SlideShare a Scribd company logo

Api fundamentals

A
AgileDenver

Applications increasingly talk to each other behind the scenes via APIs. Google’s recent acquisition of Apigee, an API management company, is an indicator of the continued importance of APIs. APIs are like building blocks, providing services and data that can be connected with other APIs to build powerful customized apps. However, developing and testing an API can be challenging because there is no built-in interface, breaking changes can cause widespread outages, sensitive data may be exposed or accessed, and accepted agile testing paradigms can be difficult to adapt to APIs. This session is an introduction to restful APIs and how to test them for security, performance, functionality, and backwards-compatibility risks.

Business
1 of 39
Download to read offline
Welcome! • We’ll use postman for some of our examples. If you would like to follow along, download postman now. www.getpostman.com. • Feel free to pair with someone! • We’ll provide collections at the end of our talk. • Follow @apidemo_carter onTwitter!
JoEllen Carter / Lisa Crispin
Overview • What is an API? • History of API growth • Current API landscape • HowAPIs work, including some hands-on demos • Strategies and tools for testing an API • API Stories
What is an Application Programming Interface?
!!!
Interfaces • Touch • Voice • Sight
API Your application The world !!!
2000 2002 2004 2006 2008
Why RESTful? • REST: Representational state transfer • Uniform and predefined set of stateless operations • People can “just know things” about an API that’s RESTful
How does an Application Programming Interface Work?
RPC SOAP HTTP HTTPS CoAP …
HTTPRequest URL Method Headers Body
URL https://api.twitter.com/1.1/statuses/update.json?status=testing {base url} / {version} / {endpoint} ? {query parameters}
GET • Get some data about an object or ‘resource’ POST • Create a new resource PUT • Update a resource DELETE • Delete a resource Methods
Headers • Headers are key/value combinations that specify additional information about the request • Some common request headers are: • Content-type • Authentication • Accept • Origin
Body • Data to send with the request – usually for a POST or PUT • Data format – xml, json, etc. - is specified by the content-type header { "location": { "lat": -33.8669710, "lng": 151.1958750 }, "accuracy": 50, "name": "Google Shoes!", "phone_number": "(02) 9374 4000", "address": "48 Pirrama Road, Pyrmont, NSW 2009, Australia", "types": ["shoe_store"], "website": "http://www.google.com.au/", "language": "en-AU" }
What about cookies? • Restful API requests should be self-reliant • Cookies are session-dependent, so not independent • Using cookies to store data means your API is not Restful
Authentication • Insecure - Authorization token in url • https://api.darksky.net/forecast/{{token}} /39.9026420,-105.0905190 • https://maps.googleapis.com/maps/api/p lace/nearbysearch/json?key={{googlema psKey}} • Basic • Username:password are concatenated and encoded • Sent in Authorization header
Authentication - Oauth • Oauth1/2 - https://oauth.net/ Service Provider
Authentication - JWT JSON WebToken https://jwt.io/ - an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object • Header – type of token (JWT) and hashing (signing) algorithm • Payload – contains ‘claims’, or information about the user • Signature = signature from header-specified algorithm using encoded Header + encoded payload + secret
Let’s try a GET now… • We’ll hit the dark sky api to get our current weather
HTTPResponse URL Status Code Headers Body
OK200 Bad Request400 Forbidden403 Not Found404 Internal Server Error500 Service Unavailable503 GatewayTimeout504 Common Status Codes
Let’s try a POST now… • We’ll post a tweet from #MHA2017
How do we test API’s?
Security • Basic • Authentication tokens are valid/present • Account boundaries are not violated • SSL is enforced/warned when not present • Hacker-in-training • Injection points – headers, parameters, body • Recording tools – what is exposed/available • White Hat hacker - OWASP • Rest Security Cheat Sheet • OWASP top 10 security vulnerabilities – new section on Under-protected APIs
Functional • Basic • Correct status codes are generated for invalid inputs • Request/response bodies contain the correct content type and schema • Backwards-compatibility for public APIs - previous tests continue to pass or breaking changes are clearly documented – aka regression testing • Advanced • Join API requests together to mirror application functionality
Exploratory • Identify the variable bits - things that can/will/might change • Requests – • Method • Mix/match endpoints • Parameters • Headers, especially content type • ContentType • Size, Depth - images, json/xml nesting • Timing & Frequency – what happens with caching?
Heuristics • Apply Heuristics to the variables • Zero, One, Many • Some, None,All • Beginning, Middle, End • Too Many,Too Few • Relative Position, i.e. content
Automation • Part of your CI/CD pipeline • Part of development process since tests can be run in both local and pre-production environments • Performance • Combine tests with monitoring • Tools • Postman • Command line runner that can be integrated into your CI • Developer adoption is high • Runscope • Powerful code snippets
Supporting an API Tracker API, rewritten in 2012-13 • Our own client software uses public API, same as customers • With some private endpoints • Leading practices: RESTful, JSON in & out, • Versioning • Only changes are additions • Promote new endpoints through various stages • “edge” version • Metadata-driven • Reference doc generated from metadata and unit test outputs
Long-term results • Few support requests • Thanks to comprehensive unit tests, comprehensive doc & examples • Comprehensive doc for devs to introduce new endpoints • Many new endpoints added • Mostly without pain – one backwards compatibility issue • Postman regression tests run in CI in addition to unit tests • Include performance checks
Questions? Stories?
Take-aways • APIs are the engine behind the apps we use every day • APIs are an integral part of our agile processes - APIs make apps more testable, and can be tested! • APIs add value to your product - maybe your company/product/team needs an API? • You’ve learned some terms about RESTful web services – go forth and learn more!
Links • ProgrammableWeb • API Security Testing • OWASPTop 10 Project • List of HTTP Header fields • Varonis - Introduction to Oauth • Oauth.net • Understanding rest and rpc

