birds eye view on api development - v1.0
TRANSCRIPT
![Page 1: Birds Eye View on API Development - v1.0](https://reader035.vdocuments.us/reader035/viewer/2022062412/587623001a28ab8b7b8b5151/html5/thumbnails/1.jpg)
Birds Eye View on API Development7 December 2015
Presenter: Sebastian Krueger – Co-Founder and Technical Director at API Talent
![Page 2: Birds Eye View on API Development - v1.0](https://reader035.vdocuments.us/reader035/viewer/2022062412/587623001a28ab8b7b8b5151/html5/thumbnails/2.jpg)
Agenda• Part I: API Overviews• Definition• REST• HTTP• Data structure• Versioning• Authentication
• Part II: Building APIs on AWS• Demo: Server-based APIs on AWS• Demo: Server-less APIs on AWS
![Page 3: Birds Eye View on API Development - v1.0](https://reader035.vdocuments.us/reader035/viewer/2022062412/587623001a28ab8b7b8b5151/html5/thumbnails/3.jpg)
Part I – API Overview - Definition
A collection of endpoints to interact with an application.
Internal and External APIs. This talk is all about External APIs.
Different architectures:• XML-RPC• REST• SOAP
![Page 4: Birds Eye View on API Development - v1.0](https://reader035.vdocuments.us/reader035/viewer/2022062412/587623001a28ab8b7b8b5151/html5/thumbnails/4.jpg)
Part I – API Overview - RESTRepresentational State TransferArchitectural properties• Performance• Scalability• Simplicity• Modifiability• Visibility• Portability• Reliability
Architectural constraints• Client-server• Stateless• Cacheable• Layered system• Code on demand (optional)• Uniform interface
https://en.wikipedia.org/wiki/Representational_state_transfer
![Page 5: Birds Eye View on API Development - v1.0](https://reader035.vdocuments.us/reader035/viewer/2022062412/587623001a28ab8b7b8b5151/html5/thumbnails/5.jpg)
Part I – API Overview - RESTUniform interface• Identification of resources• Manipulation of resources
through representations• Self-descriptive messages
• HATEOAS(Hypermedia As The Engine Of Application State)
Resource as URIs – http://api.co/cars/123JSON / XML / CSV
HTTP GET, POST, PUT, DELETEmediatypes, cacheability, etc
Hypermedia APIsHAL, JSON-LD, Siren, etc
![Page 6: Birds Eye View on API Development - v1.0](https://reader035.vdocuments.us/reader035/viewer/2022062412/587623001a28ab8b7b8b5151/html5/thumbnails/6.jpg)
Part I – API Overview - HTTPHTTP methods - URIs for collection/item
http://api.co/v2/cars/ http://api.co/v2/cars/123
GET List all the cars Retrieve an individual car
POST Create a new car ERROR
PUT Replace the entire collection with a whole new list of cars
Replace of create an individual car
DELETE Delete all the cars Delete an individual car
![Page 7: Birds Eye View on API Development - v1.0](https://reader035.vdocuments.us/reader035/viewer/2022062412/587623001a28ab8b7b8b5151/html5/thumbnails/7.jpg)
Part I – API Overview - HTTPHTTP Status CodesPopular codes:• 200 OK• 301 Page Moved Permanently• 404 Page Not Found• 418 ? (RFC 2324)https://en.wikipedia.org/wiki/List_of_HTTP_status_codeshttp://restlet.com/http-status-codes-maphttps://http.cat/
![Page 8: Birds Eye View on API Development - v1.0](https://reader035.vdocuments.us/reader035/viewer/2022062412/587623001a28ab8b7b8b5151/html5/thumbnails/8.jpg)
Part I – API Overview – Data structureJSON – described in RFC 4627
String:“this is a string”
List:[1,2,3]
Object:{“key”: “value”}
![Page 9: Birds Eye View on API Development - v1.0](https://reader035.vdocuments.us/reader035/viewer/2022062412/587623001a28ab8b7b8b5151/html5/thumbnails/9.jpg)
Part I – API Overview – Data structureHow to Read an HTTP Response
![Page 10: Birds Eye View on API Development - v1.0](https://reader035.vdocuments.us/reader035/viewer/2022062412/587623001a28ab8b7b8b5151/html5/thumbnails/10.jpg)
Part I – API Overview – Data structureHow to Read an HTTP ResponseJSON RFC
Collection+JSON
Standard for publishing a searchable list of resources over the Web.Collection+JSON is a way of serving lists—not lists of data structures, which you can do with normal JSON, but lists that describe HTTP resources.
