This document discusses various techniques for building APIs with Rails including:
- Using Rails routing and controllers to define API endpoints and resources
- Content negotiation to support different response formats like JSON and XML
- Authentication methods like HTTP basic authentication and token-based authentication
- Versioning API resources to maintain backwards compatibility
- Testing APIs to validate status codes, response formats, authentication, and more
Serverless in production, an experience report (linuxing in london)Yan Cui
AWS Lambda has changed the way we deploy and run software, but this new serverless paradigm has created new challenges to old problems - how do you test a cloud-hosted function locally? How do you monitor them? What about logging and config management? And how do we start migrating from existing architectures?
In this talk Yan and Scott will discuss solutions to these challenges by drawing from real-world experience running Lambda in production and migrating from an existing monolithic architecture.
Designing and building RESTful APIs isn’t easy. On its surface, it may seem simple – after all, we’re only marshaling JSON back and forth over HTTP right? However, that’s only a small part of the equation. There are many things to keep in mind while building the systems that act as the key to your system.
In this session, we’ll delve into several best practices to keep in mind when designing your RESTful API. We’ll discuss authentication, versioning, controller/model design, and testability. We’ll also explore the do’s and don’t’s of RESTful API management so that you make sure your APIs are simple, consistent, and easy-to-use. Finally, we’ll discuss the importance of documentation and change management. The session will show examples using ASP.NET Web API and C#. However, this session will benefit anyone who is or might be working on a RESTful API.
Serverless in Production, an experience report (cloudXchange)Yan Cui
AWS Lambda has changed the way we deploy and run software, but this new serverless paradigm has created new challenges to old problems - how do you test a cloud-hosted function locally? How do you monitor them? What about logging and config management? And how do we start migrating from existing architectures?
In this talk Yan and Scott will discuss solutions to these challenges by drawing from real-world experience running Lambda in production and migrating from an existing monolithic architecture.
Serverless in production, an experience report (linuxing in london)Yan Cui
AWS Lambda has changed the way we deploy and run software, but this new serverless paradigm has created new challenges to old problems - how do you test a cloud-hosted function locally? How do you monitor them? What about logging and config management? And how do we start migrating from existing architectures?
In this talk Yan and Scott will discuss solutions to these challenges by drawing from real-world experience running Lambda in production and migrating from an existing monolithic architecture.
Designing and building RESTful APIs isn’t easy. On its surface, it may seem simple – after all, we’re only marshaling JSON back and forth over HTTP right? However, that’s only a small part of the equation. There are many things to keep in mind while building the systems that act as the key to your system.
In this session, we’ll delve into several best practices to keep in mind when designing your RESTful API. We’ll discuss authentication, versioning, controller/model design, and testability. We’ll also explore the do’s and don’t’s of RESTful API management so that you make sure your APIs are simple, consistent, and easy-to-use. Finally, we’ll discuss the importance of documentation and change management. The session will show examples using ASP.NET Web API and C#. However, this session will benefit anyone who is or might be working on a RESTful API.
Serverless in Production, an experience report (cloudXchange)Yan Cui
AWS Lambda has changed the way we deploy and run software, but this new serverless paradigm has created new challenges to old problems - how do you test a cloud-hosted function locally? How do you monitor them? What about logging and config management? And how do we start migrating from existing architectures?
In this talk Yan and Scott will discuss solutions to these challenges by drawing from real-world experience running Lambda in production and migrating from an existing monolithic architecture.
This is a session given by Asbjørn Ulsberg at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
This talk is for developers dabbling in REST, but who aren’t yet invited to Roy Fielding’s thanksgiving dinner. It will go through the history of REST and how it relates to SOAP and RPC-style APIs before delving down into the concepts of hypertext and hypermedia, how to implement them in your API and last, but not least; Why!
If you’ve started exploring the world of REST and miss the comfort of safe typing and service discovery of SOAP and WSDL, this talk is for you. You will learn why this is missing in the world of REST, what alternatives exist and how your API can embrace them and become much more self-descriptive and user friendly than RPC-style APIs could ever dream of!
Scaling your Android App With ModularizationBen Schwab
Droidcon SF 2018
Ben Schwab discusses Airbnb's journey to modularization its app to scale with a growing number of developers.
https://www.youtube.com/watch?v=jrnhIgFzgns
Talk presented to Madrid.rb for April 2014. Finding Restfulness takes you on a journey to discover how the idea for the library started, and some of the key parts on how it is implemented.
django forms are becoming disconnected form the frontend as we move towards API heavy systems. We attempt to bridge the gap by delivering form definition over API, render it in the frontend dynamically using Backbone & Handlebars, provide mechanism for submitting & validating forms over API.
Refactoring @ Mindvalley: Smells, Techniques and PatternsTristan Gomez
Every week my team commits really good, clean code. I decided to get the best of the commits and showcase what makes them good, what smells they address, and what techniques they used.
TypePad Motion is a Django web application for creating community microblogging sites. It uses the TypePad API as a backend data store, so you don't have to worry about scaling, backups, or any related infrastructure. All you need is a web server.