Recommended

Testing Your APIs: Postman, Newman, and Beyond
Testing Your APIs: Postman, Newman, and BeyondTesting Your APIs: Postman, Newman, and Beyond
Testing Your APIs: Postman, Newman, and Beyond
Postman
 
API Testing Presentations.pptx
API Testing Presentations.pptxAPI Testing Presentations.pptx
API Testing Presentations.pptx
ManmitSalunke
 
Api presentation
Api presentationApi presentation
Api presentationTiago Cardoso
 
API Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNGAPI Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNG
Siddharth Sharma
 
REST API
REST APIREST API
REST API
Tofazzal Ahmed
 
Rest assured
Rest assuredRest assured
Rest assured
Varun Deshpande
 
Testing RESTful web services with REST Assured
Testing RESTful web services with REST AssuredTesting RESTful web services with REST Assured
Testing RESTful web services with REST Assured
Bas Dijkstra
 
What is an API?
What is an API?What is an API?
What is an API?
Muhammad Zuhdi
 

Recommended

Testing Your APIs: Postman, Newman, and Beyond
Testing Your APIs: Postman, Newman, and BeyondTesting Your APIs: Postman, Newman, and Beyond
Testing Your APIs: Postman, Newman, and Beyond
Postman
 
API Testing Presentations.pptx
API Testing Presentations.pptxAPI Testing Presentations.pptx
API Testing Presentations.pptx
ManmitSalunke
 
Api presentation
Api presentationApi presentation
Api presentationTiago Cardoso
 
API Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNGAPI Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNG
Siddharth Sharma
 
REST API
REST APIREST API
REST API
Tofazzal Ahmed
 
Rest assured
Rest assuredRest assured
Rest assured
Varun Deshpande
 
Testing RESTful web services with REST Assured
Testing RESTful web services with REST AssuredTesting RESTful web services with REST Assured
Testing RESTful web services with REST Assured
Bas Dijkstra
 
What is an API?
What is an API?What is an API?
What is an API?
Muhammad Zuhdi
 
Api types
Api typesApi types
Api types
Sarah Maddox
 
Belajar Postman test runner
Belajar Postman test runnerBelajar Postman test runner
Belajar Postman test runner
Fachrul Choliluddin
 
Rest assured
Rest assuredRest assured
Rest assuredYaniv Rodenski
 
API TESTING
API TESTINGAPI TESTING
API TESTING
Sijan Bhandari
 
Postman Introduction
Postman IntroductionPostman Introduction
Postman Introduction
Rahul Agarwal
 
Web Services (SOAP, WSDL, UDDI)
Web Services (SOAP, WSDL, UDDI)Web Services (SOAP, WSDL, UDDI)
Web Services (SOAP, WSDL, UDDI)
Peter R. Egli
 
Swagger
SwaggerSwagger
Swagger
NexThoughts Technologies
 
Rest web services
Rest web servicesRest web services
Rest web services
Paulo Gandra de Sousa
 
Java Spring Framework
Java Spring FrameworkJava Spring Framework
Java Spring Framework
Mehul Jariwala
 
Test your microservices with REST-Assured
Test your microservices with REST-AssuredTest your microservices with REST-Assured
Test your microservices with REST-Assured
Michel Schudel
 
What's an api
What's an apiWhat's an api
What's an api
Jacques Ledoux
 
Api Testing
Api TestingApi Testing
Api Testing
Vishwanath KC
 
How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
Apigee | Google Cloud
 
Rest API
Rest APIRest API
Rest API
Phil Aylesworth
 
REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & Development
Ashok Pundit
 
Automatic documentation with mule
Automatic documentation with mule Automatic documentation with mule
Automatic documentation with mule
Anirban Sen Chowdhary
 
