Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
RESTFul Tools for Lazy Experts Luis Majano @lmajano
Who am I • Luis Majano • Computer Engineer • Imported from El Salvador • CEO of Ortus Solutions • Creator of all things Box
What is REST? Benefits Principles Good Design Tools Infrastructure Development Stacks
REST = Representational StateTransfer • An architectural style (2000) • Adhere to best practices • Low ceremony web servic...
Resource vs RPC /user/:usernameResource Abstracted Can be Nested Can point to any internal RPC call Can be layered Fle...
BENEFITS • Abstractions • Easier to scale • Easy to refactor • Easier to layer • Less bandwidth • Many tools
RESTFUL PRINCIPLES Addressability - Resources Objects/Resources can be addressable via a URI /api/user/luis /api/user/twee...
RESTFUL PRINCIPLES Uniformity Leveraging HTTPVerbs + HTTP Headers
Representations Models in different formats: json, xml, rss, pdf, etc 200 OK Content-Type: application/json+userdb { "user...
RESTFUL PRINCIPLES Stateless Performance, reliability, and ability to scale
LET’S APPLY THESE PRINCIPLES
A Good RESTFul Design Offers 1. Resource Naming 2. HTTPVerb Usage 3. Meaningful Status Codes 4. Modeling + Documentation 5...
1. Resource Naming 1. URI Centric 2. Use nouns, avoid verbs (HTTPVerbs) 3. Deeper you go in the resource the more detail 4...
2. HTTP Verb Usage Operation Verb Create POST Read GET Update PUT Single item update PATCH Delete DELETE Info/Metadata HEA...
3. Meaningful Status Codes Code Description 200 OK, usually a representation 201 New resource, check headers for URI 202 A...
4. MODELING + DOCUMENTATION
5.Relax Modeling, Tester, Docs • ColdBox Module • Model RESTFul Services • Scaffold ColdBox Routes • Documentation Exporte...
RELAX MODEL function configure(){ // This is where we define our RESTful service, this is usually // our first...
5.Uniformity • Common Response object • Common Controller (MVC) • HTTPVerb Security • Access Security • Error Handling Uni...
RESPONSE OBJECT/** * HTTP Response model for the API */ component accessors="true" { property name="format" type...
BASE CONTROLLER/** * Around handler for all functions */ function aroundHandler( event, rc, prc, targetAction, eventArg...
6. SECURITY SSL HTTP Verb Security Request Throttling Client API Keys or Tokens (Headers/Params) API Key + Secret Encrypti...
• Upgrade/Downgrade Paths • Scale • No more monoliths • Implementations: • Frameworks • Adobe API Manager • Both 7. VERSIO...
7. Versioning (Modularity) • ColdBox Modules - HMVC • Root api module • Contain commonalities (Uniformity) • Sub-modules a...
8. PERFORMANCE • Web Server (Nginx) • Gzip Compression • Resource Caching • HTTP2 • SSL Keep-Alive Connections • Throttlin...
8. PERFORMANCE • ColdBox Event Caching • Leverages CacheBox • Any Cache Backend • Caching Resources • Rich Invalidation API
Looks familiar? 9. TESTABILITY
WHY PEOPLE DON’T TEST COMFORT
WHY PEOPLE DON’T TEST New Methodology New Learned Behavior It is a leap….
BIGGEST LIE IN SOFTWARE DEV 
 Don’t worry, we will create the tests and refactor it later!
• Just do it! • You will get dirty • It can hurt (a little) • Learned behavior NO MORE EXCUSES IT WILL ACCELERATE YOUR DEV...
BDD TESTING
10. Tools 1. Modeling/Documentation/Testing 1. Relax*, Postman, Swagger, Gelato 2. API Management 1. Adobe*, Mulesoft, IBM...
10. Adobe API Manager 1. Scale your API’s 2. Tons of Features: 1. Rate Limiting 2. SLAs 3. Swagger Support 4. Caching 5. V...
Technology Stack RESTStack ColdBox MVC Relax cbSwagger RollbarCouchbase Nginx Adobe API
A Good RESTFul Design Offers 1. Resource Naming 2. HTTPVerb Usage 3. Meaningful Status Codes 4. Modeling + Documentation 5...
Resources • Relax: github.com/coldbox-modules/coldbox-relax • Swagger SDK: github.com/coldbox-modules/swagger-sdk • cbSwag...
Thank you!
Upcoming SlideShare
Loading in …5
×

RESTFul Tools For Lazy Experts - CFSummit 2016

2,279 views

Published on

Come discover what in the world are RESTFul services and what are its benefits over other API building technologies. We will cover the basics of HTTP representation protocols, RESTful routing, security, authentication and testing. We will then move to modeling RESTful resources via an open source tool called Relax; Restful Tools For Lazy Experts and finally scaling it with the Adobe API Manager.