Observability and Troubleshooting in ForgeAtlassian
Observability is a critical component of any Cloud development platform, and we have some exciting logging, monitoring, and debugging features planned for the Forge toolchain.
In this lightning talk, Senior Developer James Hazelwood from Forge infrastructure team will give an overview of Forge logging and tunnelling features, explain how different environment types effect observability, and share some expert tips and tricks for detecting and troubleshooting issues in your Forge apps.
Building Beautiful REST APIs with ASP.NET CoreStormpath
Join Stormpath .NET Developer Evangelist, Nate Barbettini, to learn best practices for designing your REST API in ASP.NET Core. Nate will explain how to build HATEOS-compliant JSON APIs while supporting security best practices and even improving performance and scale.
Topics Covered:
What is REST and HATEOS?
How to think about RESTful APIs
How to model hypermedia in C#
Building JSON APIs in ASP.NET Core
Overview of Selenium, WebDriver, Watir and related open source cross-browser testing technologies. Presentation given by Martin Kleppmann, founder of browser testing service Go Test It, at Ruby Manor 2009.
Serverless observability - a hero's perspectiveYan Cui
Yan Cui, an AWS Serverless Hero, will talk about the learnings from using serverless at scale.
He will cover the challenges for observability in serverless asynchronous workloads and the patterns to address those challenges, like using centralized logging, correlation IDs, tracing, lambda extensions.
This is a session given by Asbjørn Ulsberg at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
This talk is for developers dabbling in REST, but who aren’t yet invited to Roy Fielding’s thanksgiving dinner. It will go through the history of REST and how it relates to SOAP and RPC-style APIs before delving down into the concepts of hypertext and hypermedia, how to implement them in your API and last, but not least; Why!
If you’ve started exploring the world of REST and miss the comfort of safe typing and service discovery of SOAP and WSDL, this talk is for you. You will learn why this is missing in the world of REST, what alternatives exist and how your API can embrace them and become much more self-descriptive and user friendly than RPC-style APIs could ever dream of!
Scaling your Android App With ModularizationBen Schwab
Droidcon SF 2018
Ben Schwab discusses Airbnb's journey to modularization its app to scale with a growing number of developers.
https://www.youtube.com/watch?v=jrnhIgFzgns
Talk presented to Madrid.rb for April 2014. Finding Restfulness takes you on a journey to discover how the idea for the library started, and some of the key parts on how it is implemented.
django forms are becoming disconnected form the frontend as we move towards API heavy systems. We attempt to bridge the gap by delivering form definition over API, render it in the frontend dynamically using Backbone & Handlebars, provide mechanism for submitting & validating forms over API.
Refactoring @ Mindvalley: Smells, Techniques and PatternsTristan Gomez
Every week my team commits really good, clean code. I decided to get the best of the commits and showcase what makes them good, what smells they address, and what techniques they used.
TypePad Motion is a Django web application for creating community microblogging sites. It uses the TypePad API as a backend data store, so you don't have to worry about scaling, backups, or any related infrastructure. All you need is a web server.
Observability and Troubleshooting in ForgeAtlassian
Observability is a critical component of any Cloud development platform, and we have some exciting logging, monitoring, and debugging features planned for the Forge toolchain.
In this lightning talk, Senior Developer James Hazelwood from Forge infrastructure team will give an overview of Forge logging and tunnelling features, explain how different environment types effect observability, and share some expert tips and tricks for detecting and troubleshooting issues in your Forge apps.
Building Beautiful REST APIs with ASP.NET CoreStormpath
Join Stormpath .NET Developer Evangelist, Nate Barbettini, to learn best practices for designing your REST API in ASP.NET Core. Nate will explain how to build HATEOS-compliant JSON APIs while supporting security best practices and even improving performance and scale.
Topics Covered:
What is REST and HATEOS?
How to think about RESTful APIs
How to model hypermedia in C#
Building JSON APIs in ASP.NET Core
Overview of Selenium, WebDriver, Watir and related open source cross-browser testing technologies. Presentation given by Martin Kleppmann, founder of browser testing service Go Test It, at Ruby Manor 2009.
Serverless observability - a hero's perspectiveYan Cui
Yan Cui, an AWS Serverless Hero, will talk about the learnings from using serverless at scale.
He will cover the challenges for observability in serverless asynchronous workloads and the patterns to address those challenges, like using centralized logging, correlation IDs, tracing, lambda extensions.
Presented at Confoo (Montreal, Canada) on 3/1/2013
In this talk I’ll show you how to build your application and get a working, well tested, and useable API in the process, with almost no extra overhead. I’ll also show you how to do it without making your controllers a mess of respond_to blocks. If anything, you’re controllers will become cleaner and leaner.