Apigee Edge Overview and Roadmap
Apigee Edge Overview and RoadmapApigee Edge Overview and Roadmap
Apigee Edge Overview and Roadmap
Apigee | Google Cloud
 
Spring Framework
Spring Framework Spring Framework
Spring Framework
tola99
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUD
Prem Sanil
 
Software Testing Process, Testing Automation and Software Testing Trends
Software Testing Process, Testing Automation and Software Testing TrendsSoftware Testing Process, Testing Automation and Software Testing Trends
Software Testing Process, Testing Automation and Software Testing Trends
KMS Technology
 
Api FUNdamentals #MHA2017
Api FUNdamentals #MHA2017Api FUNdamentals #MHA2017
Api FUNdamentals #MHA2017
JoEllen Carter
 
RESTFul Tools For Lazy Experts - CFSummit 2016
RESTFul Tools For Lazy Experts - CFSummit 2016RESTFul Tools For Lazy Experts - CFSummit 2016
RESTFul Tools For Lazy Experts - CFSummit 2016
Ortus Solutions, Corp
 

More Related Content

What's hot

Api types
Api typesApi types
Api types
Sarah Maddox
 
Belajar Postman test runner
Belajar Postman test runnerBelajar Postman test runner
Belajar Postman test runner
Fachrul Choliluddin
 
API TESTING
API TESTINGAPI TESTING
API TESTING
Sijan Bhandari
 
Postman Introduction
Postman IntroductionPostman Introduction
Postman Introduction
Rahul Agarwal
 
Web Services (SOAP, WSDL, UDDI)
Web Services (SOAP, WSDL, UDDI)Web Services (SOAP, WSDL, UDDI)
Web Services (SOAP, WSDL, UDDI)
Peter R. Egli
 
Swagger
SwaggerSwagger
Swagger
NexThoughts Technologies
 
Rest web services
Rest web servicesRest web services
Rest web services
Paulo Gandra de Sousa
 
Java Spring Framework
Java Spring FrameworkJava Spring Framework
Java Spring Framework
Mehul Jariwala
 
Test your microservices with REST-Assured
Test your microservices with REST-AssuredTest your microservices with REST-Assured
Test your microservices with REST-Assured
Michel Schudel
 
What's an api
What's an apiWhat's an api
What's an api
Jacques Ledoux
 
Api Testing
Api TestingApi Testing
Api Testing
Vishwanath KC
 
How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
Apigee | Google Cloud
 
Rest API
Rest APIRest API
Rest API
Phil Aylesworth
 
REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & Development
Ashok Pundit
 
Automatic documentation with mule
Automatic documentation with mule Automatic documentation with mule
Automatic documentation with mule
Anirban Sen Chowdhary
 
Apigee Edge Overview and Roadmap
Apigee Edge Overview and RoadmapApigee Edge Overview and Roadmap
Apigee Edge Overview and Roadmap
Apigee | Google Cloud
 
Spring Framework
Spring Framework Spring Framework
Spring Framework
tola99
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUD
Prem Sanil
 
Software Testing Process, Testing Automation and Software Testing Trends
Software Testing Process, Testing Automation and Software Testing TrendsSoftware Testing Process, Testing Automation and Software Testing Trends
Software Testing Process, Testing Automation and Software Testing Trends
KMS Technology
 

What's hot (20)

Api types
Api typesApi types
Api types
 
Belajar Postman test runner
Belajar Postman test runnerBelajar Postman test runner
Belajar Postman test runner
 
Rest assured
Rest assuredRest assured
Rest assured
 
API TESTING
API TESTINGAPI TESTING
API TESTING
 
Postman Introduction
Postman IntroductionPostman Introduction
Postman Introduction
 
Web Services (SOAP, WSDL, UDDI)
Web Services (SOAP, WSDL, UDDI)Web Services (SOAP, WSDL, UDDI)
Web Services (SOAP, WSDL, UDDI)
 
Swagger
SwaggerSwagger
Swagger
 
Rest web services
Rest web servicesRest web services
Rest web services
 
Java Spring Framework
Java Spring FrameworkJava Spring Framework
Java Spring Framework
 
Test your microservices with REST-Assured
Test your microservices with REST-AssuredTest your microservices with REST-Assured
Test your microservices with REST-Assured
 
What's an api
What's an apiWhat's an api
What's an api
 
Api Testing
Api TestingApi Testing
Api Testing
 
How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
 
Rest API
Rest APIRest API
Rest API
 
REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & Development
 
Automatic documentation with mule
Automatic documentation with mule Automatic documentation with mule
Automatic documentation with mule
 
Apigee Edge Overview and Roadmap
Apigee Edge Overview and RoadmapApigee Edge Overview and Roadmap
Apigee Edge Overview and Roadmap
 
Spring Framework
Spring Framework Spring Framework
Spring Framework
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUD
 
