Presented by Nikola Vasilev on SkopjeTechMeetup 7.
Representational state transfer (REST) can be thought of as the language of the Internet. Now with cloud usage on the rise, REST is a logical choice for building APIs that allow end users to connect and interact with cloud services. This talk will deliver more insight into the challenges on building and maintaining good and clean RESTful APIs.
A presentation given at the adaptTo() 2014 tech meetup on the topic of developing dynamic AEM components using concepts borrowed from the SPA philosophy.
Dynamic Components using Single-Page-Application Concepts in AEM/CQNetcetera
Dynamic components display content dependable on context, hence they cannot be cached.
Out of the box, Adobe Experience Manager doesn't give us many options for granular caching on a component level.
When faced with this problem, we usually resort to developing components that are leveraging Server-Side Includes or AJAX to get the HTML with dynamic data.
As an alternative solution, we have also developed dynamic components that use Single Page Application concepts, by using templates and JSON-responses, to provide the same dynamic behavior.
In this presentation we will cover all of the dynamic components types, compare the benefits and drawbacks of each, and state the use-cases where each can be effectively applied.
We will take a deeper look at the dynamic components done with SPA concepts, as they are rarity in the AEM world, and also provide a walk-through of the technologies used, how some common problems were solved, as well as the benefits that have been gained by their usage.
This presentation talks about the basic types of API, What REST actually is and What are the six principles/architectural constraint that needs to adhere upon. URL Design practices for a developer to create restful API.
Session 3 - i4Trust components for Identity Management and Access Control i4T...FIWARE
This session consists of two parts. The first part of the session will introduce you to i4Trust IAM components in detail while the second will introduce i4Trust Marketplace Services. Technical session for Local Experts in Data Sharing (LEBDs)
Tutorial describing how to protect Fiware Orion Context Broker with Fiware Keyrock IdM and Wilma PEP Proxy. The Keyrock is used to manage the identities and to provide OAuth2 tokens. The Wilma is used to intercept the requests to Orion and verify the user credentials through the sent token. With this token is possible to verify the authenticity of the user, checking her identity, and verify if the user is authorized to access Orion.
Presented by Nikola Vasilev on SkopjeTechMeetup 7.
Representational state transfer (REST) can be thought of as the language of the Internet. Now with cloud usage on the rise, REST is a logical choice for building APIs that allow end users to connect and interact with cloud services. This talk will deliver more insight into the challenges on building and maintaining good and clean RESTful APIs.
A presentation given at the adaptTo() 2014 tech meetup on the topic of developing dynamic AEM components using concepts borrowed from the SPA philosophy.
Dynamic Components using Single-Page-Application Concepts in AEM/CQNetcetera
Dynamic components display content dependable on context, hence they cannot be cached.
Out of the box, Adobe Experience Manager doesn't give us many options for granular caching on a component level.
When faced with this problem, we usually resort to developing components that are leveraging Server-Side Includes or AJAX to get the HTML with dynamic data.
As an alternative solution, we have also developed dynamic components that use Single Page Application concepts, by using templates and JSON-responses, to provide the same dynamic behavior.
In this presentation we will cover all of the dynamic components types, compare the benefits and drawbacks of each, and state the use-cases where each can be effectively applied.
We will take a deeper look at the dynamic components done with SPA concepts, as they are rarity in the AEM world, and also provide a walk-through of the technologies used, how some common problems were solved, as well as the benefits that have been gained by their usage.
This presentation talks about the basic types of API, What REST actually is and What are the six principles/architectural constraint that needs to adhere upon. URL Design practices for a developer to create restful API.
Session 3 - i4Trust components for Identity Management and Access Control i4T...FIWARE
This session consists of two parts. The first part of the session will introduce you to i4Trust IAM components in detail while the second will introduce i4Trust Marketplace Services. Technical session for Local Experts in Data Sharing (LEBDs)
Tutorial describing how to protect Fiware Orion Context Broker with Fiware Keyrock IdM and Wilma PEP Proxy. The Keyrock is used to manage the identities and to provide OAuth2 tokens. The Wilma is used to intercept the requests to Orion and verify the user credentials through the sent token. With this token is possible to verify the authenticity of the user, checking her identity, and verify if the user is authorized to access Orion.
Web services are a set of tools available over the internet or intranet networks which use the standardized messaging system to transfer data between applications or systems.
Web services allow interaction between different systems or applications using standard libraries such as HTML, XML, WSDL, and SOAP.
