This is the presentation I delivered at the Liferay North American Symposium 2017 and presents our vision for making Liferay the best Headless Platform out there.
It specifically covers how we are using the power of Hypermedia + Shared Vocabularies to build APIs designed to evolve and extremely easy to use and consume
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
Understanding how emerging standards like OAuth and OpenID Connect impact federation
Federation is a critical technology for reconciling user identity across Web applications. Now that users consume the same data through cloud and mobile, federation infrastructure must adapt to enable these new channels while maintaining security and providing a consistent user experience.
This webinar will examine the differences between identity federation across Web, cloud and mobile, look at API specific use cases and explore the impact of emerging federation standards.
You Will Learn
Best practices for federating identity across mobile and cloud
How emerging identity federation standards will impact your infrastructure
How to implement an identity-centric API security and management infrastructure
Presenters
Ehud Amiri
Director, Product Management, CA Technologies
Francois Lascelles
Chief Architect, Layer 7
Designing Usable APIs featuring Forrester Research, Inc.CA API Management
Deliver a Great Developer Experience (DX) as Part of an Effective API Strategy
Overview
Designing a great enterprise API is not easy. Exposing an interface is relatively simple but API designers have a great deal more to think about – business models, process context, transactional integrity, privacy concerns, data ownership… the list goes on.
For enterprise API designers, a clear focus on developer experience (DX) is often the best way to get things moving in the right direction. Creating an API that developers love to use will produce a wealth of benefits for any API program, such as:
Increasing API adoption rates
Reducing implementation costs
Ensuring the program is aligned with core business goals
Join this webinar with Ronnie Mitra of Layer 7 and guest speaker Randy Heffner of Forrester Research, Inc. to get practical tips on building APIs that will provide a great DX and truly contribute to your organization’s business success.
You Will Learn
What the term “well-designed API” means, in practical terms
Why developer experience matters and how it aligns with business goals
How to make rational design choices that will improve DX
Presented By
Ronnie Mitra
Principal API Architect, Layer 7
Guest Speaker
Randy Heffner
VP, Principal Analyst, Forrester Research, Inc.
Best practices and advantages of REST APIsAparna Sharma
In this article, I am going to share the best practices and the advantages of REST APIs, as I am working with a team on a REST-based web application. Newsdata.io news API is a REST-based API that fetches news data from thousands of news websites in JSON format. Therefore, I have a basic understanding of REST APIs that I am going to share with you.
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
Understanding how emerging standards like OAuth and OpenID Connect impact federation
Federation is a critical technology for reconciling user identity across Web applications. Now that users consume the same data through cloud and mobile, federation infrastructure must adapt to enable these new channels while maintaining security and providing a consistent user experience.
This webinar will examine the differences between identity federation across Web, cloud and mobile, look at API specific use cases and explore the impact of emerging federation standards.
You Will Learn
Best practices for federating identity across mobile and cloud
How emerging identity federation standards will impact your infrastructure
How to implement an identity-centric API security and management infrastructure
Presenters
Ehud Amiri
Director, Product Management, CA Technologies
Francois Lascelles
Chief Architect, Layer 7
Designing Usable APIs featuring Forrester Research, Inc.CA API Management
Deliver a Great Developer Experience (DX) as Part of an Effective API Strategy
Overview
Designing a great enterprise API is not easy. Exposing an interface is relatively simple but API designers have a great deal more to think about – business models, process context, transactional integrity, privacy concerns, data ownership… the list goes on.
For enterprise API designers, a clear focus on developer experience (DX) is often the best way to get things moving in the right direction. Creating an API that developers love to use will produce a wealth of benefits for any API program, such as:
Increasing API adoption rates
Reducing implementation costs
Ensuring the program is aligned with core business goals
Join this webinar with Ronnie Mitra of Layer 7 and guest speaker Randy Heffner of Forrester Research, Inc. to get practical tips on building APIs that will provide a great DX and truly contribute to your organization’s business success.
You Will Learn
What the term “well-designed API” means, in practical terms
Why developer experience matters and how it aligns with business goals
How to make rational design choices that will improve DX
Presented By
Ronnie Mitra
Principal API Architect, Layer 7
Guest Speaker
Randy Heffner
VP, Principal Analyst, Forrester Research, Inc.
