions/4 (updates element) PATCH https://animal.api/1/lions/4 (partial update) DELETE https://animal.api/1/lions (deletes collection) DELETE https://animal.api/1/lions/[email protected] (deletes element) GET https://animal.api/1/zoo/33/cage/9/animal/1 GET https://animal.api/1/lions?start=100&count=50 GET https://animal.api/1/lions?id=100&id=103&id=107 (parameter-array) Part 2 - REST – Endpoint structure An endpoint has a very strict URL structure. This is key to ‘REST’. Map your domain resources onto URLs and allow them to be manipulated. Note: like in datamodelling all resources are always PLURAL
  • 14. Part 2 - REST – Done wrong REST is not SOAP. An URL is NOT a RPC-address or method, it is an universal RESOURCE locator Bad REST API (bad URL’s in general): POST https://domain.com/updateProfile POST https://domain.com/deleteProfile POST https://domain.com/createProfile Good REST API: POST https://domain.com/v1/profiles GET https://domain.com/v1/profiles PUT https://domain.com/v1/profiles/[email protected] DELETE https://domain.com/v1/profiles/[email protected] GET https://domain.com/v1/profiles/[email protected] (Note: this ‘standard’ set is called ‘The Collection Metaphore’)
  • 15. AUTHENTICATION • HTTP BASIC AUTH Client sends user/password in Authenication header with each API-call. Simple, safe, good choice for API-2-API • BEARER TOKEN Get a temporary access token from API, put in Authentication header, simple, safe, good choice for WEB-2-API • OAUTH2 flow Industry standard. Flexible. Safe. Mostly used when authentication is done by an external application (IDP). Often in combination with Bearer Token. Part 2 - REST - Authentication
  • 17. Possible run-time clients of your API: • Other API’s • Web applications and web front ends (like Angular, React, JQuery web apps) • Mobile app’s, desktop applications etc. • Machines, bots, things But not: • Humans  Design an API ‘outside-in’, as a product for a generic client. Not just as the library for your specific front-end. Use scenario’s or use-cases. Part 3 - API – Outside-in Don’t build your API for a specific type of client.
  • 18. • Base your REST-API on a (the) domain model (you MUST have a domain model for your application, reverse engineer this if it is not present) • Every parent or whole in the model is on a root URL • Every child or part in the model is in an URL relative to its parent or whole • Use the Collection Metaphore, each resource has a standard set of endpoints The relevant desing patterns are described here: https://hersengarage.nl/rest-api-design- as-a-craft-not-an-art-a3fd97ed3ef4 Part 3 - API – Best practice
  • 19. • Consistent (avoid surprises) • Cohesive (only lists purposeful endpoints) • Complete (has all necessary endpoints for its purpose) • Minimal (only one way to do things) • Encapsulating (hiding implementation details) • Self-explaining • Documented!  Same for all interfaces: class-interfaces, package interface, APIs, etc. Part 3 - API – Interface quality Good interface design is crafmanship.
  • 20. • The OpenAPI /Swagger file • Support • Functional documentation • A dashboard to register apps / obtain an API-key (API-manager) • Language stubs (Java, PHP, Python, etc.) on Github • A homepage / productpage • A revenue-model / pricing • A launchparty • Hackathons Part 3 - API - Deliverables An API is a product, treat it as such.
  • 21. Part 3 - API – Swagger / OpenAPI The OpenAPI or ‘Swagger’ definition Industry-standard to specify a REST-API. For an example, see: https://gist.github.com/patricksavalle/fac25ed914dc2e10f256fdba1af9e622 The Swagger definitions are here: https://swagger.io Use the editor at: https://editor.swagger.io Every API comes with a Swagger!
  • 22. Part 3 - API - Stateless A REST-server must be client-state agnostic! To be flexible and scalable the server needs to be ignorant of client-state or context. A REST-server does not store session data on behalf of the client. Put another way: all necessary context MUST be in the request.
  • 23. 90% of all REST-methods follow the same implementation logic: Request  1. Authentication 2. Authorisation 3. Input validation 4. Actual logic 5. Output filtering  response Part 3 - API - Implementation REST-servers are conceptually extremely simple, keep their implementation equally simple. (No design patterns, no fancy pancy)
  • 24. Some of the choices only you can make: • Few methods / large responses vs. many methods / small responses Considerations: web clients generally like large aggregated responses tailored to their page structures. Other clients like smaller responses. Etc. There is also the underlying (logical) data model and the ‘natural granularity’ of the problem-domain. In most cases: map the domain model onto URL’s. • Query parameters vs request headers (for instance the API-tokens) In general non-functional data should be in headers. Headers are more easily inspected / used by tools like webservers.. • Hypermedia communication (follow-up URL’s in responses, HATEOAS) Problematic concept, very client dependent. Most API’s don’t have this, why should yours? Part 3 - API – Design choices Good interface design is crafmanship.
  • 25. • A REST client, e.g. the Chrome POSTMAN plugin (most IDE’s have one as an add-on) • TELNET (the generic HTTP client) • http://www.restapitutorial.com/resources.html • https://github.com/Microsoft/api-guidelines/blob/master/Guidelines.md • http://jsonapi.org/ • https://swagger.io/ • How to build a high quality REST-API: https://hersengarage.nl/rest-api-design-as-a-craft-not-an-art-a3fd97ed3ef4 Part 3 - API - Resources

Editor's Notes

  • #7: In the basis HTTP is a text oriented protocol. You can use TELNET to construct and send requests.
  • #13: Verbs indicate the action on the URL in the request. All verbs: https://www.iana.org/assignments/http-methods/http-methods.xhtml