An online training course run by the FIWARE Foundation in conjunction with the i4Trust project. The core part of this virtual training camp (21-24 June 2021) covered all the necessary skills to develop smart solutions powered by FIWARE. It introduces the basis of Digital Twin programming using linked data concepts - JSON-LD and NGSI-LD and combines these with common smart data models for the sharing and augmentation of context data.
In addition, it covers the supplementary FIWARE technologies used to implement the common functions typically required when architecting a complete smart solution: Identity and Access Management (IAM) functions to secure access to digital twin data and functions enabling the interface with IoT and 3rd systems, or the connection with different tools for processing and monitoring current and historical big data.
This 12-hour online training course can be used to obtain a good understanding of FIWARE and NGSI Interfaces and form the basis of studying for the FIWARE expert certification.
Extending this core part, the virtual training camp adds introductory and deep-dive sessions on how FIWARE and iSHARE technologies, brought together under the umbrella of the i4Trust initiative, can be combined to provide the means for the creation of data spaces in which multiple organizations can exchange digital twin data in a trusted and efficient manner, collaborating in the creation of innovative services based on data sharing. In addition, SMEs and Digital Innovation Hubs (DIHs) that go through this complete training and are located in countries eligible under Horizon 2020 will be equipped with the necessary know-how to apply to the recently launched i4Trust Open Call.
An online training course run by the FIWARE Foundation in conjunction with the i4Trust project and IShare Foundation. The core part of this virtual training camp (27 Jun - 01 Jul 2022) covered all the necessary skills to develop smart solutions powered by FIWARE. It introduces the basis of Digital Twin programming using NGSI-LD (the simple yet powerful open standard API enabling to publish and access digital twin data) combined with common smart data models
In addition, it covers the supplementary FIWARE technologies used to implement the rest of functions typically required when architecting a complete smart solution: Identity and Access Management (IAM) functions to secure access to digital twin data, and functions enabling the interface with IoT and 3rd systems, or the connection with different tools for processing and monitoring current and historic big data.
Extending this core part, the training camp also cover how you can easily integrate FIWARE systems with blockchain networks to create audit-proof logs of processes and ensure transparency.
This presentation will introduce you to Container, Docker, and Kubernetes with a live demo. This also explains Kubernetes basic concepts such as Pod, Deployment, Service, Ingress, and Rolling Update.
Facebook Live: https://www.facebook.com/imcinstitute/videos/4199946253380670
Youtube Recorded: https://youtu.be/vW1Yq5ftWZ4
IMC Live Webinar on July 17, 2020
The API acronym is everywhere on the Internet. It seems like every great company offers an API. But what is it exactly?
This deck will present you the very concept of API with a simple metaphor, and then will take four exemples of very popular APIs integrated by more popular websites (Airbnb, Uber, etc...).
A deck by Sébastien Saunier, CTO @ Le Wagon (https://www.lewagon.com)
FIWARE Global Summit - NGSI-LD - NGSI with Linked DataFIWARE
Presentation by Martin Bauer
Senior Researcher, NEC Labs Europe
José Manuel Cantera
Senior Standardization Expert, FIWARE Foundation
FIWARE Global Summit
27-28 November 2018
Malaga, Spain
Introduction to Big Data and how FIWARE manage it through the different approaches. What are the differences between Apache Flink and Spark approaches. Introduction to FIWARE Connectors to manage NGSI context information. Brief introduction to Machine Learning with FIWARE technology
AEM Best Practices for Component DevelopmentGabriel Walt
This presentation describes how to easily get started with an efficient development workflow with Adobe Experience Manager 6.1.
The tools and technologies presented are:
* Project Archetype – https://github.com/Adobe-Marketing-Cloud/aem-project-archetype
* AEM Eclipse Extension – https://docs.adobe.com/docs/en/dev-tools/aem-eclipse.html
* AEM Brackets Extension – https://docs.adobe.com/docs/en/dev-tools/aem-brackets.html
* Sightly Template Language – http://www.slideshare.net/GabrielWalt/component-development
* Sightly REPL Tool – https://github.com/Adobe-Marketing-Cloud/aem-sightly-repl
* Sightly TodoMVC Example – https://github.com/Adobe-Marketing-Cloud/aem-sightly-sample-todomvc
Web services are a set of tools available over the internet or intranet networks which use the standardized messaging system to transfer data between applications or systems.