![Page 11: Birds Eye View on API Development - v1.0](https://reader035.vdocuments.us/reader035/viewer/2022062412/587623001a28ab8b7b8b5151/html5/thumbnails/11.jpg)
Part I – API Overview – Data structureHow to Read an HTTP Response
![Page 12: Birds Eye View on API Development - v1.0](https://reader035.vdocuments.us/reader035/viewer/2022062412/587623001a28ab8b7b8b5151/html5/thumbnails/12.jpg)
Part I – API Overview – Data structure
http://jsonapi.org/
![Page 13: Birds Eye View on API Development - v1.0](https://reader035.vdocuments.us/reader035/viewer/2022062412/587623001a28ab8b7b8b5151/html5/thumbnails/13.jpg)
Part I – API Overview – Data structure
![Page 14: Birds Eye View on API Development - v1.0](https://reader035.vdocuments.us/reader035/viewer/2022062412/587623001a28ab8b7b8b5151/html5/thumbnails/14.jpg)
Part I – API Overview - Versioning• Most frequent, in the URL:
https://api.co/v2/cars/123
• Custom header:X-API-Version: 2
• Less frequent, with an accept headerGET / carsAccept: application/vnd.cars.v2+json
Clients don’t have to change endpoint, but update headers
![Page 15: Birds Eye View on API Development - v1.0](https://reader035.vdocuments.us/reader035/viewer/2022062412/587623001a28ab8b7b8b5151/html5/thumbnails/15.jpg)
Part I – API Overview - Authentication• HTTP Basic• Easy to implement. Least secure.• Always use SSL/HTTPS with base64 encoded username/password.
• JSON Web Tokens• Send credentials to login endpoint• Endpoint returns JWT token• Send token with every request
• OAuth2• Most popular• Similar to JWT• http://oauthbible.com/
![Page 16: Birds Eye View on API Development - v1.0](https://reader035.vdocuments.us/reader035/viewer/2022062412/587623001a28ab8b7b8b5151/html5/thumbnails/16.jpg)
Part I – API Overview – Description Language
![Page 17: Birds Eye View on API Development - v1.0](https://reader035.vdocuments.us/reader035/viewer/2022062412/587623001a28ab8b7b8b5151/html5/thumbnails/17.jpg)
Part II - Building APIs on AWS
What about the Runtime?
![Page 18: Birds Eye View on API Development - v1.0](https://reader035.vdocuments.us/reader035/viewer/2022062412/587623001a28ab8b7b8b5151/html5/thumbnails/18.jpg)
Part II - Building APIs on AWSThere are a many options:• Roll your own (raw EC2) (could use AWS CodeDeploy)• Docker / AWS Elastic Container Service• AWS OpsWorks• AWS Elastic Beanstalk• AWS API Gateway / AWS Lambda
Use 3rd Party PaaS (on top of AWS):• Heroku, Cloud 66, etc, etc, etc
![Page 19: Birds Eye View on API Development - v1.0](https://reader035.vdocuments.us/reader035/viewer/2022062412/587623001a28ab8b7b8b5151/html5/thumbnails/19.jpg)
Elastic Beanstalk in a Nutshell• EC2 Server• + Linux• + OpenJDK• + Tomcat• Scaling Elastic Load Balancer /
Auto Scaling• Deploy artefacts on S3• Can add database (RDS)
![Page 20: Birds Eye View on API Development - v1.0](https://reader035.vdocuments.us/reader035/viewer/2022062412/587623001a28ab8b7b8b5151/html5/thumbnails/20.jpg)
Let’s build a Java-based Web APIDEMO TIME
GET http://somewhere/hello/seb
Returns:“Hello seb”
![Page 21: Birds Eye View on API Development - v1.0](https://reader035.vdocuments.us/reader035/viewer/2022062412/587623001a28ab8b7b8b5151/html5/thumbnails/21.jpg)
Thanks For Your TimeSebastian Krueger – Director of Cloud Engineering
– API Talent Limitedemail: [email protected]: +64 21 131 84 97