All Things Open 2014 - Day 1
Wednesday, October 22nd, 2014
Arfon Smith
Chief Scientist for GitHub
Open Government/Open Data
What Academia Can Learn from Open Source
Find more by Arfon here: https://speakerdeck.com/arfon
All Things Open 2014 - Day 1
Wednesday, October 22nd, 2014
Elizabeth Joseph
Automation & Tools Engineer for HP
Admin
Open Source Systems Administration
What Does Big Data Really Mean for Your Business?All Things Open
All Things Open 2014 - Day 1
Wednesday, October 22nd, 2014
Leslie Hawthorn
Director of Developer Relations for Elasticsearch
Big Data
What Does Big Data Really Mean for Your Business?
Lessons Learned with Distributed Systems at BitlyAll Things Open
All Things Open 2014 - Day 1
Wednesday, October 22nd, 2014
Sean O'Connor
Lead Application Engineer for Bitly
Cloud
Lessons Learned with Distributed Systems at Bitly
Considerations for Operating an OpenStack CloudAll Things Open
All Things Open 2014 - Day 2
Thursday, October 23rd, 2014
Mark Voelker
Technical Leader with Cisco
Cloud/OpenStack
Considerations for Operating an OpenStack Cloud
All Things Open 2014 - Day 1
Wednesday, October 22nd, 2014
Dan Bedard
Market Development Manager for iRODS Consortium, RENCI at UNC Chapel Hill
Lunch Session
Building the iRODS Consortium
The Gurubox Project: Open Source Troubleshooting ToolsAll Things Open
All Things Open 2014 - Day 1
Wednesday, October 22nd, 2014
Wes Morgan
Network/Software Engineer for IBMConsulting
Admin
The Gurubox Project: Open Source Troubleshooting Tools
The Ember.js Framework - Everything You Need To KnowAll Things Open
All Things Open 2014 - Day 2
Thursday, October 23rd, 2014
Yehuda Katz
Founder of Tilde
Front Dev 1
The Ember.js Framework - Everything You Need To Know
All Things Open 2014 - Day 2
Thursday, October 23rd, 2014
Doug Turnbull
Search & Big Data Architect for OpenSource Connections
Databases
Stop Worrying & Love the SQL - A Case Study
Trademarks and Your Free and Open Source Software ProjectAll Things Open
All Things Open 2014 - Day 1
Wednesday, October 22nd, 2014
Karen Sandler
CEO of Software Freedom Conservancy
Business
Trademarks and Your Free and Open Source Software Project
I Know It Was MEAN, But I Cut the Cord to LAMP AnywayAll Things Open
All Things Open 2014 - Day 2
Thursday, October 23rd, 2014
Brian Hyder
Co-Founder & CTO of PencilBlue, LLC
Back Dev
I Know It Was MEAN, But I Cut the Cord to LAMP Anyway
Test-Driven Documentation for your REST(ful) serviceJeroen Reijn
Building RESTful APIs in Java? Getting tired of the annotation bloat forced upon you by your API specification framework which haunts your RESTful service controllers and model objects? Finding yourself in the situation where your code isn’t always in synch with your specification or vice versa?
RAML and Swagger / OpenAPI are great specifications with powerful and shiny tooling, but they do also really have their downsides when it comes to messing with our code.
Fear not! There are other alternatives worth investigating. In this talk, we’ll take a look at how we recently build, designed and documented a public REST API by doing Test Driven Documentation with some help of AsciiDoc and Spring (Auto) REST Docs.
En esta platica trate de transmitir mejores practicas que se deben tener en cuenta cuando se diseña una API, y como ruby on rails te podria ayudar a desarrollarla en muy poco tiempo
Nordic APIs - Automatic Testing of (RESTful) API DocumentationRouven Weßling
Learn how to automatically test your API's documentation by using API Blueprints and dredd.
Presented at the Nordic APIs Platform Summit on October 25, 2016
Araport Workshop Tutorial 2: Authentication and the Agave Profiles Servicestevemock
Araport Workshop Tutorial 2: Authentication and the Agave Profiles Service.
A tutorial for building a science application using the Araport.org platform, specifically the Agave API's Profiles RESTful endpoints from the araport app generator platform.
These slides focus on documentation for REST APIs. See http://idratherbewriting.com for more detail. For the video recording, see http://youtu.be/0yfNd7tzH2Q. This deep dive is the second slide deck I used in the presentation.
The web has changed! Users spend more time on mobile than on desktops and expect to have an amazing user experience on both. APIs are the heart of the new web as the central point of access data, encapsulating logic and providing the same data and same features for desktops and mobiles. In this workshop, Antonio will show you how to create complex APIs in an easy and quick way using API Platform built on Symfony.
Kazoo APIs are an example of a restful web-service. They are APIs are provided over HTTP/HTTPS. Kazoo APIs mostly uses the JavaScript Object Notation (JSON) data format for most payloads!
Dans cette session vous apprendrez tout sur Ruby. Le langage, les frameworks, la communauté, mais surtout un esprit. Passé le teaser, Nicolas Ledez vous présentera comment Ruby peut vous apporter tous les jours une méthodologie dans votre travail, et des outils pour réaliser un prototype rapidement. Quel que soit votre langage d'origine, Ruby complète parfaitement votre boite à outils de développeur/administrateur système.