Web services allow interaction between different systems or applications using standard libraries such as HTML, XML, WSDL, and SOAP.
An online training course run by the FIWARE Foundation in conjunction with the i4Trust project. The core part of this virtual training camp (21-24 June 2021) covered all the necessary skills to develop smart solutions powered by FIWARE. It introduces the basis of Digital Twin programming using linked data concepts - JSON-LD and NGSI-LD and combines these with common smart data models for the sharing and augmentation of context data.
In addition, it covers the supplementary FIWARE technologies used to implement the common functions typically required when architecting a complete smart solution: Identity and Access Management (IAM) functions to secure access to digital twin data and functions enabling the interface with IoT and 3rd systems, or the connection with different tools for processing and monitoring current and historical big data.
This 12-hour online training course can be used to obtain a good understanding of FIWARE and NGSI Interfaces and form the basis of studying for the FIWARE expert certification.
Extending this core part, the virtual training camp adds introductory and deep-dive sessions on how FIWARE and iSHARE technologies, brought together under the umbrella of the i4Trust initiative, can be combined to provide the means for the creation of data spaces in which multiple organizations can exchange digital twin data in a trusted and efficient manner, collaborating in the creation of innovative services based on data sharing. In addition, SMEs and Digital Innovation Hubs (DIHs) that go through this complete training and are located in countries eligible under Horizon 2020 will be equipped with the necessary know-how to apply to the recently launched i4Trust Open Call.
An online training course run by the FIWARE Foundation in conjunction with the i4Trust project and IShare Foundation. The core part of this virtual training camp (27 Jun - 01 Jul 2022) covered all the necessary skills to develop smart solutions powered by FIWARE. It introduces the basis of Digital Twin programming using NGSI-LD (the simple yet powerful open standard API enabling to publish and access digital twin data) combined with common smart data models
In addition, it covers the supplementary FIWARE technologies used to implement the rest of functions typically required when architecting a complete smart solution: Identity and Access Management (IAM) functions to secure access to digital twin data, and functions enabling the interface with IoT and 3rd systems, or the connection with different tools for processing and monitoring current and historic big data.
Extending this core part, the training camp also cover how you can easily integrate FIWARE systems with blockchain networks to create audit-proof logs of processes and ensure transparency.
This presentation will introduce you to Container, Docker, and Kubernetes with a live demo. This also explains Kubernetes basic concepts such as Pod, Deployment, Service, Ingress, and Rolling Update.
Facebook Live: https://www.facebook.com/imcinstitute/videos/4199946253380670
Youtube Recorded: https://youtu.be/vW1Yq5ftWZ4
IMC Live Webinar on July 17, 2020
The API acronym is everywhere on the Internet. It seems like every great company offers an API. But what is it exactly?
This deck will present you the very concept of API with a simple metaphor, and then will take four exemples of very popular APIs integrated by more popular websites (Airbnb, Uber, etc...).
A deck by Sébastien Saunier, CTO @ Le Wagon (https://www.lewagon.com)
FIWARE Global Summit - NGSI-LD - NGSI with Linked DataFIWARE
Presentation by Martin Bauer
Senior Researcher, NEC Labs Europe
José Manuel Cantera
Senior Standardization Expert, FIWARE Foundation
FIWARE Global Summit
27-28 November 2018
Malaga, Spain
Introduction to Big Data and how FIWARE manage it through the different approaches. What are the differences between Apache Flink and Spark approaches. Introduction to FIWARE Connectors to manage NGSI context information. Brief introduction to Machine Learning with FIWARE technology
AEM Best Practices for Component DevelopmentGabriel Walt
This presentation describes how to easily get started with an efficient development workflow with Adobe Experience Manager 6.1.
The tools and technologies presented are:
* Project Archetype – https://github.com/Adobe-Marketing-Cloud/aem-project-archetype
* AEM Eclipse Extension – https://docs.adobe.com/docs/en/dev-tools/aem-eclipse.html
* AEM Brackets Extension – https://docs.adobe.com/docs/en/dev-tools/aem-brackets.html
* Sightly Template Language – http://www.slideshare.net/GabrielWalt/component-development
* Sightly REPL Tool – https://github.com/Adobe-Marketing-Cloud/aem-sightly-repl
* Sightly TodoMVC Example – https://github.com/Adobe-Marketing-Cloud/aem-sightly-sample-todomvc
A Deep Dive into RESTful API Design Part 2VivekKrishna34
RESTful API Design, RESTful URI Design, Design Steps, Example Application, What are resources in REST? Various HTTP Status codes used in REST, POST, GET, PUT, PATCH, DELETE methods and what are they used for?