Published in: Technology
no profile picture user

  • Be the first to comment

RESTFul Tools For Lazy Experts - CFSummit 2016

  1. 1. RESTFul Tools for Lazy Experts Luis Majano @lmajano
  2. 2. Who am I • Luis Majano • Computer Engineer • Imported from El Salvador • CEO of Ortus Solutions • Creator of all things Box
  3. 3. What is REST? Benefits Principles Good Design Tools Infrastructure Development Stacks
  4. 4. REST = Representational StateTransfer • An architectural style (2000) • Adhere to best practices • Low ceremony web services • Leverage the HTTP/S Protocol • Resource Oriented not RPC Oriented
  5. 5. Resource vs RPC /user/:usernameResource Abstracted Can be Nested Can point to any internal RPC call Can be layered Flexible getUser( ‘lmajano’ )Remote Procedure Call Coupling Static Refactoring Problems Inflexible
  6. 6. BENEFITS • Abstractions • Easier to scale • Easy to refactor • Easier to layer • Less bandwidth • Many tools
  7. 7. RESTFUL PRINCIPLES Addressability - Resources Objects/Resources can be addressable via a URI /api/user/luis /api/user/tweets
  8. 8. RESTFUL PRINCIPLES Uniformity Leveraging HTTPVerbs + HTTP Headers
  9. 9. Representations Models in different formats: json, xml, rss, pdf, etc 200 OK Content-Type: application/json+userdb { "users": [ { "id": 1, "name": "Emil", "country: "Sweden", "links": [ { "href": "/user/1", "rel": "self", "method": "GET" }, { "href": "/user/1", "rel": "edit", "method": "PUT" }, { "href": "/user/1", "rel": "delete", "method": "DELETE" } ] }, { "id": 2, "name": "Adam", "country: "Scotland", "links": [ { "href": "/user/2", RESTFUL PRINCIPLES
  10. 10. RESTFUL PRINCIPLES Stateless Performance, reliability, and ability to scale
  11. 11. LET’S APPLY THESE PRINCIPLES
  12. 12. A Good RESTFul Design Offers 1. Resource Naming 2. HTTPVerb Usage 3. Meaningful Status Codes 4. Modeling + Documentation 5. Uniformity 6. Security 7. Versioning (Modularity) 8. Performance 9. Testability 10.Tools
  13. 13. 1. Resource Naming 1. URI Centric 2. Use nouns, avoid verbs (HTTPVerbs) 3. Deeper you go in the resource the more detail 4. URL Params (Options) 5. Headers (Auth+Options) 6. This is where a modeling tool can help /customers
 Get - List customers
 Post - Create new customer /customer/:id
 Get - Show customer
 Put - Update customer
 Delete - Delete customer /customer/:id/invoices
 Get - All invoices
 Post - Create invoice /customer/:id/invoice/:invoiceID
 Get - Show invoice
 Put - Update invoice
 Delete -Delete invoice
  14. 14. 2. HTTP Verb Usage Operation Verb Create POST Read GET Update PUT Single item update PATCH Delete DELETE Info/Metadata HEAD Resource Doc OPTIONS
  15. 15. 3. Meaningful Status Codes Code Description 200 OK, usually a representation 201 New resource, check headers for URI 202 Accepted (ASYNC), check headers or response for tokens 203 Non-authoritative (Usually a cached response) 204 No Content, but processed 205 Reset Content 206 Partial Results (Usually pagination) Code Description 400 Bad Request 401 Unauthorized 402 Payment Required 403 Forbidden 404 Not Found 405 Method not allowed 406 Not acceptable (Validation, invalid data) 408 RequestTimeout 410 Resource Gone 429 Too Many Requests 500 Server Error
  16. 16. 4. MODELING + DOCUMENTATION
  17. 17. 5.Relax Modeling, Tester, Docs • ColdBox Module • Model RESTFul Services • Scaffold ColdBox Routes • Documentation Exporter (HTML,PDF,etc) • RelaxURLTester • Swagger Import/Export -> API Manager box install relax —saveDev
  18. 18. RELAX MODEL function configure(){ // This is where we define our RESTful service, this is usually // our first place before even building it, we spec it out. this.relax = { // Service Title title = "ForgeBox IO", // Service Description description = "This API powers ForgeBox", // Service entry point, can be a single string or name value pairs to denote tiers //entryPoint = "http://www.myapi.com", entryPoint = { dev = "http://localhost:9095/api/v1", stg = "http://forgebox.stg.ortussolutions.com/api/v1", prd = "http://forgebox.io/api/v1" }, // Does it have extension detection via ColdBox extensionDetection = true, // Valid format extensions validExtensions = "json", // Does it throw exceptions when invalid extensions are detected throwOnInvalidExtension = false }; // Global API Headers // globalHeader( name="x-app-token", description="The secret application token", required=true, type="string" );