Best practices and advantages of REST APIsAparna Sharma
In this article, I am going to share the best practices and the advantages of REST APIs, as I am working with a team on a REST-based web application. Newsdata.io news API is a REST-based API that fetches news data from thousands of news websites in JSON format. Therefore, I have a basic understanding of REST APIs that I am going to share with you.
apidays LIVE Hong Kong - Orchestrating APIs at Scale by Hieu Nguyen Nhuapidays
apidays LIVE Hong Kong - The Open API Economy: Finance-as-a-Service & API Ecosystems
Orchestrating APIs at Scale
Hieu Nguyen Nhu , Senior Cloud Native Technical Specialist at Microsoft
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...Atlassian
The existence of an API allows developers to extend software so as to cater for unique use cases beyond the software's original scope. Administrators and end users of JIRA 5 can expect its REST API to enable the creation of integrated applications to solve their unique concerns. This presentation aims to describe ways in which the JIRA 5 REST API can be used to make a tangible impact for the end user. Several use cases will be discussed, ranging from running simple command line apps, through to creating web applications that integrate with the JIRA 5 REST API.
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...Atlassian
The existence of an API allows developers to extend software so as to cater for unique use cases beyond the software's original scope. Administrators and end users of JIRA 5 can expect its REST API to enable the creation of integrated applications to solve their unique concerns. This presentation aims to describe ways in which the JIRA 5 REST API can be used to make a tangible impact for the end user. Several use cases will be discussed, ranging from running simple command line apps, through to creating web applications that integrate with the JIRA 5 REST API.
Webinar: Embracing REST APIs through APPSeCONNECTAPPSeCONNECT
We recently had a #Webinar on Embracing Rest API through APPSeCONNECT. The key points covered were:
1. What is REST and why it is important?
2. Authentication mechanisms.
3. Adding Schemas and Actions
4. Connecting the dots through Workflows.
5. Defining Integration Strategies.
6. Provitioning and Maintenance.
7. Conclusion
#Webinar #RESTAPI #API #iPaaS
Check out the Webinar Recap now!
Integrate your line of business applications: https://www.appseconnect.com/integrations/
Secure and Optimize APIs using Azure API ManagementBizTalk360
In this presentation, Microsoft MVP & BizTalk360 Senior Software Engineer Sunny Sharma gives a deep look into Securing & Optimizing APIs using Azure API Management.
Understanding and Executing on API Developer ExperienceSmartBear
What is Developer Experience, and how can you leverage it to drive adoption and growth for your API? Our very own Keshav Vasudevan will take you through it. Learn more: https://blog.smartbear.com/apis/developer-experience-the-key-to-a-successful-api/
FIWARE Identity Management and Access ControlFIWARE
This training camp teaches you how FIWARE technologies and iSHARE, brought together under the umbrella of the i4Trust initiative, can be combined to provide the means for creation of data spaces in which multiple organizations can exchange digital twin data in a trusted and efficient manner, collaborating in the development of innovative services based on data sharing and creating value out of the data they share. SMEs and Digital Innovation Hubs (DIHs) will be equipped with the necessary know-how to use the i4Trust framework for creating data spaces!
Getting Started with API Management – Why It's Needed On-prem and in the CloudRevelation Technologies
APIs are one of the main elements of cloud services. All major cloud service providers expose REST APIs to allow you to programmatically access their services and capabilities. SOAP and REST are the two most common ways of exposing APIs, whether to external, partner, cloud, or internal developers.
The concept of API management is to publish these web APIs for consumption, and includes capabilities such as monitoring, security, and documentation.
This presentation introduces basic concepts of APIs, API management, cloud REST services, and a brief walkthrough of WSO2 API Manager and Oracle API Gateway to see how you can centrally publish, expose, and secure APIs, essentially virtualizing your backend services.
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays
apidays Helsinki & North 2023
API Ecosystems - Connecting Physical and Digital
June 5 & 6, 2023
API authorization with Open Policy Agent
Anders Eknert, Developer Advocate at Styra
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Five Things You Gotta Know About Modern IdentityMark Diodati
Modern identity supports the new world built on device-independent, location-anywhere access. New-school provisioning and authentication are requiremed. Its protocols are increasingly built upon frameworks like REST and JSON; examples include SCIM, OAuth OpenID Connect and FIDO. Modern identity leverages IDaaS and identity bridges to manage users and applications across the hybrid cloud.
