This document provides an overview of REST API best practices. It discusses the key aspects of REST API design, including the 6 architectural constraints of REST (uniform interface, client-server, stateless, cacheable, layered system, and code on demand). It also outlines 12 best practices for REST API design, such as using nouns instead of verbs in URIs, plural naming conventions, implementing HATEOAS, and using Swagger for documentation. The document serves as a comprehensive guide to building robust RESTful APIs.
A survey of various tools and techniques commonly used by API craftsman. API specification languages, testing, debugging and analytics are covered.
As presented by Jason Harmon at Booz Allen Hamilton's "Distinguished Speaker Series" 3/2/2015
apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...apidays
apidays LIVE Hong Kong 2021 - API Ecosystem & Data Interchange
August 25 & 26, 2021
GraphQL : Beyond APIs, graph your enterprise
Maxime Topolov, CEO of GraphQL Portal
Check out our API conferences @ https://www.apidays.global/
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...apidays
apidays LIVE Hong Kong 2021 - API Ecosystem & Data Interchange
August 25 & 26, 2021
Automating the API Product Lifecycle
Jeremy Glassenberg, Product Lead, APIs at Docusign
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...apidays
apidays LIVE Hong Kong 2021 - API Ecosystem & Data Interchange
August 25 & 26, 2021
Multi-Protocol APIs at Scale in Adidas
Jesus de Diego, API Evangelist at Adidas
A survey of various tools and techniques commonly used by API craftsman. API specification languages, testing, debugging and analytics are covered.
As presented by Jason Harmon at Booz Allen Hamilton's "Distinguished Speaker Series" 3/2/2015
apidays LIVE Hong Kong 2021 - GraphQL : Beyond APIs, graph your enterprise by...apidays
apidays LIVE Hong Kong 2021 - API Ecosystem & Data Interchange
August 25 & 26, 2021
GraphQL : Beyond APIs, graph your enterprise
Maxime Topolov, CEO of GraphQL Portal
Check out our API conferences @ https://www.apidays.global/
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...apidays
apidays LIVE Hong Kong 2021 - API Ecosystem & Data Interchange
August 25 & 26, 2021
Automating the API Product Lifecycle
Jeremy Glassenberg, Product Lead, APIs at Docusign
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...apidays
apidays LIVE Hong Kong 2021 - API Ecosystem & Data Interchange
August 25 & 26, 2021
Multi-Protocol APIs at Scale in Adidas
Jesus de Diego, API Evangelist at Adidas
The API-first design approach treats APIs as first-class citizens. The entire system or project is built around the idea that components connect via APIs. The first step is, therefore, to design the APIs and their connections.
However, there is a gap between the beautiful world of API specifications and the reality of agile development. This gap means that published API specifications are often incomplete, missing examples or simply outdated. The API specification meant to help developers can be a thorn in one’s side because keeping the specification in sync with its implementation is a manual process, tedious and prone to be forgotten during the rush to deliver.
We show how this gap can be bridged effectively using the API specification as the only source of truth driving the API implementation with proven tools enabling automation.
Operational API design anti-patterns (Jason Harmon)Nordic APIs
This is a session given by Jason Harmon at Nordic APIs 2016 Platform Summit on October 26th, in Stockholm Sweden.
Description:
Normally, we find valuable data our clients need, and create APIs. We rationalize our domains into understandable resources, with clear boundaries of ownership (especially in microservice environments). However, if our design doesn’t include considerations for how clients will use the APIs, we can get into a lot of trouble when it goes live. We’ll look at some API design patterns that can cause operational headaches, and how to watch out for them. Furthermore, we’ll cover some tricks to get out of trouble if we already have it implemented.
Pain Points In API Development? They’re EverywhereNordic APIs
There’s an inherent tension for organizations doing API development: how to keep both your API developers as well as your infrastructure happy, at the same time. Decoupling front-end and back-end development allows parallel development, and helps keep your front-end, middle-end, and back-end efforts working asynchronously. This speeds progress, but requires far more – and far better – collaboration to be successful. Even an independent developer working with APIs requires good collaboration tools.
In this talk, Abhinav Asthana will provide tips on how to improve in API development using collaboration tools like executable API descriptions, API mock servers, and documentation. He will include specific examples of how companies (such as VMware, Coursera, and AMC Theatres) have used collaboration to attain more agile development, to onboard developers, and to ensure input from all participants/stakeholders.