  19. 19. 5.Uniformity • Common Response object • Common Controller (MVC) • HTTPVerb Security • Access Security • Error Handling Uniformity • Response Uniformity Error! Security Where Frameworks Will Help!
  20. 20. RESPONSE OBJECT/** * HTTP Response model for the API */ component accessors="true" { property name="format" type="string" default="json"; property name="data" type="any" default=""; property name="error" type="boolean" default="false"; property name="binary" type="boolean" default="false"; property name="messages" type="array"; property name="location" type="string" default=""; property name="jsonCallback" type="string" default=""; property name="jsonQueryFormat" type="string" default="query"; property name="contentType" type="string" default=""; property name="statusCode" type="numeric" default="200"; property name="statusText" type="string" default="OK"; property name="errorCode" type="numeric" default="0"; property name="responsetime" type="numeric" default="0"; property name="cachedResponse" type="boolean" default="false"; property name="headers" type="array"; /** * Constructor */
  21. 21. BASE CONTROLLER/** * Around handler for all functions */ function aroundHandler( event, rc, prc, targetAction, eventArguments ){ try{ var stime = getTickCount(); // prepare our response object prc.response = getModel( "Response@core" ); // Scope the incoming user request prc.oCurrentUser = securityService.getUserSession(); // prepare argument execution var args = { event = arguments.event, rc = arguments.rc, prc = arguments.prc }; structAppend( args, arguments.eventArguments ); // Secure the call if( isAuthorized( event, rc, prc, targetAction ) ){ // Execute action var simpleResults = arguments.targetAction( argumentCollection=args ); } } catch( Any e ){ // Log Locally log.error( "Error calling #event.getCurrentEvent()#: #e.message# #e.detail#", e ); // Log to BugLogHQ
  22. 22. 6. SECURITY SSL HTTP Verb Security Request Throttling Client API Keys or Tokens (Headers/Params) API Key + Secret Encryption Keys (Like Amazon) Basic Authentication (At least its something!) IP Based Filtering/Tagging (Programmatic/Firewall/Etc) oAuth Adobe API Manager
  23. 23. • Upgrade/Downgrade Paths • Scale • No more monoliths • Implementations: • Frameworks • Adobe API Manager • Both 7. VERSIONING (MODULARITY)
  24. 24. 7. Versioning (Modularity) • ColdBox Modules - HMVC • Root api module • Contain commonalities (Uniformity) • Sub-modules as versions • v1 - /api/v1 • v2 - /api/v2 • Reusability + Scalability • Adobe API Manager
  25. 25. 8. PERFORMANCE • Web Server (Nginx) • Gzip Compression • Resource Caching • HTTP2 • SSL Keep-Alive Connections • Throttling • Distributed Caching • Couchbase • Redis • Terracota • Frameworks: CacheBox + ColdBox • Adobe API Manager • Take time in a cache strategy • Cache Invalidation
  26. 26. 8. PERFORMANCE • ColdBox Event Caching • Leverages CacheBox • Any Cache Backend • Caching Resources • Rich Invalidation API
  27. 27. Looks familiar? 9. TESTABILITY
  28. 28. WHY PEOPLE DON’T TEST COMFORT
  29. 29. WHY PEOPLE DON’T TEST New Methodology New Learned Behavior It is a leap….
  30. 30. BIGGEST LIE IN SOFTWARE DEV 
 Don’t worry, we will create the tests and refactor it later!
  31. 31. • Just do it! • You will get dirty • It can hurt (a little) • Learned behavior NO MORE EXCUSES IT WILL ACCELERATE YOUR DEVELOPMENT
  32. 32. BDD TESTING
  33. 33. 10. Tools 1. Modeling/Documentation/Testing 1. Relax*, Postman, Swagger, Gelato 2. API Management 1. Adobe*, Mulesoft, IBM, Kong 3. LoadTesting 1. JMeter, Paessler 4. ColdBox MVC 1. cbSwagger Module
  34. 34. 10. Adobe API Manager 1. Scale your API’s 2. Tons of Features: 1. Rate Limiting 2. SLAs 3. Swagger Support 4. Caching 5. Versioning 6. Security 7. Analytics 8. SOAPTools 9. Notifications
  35. 35. Technology Stack RESTStack ColdBox MVC Relax cbSwagger RollbarCouchbase Nginx Adobe API
  36. 36. A Good RESTFul Design Offers 1. Resource Naming 2. HTTPVerb Usage 3. Meaningful Status Codes 4. Modeling + Documentation 5. Uniformity 6. Security 7. Versioning (Modularity) 8. Performance 9. Testability 10.Tools
  37. 37. Resources • Relax: github.com/coldbox-modules/coldbox-relax • Swagger SDK: github.com/coldbox-modules/swagger-sdk • cbSwagger Module: github.com/coldbox-modules/cbSwagger • TestBox : ortussolutions.com/products/testbox • CommandBox: ortussolutions.com/products/commandbox • Slack: boxteam.herokuapp.com • CFML Slack: #box-products
  38. 38. Thank you!

×