An introduction to the API for OnTime for IBMontimesuite
Presentation from the OnTime for IBM API workshop in Shinjuku, Tokyo, Japan on Thursday 19 November 2015. Please contact OnTime support either in Denmark or Japan for more information.
Survival Strategies for API Documentation: Presentation to Southwestern Ontar...Tom Johnson
This is a presentation I gave to the Southwestern Ontario STC chapter on API documentation on Feb 2, 2015. For more details, see my blog at http://idratherbewriting.com. You can listen to the recorded presentation here: http://youtu.be/I8rGe2w1sAo.
Building Reliability - The Realities of ObservabilityAll Things Open
Presented at the ATO RTP Meetup
Presented by Jeremy Proffit, Director of DevSecOps & SRE for Customer Care and Communications, Ally
Title: Building Reliability - The Realities of Observability
Abstract: Join me as we discuss true observability, learn what works and what doesn't. We'll not only discuss dashboards, monitoring and alerting, but how these can be built by automation or included in your IAC modules. We'll talk about how to properly alert staff based on priority to keep your staff and yourself sane. And even discuss architecture and how it impacts reliably and why serverless isn't always the best at being reliable.
Presented at the ATO RTP Meetup
Presented by Peter Zaitsev, Founder of Percona
Title: Modern Database Best Practices
Abstract: There are now more Database choices available for developers than ever before - there are general purpose databases and specialized databases, single node and distributed databases, Open Source, Proprietary databases and databases available exclusively in the cloud. In this presentation we will cover the best practices of choosing database(s) for your applications, best practices as it comes to application development as well as managing those databases to achieve best possible performance, security, availability at the lowest cost.
All Things Open 2023
Presented at All Things Open 2023
Presented by Deb Bryant - Open Source Initiative, Patrick Masson - Apereo Foundation, Stephen Jacobs - Rochester Institute of Technology, Ruth Suehle - SAS, & Greg Wallace - FreeBSD Foundation
Title: Open Source and Public Policy
Abstract: New regulations in the software industry and adjacent areas such as AI, open science, open data, and open education are on the rise around the world. Cyber Security, societal impact of AI, data and privacy are paramount issues for legislators globally. At the same time, the COVID-19 pandemic drove collaborative development to unprecedented levels and took Open Source software, open research, open content and data from mainstream to main stage, creating tension between public benefit and citizen safety and security as legislators struggle to find a balance between open collaboration and protecting citizens.
Historically, the open source software community and foundations supporting its work have not engaged in policy discussions. Moving forward, thoughtful development of these important public policies whilst not harming our complex ecosystems requires an understanding of how our ecosystem operates. Ensuring stakeholders without historic benefit of representation in those discussions becomes paramount to that end.
Please join our open discussion with open policy stakeholders working constructively on current open policy topics. Our panelists will provide a view into how oss foundations and other open domain allies are now rising to this new challenge as well as seizing the opportunity to influence positive changes to the public’s benefit.
Topics: Public Policy, Open Science, Open Education, current legislation in the US and EU, US interest in OSS sustainability, intro to the Open Policy Alliance
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...All Things Open
Presented at All Things Open 2023
Presented by Ashpak Shaikh & Lucy Shen - Intuit
Title: Weaving Microservices into a Unified GraphQL Schema with graph-quilt
Abstract: The magic of GraphQL is that it provides data access through a single endpoint—clean and easy. But as the number of GraphQL microservices your tech stack depends on starts to grow, that single-endpoint purpose becomes a new multi-endpoint problem. Ideally, we would have an orchestrator that could aggregate schemas from multiple microservices into a unified GraphQL schema and route the requests to the appropriate microservice.
Enter graph-quilt, an open source Java library that provides recursive schema stitching and Apollo Federation style schema composition. In this talk, we’ll walk through our GraphQL journey and show you how to use graph-quilt to simplify your data orchestration needs. We will also share our open sourced reference implementation of a highly performant graph-quilt gateway currently being used in production here at Intuit, where we’ve had incredible success in scaling the gateway with 50+ microservices and 150+ clients.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
The State of Passwordless Auth on the Web - Phil NashAll Things Open
Presented at All Things Open 2023
Presented by Phil Nash - Sonar
Title: The State of Passwordless Auth on the Web
Abstract: Can we get rid of passwords yet? They make for a poor user experience and users are notoriously bad with them. The advent of WebAuthn has brought a passwordless world closer, but where do we really stand?
In this talk we'll explore the current user experience of WebAuthn and the requirements a user has to fulfil to authenticate without a password. We'll also explore the fallbacks and safeguards we can use to make the password experience better and more secure. By the end of the session you'll have a vision of how authentication could look in the future and a blueprint for how to build the best auth experience today.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Total ReDoS: The dangers of regex in JavaScriptAll Things Open
Presented at All Things Open 2023
Presented by Phil Nash - Sonar
Title: Total ReDoS: The dangers of regex in JavaScript
Abstract: Regular expressions are complicated and can be hard to learn. On top of that, they can also be a security risk; writing the wrong pattern can open your application up to denial of service attacks. One token out of place and you invite in the dreaded ReDoS.