Best Practices for Architecting a Pragmatic Web API.Mario Cardinal
This presentation teach how to design a real-world and pragmatic web API. It draws from the experience Mario Cardinal have gained over the years being involved architecting many Web API. This presentation begins by differencing between a Web and a REST API, and then continue with the design process. We conclude with the core learnings of the session which is a review of the best practices when designing a web API. Armed with skills acquired, you can expect to see significant improvements in your ability to design a pragmatic web API.
Creating a RESTful api without losing too much sleepMike Anderson
REST (REpresentational State Transfer) continues to be the dominant way to provide a standard method for data access in a web environment. There are a lot of discussions on what makes a good RESTful API, but examples are sometimes hard to come by. How do you structure your code to enable REST but also ensure that you can update and maintain the code over the long haul?
It this talk I will walk through some of the things that I have learned in implementing a RESTful API. We will discuss some of the following topics:
* Landmines - what are some things not to do when developing your REST stack
* Pure data vs hypermedia (HATEOAS anyone?)
* Layering the stack to enable automated testing at all tiers
* Securing your endpoints
* Testing -- tools to explore and validate your endpoints
Basics of API Design and development. After the presentation, we developed a python flask-based app that you use to remind yourself anything via an api https://github.com/oquidave/reminderme
JAX-RS. Developing RESTful APIs with JavaJerry Kurian
The presentation discusses the basic REST principles and how to define a RESTful API.
The presentation then looks at the various facilities provided by JAX-RS for developing REST API using Java.
All the supported annotations and its usage are discussed with example
Modern REST API design principles and rules.pdfAparna Sharma
Typically, when updating or developing an API like Newsdata.io which is a news API for a service to provide news data with quick response time, there are lengthy discussions about the API’s structure, naming, and functions. Although, over time, certain rules have emerged that can be applied to the process and aid in reaching a common ground while developing.
Arcadian Learning a Team of 50 Year industrial Expertise provide professional Training in Java Development. Spring Framework provides a comprehensive programming and configuration model for modern Java-based enterprise level Web Applications and Web Services - on any kind of deployment platform.
Modern REST API design principles and rules.pdfAparna Sharma
Typically, when updating or developing an API like Newsdata.io which is a news API for a service to provide news data with quick response time, there are lengthy discussions about the API’s structure, naming, and functions. Although, over time, certain rules have emerged that can be applied to the process and aid in reaching a common ground while developing.
Lunacloud's Compute RESTful API - Programmer's GuideLunacloud
This document is a programming and reference guide to Lunacloud’s compute resources RESTful API.
The guide is intended for users who would like to write their own programs and scripts to automate
management of their compute resources.
For more information please visit www.lunacloud,com
Building RESTful applications using Spring MVCIndicThreads
REST is an alternate and simpler approach for implementing WebServices. It is based on the HTTP protocol and hence leverages a lot of existing infrastructures. It uses an uniform interface thus making it easy to build client applications. In this session we will look at the fundamental concepts behind REST (Resource, URI, Stateless Conversation ..) and how to apply it in the context of a real applcation. We will also discuss the pros & cons of RESTful vs Soap based webservices. We will discuss the design of RESTful application and then look at how to implement it using Spring MVC.
Similar to How to design a good REST API: Tools, techniques and best practices (20)
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
At its core, the challenge of managing Human Resources data is an integration challenge: estimates range from 2-3 HR systems in use at a typical SMB, up to a few dozen systems implemented amongst enterprise HR departments, and these systems seldom integrate seamlessly between themselves. Providing a multi-tenant, cloud-native solution to integrate these hundreds of HR-related systems, normalize their disparate data models and then render that consolidated information for stakeholder decision making has been a substantial undertaking, but one significantly eased by leveraging Ballerina. In this session, we’ll cover:
The overall software architecture for VHR’s Cloud Data Platform
Critical decision points leading to adoption of Ballerina for the CDP
Ballerina’s role in multiple evolutionary steps to the current architecture
Roadmap for the CDP architecture and plans for Ballerina
WSO2’s partnership in bringing continual success for the CD
The integration landscape is changing rapidly with the introduction of technologies like GraphQL, gRPC, stream processing, iPaaS, and platformless. However, not all existing applications and industries can keep up with these new technologies. Certain industries, like manufacturing, logistics, and finance, still rely on well-established EDI-based message formats. Some applications use XML or CSV with file-based communications, while others have strict on premises deployment requirements. This talk focuses on how Ballerina's built-in integration capabilities can bridge the gap between "old" and "new" technologies, modernizing enterprise applications without disrupting business operations.
