RESTful API Automation with JavaScript
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

RESTful API Automation with JavaScript

  • 2,919 views
Uploaded on

Pragmatic RESTful API principles, along with a solid consumption architecture, can allow for a great amount of automation in your program development. At the same time, securing the application......

Pragmatic RESTful API principles, along with a solid consumption architecture, can allow for a great amount of automation in your program development. At the same time, securing the application can be extremely tricky from JavaScript.

In this session we will explore several principles behind RESTful API design and consumption using JavaScript, many of the standards that were integrated in the redevelopment of the PayPal API architecture in the new RESTful APIs.

We will cover many of these architecture standards, including:

* Building in action automation using HATEOAS
* OAuth 2 in the JavaScript model
* The challenges behind secure resource consumption through JavaScript

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,919
On Slideshare
2,863
From Embeds
56
Number of Embeds
3

Actions

Shares
Downloads
51
Comments
0
Likes
5

Embeds 56

https://twitter.com 31
http://lanyrd.com 21
http://eventifier.co 4

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. With JavaScriptRESTful API AutomationJonathan LeBlancHead of Developer Evangelism (North America)Github: http://github.com/jcleblancSlides: http://slideshare.net/jcleblancTwitter: @jcleblanc
  • 2. What We’re CoveringREST ConceptsAutomation through hypermediaconstraintsOAuth 2 in JavaScript
  • 3. What We Want
  • 4. JavaScript Challenges
  • 5. Cross Origin Resource SharingAccess to other domains / subdomains isrestricted (same origin policy)JSONP to request resources across domainsCross-origin resource sharing (CORS)You Send: Origin: http://site.comThey Send: Access-Control-Allow-Origin: http://site.com
  • 6. Keeping Things HiddenToken based auth mechanismOAuth: Client SecretBasic Auth: PasswordAPI request action to reaction mappingA schematic for how data forces site changes
  • 7. Action Automation
  • 8. RESTful API Core ConceptsHonor HTTP request verbsUse proper HTTP status codesNo version numbering in URIsReturn format via HTTP Accept headerDouble Rainbow: Discovery via HATEOAS
  • 9. Uniform Interface Sub-ConstraintsResource IdentificationResources must be manipulated viarepresentationsSelf descriptive messagesHypermedia as the engine ofapplication state
  • 10. How we Normally Consume APIs
  • 11. Using HATEOAS to Automate
  • 12. "links": [{"href":"https://api.sandbox.paypal.com/v1/payments/authorization/6H149011U8307001M","rel":"self","method":"GET"},{"href":"https://api.sandbox.paypal.com/v1/payments/authorization/6H149011U8307001M/capture","rel":"capture","method":"POST"},{"href":"https://api.sandbox.paypal.com/v1/payments/authorization/6H149011U8307001M/void","rel":"void","method":"POST"}]
  • 13. OAuth 2 & JavaScript?
  • 14. A Little Use BackgroundUser loginApplication onlyUser Involvement
  • 15. User Agent Flow: RedirectPrepare the Redirect URIAuthorization Endpointclient_id response_type (token)scope redirect_uriBrowser RedirectRedirect URI
  • 16. User Agent Flow: RedirectBuilding the redirect linkvar auth_uri = auth_endpoint +"?response_type=token" +"&client_id=" + client_id +"&scope=profile" +"&redirect_uri=" + window.location;$("#auth_btn").attr("href", auth_uri);
  • 17. User Agent Flow: Hash ModFetch the Hash Modaccess_tokenrefresh_tokenexpires_inExtract Access Token
  • 18. User Agent Flow: Hash Modhttp://site.com/callback#access_token=rBEGu1FQr54AzqE3Q&refresh_token=rEBt51FZr54HayqE3V4a&expires_in=3600var hash = document.location.hash;var match = hash.match(/access_token=(w+)/);Extracting the access token from the hash
  • 19. User Agent Flow: Get ResourcesSet Request Headers + URIResource EndpointHeader: token type + access tokenHeader: accept data typeHTTPS Request
  • 20. User Agent Flow: Get Resources$.ajax({url: resource_uri,beforeSend: function (xhr) {xhr.setRequestHeader(Authorization, OAuth + token);xhr.setRequestHeader(Accept, application/json);},success: function (response) {//use response object}});Making an authorized request
  • 21. Good JavaScript API InteractionUsing Proper REST standardsAutomation through hypermediaconstraintsUsing OAuth 2 appropriately
  • 22. http://bit.ly/rest_automation_jsThank You! Questions?Jonathan LeBlancHead of Developer Evangelism (North America)Github: http://github.com/jcleblancSlides: http://slideshare.net/jcleblancTwitter: @jcleblanc