The document discusses balancing REST principles with pragmatic considerations for enterprise usage. While REST aims for simplicity, complexity arises in enterprises that require standards, governance, security, business models, and lifecycle management. RESTful APIs must consider authentication, access control, monitoring, tiered access, and billing to align with business needs. Governance tools are important for managing API lifecycles, versions, security policies and continuous improvement based on usage insights.

1. Exploring REST Purity and
Pragmatism
Samisa Abeysinghe
Vice President Engineering

2. REST
• General idea
– It is simple
– Widely used
– “cool” & state of the art
– And ideal for SOA & the enterprise
True?

3. Yes
Simple Cool
REST is…
Popular Used

4. From Theory to Practice
• Can simplicity meet complexity?
• Can REST be used in enterprise?

5. REST for Enterprise
Services & Business
Standards Governance Security
APIs Models
HTTP & Media Lifecycle Billing &
REST Service HTTP vs HTTPS
types management metering
Versioning & Tiers &
Interfaces RESTful APIs Authentication
configurations Throttling
Programming Simple, quick & Committees & Non-
Pay for use
languages Web Oriented Conformance Repudiation

6. Services & Business
Standards Governance Security
APIs Models
HTTP & Media Lifecycle Billing &
REST Service HTTP vs HTTPS
types management metering
Versioning & Tiers &
Interfaces RESTful APIs Authentication
configurations Throttling
Programming Simple, quick & Committees & Non-
Pay for use
languages Web Oriented Conformance Repudiation

7. REST Principles
Verbs
CRUD and more
(PUT, GET,POST,DELETE
Names … HEAD, OPTIONS) Representations
URI, XRI HTML, XML or Binary
(http://acme.com/ (text/html, text/xml,
customers) image/png)
Resources

8. Services & Business
Standards Governance Security
APIs Models
HTTP & Media Lifecycle Billing &
REST Service HTTP vs HTTPS
types management metering
Versioning & Tiers &
Interfaces RESTful APIs Authentication
configurations Throttling
Programming Simple, quick & Committees & Non-
Pay for use
languages Web Oriented Conformance Repudiation

9. Services vs APIs
• Services are what you develop
• APIs are what you expose
– “The interface”
– How can you consume the service?

10. RESTful APIs
• REST (REpresentational State Transfer)
– An architectural style based on transferring
representations of resources from a server to a
client
• RESTful Web services
– Web services built on the REST principles
– Also called a RESTful Web API
– http://en.wikipedia.org/wiki/Representational_sta
te_transfer#RESTful_web_services

11. The Interface Matters
• It is not the implementation that matter
• But the interface
– And got to be managed and maintained
systematically

12. Services & Business
Standards Governance Security
APIs Models
HTTP & Media Lifecycle Billing &
REST Service HTTP vs HTTPS
types management metering
Versioning & Tiers &
Interfaces RESTful APIs Authentication
configurations Throttling
Programming Simple, quick & Committees & Non-
Pay for use
languages Web Oriented Conformance Repudiation

13. Manage Life-Cycles
Service API

14. Tools for Life-Cycle Management

15. Tools for Life-Cycle Management

16. Services & Business
Standards Governance Security
APIs Models
HTTP & Media Lifecycle Billing &
REST Service HTTP vs HTTPS
types management metering
Versioning & Tiers &
Interfaces RESTful APIs Authentication
configurations Throttling
Programming Simple, quick & Committees & Non-
Pay for use
languages Web Oriented Conformance Repudiation

17. Securing RESTful Services
Confidentiality Integrity
HTTPS HTTPS
Security
Authentication
Non Repudiation
HTTP Basic/Digest Auth.,
2-legged OAuth
Mutual Auth., OAuth

18. Security Using OAuth
http://pathberiya.blogspot.com/2011/02/2-legged-oauth-to-secure-restful.html

19. Access Tokens
Application
User Key
Key Used when Used when an
applications are end user is
calling each using an
other application

20. Application/User Key Generation Sequence

21. Services & Business
Standards Governance Security
APIs Models
HTTP & Media Lifecycle Billing &
REST Service HTTP vs HTTPS
types management metering
Versioning & Tiers &
Interfaces RESTful APIs Authentication
configurations Throttling
Programming Simple, quick & Committees & Non-
Pay for use
languages Web Oriented Conformance Repudiation

22. Business Models

23. Business Requirements
Tiers Metering Throttling Billing Monitoring
Usage Tier limits
Platinum Pay for use Trends
metering enforcement
Capacity SLA & policy Continuous
Gold Budget
metering enforcement improvement
Status Capacity
Silver Prioritization Estimates
tracking planning

24. Monitoring Tools

25. Insights & Continuous Improvement

26. Services & Business
Standards Governance Security
APIs Models
HTTP & Media Lifecycle Billing &
REST Service HTTP vs HTTPS
types management metering
Versioning & Tiers &
Interfaces RESTful APIs Authentication
configurations Throttling
Programming Simple, quick & Committees & Non-
Pay for use
languages Web Oriented Conformance Repudiation

27. Closing Remarks
• REST is simple, cool, popular and used
• Need to look beyond coolness to use REST for
real
• Think of REST as a way to expose APIs
• Pay attention to good governance
• Make informed security architecture decisions
• Focus on monitoring, analysis and insights
based continuous improvements

28. Resources
• http://wso2.com/products/api-manager/
• http://wso2.com/products/governance-registry/
• http://wso2.com/products/business-activity-monitor/
• http://sanjiva.weerawarana.org/2012/08/api-management-
missing-link-for-soa.html
• http://sumedha.blogspot.com/search/label/API

29. WSO2 Engagement Model
• QuickStart
• Development Support
• Development Services
• Production Support
• http://wso2.com/support

30. Thank you!
bizdev@wso2.com