Platformless Horizons for Digital AdaptabilityWSO2
In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.
Quantum computers are rapidly evolving and are promising significant advantages in domains like machine learning or optimization, to name but a few areas. In this keynote we sketch the underpinnings of quantum computing, show some of the inherent advantages, highlight some application areas, and show how quantum applications are built.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
5. ● The data model is an important source to
determine an appropriate resource model.
● It is used to specify the properties of the
resources manipulated by an API in an
abstract manner.
Data Model
5
6. The resource model specifies the resources that are processed by the API
Resource Model
6
Atomic Resources
The entities of the data
model that are exchanged
as a whole via the API.
Eg: Customer details
Collection Resources
When atomic resources of
the same type are grouped
into a set.
Eg: Collection of Products
Collection of items
Collection of customers
Composite Resources
Instances of groups of
different entity types that are
manipulated as a whole .
Eg: Shopping cart
Controller Resources
If multiple resources have to
be manipulated in a single
API call in order to maintain
data consistency.
Eg: Deleting an individual item
from the shopping cart one
after the other
7. ● The complete URI of an API complies to the following structure:
{scheme}://{host}/{base-path}/{path}[?{query-string}]
"https://petstore.swagger.io/v2/pet/1"
● scheme : the transport protocol supported by the API
● host: the domain of the API
● base path: the base-path of an API follows the structure,
/{feature-code}/[ {sub-code}/ ]/{version}
Resource URIs
7
8. ● Atomic resources, collection resources and composite resources should be named as
nouns because they represent "things", not "actions"
● Processing function resources and controller resources should be named as verbs
because they in fact represent "actions".
● Processing function resources and controller resources should not be sub-resources
of individual other resources.
⦿ They should not be named by means of a URI template
⦿ Individual resources become parameters.
● Lower case characters should be used in names only because the rules about which
URI element names are case sensitive and which are not may cause confusion.
Proper naming
8
9. ● If multiple words are used to name a resource, these words should be separated by dashes
(i.e. "-").
⦿ Especially, no underscore (i.e. "_") should be used.
⦿ Similarly, camel case or other programming language related naming should be
avoided.
● Singular nouns should be used for naming atomic resources.
● Names of collections should be "pluralized".
● Use forward slashes (i.e. "/") to specify hierarchical relations between resources. A forward
slash will separate the names of the hierarchically structured resources. The parent name will
immediately precede the name of its immediate children.
Proper naming
9
10. ● The version is specified as a pair of integers (separated by a dot) referred to as the major and
the minor number of the version, preceded by the lower case letter "v".
E.g: v2.1
Versioning
10
- a bug fix
- a minor internal
modification
- newly added optional
parameters
- completely new request
- new mandatory
parameters have been
added
- former parameters
have been dropped
- complete former
requests are no longer
available.
11. ● Best practice is to support the current major version as well as at least one major
version back.
● When a client is using an API's URI with a version number no longer supported, the
server has to respond with a response message that contains a Location header field
with the URI of the latest version of the API:
HTTP/1.1 301 Moved Permanently
Location:
Versioning
11
12. ● A URI template is an element which contains strings in curly brackets. These strings are variables
that must be substituted by values when such a URI template is used by a client.
/shopping-carts/{shopping-cart-id}/{item-id}/product
● An optional query string is a part of the URI contributing to the unique identification of a resource
{scheme}://{host}/{base-path}/{path}?{query-string}
● The query string consists of a sequence of name/value pairs that are separated by an "&"
● The name-string and the value-string are separated by a "=".
https://petstore.swagger.io/v2/pet/find-by-status?status=available
URI Templates
12
14. HTTP Methods
14
HTTP Method Usage
GET Retrieving an atomic resource or a composite resource is done by performing a
GET on the URI identifying the resource to be retrieved.
PUT The body of the corresponding PUT message provides the modified but complete
representation of a resource that will completely substitute the existing resource:
Parts of the resource that have not changed must be included in the modified
resource of the message body.
POST The creation of new resource, and the initiation of functions, to interact with
processing function resources as well as controller resource.