What is developer experience? And how can it affect the success of your product? Our very own Keshav Vasudevan will take you through everything you need to know.
Lessons Learned from Revamping Our Doc SitePronovix
Learn what went well and what didn’t, when Ilona, a technical writer, and Prabhjot, a software engineer, share the story of revamping the developer documentation website at Twitch. Some hints: getting it done required more than just engineering, content, and design. Together they learned how to “manage up” and that the whole project went better because they worked so well as a team.
Continuous Integration and Delivery at Shapeways (Matt Boyle)Nordic APIs
This is a session given by Matt Boyle at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
We’ve spent a lot of time over the years at Shapeways building, honing, and improving our deployment and test process for our web properties and API. We started with straight-to-prod commits (which caused quite a bit of downtime!), graduated to working in two- and then one-week release cycles (which caused a lot of anxiety!), to where we are today: releasing 5-15 times a day, with automated testing, using continuous improvement and delivery best practices and tools. We’ve taken the complexity and anxiety out of our deployment process by implementing ChatOps, or using a bot to handle the sorts of tasks computers are great at, namely performing complex tasks repeatedly without error. This enables humans to focus on tasks that we’re uniquely suited for, namely solving complex problems and architecting reliable, resilient, and scalable solutions for our users. We’d love to share some of what we’ve learned along the way, from building automated testing tools, to selecting and implementing open-source solutions, to how we took our global deployment process from one hour to 4 minutes. We’d also like to share our vision of the future: what inspires us, what we hope to achieve in the coming weeks, months, and years, and how we’re going about doing it.
apidays LIVE LONDON - Discovering API Version differences with ease by Jaap B...apidays
apidays LIVE LONDON - The Road to Embedded Finance, Banking and Insurance with APIs
Discovering API Version differences with ease
Jaap Brasser, Developer Advocate at Rubrik
apidays LIVE Australia 2020 - Contract-first API development with Spot by Fra...apidays
apidays LIVE Australia 2020 - Building Business Ecosystems
Contract-first API development with Spot
Francois Wout, Developer Happiness Engineer at Airtasker
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...Michael Kuehne-Schlinkert
It can be tough to test an apparently simple service comprehensively. A microservice architecture brings a new level of complexity to the question “How can we validate that our API is working as intended?”
In this talk Michael will explain how to use test driven development for APIs and even further how TDD can drive an API Design towards a more usable design, and how to build an well-tested ecosystem of microservices.
This approach is applicable for different kinds of services (REST APIs, websockets, industrial protocols). Independent from the type of interface we always ran into similar problems when we build an ecosystem of services.
We have to deal with dependency, asynchronous behaviours, fallback mechanisms, endpoint versioning and sometimes even shared databases.
It’s not trivial to apply TDD to these kinds of problems cause you have to think of scenarios. But there are ways of identify these scenarios and to test them.
As an API specialist Michael worked with various clients designing, building, testing, maintaining and even redesigning private and public services. Based on his project experience he developed a practical approach to apply TDD to APIs in microservice ecosystems.
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...apidays
apidays LIVE Paris 2021 - APIs and the Future of Software
December 7, 8 & 9, 2021
Inside API delivery Pipeline, the checklist!
François Lasne, Director Open API & Open Banking at Finastra
apidays LIVE Paris - The Business of APIs by Jed Ngapidays
apidays LIVE Paris - Responding to the New Normal with APIs for Business, People and Society
December 8, 9 & 10, 2020
The Business of APIs: Lessons from building the world's largest API Marketplace
Jed Ng, Tech & API Investor
The motivation on why and when to use API-First service design. What are the real-life poblems in application development with regard to API's ? And how to solve these using tools like Swagger Editor , Swagger UI and Swagger-codegen. And how can an API Manager tool help to manage the Apllication Lifecycle of your API ( publishing , versioning, registration of consumers , quota's and rate-limiting )
apidays LIVE New York - API Code First vs Design First by Phil Sturgeonapidays
apidays LIVE New York - API for Legacy Industries: Banking, Insurance, Healthcare and Retail
API Code First vs Design First
Phil Sturgeon, Author of "APIs you won't hate" & Developer Advocate at Stoplight
As APIs continue to become a core focus of organizations, ensuring quality is a major factor at every stage, while also speeding up development. To embrace this reality, we must develop pragmatic approaches for closed-loop processes, outcome-oriented development, and effective change management techniques to deliver on the promise of APIs. Joe Joyce, Solution Engineer at SmartBear will discuss these modern issues and outline impactful approaches for you to resolve the daily challenges they present.