Content Strategy and Developer Engagement for DevPortalsAxway
Slides from Write the Docs Ottawa Meet Up at Shopify HQ in Canada, June 24, 2019
We’ll walk through 5 scenarios and concrete ways of reaching a developer community for frictionless and increased engagement.
Talk from the API Management Meeting, San Francisco, 9/11/2013. Covering how APIs change the way be build applications. Also covers why the API Economy will be a complex distributed system.
apidays LIVE Hong Kong - Orchestrating APIs at Scale by Hieu Nguyen Nhuapidays
apidays LIVE Hong Kong - The Open API Economy: Finance-as-a-Service & API Ecosystems
Orchestrating APIs at Scale
Hieu Nguyen Nhu , Senior Cloud Native Technical Specialist at Microsoft
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...Atlassian
The existence of an API allows developers to extend software so as to cater for unique use cases beyond the software's original scope. Administrators and end users of JIRA 5 can expect its REST API to enable the creation of integrated applications to solve their unique concerns. This presentation aims to describe ways in which the JIRA 5 REST API can be used to make a tangible impact for the end user. Several use cases will be discussed, ranging from running simple command line apps, through to creating web applications that integrate with the JIRA 5 REST API.
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...Atlassian
The existence of an API allows developers to extend software so as to cater for unique use cases beyond the software's original scope. Administrators and end users of JIRA 5 can expect its REST API to enable the creation of integrated applications to solve their unique concerns. This presentation aims to describe ways in which the JIRA 5 REST API can be used to make a tangible impact for the end user. Several use cases will be discussed, ranging from running simple command line apps, through to creating web applications that integrate with the JIRA 5 REST API.
Webinar: Embracing REST APIs through APPSeCONNECTAPPSeCONNECT
We recently had a #Webinar on Embracing Rest API through APPSeCONNECT. The key points covered were:
1. What is REST and why it is important?
2. Authentication mechanisms.
3. Adding Schemas and Actions
4. Connecting the dots through Workflows.
5. Defining Integration Strategies.
6. Provitioning and Maintenance.
7. Conclusion
#Webinar #RESTAPI #API #iPaaS
Check out the Webinar Recap now!
Integrate your line of business applications: https://www.appseconnect.com/integrations/
Secure and Optimize APIs using Azure API ManagementBizTalk360
In this presentation, Microsoft MVP & BizTalk360 Senior Software Engineer Sunny Sharma gives a deep look into Securing & Optimizing APIs using Azure API Management.
Understanding and Executing on API Developer ExperienceSmartBear
What is Developer Experience, and how can you leverage it to drive adoption and growth for your API? Our very own Keshav Vasudevan will take you through it. Learn more: https://blog.smartbear.com/apis/developer-experience-the-key-to-a-successful-api/
FIWARE Identity Management and Access ControlFIWARE
This training camp teaches you how FIWARE technologies and iSHARE, brought together under the umbrella of the i4Trust initiative, can be combined to provide the means for creation of data spaces in which multiple organizations can exchange digital twin data in a trusted and efficient manner, collaborating in the development of innovative services based on data sharing and creating value out of the data they share. SMEs and Digital Innovation Hubs (DIHs) will be equipped with the necessary know-how to use the i4Trust framework for creating data spaces!
Getting Started with API Management – Why It's Needed On-prem and in the CloudRevelation Technologies
APIs are one of the main elements of cloud services. All major cloud service providers expose REST APIs to allow you to programmatically access their services and capabilities. SOAP and REST are the two most common ways of exposing APIs, whether to external, partner, cloud, or internal developers.
The concept of API management is to publish these web APIs for consumption, and includes capabilities such as monitoring, security, and documentation.
This presentation introduces basic concepts of APIs, API management, cloud REST services, and a brief walkthrough of WSO2 API Manager and Oracle API Gateway to see how you can centrally publish, expose, and secure APIs, essentially virtualizing your backend services.