DELETE A resource is deleted by means of the DELETE request on the URI of the resource.
15. Status Codes
15
Status code Message
200 OK The request has been performed successfully.
400 Bad Request The request is invalid.
syntax errors in expressions passed with the request are found, values are out of
range, required data is missing etc.
401 Unauthorized The request requires client authorization or the passed credentials are not
accepted.
The response must include a WWW-Authenticate header.
403 Forbidden The server understood the request but refused to perform it.
404 Not Found The requested entity does not exist.
406 Not Acceptable The requested media type is not supported.
https://wso2.com/whitepapers/wso2-rest-apis-design-guidelines/#09
16. ● It is often convenient to retrieve the large result sets in smaller chunks.
● The retrieval request specifies a query string containing an "offset" field as well as a
"limit" field;.
⦿ offset - the position number of a qualified resource where the retrieval should
start
⦿ limit - the maximum number of resources to be returned.
● The response message with the subset of the qualified resource returned should
specify,
⦿ total number of all qualified resources ("count" field)
⦿ a link to the next chunk of qualified resources ("next" field)
⦿ a link to the previous chunk of qualified resources ("previous" field)
Pagination
16
18. ● Resources should be accessible based on a properly designed permission model to prevent misuse
of APIs.
● Different resources are protected by different permissions and these permissions may change.
● To support this, REST APIs need to support extensible security mechanisms like
⦿ Authentication (who are you)
⦾ HTTP Basic Authentication
⧁ Username/password auth. More suitable for internal/B2B APIs.
⦾ API Keys
⧁ One time API Key. More suitable for B2B APIs.
⦾ OAuth2.0 (Open Authentication)
⧁ The de-facto security for REST APIs. Supports a wide range of grant types covering many
application types.
⦿ Authorization (what can you do)
⦾ OAuth2.0 scopes
⦾ XACML (eXtensible Access Control Markup Language).
⦾ OPA (Open Policy Agent)
Security
18
19. ● Open API Specification - JSON with YAML compatibility (best for
request/response model)
● RAML - is strictly YAML in representation
● WADL - uses XML
● API Blueprint - uses Markdown as it’s format
● Slate
REST API Specification Formats
19
20. ● Swagger API tools
https://swagger.io/tools/
● Stoplight
https://stoplight.io/
● OData Open API
https://github.com/oasis-tcs/odata-openapi
● Oas-tools
https://github.com/isa-group/oas-tools
● OAS RAML Converter
https://mulesoft.github.io/oas-raml-converter/
For more Tools check : https://openapi.tools/
Tools
20
21. ● Event-driven APIs enable apps to integrate many products and services based on
equivalence around event-driven interactions.
● AsyncAPI specification is used to design and develop event driven APIs like
Kafka, WebSockets, etc.
● It was created to serve as a common unifying language for the diverse formats,
protocols, and specifications, allowing for standardized communication in the
message-driven system.
Event-driven APIs - Async APIs
21
22. REST API Design Guidelines
Fore more information on how to design a good REST API, see
https://wso2.com/whitepapers/wso2-rest-apis-design-guidelines/
25. Status Codes
25
Status code Message
200 OK The request has been performed successfully.
201 Created The request has been performed successfully.
The URL of the newly created entity is contained in the Location header of the
response.
An ETag header should be returned with the current entity tag of the resource just
created
202 Accepted The processing of the request has started but will take some time.
The body of the response message should provide information about the current
state of the processing,as well as information about where the client can request
updated status information at a later point in time
303 See Other The response of the request is available at a different URL; this URL is given as
value of the Location header of the response message
304 Not Modified The requesting client has already received the latest version of the requested
resource.
26. Status Codes
26
Status code Message
400 Bad Request The request is invalid.
syntax errors in expressions passed with the request are found, values are out of
range, required data is missing etc.
401 Unauthorized The request requires client authorization or the passed credentials are not
accepted.
The response must include a WWW-Authenticate header.
403 Forbidden The server understood the request but refused to perform it.
404 Not Found The requested entity does not exist.
406 Not Acceptable The requested media type is not supported.
412 Precondition
Failed
The request has not been performed because one of the preconditions has not
been met.
415 Unsupported
Media Type
The entity passed by the request was in a format that is not supported.
