RESTful API Automation with JavaScript

3,373 views
3,176 views

Published on

Pragmatic RESTful API principles, along with a solid consumption architecture, can allow for a great amount of automation in your program development. At the same time, securing the application can be extremely tricky from JavaScript.

In this session we will explore several principles behind RESTful API design and consumption using JavaScript, many of the standards that were integrated in the redevelopment of the PayPal API architecture in the new RESTful APIs.

We will cover many of these architecture standards, including:

* Building in action automation using HATEOAS
* OAuth 2 in the JavaScript model
* The challenges behind secure resource consumption through JavaScript

Published in: Technology
0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,373
On SlideShare
0
From Embeds
0
Number of Embeds
337
Actions
Shares
0
Downloads
75
Comments
0
Likes
5
Embeds 0
No embeds

No notes for slide

RESTful API Automation with JavaScript

  1. 1. With JavaScriptRESTful API AutomationJonathan LeBlancHead of Developer Evangelism (North America)Github: http://github.com/jcleblancSlides: http://slideshare.net/jcleblancTwitter: @jcleblanc
  2. 2. What We’re CoveringREST ConceptsAutomation through hypermediaconstraintsOAuth 2 in JavaScript
  3. 3. What We Want
  4. 4. JavaScript Challenges
  5. 5. Cross Origin Resource SharingAccess to other domains / subdomains isrestricted (same origin policy)JSONP to request resources across domainsCross-origin resource sharing (CORS)You Send: Origin: http://site.comThey Send: Access-Control-Allow-Origin: http://site.com
  6. 6. Keeping Things HiddenToken based auth mechanismOAuth: Client SecretBasic Auth: PasswordAPI request action to reaction mappingA schematic for how data forces site changes
  7. 7. Action Automation
  8. 8. RESTful API Core ConceptsHonor HTTP request verbsUse proper HTTP status codesNo version numbering in URIsReturn format via HTTP Accept headerDouble Rainbow: Discovery via HATEOAS
  9. 9. Uniform Interface Sub-ConstraintsResource IdentificationResources must be manipulated viarepresentationsSelf descriptive messagesHypermedia as the engine ofapplication state
  10. 10. How we Normally Consume APIs
  11. 11. Using HATEOAS to Automate
  12. 12. "links": [{"href":"https://api.sandbox.paypal.com/v1/payments/authorization/6H149011U8307001M","rel":"self","method":"GET"},{"href":"https://api.sandbox.paypal.com/v1/payments/authorization/6H149011U8307001M/capture","rel":"capture","method":"POST"},{"href":"https://api.sandbox.paypal.com/v1/payments/authorization/6H149011U8307001M/void","rel":"void","method":"POST"}]
  13. 13. OAuth 2 & JavaScript?
  14. 14. A Little Use BackgroundUser loginApplication onlyUser Involvement
  15. 15. User Agent Flow: RedirectPrepare the Redirect URIAuthorization Endpointclient_id response_type (token)scope redirect_uriBrowser RedirectRedirect URI
  16. 16. User Agent Flow: RedirectBuilding the redirect linkvar auth_uri = auth_endpoint +"?response_type=token" +"&client_id=" + client_id +"&scope=profile" +"&redirect_uri=" + window.location;$("#auth_btn").attr("href", auth_uri);
  17. 17. User Agent Flow: Hash ModFetch the Hash Modaccess_tokenrefresh_tokenexpires_inExtract Access Token
  18. 18. User Agent Flow: Hash Modhttp://site.com/callback#access_token=rBEGu1FQr54AzqE3Q&refresh_token=rEBt51FZr54HayqE3V4a&expires_in=3600var hash = document.location.hash;var match = hash.match(/access_token=(w+)/);Extracting the access token from the hash
  19. 19. User Agent Flow: Get ResourcesSet Request Headers + URIResource EndpointHeader: token type + access tokenHeader: accept data typeHTTPS Request
  20. 20. User Agent Flow: Get Resources$.ajax({url: resource_uri,beforeSend: function (xhr) {xhr.setRequestHeader(Authorization, OAuth + token);xhr.setRequestHeader(Accept, application/json);},success: function (response) {//use response object}});Making an authorized request
  21. 21. Good JavaScript API InteractionUsing Proper REST standardsAutomation through hypermediaconstraintsUsing OAuth 2 appropriately
  22. 22. http://bit.ly/rest_automation_jsThank You! Questions?Jonathan LeBlancHead of Developer Evangelism (North America)Github: http://github.com/jcleblancSlides: http://slideshare.net/jcleblancTwitter: @jcleblanc

×