But how can a regular expression cause this? In this talk we’ll track down the patterns that can cause this trouble, explain why they are an issue and propose ways to fix them now and avoid them in the future. Together we’ll demystify these powerful search patterns and keep your application safe from expressions that behave in a way that is anything but regular.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
What Does Real World Mass Adoption of Decentralized Tech Look Like?All Things Open
Presented at All Things Open 2023
Presented by Karl Mozurkewich - Storj
Title: What Does Real World Mass Adoption of Decentralized Tech Look Like?
Abstract: We delve into the transformative potential of decentralized technology. Beginning with a brief overview of the rise of centralization with the advent of the internet and the counter-shift marked by blockchain we explore the intrinsic characteristics of decentralized and distributed systems, such as trustless operations, peer-to-peer networks, and enterprise application scalability. Various sectors, including finance, supply chains, media and entertainment, data science and cloud infrastructure are on the brink of disruption. The societal implications are vast, with the potential for greater individual empowerment, a greener planet and more viable resource utilization, but concerns about data security persist.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by Anastasia Lalamentik - Kaleido
Title: How to Write & Deploy a Smart Contract
Abstract: In this talk, Anastasia Lalamentik, Full Stack Engineer at Kaleido, will walk through how Ethereum smart contracts work and go over related concepts like gas fees, the Ethereum Virtual Machine (EVM), the block explorer, and the Solidity programming language. This is vital to anyone who wants to build a blockchain app and is a great introduction to blockchain technology for newcomers to the space.
By the end of the talk, attendees will better understand how to:
- Write a simple smart contract
- Deploy their smart contract to an Ethereum test network through the latest tools like Hardhat and the MetaMask wallet
- Test interactions with their deployed smart contract and ensure that everything is working properly
Additionally, participants will get to interact with Anastasia's deployed smart contract at the end of the talk. Anastasia’s past talks have attracted and have been attended by a diverse group of participants with a range of experience in the space.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlowAll Things Open
Presented at All Things Open 2023
Presented by Paul Brebner - Instaclustr (by Spot by NetApp)
Title: Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
Abstract: In this talk we’ll build a Drone delivery application, and then use it to do some Machine Learning “on the fly”.
In the 1st part of the talk, we'll build a real-time Drone Delivery demonstration application using a combination of two open-source technologies: Uber’s Cadence (for stateful, scheduled, long-running workflows), and Apache Kafka (for fast streaming data).
With up to 2,000 (simulated) drones and deliveries in progress at once this application generates a vast flow of spatio-temporal data.
In the 2nd part of the talk, we'll use this platform to explore Machine Learning (ML) over streaming and drifting Kafka data with TensorFlow to try and predict which shops will be busy in advance.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at the All Things Open 2023 Inclusion and Diversity in Open Source Event
Presented by Efraim Marquez-Arreaza - Red Hat
Title: DEI Challenges and Success
Abstract: In today's world, many companies and organizations have Diversity, Equity and Inclusion (DEI) communities. Red Hat Unidos is a DEI community focused on advocating for the Hispanic/Latine community. In this talk, we would like to share our challenges and success during the past 4-years and plans for the future.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by Lydia Cupery - HubSpot
Title: Scaling Web Applications with Background Jobs: Takeaways from Generating a Huge PDF
Abstract: Do you need to perform time-consuming or CPU-intensive processes in your web application but are concerned about performance? That’s where background jobs come in. By offloading resource-intensive tasks to separate worker processes, you can improve the scalability of your web application.
In this talk, I'll share my experience of using background jobs to scale our web application. I'll discuss the challenges my team faced that led us to adopt background jobs. Then, I'll share practical tips on how to design background jobs for CPU-intensive or time-consuming processes, such as generating huge PDFs and batch emailing. I'll wrap up by going over the performance and cost tradeoffs of background jobs.
I'll use Typescript, Express, and Heroku as examples in this talk, but the concepts and best practices that I'll share are applicable to other languages and tools.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by Robert Aboukhalil - CZI
Title: Supercharging tutorials with WebAssembly
Abstract: sandbox.bio is a free platform that features interactive command-line tutorials for bioinformatics. This talk is a deep-dive into how sandbox.bio was built, with a focus on how WebAssembly enabled bringing command-line tools like awk and grep to the web. Although these tools were originally written in C/C++, they all run directly in the browser, thanks to WebAssembly! And since the computations run on each user's computer, this makes the application highly scalable and cost-effective.
Along the way, I'll discuss how WebAssembly works and how to get started using it in your own applications. The talk will also cover more advanced WebAssembly features such as threads and SIMD, and will end with a discussion of WebAssembly's benefits and pitfalls (it's a powerful technology, but it's not always the right tool!).
