5. API Architecture
An API is a business capability delivered over the Internet to
internal or external consumers
• Network accessible function
• Available using standard web protocols
• With well-defined interfaces
• Designed for access by third-parties
A Managed API is:
• Actively advertised and subscribe-able
• Exhibits high Quality of Service (QoS)
• Available with Service Level Agreements (SLAs)
• Secured, authenticated, authorized and protected
• Monitored and monetized with analytics
6. Resources
• Addressable Resources:
• Every “object” on your network should have a unique ID.
• An important aspect is that each “object” or resource has its
own specific URI where it can be addressed
• A Uniform, Constrained Interface.
• When applying REST over HTTP, stick to the methods
provided by the protocol
• GET, POST, PUT, and DELETE.
• These should be used properly
• GET should have no side effects or change on state
• PUT should update the resource “in-place”
• The content-type of the resource should be useful and
meaningful
7. REST is full of subtleties
• Method Safety
• GET, HEAD, OPTIONS, TRACE will not modify
anything
• Idempotency
• PUT, DELETE, GET, HEAD can be repeated and
the side-effects remain the same
• Caching
• Correct use of Last-Modified and ETag headers
• Content-negotiation
8. The benefits of a well-designed REST app
• Bookmarkability
• Each URI really points to a unique entity
• Every entity can be referenced
• Multiple representations are powerful
• Allowing one view of a resource for users and one
for systems makes application development simpler
and more logical
• Having well defined links
• Does improve the semantic richness of an
application
• By comparison WSDL is very flat and doesn’t show
the links between operations and services
9. Hypertext as the Engine of Application State
Resources are identified by URIs
↓
Clients communicate with resources via requests using a
standard set of methods
↓
Requests and responses contain resource representations
in formats identified by media types
↓
Responses contain URIs that link to further resources
13. Business Design of the APIs
• Know the consumer
• Who will use the APIs (both developers and final end-user)?
• What type of applications will use the APIs?
• What business assets will be delivered?
• Maintain Operational Control
• What Quality of Service is expected?
• Who can access the assets?
• Remember Usability and Monetization
• How will the API expose business assets?
• How will you demonstrate business value via direct revenue,
chargeback, or showback?
14. API Challenges
Often difficult to offer your business capabilities as an API
• Potential consumers do not trust API stability, reliability,
availability, or performance
• Providers have scalability concerns and lack an ability to
manage consumption
• Security risks prevent publishing and offering open access
• Difficult to manage requirements from multiple consumers and
coordinate release schedule
• Inability to configure API per consumer
• Business return requires API metering usage rates, and billing
15. Use of Registries in RestFul Architecture
• Registry/Repository Aspects:
• Structured Organization of Data
• Dependencies – Dependency Analysis
• Versioning of Assets (WADL/WSDL, Schema, Policies)
• Extensible meta-model (especially your custom configurations)
• Custom Properties/Meta-information
• Integration/Governance Aspects:
• Impact, Notification, and Change Management
• Broader Lifecycle Integration
• API-access to resources
• Endpoint discovery
16. Building an Approval Model: SCXML
• State Chart XML: State Machine Notation for Control
Abstraction
• An OASIS Standard
• Embedded Apache Commons SCXML library
• GUI/Tooling
• IBM Rational Software Architect
• SCXMLgui
• WSO2 Carbon Studio – Future