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays
apidays Helsinki & North 2023
API Ecosystems - Connecting Physical and Digital
June 5 & 6, 2023
API authorization with Open Policy Agent
Anders Eknert, Developer Advocate at Styra
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Five Things You Gotta Know About Modern IdentityMark Diodati
Modern identity supports the new world built on device-independent, location-anywhere access. New-school provisioning and authentication are requiremed. Its protocols are increasingly built upon frameworks like REST and JSON; examples include SCIM, OAuth OpenID Connect and FIDO. Modern identity leverages IDaaS and identity bridges to manage users and applications across the hybrid cloud.
Content Strategy and Developer Engagement for DevPortalsAxway
Slides from Write the Docs Ottawa Meet Up at Shopify HQ in Canada, June 24, 2019
We’ll walk through 5 scenarios and concrete ways of reaching a developer community for frictionless and increased engagement.
Talk from the API Management Meeting, San Francisco, 9/11/2013. Covering how APIs change the way be build applications. Also covers why the API Economy will be a complex distributed system.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
Italy Agriculture Equipment Market Outlook to 2027
Liferay as a headless platform
1. Liferay as a Headless Platform
Introducing a New Breed of Secure Hypermedia APIs
Jorge Ferrer, VP Engineering
Michael Han, VP Operations
2. @jorgeferrer #LSNA17
H e a d l e s s s o f t w a r e i s s o f t w a r e c a p a b l e o f
w o r k i n g w i t h o u t a g r a p h i c a l u s e r i n t e r f a c e
W i k i p e d i a
“
6. @jorgeferrer #LSNA17
Th e A P I e c o n o m y i s a n e n a b l e r f o r t u r n i n g
a b u s i n e s s o r o r g a n i z a t i o n i n t o a p l a t f o r m .
P l a t f o r m s m u l t i p l y v a l u e c r e a t i o n .
G a r t n e r
“
15. #LRDEVCON
Liferay to be an OAuth 2.0 provider
Giving end-users the ability to delegate permissions to
apps
• An authorization protocol for web APIs
• Protocol widely adapted on the web
• Multiple authorization granting flows available
16. #LRDEVCON
Authorization
Resource Owner – the User
Client – a client application (e.g. mobile application)
Authorization Server – Issues access token for clients
approved by the owner.
Resource Server – API server providing API resources
18. #LRDEVCON
For applications to authenticate on behalf of itself
Useful when getting non-user specific information from the portal
Easy migration from legacy API authentication schemes (Basic, Digest etc.)
Client Credential grant flow
1. Client ID & Client Secret
2. Access token
19. #LRDEVCON
2. Resource Owner Password Credentials
3. Access token
Resource Owner Credentials grant flow
1. Resource Owner Password
Credentials
Simple authentication by providing username & password
Exchanged for access token, no password storage. Suitable for trusted
first party clients.
21. #LRDEVCON
User’s trust boundary
What happened to my users?
User trust issues with providing password
Only suitable for 1st party web and mobile applications
2. Resource Owner Password Credentials
3. Access token
1. Resource Owner Password
Credentials
22. #LRDEVCON
Authorization Code grant flow
Best option for webserver and
User agent apps
No username & password
given to app
Can be used for mobile apps,
but requires popping a web
browser
User’s trust boundary
5. Access token
2. User
authenticates &
authorizes
4. Authorization Code &
Redirect URI
1. Client ID &
Redirect URI
3. Authorization
code
23. #LRDEVCON
Pre-Authorized tokens for devices
Building a unified experience across multiple devices
• Maintaining a fully native experience for each
device
• Generate pre-authorized tokens via a web portal
• Mobile app receives the token via
• Onscreen QR code scanned with camera
25. #LRDEVCON
One protocol to unify them all!
OAuth 2.0 provider allows API authentication
via all new and existing web SSO solutions
available to Liferay Portal
• Authorization Code grant flow
• Pre-Authorised tokens
27. #LRDEVCON
Service Access Quotas
• Important for building large scale systems with untrusted clients
• Protect against service abuse
• Extracts characteristics of API requests and matches against
configured quotas
• For example
• allow 100 requests
• to a service method
• within 5 minutes
• for each client IP address and User ID combination
32. @jorgeferrer #LSNA17
Reduce the
need for
documentation
Embrace
REST
Best Practices
Adopt
Standards
Abstract
Liferay
Internals
HOW?