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by K.S. Bhaskar - YottaDB LLC
Title: Using SQL to Find Needles in Haystacks
Abstract: Database journal files capture every update to a database. A database of a few hundred GB can generate GBs worth of journal files every minute at busy times. Troubleshooting and forensices, especially of rare and intermittent problems, such as which process made what update and when, is an exercise of finding needles in haystacks. A similar problem exists with syslogs. A solution is to load the journal files and syslogs into a database, and use SQL to query the database. Bhaskar will present and demonstrate this with a 100% FOSS stack.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Configuration Security as a Game of Pursuit InterceptAll Things Open
Presented at All Things Open 2023
Presented by Wes Widner - Automox
Title: Configuration Security as a Game of Pursuit Intercept
Abstract: In this session we will take a look at the emerging field of cloud security posture management and how we can approach the problem space using a class of board games known as pursuit/intercept. Using the game Scotland Yard as a visual illustration we'll explore the cognitive and technical limitations that all CSPM systems face and what you should look for when evaluating the strengths and weakness of CSPM vendors and approaches.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by Carol Huang & Mike Fix - Stripe
Title: Scaling an Open Source Sponsorship Program
Abstract: We already know this: the open-source ecosystem needs further monetary investment from the companies that benefit most from it. Likewise, companies say they want to participate in these initiatives, but find it hard to dedicate resources to open source funding when there isn’t a clear ROI.
This talk discusses how the Open Source Program Office at Stripe built a scalable, sustainable open source sponsorship model that aligns internal company incentives with those of open source maintainers and the community at large. We go over the unique “platformization” of our OSPO that allowed us to create multiple funding models, such as BYOB (Bring Your Own Budget), and share lessons learned from this experience as well as other OSPOs.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Build Developer Experience Teams for Open SourceAll Things Open
Presented at All Things Open 2023
Presented by Arundeep Nagaraj - Amazon Web Services (AWS)
Title: Build Developer Experience Teams for Open Source
Abstract: Open Source has become the default strategy for many IT organizations and Enterprises. However, the constant challenge with Open Source leaders of these organizations has been -
How is my product's developer experience?
Is this the right metric to track?
How can I scale my team to support our products better?
How can I add automation to scale redundant workflows?
If my product involves working with developers, how can I scale to the complexity of the requests and reduce Engineering bandwidth?
The challenges within support of open source products continues to magnify depending on the end user persona whether they are consumers or contributors to your product. Consumers utilize your product, SDK's and API's and are blocked with using it or run into issues, whereas contributors are advanced users of your software that understands the codebase to provide a meaningful contribution back to the product.
The answer to the above is to look at Open Source support as a first-class citizen of your corporate support strategy. To employ the right level of developer focused support as opposed to traditional infrastructure based support is key to scale to the amount of developers using your product. Supporting customers in the open involves more than pure support - building customer / developer experiences (DX) in the open (across platforms and communities) that pivots over the ability of your product's users or developers to be focused on the end-to-end value add. This helps with your active developer growth and retention of users.
Key Takeaways:
- IT leaders of Open Source will learn to employ strategies to build a DX team that engages on multiple platforms
- Work on identifying accurate metrics for product and organization
- Innovate on platforms such as Discord to build a bot and a dashboard
- Ability to leverage customer feedback and iterate over the customer success flywheel
- Distinguish between DX and Developer Advocacy (DA)
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by Danny McCormick - Google
Title: Deploying Models at Scale with Apache Beam
Abstract: Apache Beam is an open source tool for building distributed scalable data pipelines. This talk will explore how Beam can be used to perform common machine learning tasks, with a heavy focus on running inference at scale. The talk will include a demo component showing how Beam can be used to deploy and update models efficiently on both CPUs and GPUs for inference workloads.
An attendee can expect to leave this talk with a high level understanding of Beam, the challenges of deploying models at scale, and the ability to use Beam to easily parallelize their inference workloads.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Sudo – Giving access while staying in controlAll Things Open
Presented at All Things Open 2023
Presented by Peter Czanik - One Identity
Title: Sudo – Giving access while staying in control
Abstract: Sudo is used by millions to control and log administrator access to systems, but using the default configuration only, there are plenty of blind spots. Using the latest features in sudo let you watch some previously blind spots and control access to them. Here are four major new features, which arrived since the 1.9.0 release, allowing you see your blind spots:
- configuring a working directory or chroot within sudo often makes full shell access redundant
- JSON-formatted logs give you more details on events and are easier to act on
- relays in sudo_logsrvd make session recording collection more secure and reliable
- you can log and control sub-commands executed by the command run through sudo
Let us take a closer look at each of these.
Previously, there were quite a few situations where you had to give users full shell access through sudo. Typical examples include when you need to run a command from a given directory, or running commands in a chroot environment. You can now configure the working directory or the chroot directory and give access only to the command the user really needs.
Logging is a central role of sudo, to see who did what on the system. Using JSON-formatted log messages gives you even more information about events. What is even more: structured logs are easier to act on. Setting up alerting for suspicious events is much easier when you have a single parser to configure for any kind of sudo logs. You can collect sudo logs not only by local syslog, but also by using sudo_logsrvd, the same application used to collect session recordings.