Software Testing Process, Testing Automation and Software Testing Trends
Software Testing Process, Testing Automation and Software Testing TrendsSoftware Testing Process, Testing Automation and Software Testing Trends
Software Testing Process, Testing Automation and Software Testing Trends
 

Similar to Api fundamentals

Api FUNdamentals #MHA2017
Api FUNdamentals #MHA2017Api FUNdamentals #MHA2017
Api FUNdamentals #MHA2017
JoEllen Carter
 
RESTFul Tools For Lazy Experts - CFSummit 2016
RESTFul Tools For Lazy Experts - CFSummit 2016RESTFul Tools For Lazy Experts - CFSummit 2016
RESTFul Tools For Lazy Experts - CFSummit 2016
Ortus Solutions, Corp
 
Rest ful tools for lazy experts
Rest ful tools for lazy expertsRest ful tools for lazy experts
Rest ful tools for lazy experts
ColdFusionConference
 
Создание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружениеСоздание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружение
SQALab
 
Api crash
Api crashApi crash
Api crash
Hoang Nguyen
 
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays
 
REST API Recommendations
REST API RecommendationsREST API Recommendations
REST API RecommendationsJeelani Shaik
 
Webservices: The RESTful Approach
Webservices: The RESTful ApproachWebservices: The RESTful Approach
Webservices: The RESTful Approach
Mushfekur Rahman
 
Best Practices in Web Service Design
Best Practices in Web Service DesignBest Practices in Web Service Design
Best Practices in Web Service DesignLorna Mitchell
 
Lessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptxLessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptx
apidays
 
Scaling with swagger
Scaling with swaggerScaling with swagger
Scaling with swagger
Tony Tam
 
Coding 100-session-slides
Coding 100-session-slidesCoding 100-session-slides
Coding 100-session-slides
Cisco DevNet
 
Rest API with Swagger and NodeJS
Rest API with Swagger and NodeJSRest API with Swagger and NodeJS
Rest API with Swagger and NodeJS
Luigi Saetta
 
WordPress Rest API
WordPress Rest APIWordPress Rest API
WordPress Rest API
Brian Layman
 

Similar to Api fundamentals (20)

Api FUNdamentals #MHA2017
Api FUNdamentals #MHA2017Api FUNdamentals #MHA2017
Api FUNdamentals #MHA2017
 
RESTFul Tools For Lazy Experts - CFSummit 2016
RESTFul Tools For Lazy Experts - CFSummit 2016RESTFul Tools For Lazy Experts - CFSummit 2016
RESTFul Tools For Lazy Experts - CFSummit 2016
 
Rest ful tools for lazy experts
Rest ful tools for lazy expertsRest ful tools for lazy experts
Rest ful tools for lazy experts
 
Создание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружениеСоздание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружение
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
 
REST API Recommendations
REST API RecommendationsREST API Recommendations
REST API Recommendations
 
Webservices: The RESTful Approach
Webservices: The RESTful ApproachWebservices: The RESTful Approach
Webservices: The RESTful Approach
 
Best Practices in Web Service Design
Best Practices in Web Service DesignBest Practices in Web Service Design
Best Practices in Web Service Design
 
Lessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptxLessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptx
 
Scaling with swagger
Scaling with swaggerScaling with swagger
Scaling with swagger
 
Coding 100-session-slides
Coding 100-session-slidesCoding 100-session-slides
Coding 100-session-slides
 
Rest API with Swagger and NodeJS
Rest API with Swagger and NodeJSRest API with Swagger and NodeJS
Rest API with Swagger and NodeJS
 
WordPress Rest API
WordPress Rest APIWordPress Rest API
WordPress Rest API
 

More from AgileDenver

MHA2018 - BDD is JIT - Jeff Langr
MHA2018 - BDD is JIT - Jeff LangrMHA2018 - BDD is JIT - Jeff Langr
MHA2018 - BDD is JIT - Jeff Langr
AgileDenver
 
MHA2018 - How the Marine Corps Creates High-Performing Teams - Andrew McKnigh...
MHA2018 - How the Marine Corps Creates High-Performing Teams - Andrew McKnigh...MHA2018 - How the Marine Corps Creates High-Performing Teams - Andrew McKnigh...
MHA2018 - How the Marine Corps Creates High-Performing Teams - Andrew McKnigh...
AgileDenver
 
MHA2018 - Your Agile Adoption is Going to Fail (and you're gonna fall right o...
MHA2018 - Your Agile Adoption is Going to Fail (and you're gonna fall right o...MHA2018 - Your Agile Adoption is Going to Fail (and you're gonna fall right o...
MHA2018 - Your Agile Adoption is Going to Fail (and you're gonna fall right o...
AgileDenver
 
