Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Creating an api from design to security.

172 views

Published on

Talk to TDC 2020 - Florianópolis by Roan Brasil Monteiro and Otavio Santana

Published in: Software
  • Be the first to comment

Creating an api from design to security.

  1. 1. Otavio Santana @otaviojava Creating an API: From Design to Security Roan Brasil @roanbrasil
  2. 2. Otavio Santana @otaviojava DevRel Engineer + Java Champion + JCP-EC-EG-EGL + Apache Committer + Eclipse Committer + Eclipse Project Leader + Book and blog writer Speaker
  3. 3. Roan Brasil @roanbrasil Senior Engineer + JCP-Member + Open Source Contributor + Book and blog writer + Teacher Speaker
  4. 4. 10 commandments 1. API Design 2. Glory of Rest 3. Documentation 4. Versioning 5. DDD 6. Clean Architecture 7. Database 8. CQRS 9. Pagination 10. Security
  5. 5. Ⅰ Api Design ● API ● Contract First ● Contract Last
  6. 6. ⅠⅠ Glory of Rest ● Richardson Maturity Model ○ Model of Restful Maturity ○ Integration Problems
  7. 7. ⅠⅠ Glory of Rest ● Level 0 ○ HTTP - transport system for remote interactions ● Level 1 ○ Individual Resources ● Level 2 ○ POST ○ GET ○ DELETE ○ PATCH / PUT ● Level 3 ○ HATEOAS (Hypertext As The Engine Of Application State)
  8. 8. Ⅲ Documentation ● Swagger ● Language Documentation ● Open-API
  9. 9. ⅠⅤ Versioning 1. URL a. http://yourapi.domain.com/api/v1/doSomething 2. Query Parameters a. http://yourapi.domain.com/api/doSomething?version=1 3. Custom Headers a. Accept-version: v1 4. Content Negotiation a. Accept: application/vnd.domain.v1+json b. Accept: application/vnd.domain+json;version=1.0
  10. 10. Ⅴ DDD ● Ubiquitous Language ● Domain ● Subdomain ● Bounded Context
  11. 11. ⅤⅠ Clean Architecture ● SOLID ● Layers ○ Presentation Layer ■ Controller ○ Application Layer ■ Service Orchestrating ○ Domain Layer ■ DTO/POJO ■ Entities ■ Services ○ Infrastructure Layer ■ Repositories ■ Config
  12. 12. Ⅶ Database ● NoSQL vs SQL ● Encapsulation ● CAP
  13. 13. ⅦⅠ CQRS ● Command Query Responsibility Segregation ○ Greg Young's 2010 essay ○ Write - Command ○ Read - Query
  14. 14. Ⅸ Pagination ● Performance ● HATEOAS
  15. 15. Ⅹ Security ● Basic Authentication ● OAuth 2.0 ○ JWT - JSON Web Tokens (RFC 7519) ■ JWS - JSON Web Signature (RFC 7515) ■ JWE - JSON Web Encryption (RFC 7516) Site: https://jwt.io/
  16. 16. Q&A Thank you

×