Speaking of session recordings: instead of using a single central server, you can now have multiple levels of sudo_logsrvd relays between the client and the final destination. This allows session collection even if the central server is unavailable, providing you with additional security. It also makes your network configuration simpler.
Finally, you can log sub-commands executed from the command started through sudo. You can see commands started from a shell. No more unnoticed shell access from text editors. Best of all: you can also intercept sub-commands.
These are just a few of the most prominent features helping you to watch and control previous blind spots on your systems. See these and other possibilities in action in some live demos during our presentation.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Fortifying the Future: Tackling Security Challenges in AI/ML ApplicationsAll Things Open
Presented at All Things Open 2023
Presented by Christine Abernathy - F5, Inc.
Title: Fortifying the Future: Tackling Security Challenges in AI/ML Applications
Abstract: As Artificial Intelligence (AI) and Machine Learning (ML) applications continue to surge, it is crucial to be aware of and address the security risks associated with these technologies. In this talk, Christine will explore AI/ML failure modes, threats, and mitigation strategies. She will guide you through the fundamentals of ML models then introduce you to key security challenges such as adversarial attacks, data poisoning, model inversion, model stealing, and membership inference attacks, using real-world examples to demonstrate their potential impact.
Christine will also discuss privacy and ethical considerations in ML, touching upon techniques like federated learning and shedding light on the current regulatory landscape surrounding security risks. If you are developing AI/ML applications or incorporating AI/ML components into your technology stack, check out this talk. You will walk away with a deeper understanding of the current AI/ML security landscape and a toolkit to help you address these risks, enabling you to build safer, more secure, and privacy-aware applications.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...All Things Open
Presented at All Things Open 2023
Presented by Carlos Santana - AWS
Title: Securing Cloud Resources Deployed with Control Planes on Kubernetes using Governance and Policy as Code
Abstract: Are you concerned about the security of your cloud resources deployed on Kubernetes? Are you struggling to ensure compliance with regulatory requirements while managing your cloud infrastructure? If yes, then this talk is for you!
We will discuss how to secure cloud resources deployed with Crossplane on Kubernetes using Governance and Policy as Code. We will explore how to leverage Governance and Policy as Code tools like Rego, Kyverno, and OPA to ensure security and compliance.
By the end of this talk, you will have a better understanding of the challenges associated with securing cloud resources deployed with Crossplane or ACK on Kubernetes, the importance of Governance and Policy as Code in ensuring security and compliance, and why it is critical to use open source and open standards in these technologies.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
17.
!
get 'active'
get 'suspended'
!
!
!
post 'activate'
post 'suspend'
!
!
resources :projects
end
end
end
do
member do
post 'archive'
collection do
get 'archived'
post 'create_review'
18.
!
get 'active'
get 'suspended'
!
!
!
post 'activate'
post 'suspend'
!
!
resources :projects
end
end
end
do
member do
post 'archive'
collection do
get 'archived', to: 'archived_projects#index'
, to: 'active_projects#index'
, to: 'suspended_projects#index'
, to: 'archived_projects#create'
, to: 'active_projects#create'
, to: 'suspended_projects#create'
post 'create_review'
19.
!
get 'active'
get 'suspended'
!
!
!
post 'activate'
post 'suspend'
!
!
resources :projects
end
end
end
do
member do
post 'archive'
collection do
get 'archived'
resources :reviews, only: :create
, to: 'archived_projects#index'
, to: 'active_projects#index'
, to: 'suspended_projects#index'
, to: 'archived_projects#create'
, to: 'active_projects#create'
, to: 'suspended_projects#create'
23. Client A
API
I’m a Rich Java$cript Application
and I want JSON!
Hey, I’m an Enterprise Java Application
and I want XML! (Ha Ha, Business!)
¯_(ツ)_/¯
Oi, soy un browser e quiero HTML!
response in JSON
respuesta en HTML
response in XML
Client B
Client C
content negotiation
The process in which client and server
determine the best representation for a response
when many are available.
25. responders
extracted out to
responders gem
in Rails 4.2
module API
class ProjectsController < ApplicationController
respond_to :json, :xml
!
def index
@projects = Project.all
!
respond_with(@projects)
end
end
end
26. calls #to_json
calls #to_xml
respond_to
module API
class ProjectsController < ApplicationController
def index
@projects = Project.recent
!
respond_to do |format|
format.json { render json: @projects, status: 200 }
format.xml { render xml: @projects, status: 200 }
end
end
end
end
28. class ProjectSerializer < ActiveModel::Serializer
attributes :id, :title, :amount
!
embed :ids, include: true
has_many :products
end
defaults to JSON-API
https://github.com/rails-api/active_model_serializers
ActiveModel::Serializers
29. module SongsRepresenter
include Roar::JSON::JsonApi
name :songs
!
property :id
property :title
end
class SongRepresenter < Roar::Decorator
include Roar::JSON::JsonApi
name :songs
!
property :id
property :title
end
https://github.com/apotonick/roar
using Mixins using Decorators
Roar
32. http basic AUTH
module API
class ProjectsController < ApplicationController
before_action :authenticate_or_request
!
protected
!
def authenticate_or_request
authenticate_or_request_with_http_basic do |user, pwd|
User.authenticate(user, pwd)
end
end
end
end
33. use the -u option
$ curl -I http://carlos:secret@localhost:3000/projects
!