Automation API testing becoming a crucial part of most of the project. This whitepaper provides an insight into how API automation with REST Assured is certainly the way forward in API testing.
Modern REST API design principles and rules.pdfAparna Sharma
Typically, when updating or developing an API like Newsdata.io which is a news API for a service to provide news data with quick response time, there are lengthy discussions about the API’s structure, naming, and functions. Although, over time, certain rules have emerged that can be applied to the process and aid in reaching a common ground while developing.
The API-first design approach treats APIs as first-class citizens. The entire system or project is built around the idea that components connect via APIs. The first step is, therefore, to design the APIs and their connections.
However, there is a gap between the beautiful world of API specifications and the reality of agile development. This gap means that published API specifications are often incomplete, missing examples or simply outdated. The API specification meant to help developers can be a thorn in one’s side because keeping the specification in sync with its implementation is a manual process, tedious and prone to be forgotten during the rush to deliver.
We show how this gap can be bridged effectively using the API specification as the only source of truth driving the API implementation with proven tools enabling automation.
Operational API design anti-patterns (Jason Harmon)Nordic APIs
This is a session given by Jason Harmon at Nordic APIs 2016 Platform Summit on October 26th, in Stockholm Sweden.
Description:
Normally, we find valuable data our clients need, and create APIs. We rationalize our domains into understandable resources, with clear boundaries of ownership (especially in microservice environments). However, if our design doesn’t include considerations for how clients will use the APIs, we can get into a lot of trouble when it goes live. We’ll look at some API design patterns that can cause operational headaches, and how to watch out for them. Furthermore, we’ll cover some tricks to get out of trouble if we already have it implemented.
Pain Points In API Development? They’re EverywhereNordic APIs
There’s an inherent tension for organizations doing API development: how to keep both your API developers as well as your infrastructure happy, at the same time. Decoupling front-end and back-end development allows parallel development, and helps keep your front-end, middle-end, and back-end efforts working asynchronously. This speeds progress, but requires far more – and far better – collaboration to be successful. Even an independent developer working with APIs requires good collaboration tools.
In this talk, Abhinav Asthana will provide tips on how to improve in API development using collaboration tools like executable API descriptions, API mock servers, and documentation. He will include specific examples of how companies (such as VMware, Coursera, and AMC Theatres) have used collaboration to attain more agile development, to onboard developers, and to ensure input from all participants/stakeholders.
What is developer experience? And how can it affect the success of your product? Our very own Keshav Vasudevan will take you through everything you need to know.
Lessons Learned from Revamping Our Doc SitePronovix
Learn what went well and what didn’t, when Ilona, a technical writer, and Prabhjot, a software engineer, share the story of revamping the developer documentation website at Twitch. Some hints: getting it done required more than just engineering, content, and design. Together they learned how to “manage up” and that the whole project went better because they worked so well as a team.
Continuous Integration and Delivery at Shapeways (Matt Boyle)Nordic APIs
This is a session given by Matt Boyle at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
We’ve spent a lot of time over the years at Shapeways building, honing, and improving our deployment and test process for our web properties and API. We started with straight-to-prod commits (which caused quite a bit of downtime!), graduated to working in two- and then one-week release cycles (which caused a lot of anxiety!), to where we are today: releasing 5-15 times a day, with automated testing, using continuous improvement and delivery best practices and tools. We’ve taken the complexity and anxiety out of our deployment process by implementing ChatOps, or using a bot to handle the sorts of tasks computers are great at, namely performing complex tasks repeatedly without error. This enables humans to focus on tasks that we’re uniquely suited for, namely solving complex problems and architecting reliable, resilient, and scalable solutions for our users. We’d love to share some of what we’ve learned along the way, from building automated testing tools, to selecting and implementing open-source solutions, to how we took our global deployment process from one hour to 4 minutes. We’d also like to share our vision of the future: what inspires us, what we hope to achieve in the coming weeks, months, and years, and how we’re going about doing it.