MHA2018 - 3 Minute Improv Games to Improve Your Teams - Wayde Stallmann
MHA2018 - 3 Minute Improv Games to Improve Your Teams - Wayde StallmannMHA2018 - 3 Minute Improv Games to Improve Your Teams - Wayde Stallmann
MHA2018 - 3 Minute Improv Games to Improve Your Teams - Wayde Stallmann
AgileDenver
 
MHA2018 - Rebuilding Trust through Transparency - Meg Ward
MHA2018 - Rebuilding Trust through Transparency - Meg WardMHA2018 - Rebuilding Trust through Transparency - Meg Ward
MHA2018 - Rebuilding Trust through Transparency - Meg Ward
AgileDenver
 
MHA2018 - The Experimentation Mindset - Doc Norton
MHA2018 - The Experimentation Mindset - Doc NortonMHA2018 - The Experimentation Mindset - Doc Norton
MHA2018 - The Experimentation Mindset - Doc Norton
AgileDenver
 
MHA2018 - Only Responsible Leaders Can Collaborate in a High-Functioning Team...
MHA2018 - Only Responsible Leaders Can Collaborate in a High-Functioning Team...MHA2018 - Only Responsible Leaders Can Collaborate in a High-Functioning Team...
MHA2018 - Only Responsible Leaders Can Collaborate in a High-Functioning Team...
AgileDenver
 
MHA2018 - Herbie - understanding and applying WiP limits effectively - John Y...
MHA2018 - Herbie - understanding and applying WiP limits effectively - John Y...MHA2018 - Herbie - understanding and applying WiP limits effectively - John Y...
MHA2018 - Herbie - understanding and applying WiP limits effectively - John Y...
AgileDenver
 
MHA2018 - It's a "self-organizing" team -- how can I help them? - Erika Lenz
MHA2018 - It's a "self-organizing" team -- how can I help them? - Erika LenzMHA2018 - It's a "self-organizing" team -- how can I help them? - Erika Lenz
MHA2018 - It's a "self-organizing" team -- how can I help them? - Erika Lenz
AgileDenver
 
MHA2018 - Validate It Before You Build It: The Experiment Canvas - Brad Swanson
MHA2018 - Validate It Before You Build It: The Experiment Canvas - Brad SwansonMHA2018 - Validate It Before You Build It: The Experiment Canvas - Brad Swanson
MHA2018 - Validate It Before You Build It: The Experiment Canvas - Brad Swanson
AgileDenver
 
MHA2018 - How Agile Coaching Practices Can Be Used in Schools To Get Students...
MHA2018 - How Agile Coaching Practices Can Be Used in Schools To Get Students...MHA2018 - How Agile Coaching Practices Can Be Used in Schools To Get Students...
MHA2018 - How Agile Coaching Practices Can Be Used in Schools To Get Students...
AgileDenver
 
MHA2018 - Going with the Flow: Adapting Scrum Practices for Marketing - Andre...
MHA2018 - Going with the Flow: Adapting Scrum Practices for Marketing - Andre...MHA2018 - Going with the Flow: Adapting Scrum Practices for Marketing - Andre...
MHA2018 - Going with the Flow: Adapting Scrum Practices for Marketing - Andre...
AgileDenver
 
MHA2018 - When will it be done - Probabilistic Predictions - Prateek Singh
MHA2018 - When will it be done - Probabilistic Predictions - Prateek SinghMHA2018 - When will it be done - Probabilistic Predictions - Prateek Singh
MHA2018 - When will it be done - Probabilistic Predictions - Prateek Singh
AgileDenver
 
MHA2018 - Docker and Jenkins Pipeline for Continuous integration - Mark Waite
MHA2018 - Docker and Jenkins Pipeline for Continuous integration - Mark WaiteMHA2018 - Docker and Jenkins Pipeline for Continuous integration - Mark Waite
MHA2018 - Docker and Jenkins Pipeline for Continuous integration - Mark Waite
AgileDenver
 
MHA2018 - Jen Krieger - Getting Started with Kanban
MHA2018 - Jen Krieger - Getting Started with KanbanMHA2018 - Jen Krieger - Getting Started with Kanban
MHA2018 - Jen Krieger - Getting Started with Kanban
AgileDenver
 
MHA2018 - The Immunity to Change - How to discover individual or team resista...
MHA2018 - The Immunity to Change - How to discover individual or team resista...MHA2018 - The Immunity to Change - How to discover individual or team resista...
MHA2018 - The Immunity to Change - How to discover individual or team resista...
AgileDenver
 
MHA2018 - How Agile connects to the Social Nature of a High-Performance Workp...
MHA2018 - How Agile connects to the Social Nature of a High-Performance Workp...MHA2018 - How Agile connects to the Social Nature of a High-Performance Workp...
MHA2018 - How Agile connects to the Social Nature of a High-Performance Workp...
AgileDenver
 
