Your SlideShare is downloading. ×
0
With JavaScriptRESTful API AutomationJonathan LeBlancHead of Developer Evangelism (North America)Github: http://github.com...
What We’re CoveringREST ConceptsAutomation through hypermediaconstraintsOAuth 2 in JavaScript
What We Want
JavaScript Challenges
Cross Origin Resource SharingAccess to other domains / subdomains isrestricted (same origin policy)JSONP to request resour...
Keeping Things HiddenToken based auth mechanismOAuth: Client SecretBasic Auth: PasswordAPI request action to reaction mapp...
Action Automation
RESTful API Core ConceptsHonor HTTP request verbsUse proper HTTP status codesNo version numbering in URIsReturn format via...
Uniform Interface Sub-ConstraintsResource IdentificationResources must be manipulated viarepresentationsSelf descriptive m...
How we Normally Consume APIs
Using HATEOAS to Automate
"links": [{"href":"https://api.sandbox.paypal.com/v1/payments/authorization/6H149011U8307001M","rel":"self","method":"GET"...
OAuth 2 & JavaScript?
A Little Use BackgroundUser loginApplication onlyUser Involvement
User Agent Flow: RedirectPrepare the Redirect URIAuthorization Endpointclient_id response_type (token)scope redirect_uriBr...
User Agent Flow: RedirectBuilding the redirect linkvar auth_uri = auth_endpoint +"?response_type=token" +"&client_id=" + c...
User Agent Flow: Hash ModFetch the Hash Modaccess_tokenrefresh_tokenexpires_inExtract Access Token
User Agent Flow: Hash Modhttp://site.com/callback#access_token=rBEGu1FQr54AzqE3Q&refresh_token=rEBt51FZr54HayqE3V4a&expire...
User Agent Flow: Get ResourcesSet Request Headers + URIResource EndpointHeader: token type + access tokenHeader: accept da...
User Agent Flow: Get Resources$.ajax({url: resource_uri,beforeSend: function (xhr) {xhr.setRequestHeader(Authorization, OA...
Good JavaScript API InteractionUsing Proper REST standardsAutomation through hypermediaconstraintsUsing OAuth 2 appropriat...
http://bit.ly/rest_automation_jsThank You! Questions?Jonathan LeBlancHead of Developer Evangelism (North America)Github: h...
Upcoming SlideShare
Loading in...5
×

RESTful API Automation with JavaScript

2,575

Published on

Pragmatic RESTful API principles, along with a solid consumption architecture, can allow for a great amount of automation in your program development. At the same time, securing the application can be extremely tricky from JavaScript.

In this session we will explore several principles behind RESTful API design and consumption using JavaScript, many of the standards that were integrated in the redevelopment of the PayPal API architecture in the new RESTful APIs.

We will cover many of these architecture standards, including:

* Building in action automation using HATEOAS
* OAuth 2 in the JavaScript model
* The challenges behind secure resource consumption through JavaScript

Published in: Technology
0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,575
On Slideshare
0
From Embeds
0
Number of Embeds
21
Actions
Shares
0
Downloads
67
Comments
0
Likes
5
Embeds 0
No embeds

No notes for slide

Transcript of "RESTful API Automation with JavaScript"

  1. 1. With JavaScriptRESTful API AutomationJonathan LeBlancHead of Developer Evangelism (North America)Github: http://github.com/jcleblancSlides: http://slideshare.net/jcleblancTwitter: @jcleblanc
  2. 2. What We’re CoveringREST ConceptsAutomation through hypermediaconstraintsOAuth 2 in JavaScript
  3. 3. What We Want
  4. 4. JavaScript Challenges
  5. 5. Cross Origin Resource SharingAccess to other domains / subdomains isrestricted (same origin policy)JSONP to request resources across domainsCross-origin resource sharing (CORS)You Send: Origin: http://site.comThey Send: Access-Control-Allow-Origin: http://site.com
  6. 6. Keeping Things HiddenToken based auth mechanismOAuth: Client SecretBasic Auth: PasswordAPI request action to reaction mappingA schematic for how data forces site changes
  7. 7. Action Automation
  8. 8. RESTful API Core ConceptsHonor HTTP request verbsUse proper HTTP status codesNo version numbering in URIsReturn format via HTTP Accept headerDouble Rainbow: Discovery via HATEOAS
  9. 9. Uniform Interface Sub-ConstraintsResource IdentificationResources must be manipulated viarepresentationsSelf descriptive messagesHypermedia as the engine ofapplication state
  10. 10. How we Normally Consume APIs
  11. 11. Using HATEOAS to Automate
  12. 12. "links": [{"href":"https://api.sandbox.paypal.com/v1/payments/authorization/6H149011U8307001M","rel":"self","method":"GET"},{"href":"https://api.sandbox.paypal.com/v1/payments/authorization/6H149011U8307001M/capture","rel":"capture","method":"POST"},{"href":"https://api.sandbox.paypal.com/v1/payments/authorization/6H149011U8307001M/void","rel":"void","method":"POST"}]
  13. 13. OAuth 2 & JavaScript?
  14. 14. A Little Use BackgroundUser loginApplication onlyUser Involvement
  15. 15. User Agent Flow: RedirectPrepare the Redirect URIAuthorization Endpointclient_id response_type (token)scope redirect_uriBrowser RedirectRedirect URI
  16. 16. User Agent Flow: RedirectBuilding the redirect linkvar auth_uri = auth_endpoint +"?response_type=token" +"&client_id=" + client_id +"&scope=profile" +"&redirect_uri=" + window.location;$("#auth_btn").attr("href", auth_uri);
  17. 17. User Agent Flow: Hash ModFetch the Hash Modaccess_tokenrefresh_tokenexpires_inExtract Access Token
  18. 18. User Agent Flow: Hash Modhttp://site.com/callback#access_token=rBEGu1FQr54AzqE3Q&refresh_token=rEBt51FZr54HayqE3V4a&expires_in=3600var hash = document.location.hash;var match = hash.match(/access_token=(w+)/);Extracting the access token from the hash
  19. 19. User Agent Flow: Get ResourcesSet Request Headers + URIResource EndpointHeader: token type + access tokenHeader: accept data typeHTTPS Request
  20. 20. User Agent Flow: Get Resources$.ajax({url: resource_uri,beforeSend: function (xhr) {xhr.setRequestHeader(Authorization, OAuth + token);xhr.setRequestHeader(Accept, application/json);},success: function (response) {//use response object}});Making an authorized request
  21. 21. Good JavaScript API InteractionUsing Proper REST standardsAutomation through hypermediaconstraintsUsing OAuth 2 appropriately
  22. 22. http://bit.ly/rest_automation_jsThank You! Questions?Jonathan LeBlancHead of Developer Evangelism (North America)Github: http://github.com/jcleblancSlides: http://slideshare.net/jcleblancTwitter: @jcleblanc
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×