RESTful API Automation with JavaScript
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

RESTful API Automation with JavaScript

on

  • 2,821 views

Pragmatic RESTful API principles, along with a solid consumption architecture, can allow for a great amount of automation in your program development. At the same time, securing the application can ...

Pragmatic RESTful API principles, along with a solid consumption architecture, can allow for a great amount of automation in your program development. At the same time, securing the application can be extremely tricky from JavaScript.

In this session we will explore several principles behind RESTful API design and consumption using JavaScript, many of the standards that were integrated in the redevelopment of the PayPal API architecture in the new RESTful APIs.

We will cover many of these architecture standards, including:

* Building in action automation using HATEOAS
* OAuth 2 in the JavaScript model
* The challenges behind secure resource consumption through JavaScript

Statistics

Views

Total Views
2,821
Views on SlideShare
2,766
Embed Views
55

Actions

Likes
3
Downloads
49
Comments
0

3 Embeds 55

https://twitter.com 30
http://lanyrd.com 21
http://eventifier.co 4

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

RESTful API Automation with JavaScript Presentation Transcript

  • 1. With JavaScriptRESTful API AutomationJonathan LeBlancHead of Developer Evangelism (North America)Github: http://github.com/jcleblancSlides: http://slideshare.net/jcleblancTwitter: @jcleblanc
  • 2. What We’re CoveringREST ConceptsAutomation through hypermediaconstraintsOAuth 2 in JavaScript
  • 3. What We Want
  • 4. JavaScript Challenges
  • 5. Cross Origin Resource SharingAccess to other domains / subdomains isrestricted (same origin policy)JSONP to request resources across domainsCross-origin resource sharing (CORS)You Send: Origin: http://site.comThey Send: Access-Control-Allow-Origin: http://site.com
  • 6. Keeping Things HiddenToken based auth mechanismOAuth: Client SecretBasic Auth: PasswordAPI request action to reaction mappingA schematic for how data forces site changes
  • 7. Action Automation
  • 8. RESTful API Core ConceptsHonor HTTP request verbsUse proper HTTP status codesNo version numbering in URIsReturn format via HTTP Accept headerDouble Rainbow: Discovery via HATEOAS
  • 9. Uniform Interface Sub-ConstraintsResource IdentificationResources must be manipulated viarepresentationsSelf descriptive messagesHypermedia as the engine ofapplication state
  • 10. How we Normally Consume APIs
  • 11. Using HATEOAS to Automate
  • 12. "links": [{"href":"https://api.sandbox.paypal.com/v1/payments/authorization/6H149011U8307001M","rel":"self","method":"GET"},{"href":"https://api.sandbox.paypal.com/v1/payments/authorization/6H149011U8307001M/capture","rel":"capture","method":"POST"},{"href":"https://api.sandbox.paypal.com/v1/payments/authorization/6H149011U8307001M/void","rel":"void","method":"POST"}]
  • 13. OAuth 2 & JavaScript?
  • 14. A Little Use BackgroundUser loginApplication onlyUser Involvement
  • 15. User Agent Flow: RedirectPrepare the Redirect URIAuthorization Endpointclient_id response_type (token)scope redirect_uriBrowser RedirectRedirect URI
  • 16. User Agent Flow: RedirectBuilding the redirect linkvar auth_uri = auth_endpoint +"?response_type=token" +"&client_id=" + client_id +"&scope=profile" +"&redirect_uri=" + window.location;$("#auth_btn").attr("href", auth_uri);
  • 17. User Agent Flow: Hash ModFetch the Hash Modaccess_tokenrefresh_tokenexpires_inExtract Access Token
  • 18. User Agent Flow: Hash Modhttp://site.com/callback#access_token=rBEGu1FQr54AzqE3Q&refresh_token=rEBt51FZr54HayqE3V4a&expires_in=3600var hash = document.location.hash;var match = hash.match(/access_token=(w+)/);Extracting the access token from the hash
  • 19. User Agent Flow: Get ResourcesSet Request Headers + URIResource EndpointHeader: token type + access tokenHeader: accept data typeHTTPS Request
  • 20. User Agent Flow: Get Resources$.ajax({url: resource_uri,beforeSend: function (xhr) {xhr.setRequestHeader(Authorization, OAuth + token);xhr.setRequestHeader(Accept, application/json);},success: function (response) {//use response object}});Making an authorized request
  • 21. Good JavaScript API InteractionUsing Proper REST standardsAutomation through hypermediaconstraintsUsing OAuth 2 appropriately
  • 22. http://bit.ly/rest_automation_jsThank You! Questions?Jonathan LeBlancHead of Developer Evangelism (North America)Github: http://github.com/jcleblancSlides: http://slideshare.net/jcleblancTwitter: @jcleblanc