MHA2018 - Workbook Breaking Out of The Rut-rospective: Finding Activities to ...
MHA2018 - Workbook Breaking Out of The Rut-rospective: Finding Activities to ...MHA2018 - Workbook Breaking Out of The Rut-rospective: Finding Activities to ...
MHA2018 - Workbook Breaking Out of The Rut-rospective: Finding Activities to ...
AgileDenver
 
MHA2018 - Breaking Out of The Rut-rospective: Finding Activities to Engage Yo...
MHA2018 - Breaking Out of The Rut-rospective: Finding Activities to Engage Yo...MHA2018 - Breaking Out of The Rut-rospective: Finding Activities to Engage Yo...
MHA2018 - Breaking Out of The Rut-rospective: Finding Activities to Engage Yo...
AgileDenver
 
MHA2018 - Introduction to Observational Coaching - Daniel Lynn
MHA2018 - Introduction to Observational Coaching - Daniel LynnMHA2018 - Introduction to Observational Coaching - Daniel Lynn
MHA2018 - Introduction to Observational Coaching - Daniel Lynn
AgileDenver
 

More from AgileDenver (20)

MHA2018 - BDD is JIT - Jeff Langr
MHA2018 - BDD is JIT - Jeff LangrMHA2018 - BDD is JIT - Jeff Langr
MHA2018 - BDD is JIT - Jeff Langr
 
MHA2018 - How the Marine Corps Creates High-Performing Teams - Andrew McKnigh...
MHA2018 - How the Marine Corps Creates High-Performing Teams - Andrew McKnigh...MHA2018 - How the Marine Corps Creates High-Performing Teams - Andrew McKnigh...
MHA2018 - How the Marine Corps Creates High-Performing Teams - Andrew McKnigh...
 
MHA2018 - Your Agile Adoption is Going to Fail (and you're gonna fall right o...
MHA2018 - Your Agile Adoption is Going to Fail (and you're gonna fall right o...MHA2018 - Your Agile Adoption is Going to Fail (and you're gonna fall right o...
MHA2018 - Your Agile Adoption is Going to Fail (and you're gonna fall right o...
 
MHA2018 - 3 Minute Improv Games to Improve Your Teams - Wayde Stallmann
MHA2018 - 3 Minute Improv Games to Improve Your Teams - Wayde StallmannMHA2018 - 3 Minute Improv Games to Improve Your Teams - Wayde Stallmann
MHA2018 - 3 Minute Improv Games to Improve Your Teams - Wayde Stallmann
 
MHA2018 - Rebuilding Trust through Transparency - Meg Ward
MHA2018 - Rebuilding Trust through Transparency - Meg WardMHA2018 - Rebuilding Trust through Transparency - Meg Ward
MHA2018 - Rebuilding Trust through Transparency - Meg Ward
 
MHA2018 - The Experimentation Mindset - Doc Norton
MHA2018 - The Experimentation Mindset - Doc NortonMHA2018 - The Experimentation Mindset - Doc Norton
MHA2018 - The Experimentation Mindset - Doc Norton
 
MHA2018 - Only Responsible Leaders Can Collaborate in a High-Functioning Team...
MHA2018 - Only Responsible Leaders Can Collaborate in a High-Functioning Team...MHA2018 - Only Responsible Leaders Can Collaborate in a High-Functioning Team...
MHA2018 - Only Responsible Leaders Can Collaborate in a High-Functioning Team...
 
MHA2018 - Herbie - understanding and applying WiP limits effectively - John Y...
MHA2018 - Herbie - understanding and applying WiP limits effectively - John Y...MHA2018 - Herbie - understanding and applying WiP limits effectively - John Y...
MHA2018 - Herbie - understanding and applying WiP limits effectively - John Y...
 
MHA2018 - It's a "self-organizing" team -- how can I help them? - Erika Lenz
MHA2018 - It's a "self-organizing" team -- how can I help them? - Erika LenzMHA2018 - It's a "self-organizing" team -- how can I help them? - Erika Lenz
MHA2018 - It's a "self-organizing" team -- how can I help them? - Erika Lenz
 
MHA2018 - Validate It Before You Build It: The Experiment Canvas - Brad Swanson
MHA2018 - Validate It Before You Build It: The Experiment Canvas - Brad SwansonMHA2018 - Validate It Before You Build It: The Experiment Canvas - Brad Swanson
MHA2018 - Validate It Before You Build It: The Experiment Canvas - Brad Swanson
 
MHA2018 - How Agile Coaching Practices Can Be Used in Schools To Get Students...
MHA2018 - How Agile Coaching Practices Can Be Used in Schools To Get Students...MHA2018 - How Agile Coaching Practices Can Be Used in Schools To Get Students...
MHA2018 - How Agile Coaching Practices Can Be Used in Schools To Get Students...
 
