Exploring REST Purity and Pragmatism

1,262 views
1,140 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,262
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Exploring REST Purity and Pragmatism

  1. 1. Exploring REST Purity and Pragmatism Samisa Abeysinghe Vice President Engineering
  2. 2. REST• General idea – It is simple – Widely used – “cool” & state of the art – And ideal for SOA & the enterprise True?
  3. 3. YesSimple Cool REST is…Popular Used
  4. 4. From Theory to Practice• Can simplicity meet complexity?• Can REST be used in enterprise?
  5. 5. REST for Enterprise Services & BusinessStandards Governance Security APIs ModelsHTTP & Media Lifecycle Billing & REST Service HTTP vs HTTPS types management metering Versioning & Tiers & Interfaces RESTful APIs Authentication configurations ThrottlingProgramming Simple, quick & Committees & Non- Pay for use languages Web Oriented Conformance Repudiation
  6. 6. Services & BusinessStandards Governance Security APIs ModelsHTTP & Media Lifecycle Billing & REST Service HTTP vs HTTPS types management metering Versioning & Tiers & Interfaces RESTful APIs Authentication configurations ThrottlingProgramming Simple, quick & Committees & Non- Pay for use languages Web Oriented Conformance Repudiation
  7. 7. REST Principles Verbs CRUD and more (PUT, GET,POST,DELETE Names … HEAD, OPTIONS) Representations URI, XRI HTML, XML or Binary(http://acme.com/ (text/html, text/xml, customers) image/png) Resources
  8. 8. Services & BusinessStandards Governance Security APIs ModelsHTTP & Media Lifecycle Billing & REST Service HTTP vs HTTPS types management metering Versioning & Tiers & Interfaces RESTful APIs Authentication configurations ThrottlingProgramming Simple, quick & Committees & Non- Pay for use languages Web Oriented Conformance Repudiation
  9. 9. Services vs APIs• Services are what you develop• APIs are what you expose – “The interface” – How can you consume the service?
  10. 10. RESTful APIs• REST (REpresentational State Transfer) – An architectural style based on transferring representations of resources from a server to a client• RESTful Web services – Web services built on the REST principles – Also called a RESTful Web API – http://en.wikipedia.org/wiki/Representational_sta te_transfer#RESTful_web_services
  11. 11. The Interface Matters• It is not the implementation that matter• But the interface – And got to be managed and maintained systematically
  12. 12. Services & BusinessStandards Governance Security APIs ModelsHTTP & Media Lifecycle Billing & REST Service HTTP vs HTTPS types management metering Versioning & Tiers & Interfaces RESTful APIs Authentication configurations ThrottlingProgramming Simple, quick & Committees & Non- Pay for use languages Web Oriented Conformance Repudiation
  13. 13. Manage Life-CyclesService API
  14. 14. Tools for Life-Cycle Management
  15. 15. Tools for Life-Cycle Management
  16. 16. Services & BusinessStandards Governance Security APIs ModelsHTTP & Media Lifecycle Billing & REST Service HTTP vs HTTPS types management metering Versioning & Tiers & Interfaces RESTful APIs Authentication configurations ThrottlingProgramming Simple, quick & Committees & Non- Pay for use languages Web Oriented Conformance Repudiation
  17. 17. Securing RESTful Services Confidentiality Integrity HTTPS HTTPS Security Authentication Non RepudiationHTTP Basic/Digest Auth., 2-legged OAuth Mutual Auth., OAuth
  18. 18. Security Using OAuthhttp://pathberiya.blogspot.com/2011/02/2-legged-oauth-to-secure-restful.html
  19. 19. Access TokensApplication User Key Key Used when Used when an applications are end user is calling each using an other application
  20. 20. Application/User Key Generation Sequence
  21. 21. Services & BusinessStandards Governance Security APIs ModelsHTTP & Media Lifecycle Billing & REST Service HTTP vs HTTPS types management metering Versioning & Tiers & Interfaces RESTful APIs Authentication configurations ThrottlingProgramming Simple, quick & Committees & Non- Pay for use languages Web Oriented Conformance Repudiation
  22. 22. Business Models
  23. 23. Business RequirementsTiers Metering Throttling Billing Monitoring Usage Tier limitsPlatinum Pay for use Trends metering enforcement Capacity SLA & policy Continuous Gold Budget metering enforcement improvement Status Capacity Silver Prioritization Estimates tracking planning
  24. 24. Monitoring Tools
  25. 25. Insights & Continuous Improvement
  26. 26. Services & BusinessStandards Governance Security APIs ModelsHTTP & Media Lifecycle Billing & REST Service HTTP vs HTTPS types management metering Versioning & Tiers & Interfaces RESTful APIs Authentication configurations ThrottlingProgramming Simple, quick & Committees & Non- Pay for use languages Web Oriented Conformance Repudiation
  27. 27. Closing Remarks• REST is simple, cool, popular and used• Need to look beyond coolness to use REST for real• Think of REST as a way to expose APIs• Pay attention to good governance• Make informed security architecture decisions• Focus on monitoring, analysis and insights based continuous improvements
  28. 28. Resources• http://wso2.com/products/api-manager/• http://wso2.com/products/governance-registry/• http://wso2.com/products/business-activity-monitor/• http://sanjiva.weerawarana.org/2012/08/api-management- missing-link-for-soa.html• http://sumedha.blogspot.com/search/label/API
  29. 29. WSO2 Engagement Model• QuickStart• Development Support• Development Services• Production Support• http://wso2.com/support
  30. 30. Thank you!bizdev@wso2.com

×