27. ● A query on a collection resource consists of three artifacts:
⦿ a mandatory filter condition
⦿ an optional sort expression
⦿ an optional projection
● Filter condition
⦿ Is a boolean expression of attributes
⦿ The spectrum of filter conditions is from simple (supporting to specify a single attribute name
with a value being compared for equality) to complex (arbitrary conditions and arbitrary
comparison operators).
Example of a complex query:
filter=((price > 1000 AND status = on-stock) OR (price < 200 AND NOT(status = on-stock)))
Queries
27
28. ● Sort expression
⦿ consists of a list of attribute names together with the indication for each attribute name
whether the result is to be sorted ascending or descending.
⦿ The order in which the result is sorted is implied by the order of the list of attribute names.
Example:
sort=(price ASC, delivery-date DESC)
● Projection
⦿ A list of attribute names that have to be used to create each item in the result set.
⦿ Each specified attribute name is used to extract the corresponding information from each
resource and compile a corresponding item in the result set.
Example:
projection=price,color,status
Queries
28
29. ● There are two ways to enable queries on collections:
⦿ part of the query string of the URI used by a GET
GET /products?status=on-stock&sortAsc=price&projection=price,color,status HTTP/1.1
This is preferred because a GET is used with this URI, clearly expressing the semantics of the
request namely retrieving a subset of the collection
⦿ the query is passed in the body of a POST request of a special processing function resource.
POST /product-search HTTP/1.1
filter=((price > 1000 AND status = on-stock) OR (price < 200 AND NOT(status = on-stock)))
sort=(price ASC, delivery-date DESC)
projection=price,color,status
When queries may become complex where the maximum length may be exceeded, the use of
a POST request that contains the (complex) query in the request body is enforced
Queries
29
30. ● Requests may take too long to return the response synchronously,
Long Running Requests
30
● "202 Accepted" status code specifies that
the request is accepted but will be
processed asynchronously.
● The task resource says that the request is
running and gives an estimated completion
time.
● In succeeding requests, the client will
retrieve the actual task resource via the URI
value of the Content-Location header field:
GET /apply/tasks/1 HTTP/1.1
Host: www.shark-credits.com
31. "200 OK" - means that the retrieval of the
task resource was successful
note especially that this does not indicate
that the long running request completed
successfully:
Long Running Requests
31
32. ● "303 See Other" specifies that a new
resource has been created with the URI
with the value of the Location header
field.
● This is the URI of the result of the long
running request.
● The task resource now reports in its
state field that the long request
succeeded successfully.
Long Running Requests
32
After some time, the long running request will have completed, i.e. the GET request above will receive the following
response:
33. ● the retrieval of the task resource will
succeed with a "200 OK" status code,
● the task resource's status will report that
the long running request completed but
was not successful.
● Note: the status code of the response of
the retrieval of the task resource is not
related to the status of the long running
request at all.
Long Running Requests
33
If the long running request fails,
34. ● It assumes that a server processing a request determines the representation best suited to the
requesting client.
● The server is dependent on the requesting client to specify information about its processing
capabilities or requirements.
● It is done by means of header fields of the request message like Accept, AcceptEncoding etc.
Server-driven Content Negotiation
34
Advantage Disadvantage
Avoiding a second request to be made by the client Potentially responding a representation to the
client that is not ideally suited
35. ● The server detects that it has more than one representation of a resource available that may serve
the client's needs.
● The server responds to the request with a "300 Multiple Choices" message that carries information
about the representations available,
● The client finally selects one of these representations and explicitly requests it in a following
request.
Client-driven Content Negotiation
35
Advantage Disadvantage
The client gets the representation that is best suited for it. Two round-trips.
36. ● The client specifies that it is able to process JSON, XML as well as plain text, but that it prefers
JSON.
● The preferences in media types is specified by weighting a media type by a quality value q.
● The server will determine which of the representations it has available and will return the one with
the highest quality value.
● Example:
GET /products/27182
Accept: application/json;q=0.9, application/xml;q=0.6, text/plain;q=0.1
● In case the server does not have a client specified representation, it will respond with a message
returning a corresponding status code:
HTTP/1.1 406 Not acceptable
36
37. ● Multiple clients interacting with the same resource may cause concurrency conflicts like lost
updates.
● Pessimistic concurrency control mechanisms
⦿ avoid conflicts in advance by locking resources
⦿ used if the probability for conflicts is high
● Optimistic concurrency control
⦿ avoids conflicts by detecting conflicts and signaling them to clients that may retry their
requests
⦿ used if the probability for conflicts is low.