apidays LIVE LONDON - Discovering API Version differences with ease by Jaap B...apidays
apidays LIVE LONDON - The Road to Embedded Finance, Banking and Insurance with APIs
Discovering API Version differences with ease
Jaap Brasser, Developer Advocate at Rubrik
apidays LIVE Australia 2020 - Contract-first API development with Spot by Fra...apidays
apidays LIVE Australia 2020 - Building Business Ecosystems
Contract-first API development with Spot
Francois Wout, Developer Happiness Engineer at Airtasker
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...Michael Kuehne-Schlinkert
It can be tough to test an apparently simple service comprehensively. A microservice architecture brings a new level of complexity to the question “How can we validate that our API is working as intended?”
In this talk Michael will explain how to use test driven development for APIs and even further how TDD can drive an API Design towards a more usable design, and how to build an well-tested ecosystem of microservices.
This approach is applicable for different kinds of services (REST APIs, websockets, industrial protocols). Independent from the type of interface we always ran into similar problems when we build an ecosystem of services.
We have to deal with dependency, asynchronous behaviours, fallback mechanisms, endpoint versioning and sometimes even shared databases.
It’s not trivial to apply TDD to these kinds of problems cause you have to think of scenarios. But there are ways of identify these scenarios and to test them.
As an API specialist Michael worked with various clients designing, building, testing, maintaining and even redesigning private and public services. Based on his project experience he developed a practical approach to apply TDD to APIs in microservice ecosystems.
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...apidays
apidays LIVE Paris 2021 - APIs and the Future of Software
December 7, 8 & 9, 2021
Inside API delivery Pipeline, the checklist!
François Lasne, Director Open API & Open Banking at Finastra
apidays LIVE Paris - The Business of APIs by Jed Ngapidays
apidays LIVE Paris - Responding to the New Normal with APIs for Business, People and Society
December 8, 9 & 10, 2020
The Business of APIs: Lessons from building the world's largest API Marketplace
Jed Ng, Tech & API Investor
The motivation on why and when to use API-First service design. What are the real-life poblems in application development with regard to API's ? And how to solve these using tools like Swagger Editor , Swagger UI and Swagger-codegen. And how can an API Manager tool help to manage the Apllication Lifecycle of your API ( publishing , versioning, registration of consumers , quota's and rate-limiting )
apidays LIVE New York - API Code First vs Design First by Phil Sturgeonapidays
apidays LIVE New York - API for Legacy Industries: Banking, Insurance, Healthcare and Retail
API Code First vs Design First
Phil Sturgeon, Author of "APIs you won't hate" & Developer Advocate at Stoplight
As APIs continue to become a core focus of organizations, ensuring quality is a major factor at every stage, while also speeding up development. To embrace this reality, we must develop pragmatic approaches for closed-loop processes, outcome-oriented development, and effective change management techniques to deliver on the promise of APIs. Joe Joyce, Solution Engineer at SmartBear will discuss these modern issues and outline impactful approaches for you to resolve the daily challenges they present.
Automation API testing becoming a crucial part of most of the project. This whitepaper provides an insight into how API automation with REST Assured is certainly the way forward in API testing.
Modern REST API design principles and rules.pdfAparna Sharma
Typically, when updating or developing an API like Newsdata.io which is a news API for a service to provide news data with quick response time, there are lengthy discussions about the API’s structure, naming, and functions. Although, over time, certain rules have emerged that can be applied to the process and aid in reaching a common ground while developing.
Restful Web Services is a lightweight, manageable and scalable service based on the REST architecture. Restful Web Service exposes your application’s API in a secure, uniform, and stateless manner to the calling client.
Best practices and advantages of REST APIsAparna Sharma
In this article, I am going to share the best practices and the advantages of REST APIs, as I am working with a team on a REST-based web application. Newsdata.io news API is a REST-based API that fetches news data from thousands of news websites in JSON format. Therefore, I have a basic understanding of REST APIs that I am going to share with you.
Modern REST API design principles and rules.pdfAparna Sharma
Typically, when updating or developing an API like Newsdata.io which is a news API for a service to provide news data with quick response time, there are lengthy discussions about the API’s structure, naming, and functions. Although, over time, certain rules have emerged that can be applied to the process and aid in reaching a common ground while developing.
