This document summarizes Hadi Hariri's presentation on embracing HTTP and APIs. The presentation discussed how HTTP can be used as the single interface for both web applications and APIs, allowing them to be developed and maintained as a single system. Key points included how common REST principles like using different HTTP verbs for CRUD operations and returning JSON representations can be applied, as well as best practices for APIs like supporting content negotiation, caching, and hypermedia through links to available actions and related resources.

1. An evening
with
Hadi Hariri

2. Next event
• Next%event:%The%highlights%of%TechEd%2014%%
• Kurt%Claeys%%
• December%8th%2014%

3. Prize draw
• Put$your$business$card$(or$a$piece$of$paper…$or$a$napkin!)$in$the$box$
outside$
• Win$a$DevExpress$DevExtreme$Web$license$

4. Thanks for partnering with Visug!

5. And now…
• Hadi%Hariri%
• Embracing*HTTP*in*the*era*of*API’s*
• So*you*write*JavaScript?*Keep*the*crap*out*of*there*then!*

6. Embracing HTTP in the era
of Web API’s
Hadi Hariri

7. Announcement

9. With HTTP, your API is your
Application

10. With HTTP, your API is your
Application

11. Two Interfaces
Web
Application
User Interface
API

12. The Advantages
• It’s easy
• No real “other” way

13. The Disadvantages
• Two Systems to maintain
• API is usually an afterthought
• Limitations of API

14. One Interface
Web
Application
API

15. One Interface?
NEWMSG(“joe@gmail.com”)

16. One Interface
API Web
Application

17. The Advantages
• One Interface
• Single System
• The API is designed from the get-go

18. The Disadvantages
• The API is designed from the get-go

19. Is this possible?

20. Why is this possible? Why now?
• Frameworks Evolve - More push to Client Side
• JavaScript has become a viable language
• HTTP has been undervalued
• REST is now a buzzword

21. HTTP - Application Protocol

22. HTTP in the OSI Layer
Application
Presentation
Session
Transport
Network
Data Link
Physical
Application

23. HTTP 101
Demo of server. Headers / Responses, etc.

24. Let’s talk API

25. POST /domain.com/appServices 200 OK

26. We can do better

27. Multiple Endpoints

28. POST /domain.com/calculateAge 200 OK
POST /domain.com/getCustomers 200 OK

29. Typical CRUD Apps
• Create
• Read
• Update
• Delete

30. Typical CRUD Apps
• Create - POST
• Read - GET
• Update - PUT
• Delete - DELETE
* Don’t take this literally…

31. GET /domain.com/customer/1 200 OK
POST /domain.com/customer 200 OK

32. Demo
Response with Json

33. Verbs
• Client-Side Support
• Hidden Field with POST
• Query Parameter with GET/POST
• X-Http-Method-Override Header

34. Allowed Verbs
• Not every resource allows every method
• Allows you to restrict what can be done

35. Demo
Auto Options

36. Creating Resource and
Location Headers
POST /domain.com/customer 200 OK

37. Demo
Location Headers

38. Errors
POST /domain.com/customer 500 Internal Server Error

39. Status Codes
Status
Code
Description
200 OK
201 Created. New resource
202 Accepted. Async Ops
301 Moved Permanently.
302 Found. (Used for Redirect)
304 Not Modified. Conditional GET
400 Bad Request
401 Unauthorized
403 Forbidden
404 Not Found
405 Method Not allowed. Control Flow
409 Conflict
500 Internal Server Error
501 Not Implemented
503 Service unavailable
….

40. Let’s talk Interfaces

41. GET /checkvist.com/checklists/440751

42. GET /checkvist.com/checklists/440751

43. Resource Representation

44. Content Negotiation
URL Extension
http://domain.com/customer/25.json
http://domain.com/news/article1.es
URL Query Parameters
http://domain.com/customer/25?format=json
Accept Headers

45. Demo
Single Entry. Single Representation

46. Demo
Manual Content Negotiation

47. Demo
Auto Content Negotiation

48. Performance and Reliability

49. Making things reliable
Safe and Idempotent Verbs

50. Caching Built In
Demo of Caching
• Max-Age
• Expires
• Conditional GETs (ETags)

51. Demo
E-Tags

52. Let’s talk Program State

53. HATEOAS

54. Hypermedia

57. Hypermedia
POST /domain.com/order

58. Media Types
• XML and Microformats
• Existing Format:s ATOM
• Custom Formats:
Content-Type: application/vnd.company.doman+xml
• JSON:
• HAL
• JSON-DL

59. State Maintenance
• State is pushed to client
• Server cannot maintain state
• What about Cookies?

60. Added Benefit of Discoverability
• Known Entities - It’s all a resource
• Known Operations - Constraint on Verbs
• Known Representations - Same Resource
• Hypermedia Navigation - Know next steps

61. Let’s talk Versioning

62. Versioning
• URL Versioning
GET /domain.com/api/v1/customer
• Custom Header
X-Version: 2
• Accept Header
Accept: application/vnd.mytype.v2+json

63. Let’s talk Security

64. Options
• HTTP
• HTTPS
• Digest
• OAuth
• Federated Security

65. Let’s talk ReST

66. Richardson Maturity Model
Level
3:
Hypermedia
Level 2: HTTP Verbs
Level 1: Resources
Level 0:POX

67. Summary
• HTTP API == Application Interface
• You can have HTTP API and not be ReSTful
• ReSTFul systems over certain benefits when abiding
by certain constraints

68. Recommended Reading

69. Thank you
@hhariri
mail@hadihariri.com