Promote
Reusability
35. @jorgeferrer #LRDEVCON
Hypermedia Controls
Single Endpoint
Consumers only know the
home URL
And are able to interpret the
listed resources
Standardized Link Types
Consumers can follow links
whose type is known
IANA standardizes many of them
We can add more on top
36. @jorgeferrer #LSNA17
{
"resources": {
"people": {
"href": "http://api.domain.io/o/api/p/people"
},
"organizations": {
"href": "http://api.domain.io/o/api/p/organizations"
},
[..]
"sites": {
"href": "http://api.domain.io/o/api/p/sites",
"hints": {
"media-type": "application/ld+json"
}
}
}
}
A Single Home Endpoint
http://api.domain.io/o/api
Consumers become
inmune to changes
in URLs
JSON Home Internet Draft
37. @jorgeferrer #LSNA17
{
"_embedded": {...},
"total": 43,
"count": 30,
"_links": {
"first": {
"href": "http://localhost:8080/o/api/p/groups?page=1&per_page=30"
},
"next": {
"href": "http://localhost:8080/o/api/p/groups?page=2&per_page=30"
},
"last": {
"href": "http://localhost:8080/o/api/p/groups?page=2&per_page=30"
}
}
}
Hypermedia pagination
Consumers become
simpler, leaving
logic to the server
IANA Link Relations Standard
38. @jorgeferrer #LSNA17
{
..
"actions": [
{
"name": "add-blog-posting",
"title": "Add Blog Posting",
"method": "POST",
"href": "http://localhost:8080/o/p/blogs",
"type": "application/json",
"fields": [
{ "name": "headline", "type": "text" },
{ "name": "author", "type": "Person" },
]
}
],
…
}
Forms in APIs
Consumers don’t
hardcode the fields
or types
Siren
39. @jorgeferrer #LRDEVCON
Standard Models (aka Shared Vocabularies)
schema.org and others
schema.org: 597 types and 867
properties
ActivityStreams, microformats,
…
Well defined custom Models
Don’t just expose your internal
models
Thinking terms through
40. @jorgeferrer #LSNA17
Mapping internal terms to standards
Internal schema.org
User + Contact Person
birthday birthDate
middleName additionalName
screenName alternateName
emailAddress email
lastName familyName
firstName givenName
fullName name
Internal schema.org
BlogsEntry BlogPosting
headline title
alternativeHeadline subtitle
description description
user creator
user author
articleBody content
aggregateRating ratings
41. @jorgeferrer #LSNA17
Consumer devs
don’t need to know
Liferay internals,
which are now free
to evolve
Mapping internal terms to standards
Internal schema.org + custom
Group (site=1) WebSite
name name
groupKey alternateName
user creator
Ratings Service aggregateRatings
friendlyURL (_self) / (@id)
BlogsEntry Service blogs
manualMembership (open question)
43. @jorgeferrer #LSNA17
Ready for real world needs
Multi-language1
2
3
Embed multiple resources to
avoid chattiness
Decide which fields to return
Very efficient
HTTP caching
Binary response formats
Consumers control
the response
Accept-Language header
53. @jorgeferrer #LSNA17
Amazing results with our first Mobile App
80%+ of the code is
reusable
Vulcan Consumer
Thing Screenlet
Much easier to
provide offline
support
54. @jorgeferrer #LRDEVCON
02
03
Guidelines
Well documented guidance to build APIs
designed to evolve
01
Sharing with we have learned and built
Project codename Vulcan
Architect
Making a breeze to build modular
Hypermedia APIs
Consumer
Does all the repetitive work for
consuming a Hypermedia API
60. @jorgeferrer #LSNA17
Image Credits
This presentation has photos from Pana
Vasquez , Oumaima Ben Chebtit, Patrick
Tomasso, jesse orrico, Toa Heftiba, Jeremy
Thomas, John Mark Arnold, Linda Xu, 35mm, Todd
Quackenbush, Sawyer Bengtson, Jorge
Gonzalez, Justin Main, Vadim Sherbakov, Kimon
Maritz and Matt Jones on Unsplash
Thanks so much, for your amazing photos.