An introduction to REST and RESTful web services.
You can take the course below to learn about REST & RESTful web services.
https://www.udemy.com/building-php-restful-web-services/
Many of the API design opinions found on the web are academic discussions revolving around interpretations of uncertain standards as opposed to what makes sense in the real world. The aim of this presentation is to describe the best common practices for a practical API design for the web applications
Many of the API design opinions found on the web are academic discussions revolving around interpretations of uncertain standards as opposed to what makes sense in the real world. The aim of this presentation is to describe the best common practices for a practical API design for the web applications
Many of the API design opinions found on the web are academic discussions revolving around interpretations of uncertain standards as opposed to what makes sense in the real world. The aim of this presentation is to describe the best common practices for a practical API design for the web applications.
In this C# Web REST tutorial, beginners will learn first what a C# REST API is and then what are the HTTP Verbs in C# REST API is. Learn about the HTTP Status Codes in this C# tutorial. and we will become acquainted with all of the Constraints of the C# REST API. After that, for a better learning experience, we will see a practical demonstration of C# REST API in this C# programming tutorial. Finally we will wind up this session with Few takeaways on C# REST API.
How Much Does It Cost To Hire Full Stack Developer In 2022.pdfKaty Slemon
Looking to Hire Full Stack developer at an affordable rate? Know how much it cost to Hire full stack Developer, types, popular combinations, and hourly rates
Sure Shot Ways To Improve And Scale Your Node js Performance.pdfKaty Slemon
Want to Improve And Scale Your Node js Performance? Check out some Node Js performance optimization tips and tricks for improving your existing Node Js app.
IoT Based Battery Management System in Electric Vehicles.pdfKaty Slemon
Explore India's most advanced cloud platform- IONDASH, responsible for monitoring the performance of battery management system in electric vehicles.
The Ultimate Guide to Laravel Performance Optimization in 2022.pdfKaty Slemon
Is your Laravel app facing performance issues? Here are the proven Laravel Performance Optimization tips to boost app performance and enhance security.
How to Hire & Manage Dedicated Team For Your Next Product Development.pdfKaty Slemon
Description: Looking for a dedicated team to manage your next product successfully? Read this blog to discover how to hire and manage a remote dedicated team.
Choose the Right Battery Management System for Lithium Ion Batteries.pdfKaty Slemon
Find out how to choose the right battery management system for lithium ion batteries by analyzing key parameters like voltage, current, and BMS architecture.
How to Set Up and Send Mails Using SendGrid in NodeJs App.pdfKaty Slemon
Description: Curious about how to Send Mails using SendGrid in NodeJs App? Read this guide to learn everything about SendGrid, including what is SendGrid and Why to use it!
Ruby On Rails Performance Tuning Guide.pdfKaty Slemon
Want to know how you can Optimize the Ruby On Rails App? Go through this ultimate guide to get the best tips for improving your Ruby on Rails performance.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
2. Quick Overview:
This blog post sheds light on the REST
(Representational State Transfer) architecture.
We have covered what are the key aspects to
look-into the best API designs, what are the 6
architectural constraints of REST API, and
shared our archived top 12 REST API Best
Practices that help you build robust enterprise
application architecture.
3. Introduction
What is REST API?
3 Traits For an Ideal RESTful API Design
6 RESTful Architectural Constraints
REST API Best Practices
Conclusion
CONTENTS
1.
2.
3.
4.
5.
6.
5. Sure, you might be thinking that the REST API
has given no standards or rulebook to follow
when designing your representational state
transfer app interface. However, we at Bacancy
Technology have identified and are practicing
these 9 top best practices for REST API design.
The RESTful system is often restricted by a
uniform interface, code on demand, client-
server architecture, cacheability, client-server
architecture, or statelessness. But this does not
limit the designers because REST is merely a
design approach and not a standard or
framework.
Since the genesis of the restapi approach as
found by Roy Fielding in the year 2000 and over
these 20 years of software development, we
have adapted these REST API best practices
design in 2021. We hope they will turn up to be
helpful to you too.