MHA2018 - Going with the Flow: Adapting Scrum Practices for Marketing - Andre...
MHA2018 - Going with the Flow: Adapting Scrum Practices for Marketing - Andre...MHA2018 - Going with the Flow: Adapting Scrum Practices for Marketing - Andre...
MHA2018 - Going with the Flow: Adapting Scrum Practices for Marketing - Andre...
 
MHA2018 - When will it be done - Probabilistic Predictions - Prateek Singh
MHA2018 - When will it be done - Probabilistic Predictions - Prateek SinghMHA2018 - When will it be done - Probabilistic Predictions - Prateek Singh
MHA2018 - When will it be done - Probabilistic Predictions - Prateek Singh
 
MHA2018 - Docker and Jenkins Pipeline for Continuous integration - Mark Waite
MHA2018 - Docker and Jenkins Pipeline for Continuous integration - Mark WaiteMHA2018 - Docker and Jenkins Pipeline for Continuous integration - Mark Waite
MHA2018 - Docker and Jenkins Pipeline for Continuous integration - Mark Waite
 
MHA2018 - Jen Krieger - Getting Started with Kanban
MHA2018 - Jen Krieger - Getting Started with KanbanMHA2018 - Jen Krieger - Getting Started with Kanban
MHA2018 - Jen Krieger - Getting Started with Kanban
 
MHA2018 - The Immunity to Change - How to discover individual or team resista...
MHA2018 - The Immunity to Change - How to discover individual or team resista...MHA2018 - The Immunity to Change - How to discover individual or team resista...
MHA2018 - The Immunity to Change - How to discover individual or team resista...
 
MHA2018 - How Agile connects to the Social Nature of a High-Performance Workp...
MHA2018 - How Agile connects to the Social Nature of a High-Performance Workp...MHA2018 - How Agile connects to the Social Nature of a High-Performance Workp...
MHA2018 - How Agile connects to the Social Nature of a High-Performance Workp...
 
MHA2018 - Workbook Breaking Out of The Rut-rospective: Finding Activities to ...
MHA2018 - Workbook Breaking Out of The Rut-rospective: Finding Activities to ...MHA2018 - Workbook Breaking Out of The Rut-rospective: Finding Activities to ...
MHA2018 - Workbook Breaking Out of The Rut-rospective: Finding Activities to ...
 
MHA2018 - Breaking Out of The Rut-rospective: Finding Activities to Engage Yo...
MHA2018 - Breaking Out of The Rut-rospective: Finding Activities to Engage Yo...MHA2018 - Breaking Out of The Rut-rospective: Finding Activities to Engage Yo...
MHA2018 - Breaking Out of The Rut-rospective: Finding Activities to Engage Yo...
 
MHA2018 - Introduction to Observational Coaching - Daniel Lynn
MHA2018 - Introduction to Observational Coaching - Daniel LynnMHA2018 - Introduction to Observational Coaching - Daniel Lynn
MHA2018 - Introduction to Observational Coaching - Daniel Lynn
 

Recently uploaded

Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Navpack & Print
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
marketing317746
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
Falcon Invoice Discounting
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Lviv Startup Club
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
uae taxgpt
 
Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...
Lviv Startup Club
 
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
BBPMedia1
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
LuanWise
 
20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf
tjcomstrang
 
The key differences between the MDR and IVDR in the EU
The key differences between the MDR and IVDR in the EUThe key differences between the MDR and IVDR in the EU
The key differences between the MDR and IVDR in the EU
Allensmith572606
 
Mastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnapMastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnap
Norma Mushkat Gaffin
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
KaiNexus
 
Premium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern BusinessesPremium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern Businesses
SynapseIndia
 
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdfSearch Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Arihant Webtech Pvt. Ltd
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
Operational Excellence Consulting
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
techboxsqauremedia
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
agatadrynko
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
LR1709MUSIC
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
Ben Wann
 
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.docBài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
daothibichhang1
 

Recently uploaded (20)

Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
 
Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...
 
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
 
20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf
 
The key differences between the MDR and IVDR in the EU
The key differences between the MDR and IVDR in the EUThe key differences between the MDR and IVDR in the EU
The key differences between the MDR and IVDR in the EU
 
Mastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnapMastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnap
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
 
Premium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern BusinessesPremium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern Businesses
 
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdfSearch Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
 
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.docBài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc
 