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
$ curl -Iu 'carlos:secret' http://localhost:3000/projects
!
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
http basic AUTH with curl
34. • Can easily expire or regenerate tokens.
• Any vulnerability is limited to API access.
• Multiple tokens for each user.
• Different access rules can be implemented.
API
Projects
Forum
Admin
Client A
token based auth
35. token for the Backpack API
providing the token
Typically available out-of-band
on a user settings page
36. token for the Digital Ocean API
For security purposes,
some services will only display
the access token once.
providing the token
37. token based auth
module API
class ProjectsController < ApplicationController
before_action :authenticate_or_request
!
protected
!
def authenticate_or_request
authenticate_or_request_with_http_token do |token, opt|
User.find_by(auth_token: token)
end
end
end
end
39. We can use the Ruby standard library
SecureRandom.uuid
f4ea855f-d303-43e6-bee3-94581c0ecb21
90ab3255-ce33-4022-8349-b7979655b07c
371c760d-2539-41b9-b665-98c255d4c323
...
GENERATING TOKENS
40. end
def generate_auth_token
.gsub(/-/,'')
end
omits the hyphensSecureRandom.uuid
class User < ActiveRecord::Base
before_create :set_auth_token
!
private
!
def set_auth_token
return if auth_token.present?
self.auth_token = generate_auth_token
end
!
a47a8e54b11c4de5a4a351734c80a14a
9fa8a147b10c4efca3e8592b3a1c2729
823c1c984d504f66a2e6cbb2eb69e842
...
GENERATING TOKENS
41. $ curl -IH "Authorization: Token token=16d7d6089b8fe0c5e19bfe10bb156832"
http://localhost:3000/episodes
!
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
use the -H option
token based auth com curl
44. V1/V1
feature X, feature Y
/V2
feature X, feature Y,
feature Z
Compatible changes:
• addition of a new format (i.e. JSON, XML )
• addition of a new property on a resource
• renaming of an end-point (use 3xx status code!)
• Only use major version.
• Changes cannot break existing clients.
• No need to bump version on compatible changes.
versioning services
50. API
HOW SHOULD WE TEST ?
Requesting endpoints and verifying responses
$ rails g integration_test <doing-something>
51. testing status code
require 'test_helper'
!
class ListingProjectsTest < ActionDispatch::IntegrationTest
setup { host! 'api.example.com' }
!
test 'returns list of projects' do
get '/projects'
assert_equal 200, response.status
refute_empty response.body
end
end
52. testing status code
require 'test_helper'
!
class ListingProjectsTest < ActionDispatch::IntegrationTest
setup { host! 'api.example.com' }
!
test 'returns list of projects' do
get '/projects'
assert_equal 200, response.status
refute_empty response.body
end
end
53. testing mime types
class ListingProjectsTest < ActionDispatch::IntegrationTest
setup { host! 'api.example.com' }
test 'returns projects in JSON' do
get '/projects', {}, { 'Accept' => Mime::JSON }
assert_equal Mime::JSON, response.content_type
end
test 'returns projects in XML' do
get '/projects', {}, { 'Accept' => Mime::XML }
assert_equal Mime::XML, response.content_type
end
end
54. testing mime types
class ListingProjectsTest < ActionDispatch::IntegrationTest
setup { host! 'api.example.com' }
test 'returns projects in JSON' do
get '/projects', {}, { 'Accept' => Mime::JSON }
assert_equal Mime::JSON, response.content_type
end
test 'returns projects in XML' do
get '/projects', {}, { 'Accept' => Mime::XML }
assert_equal Mime::XML, response.content_type
end
end
55. class ListingProjectsTest < ActionDispatch::IntegrationTest
setup { @user = User.create! }
setup { host! 'api.example.com' }
!
test 'valid authentication with token' do
get '/projects', {}, { 'Authorization' => "Token token=#{@user.auth_token}"}
assert_equal 200, response.status
assert_equal Mime::JSON, response.content_type
end
!
test 'invalid authentication' do
get '/projects', {}, { 'Authorization' => "Token token=#{@user.auth_token}fake" }
assert_equal 401, response.status
end
end
testing access rules
56. class ListingProjectsTest < ActionDispatch::IntegrationTest
setup { @user = User.create! }
setup { host! 'api.example.com' }
!
test 'valid authentication with token' do
get '/projects', {}, { 'Authorization' => "Token token=#{@user.auth_token}"}
assert_equal 200, response.status
assert_equal Mime::JSON, response.content_type
end
!
test 'invalid authentication' do
get '/projects', {}, { 'Authorization' => "Token token=#{@user.auth_token}fake" }
assert_equal 401, response.status
end
end
testing access rules