7. Let us begin from dawn. For those who want to
get the very idea of the Restful application
programming interface, we’re here with the
definition:
“REST stands for Representational State
Transfer, and it is an application programming
interface. The HTTPs communication protocol
mostly accesses it”.
9. 1. Easy to Work with, Easy to View:
A well-grounded API will be uncomplicated to
work with. Its resources and other related
operations should be quickly committed to
memory by developers who deal with it
consistently. Thus, an ideal API should be
trouble-free to read and write so that designers
and developers are comfortable working with it.
10. 2. Tough to misuse:
Integration with an API having a good design
will be quite straightforward when writing
inaccurate code becomes less likely to occur. It
has knowledgeable feedback and does not
enforce any severe guidelines on the API end
customer.
3. Outright & concise:
With conciseness, we mean that a
comprehensive API will enable developers to
create full-fledged applications in opposition to
your exposed data. Usually, completeness takes
place over time, and maximum API designers
gradually build on top of the existing APIs.
Thus, this is an ideal trait of the best API design
that every organization or an engineer having
an API should be dedicated to.
12. 1. Uniform interface
By REST, you use the same concept to decouple
the client from implementing the REST service.
Compare interface with a contract signed
between client-server where you must use
certain standards. The reason being, globally
accepted APIs should enforce global concepts,
like standards, to make them understandable.
13. 2. Client-server
Here, we mean that the server application and
the client application should evolve individually
without the need to depend on each other. To be
more precise, it should stick to the separation of
concerns. By separation of concerns, the code on
the client end can be modified/altered anytime
without creating any impact on the conditions
of the server. Additionally, the code on the
server end can be altered without altering the
conditions of the client.
By maintaining the separation of concerns, we
can enhance the flexibility and Scalability of the
particular interface across various platforms. A
client must be aware of resource URIs only.
Unless and until the interface between clients
and servers is kept unaltered, they can be
developed and replaced separately.
14. 3. Stateless
Having gained inspiration from HTTP, Roy
fielding considers this constraint. By this
architectural constraint, we mean to make all
the client-server engagements stateless. This
way, the server will not reserve anything
regarding the latest HTTP request made by the
client. Hence, it will consider every request as a
new and unique one. Moreover, it must not rely
on any prior information exchanged between
the two. This further means no session, no
history.
The client is held accountable for handling the
application’s state. A client application requires
a stateful application for the end-user, wherein
the logs in once and carries out various
authorized operations. Every request from the
client must involve all the essential information
for servicing the request and authorization
details and authentication.
15. 4. Cacheable
Today, caching holds vital importance wherever
applicable. With caching comes an enhanced
performance for the client, leading to an
improved scope for scalability for a server with a
reduced load.
When it comes to REST, every response can be
termed as cacheable and non-cacheable. You can
use the cached response as the request-response
instead of checking with the server. This helps in
eliminating the interaction required between
the client and the server up to some extent.
16. 5. Layered system
Generally, components are unable to view
beyond the immediate layer. REST enables you
to make use of a layered architecture system.
Here, you can deploy the APIs on server A, save
data on server B, and verify requests on server C.
These servers may offer a security layer, a load-
balancing layer, a caching layer, and several
other functionalities. Additionally, any of these
layers must not influence the responses or
requests.
6. Code on demand (optional)
This one is generally an optional constraint.
Usually, you will be required to send a static
representation of resources in a JSON REST API
or XML form. However, whenever you need to,
you can easily return executable code for
supporting a vital part of your application.
18. Below are the 12 assembled REST API Best
Practices design that we implement and have
helped us in our business applications. Check
them out if they might help you as well.
19. 1. Use Nouns and not Verbs in URI
REST APIs must be developed for resources that
can be services, entities, etc. Hence, they should
always consist of nouns and not verbs. This
means that we must refrain from using verbs in
REST endpoint paths. Instead, we must
implement nouns that represent a certain
entity.
Why? Because the HTTP request method that
we use already consists of a verb. Having verbs
in the REST API endpoint path does nothing
and, thus, is unnecessary as it does not fetch
any new information.
The selected verbs can vary from a developer’s
notion. For example, some prefer ‘get’, while
some prefer ‘retrieve’. Hence, it is better to
allow the HTTP GET verb to state what an
endpoint does.