Api fundamentals

  • 1. Welcome! • We’ll use postman for some of our examples. If you would like to follow along, download postman now. www.getpostman.com. • Feel free to pair with someone! • We’ll provide collections at the end of our talk. • Follow @apidemo_carter onTwitter!
  • 2. JoEllen Carter / Lisa Crispin
  • 3. Overview • What is an API? • History of API growth • Current API landscape • HowAPIs work, including some hands-on demos • Strategies and tools for testing an API • API Stories
  • 5. !!!
  • 7.
  • 9. 2000 2002 2004 2006 2008
  • 10.
  • 11. Why RESTful? • REST: Representational state transfer • Uniform and predefined set of stateless operations • People can “just know things” about an API that’s RESTful
  • 12.
  • 13. How does an Application Programming Interface Work?
  • 14. RPC SOAP HTTP HTTPS CoAP …
  • 17. GET • Get some data about an object or ‘resource’ POST • Create a new resource PUT • Update a resource DELETE • Delete a resource Methods
  • 18. Headers • Headers are key/value combinations that specify additional information about the request • Some common request headers are: • Content-type • Authentication • Accept • Origin
  • 19. Body • Data to send with the request – usually for a POST or PUT • Data format – xml, json, etc. - is specified by the content-type header { "location": { "lat": -33.8669710, "lng": 151.1958750 }, "accuracy": 50, "name": "Google Shoes!", "phone_number": "(02) 9374 4000", "address": "48 Pirrama Road, Pyrmont, NSW 2009, Australia", "types": ["shoe_store"], "website": "http://www.google.com.au/", "language": "en-AU" }
  • 20. What about cookies? • Restful API requests should be self-reliant • Cookies are session-dependent, so not independent • Using cookies to store data means your API is not Restful
  • 21. Authentication • Insecure - Authorization token in url • https://api.darksky.net/forecast/{{token}} /39.9026420,-105.0905190 • https://maps.googleapis.com/maps/api/p lace/nearbysearch/json?key={{googlema psKey}} • Basic • Username:password are concatenated and encoded • Sent in Authorization header
  • 22. Authentication - Oauth • Oauth1/2 - https://oauth.net/ Service Provider
  • 23.
  • 24. Authentication - JWT JSON WebToken https://jwt.io/ - an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object • Header – type of token (JWT) and hashing (signing) algorithm • Payload – contains ‘claims’, or information about the user • Signature = signature from header-specified algorithm using encoded Header + encoded payload + secret
  • 25. Let’s try a GET now… • We’ll hit the dark sky api to get our current weather
  • 27. OK200 Bad Request400 Forbidden403 Not Found404 Internal Server Error500 Service Unavailable503 GatewayTimeout504 Common Status Codes
  • 28. Let’s try a POST now… • We’ll post a tweet from #MHA2017
  • 30. Security • Basic • Authentication tokens are valid/present • Account boundaries are not violated • SSL is enforced/warned when not present • Hacker-in-training • Injection points – headers, parameters, body • Recording tools – what is exposed/available • White Hat hacker - OWASP • Rest Security Cheat Sheet • OWASP top 10 security vulnerabilities – new section on Under-protected APIs
  • 31. Functional • Basic • Correct status codes are generated for invalid inputs • Request/response bodies contain the correct content type and schema • Backwards-compatibility for public APIs - previous tests continue to pass or breaking changes are clearly documented – aka regression testing • Advanced • Join API requests together to mirror application functionality
  • 32. Exploratory • Identify the variable bits - things that can/will/might change • Requests – • Method • Mix/match endpoints • Parameters • Headers, especially content type • ContentType • Size, Depth - images, json/xml nesting • Timing & Frequency – what happens with caching?
  • 33. Heuristics • Apply Heuristics to the variables • Zero, One, Many • Some, None,All • Beginning, Middle, End • Too Many,Too Few • Relative Position, i.e. content
  • 34. Automation • Part of your CI/CD pipeline • Part of development process since tests can be run in both local and pre-production environments • Performance • Combine tests with monitoring • Tools • Postman • Command line runner that can be integrated into your CI • Developer adoption is high • Runscope • Powerful code snippets
  • 35. Supporting an API Tracker API, rewritten in 2012-13 • Our own client software uses public API, same as customers • With some private endpoints • Leading practices: RESTful, JSON in & out, • Versioning • Only changes are additions • Promote new endpoints through various stages • “edge” version • Metadata-driven • Reference doc generated from metadata and unit test outputs
  • 36. Long-term results • Few support requests • Thanks to comprehensive unit tests, comprehensive doc & examples • Comprehensive doc for devs to introduce new endpoints • Many new endpoints added • Mostly without pain – one backwards compatibility issue • Postman regression tests run in CI in addition to unit tests • Include performance checks
  • 38. Take-aways • APIs are the engine behind the apps we use every day • APIs are an integral part of our agile processes - APIs make apps more testable, and can be tested! • APIs add value to your product - maybe your company/product/team needs an API? • You’ve learned some terms about RESTful web services – go forth and learn more!
  • 39. Links • ProgrammableWeb • API Security Testing • OWASPTop 10 Project • List of HTTP Header fields • Varonis - Introduction to Oauth • Oauth.net • Understanding rest and rpc