● Many concurrent interactions in REST-based APIs can be handled by optimistic concurrency control.
Concurrency Control
37
38. ● For this purpose, requests are sent as conditional requests.
● A conditional request specifies the If-Match or If-Unmodified-Since header in the request.
● When performing the conditional request, the API implementation has to compare the value(s)
passed by the client in the request with the corresponding values of the current resource as stored
by the origin server.
● If the values have been changed, the request is rejected (response code "412 Precondition Failed");
otherwise, the request is executed.
Example:
PUT /products/31415
If-Match: "42049dcaf450987cffd"
If-Unmodified-Since: Thu, 7 Jan 2016 17:41 CET
Response: HTTP/1.1 412 Precondition Failed
Concurrency Control
38
39. ● Even with PATCH, special care must be taken with respect to lost updates:
⦿ If concurrent PATCHes are to be supported, concurrency control must be implemented as a
conditional request.
● Following pattern may be used to realize partial updates without using processing function
resources:
⦿ a client has to GET the resource to be updated
⦿ apply the partial updates locally
⦿ then send a conditional PUT with the complete resource to the server.
Concurrency Control
39
40. ● A client may cache resources as well as header fields of resources to reduce transfer of data that
has not been changed since its last retrieval.
● For this purpose, a client uses a conditional request to retrieve data.
● Such a conditional request specifies the If-None-Match or the If-Modified-Since headers in the
request.
⦿ If-None-Match - the value of the ETag header of the resource as retrieved last time by the
requesting client.
⦿ If-Modified-Since - the value of the Last-Modified header of the resource as retrieved last time
by the requesting client.
● When performing the conditional request, the API implementation has to compare the value(s)
passed by the client in the request with the corresponding values of the current resource as stored
by the server.
Client-Side Caching
40
41. ● If the values have not changed, the resource is not returned (response code "304 Not Modified");
otherwise, the resource is returned.
Example:
GET /products/31415
If-None-Match: "42049dcaf450987cffd"
If-Modified-Since: Thu, 7 Jan 2016 17:41 CET
Response:
HTTP/1.1 304 Not Modified
Client-Side Caching
41
42. ● When a 4xx status code is returned, a
client error has been detected.
● Detailed error information should be
returned in the body of the response
message.
Reporting Errors
42
43. ● If more than one error occurred, each
error is reported as an element of the
following array that is part of the error
object before.
Reporting Errors
43
44. ● HTTP Basic Authentication is unsecure. (credentials are in clear text, i.e. it is Base64 encoded, which
can be immediately translated into clear text)
● HTTP Basic Authentication is only viable over HTTPS.
● HTTP Digest encoding is more secure but is subject to a "man-in-the-middle-attack".
● By using HTTPS, this is avoided.
● HTTP security mechanisms are only acceptable for non-critical APIs, for requests that generate
more secure access tokens.
Basic Authentication
44
45. ● A unique generated value is assigned to each first time user, signifying that the user is known.
● If an API is limited specifically in functionality where “read” is the only possible command, an API
Key can be an adequate solution.
● API Key is not very secure because anyone who makes a request transmits their key. This key can be
picked up just as easy as any network transmission, and if any point in the entire network is
insecure, the entire network is exposed.
API Keys
45
46. ● OAuth is the best choice for identifying personal user accounts and granting proper permissions.
● The likelihood of possible attacks of HTTP Basic or Digest Authentication is reduced by using OAuth
tokens.
● A set of scopes needs to be designed that protects individual processing function resources,
collection resources, or the ability to create or delete resource.
● Although OAuth has been proposed as a mechanism over HTTP, it should be used over HTTPS to
increase security.
Open Authorization (OAuth)
46
47. ● A more fine-grained control of access to resources is supported by XACML but XACML is
considered quite complex in practice
● XACML is an attribute-based access control (ABAC) mechanism.
● Example: If a user is allowed to login to a system during a specific time this requirement can;t be
achieved by OAuth alone a policy needs to be enforced. So we can use XACML
eXtensible Access Control Markup Language (XACML)
47
48. ● You can use OPA to enforce policies in microservices, Kubernetes, CI/CD pipelines, API gateways,
and more.
● OPA generates policy decisions by evaluating the query input and against policies and data.
● Policy decisions are not limited to simple yes/no or allow/deny answers. Like query inputs, your
policies can generate arbitrary structured data as output.
Open Policy Agent (OPA)
48