20. GET, PUT, DELETE, and POST.
GET rectifies and recovers resources
PUT updates the current data
DELETE eliminates data
POST delivers new and unique data to the
server.
The action must be specified by the HTTP
request method made by us. Generally, some
basic methods involve
The verbs map to Create, Read, Update, and
Delete(CRUD) operations. Hence, to get news
articles, you have to create GET /articles/. POST
/articles/ to add a new article, PUT /articles/:id
for updating the article provided by the given
ID, and DELETE /articles/:id to delete an article
provided by the given ID. /articles denote a
REST API example resource.
21. For example, we can employ Express to
implement these endpoints to manipulate
articles like,
22. In the code above, you can see that the path
names do not consist of any verbs in them. It
states all nouns and HTTP verbs.
2. Use Plural naming conventions
Usually, we prefer using plurals. However,
know that no rule states one cannot use a
singular when it comes to the resource name.
Here’s why plurals are used:
We are working on one resource from the set of
resources. Hence, to illustrate collection, we
make use of plural naming conventions.
For example, let us consider GET /users/123. The
client here asks to rectify and recover a
resource from the user’s collection with ID 123.
While developing a resource, if we need/wish to
add another resource to the existing collection
of resources, the API looks like POST /users.
23. 3. Hypermedia as the engine of
application state (HATEOAS)
This constraint stands out for several other
network application architectures from the
REST architecture. The Hypermedia As Transfer
Engine Of Application offers easy navigation via
certain resources and their available actions. By
this, a client is not required to know how to
communicate with an application for distinct
actions because each of the metadata gets
embedded in the responses sent from the
server.
For a clearer understanding, let us look at an
example. Here is a response of a retrieved user
having ID 123 from the server.
24. At times, it is easy and comfortable in skipping
the format of links, thereby specifying links as
fields of a resource given below:
25. Ideally, it is not a convention that needs to be
followed every time. This is because it relies on
resource size/fields and actions that can be
executed on resources. If resources consist of
multiple fields that users do not wish to go
through, it is better to show navigation to sub-
resources followed by implementing HATEOAS.
26. Swagger is a popular and widely used tool that
is used to document REST APIs. It offers a way
to analyze the use of a particular API, thereby
enabling developers to be aware of the
fundamental Semantic behavior. To be more
precise, it is an analytical way of incorporating
documentation using annotations that further
gives rise to a JSON that describes APIs and
their usage.
4. Swagger
27. REST enables using various output formats
such as JSON, RSS, XML, CSV, and HTML.
Although, this entirely depends on what you
require your API for and the application you
possess. If you have a public-facing service that
you wish to be available via REST API design,
you must choose JSON data format. Almost in
99% of cases, JSON is the most preferred data
format for interacting between payload and
response.
To ensure when the REST API design app
responds with JSON, you must set Content-
Type in the header in response to the
application/JSON following the request. Various
server-side app frameworks automatically set
the response header. Few HTTP clients see the
Content-Type response header and review the
data as per the format.
5. Use only JSON
28. One and the only exception is at times when
you try to exchange files between server and
client. For this, you are required to manage file
resolves and send form data directly from the
client to the server. However, that is a different
topic. All and all, keep in mind that you need to
ensure that your endpoints return JSON REST
API as a response. Several server-side
frameworks own this built-in feature.
6. Allow filtering, sorting, and
pagination
Few key features for consuming API include
filtering, sorting, and paging. Often, resource
collection can be huge. The databases behind
REST API standards can also get enormous.
Eventually, it brings down the performance of
our systems. To eradicate these, we can use,
29. Filtering: To shrink the query results by
certain parameters. For example, country or
creation date.
Sorting: This enables sorting the results in
an ascending or descending order by a
selected parameter/(s). For example, by
date.
Paging: It uses ‘limit’ to narrow down the
count of results displayed to a certain
number and ‘offset’ to denote the part of the
result range to be displayed. This is
significant in cases where the count of total
outcomes is greater than the ones
introduced.
30. By pagination data, we ensure returning only a
couple of results instead of collecting all the
requested data at once. By filtering and
pagination, you can elevate the performance as
there is a potential reduction in the usage of
server resources. With more and more data
assembling in the databases, these features
become more important.
31. 7. Performance optimization with
Caching
You can add caching to bring back data from the
local memory cache rather than querying the
database for obtaining the data every time you
wish to retrieve any data requested by the
users. An excellent point of caching is that users
can achieve data even faster. However, many
times, the data achieved by users might be
outdated. Eventually, this can lead to major
problems while debugging in production
environments, as anything might go wrong
because users entertain old data.
There are several types of caching solutions,
such as in-memory caching, Redis, etc. With
this, you can alter the way data is cached as
your requirements change.
32. For example, Express possesses the api cache
middleware to add cache to the app without
considerable configuration. You can incorporate
an easy in-memory cache to our server such as,
33. In case you use caching, ensure including
Cache-Control information in headers. This will
assist your users efficiently in using your
caching system.
8. Error Handling
To cut off confusion for all API users, errors
must be handled gracefully, thereby returning
the HTTP response codes that denote the
nature of the error that has occurred. This
provides the API maintainers sufficient
information to analyze the source and cause of
the problem. In case you don’t wish errors to
harm your system, you can leave them
unhandled. This means that the API consumer
has to handle errors.
Here is a list of common error HTTP status
codes. Let’s have a look!
34. • 400 Bad Requests: This denotes that the
client-side input has failed
documentation/validation.
• 401 Unauthorized: This denotes that the user
is unauthorized for accessing a resource.
Usually, it returns when a user is not verified.
• 403 Forbidden: This denotes that the user is
inappropriate and is not allowed to access a
resource even after being verified.
• 404 Not Found: This denotes that no resources
are found.
• 500 Internal server error: This is a common
server error.
• 502 Bad Gateway: This error marks an
invalid/null response from an upstream server.
• 503 Service Unavailable: This denotes that
something unpredicted and unusual activity
took place on the server-side. (server overload,
part failure, system failure)
35. Error codes are required to accompany
messages with them so that the API
maintainers can obtain sufficient information
for troubleshooting the issue. However,
attackers cannot utilize the error content for
cyberattacks, such as bringing the system down
or stealing vital information. If your API stays
incomplete, you should send errors along with
information to allow users to take corrective
actions.
36. Never skip versioning your API. Versioning
enables you to repeat faster, thereby preventing
inapplicable requests to hit updated endpoints.
Alongside, it assists in smoothing over any
complex API version transitions as you can
keep offering old API versions for an extended
period.
Generally, there are mixed reviews regarding
whether an API version must be incorporated in
a header or the URL. Well, if we speak
academically, it must be situated in the header.
However, the version requires to be present in
the REST API URL, thereby ensuring the
exploration of the browser across several
versions, enjoying an easy and simple developer
experience.
9. Versioning
37. Ideally, an API can never be stable. Hence, it is a
variable. Although the change is unavoidable,
what is important is to look at how to manage
the change. An excellent practice for plenty of
APIs is well-documented and announced
depreciation schedules every month.
Few examples of endpoint URI versioning
include:
• https://api.stripe.com/v1/ (major version
indication only)
• https://us6.api.mailchimp.com/3.0/ (major +
minor version indication)
• https://api.twilio.com/2010-04-01/ (date based
indication)
• https://developer.github.com/v3/ (major
version indication only)
38. If a resource consists of sub-resources, ensure
depicting this in the API, thereby making it
clear and specific. For instance, if a user has
posts and we wish to retrieve/ redeem a certain
post by the user, API can be interpreted as GET
/users/123/posts/1. This will retrieve the post
having id one by the user having the id 123
.
Many times, resource objects can be linked with
one another or possess some sort of functional
hierarchy. It is usually a better idea to restrict
the nesting to a single level in the REST API. If
you think of implementing too many nested
levels, it might not look elegant. Also, by
filtering, you can achieve a similar result.
10. Resource hierarchy
39. Some safe methods are HTTP methods that
return the exact resource representation. GET,
TRACE, OPTIONS, and HEAD methods are
referred to as safe. By safe, we mean that they
are ideally expected to retrieve data without
changing the state of a resource on the server.
Moreover, refrain from using GET to delete
content, like GET /users/123/delete.
Generally, it is nothing like it cannot be
executed, but the problem arises because the
HTTP specification gets violated in this case.
Hence, make use of HTTP methods as per the
action that you are required to carry out.
11. Idempotence (Misusing Safe
methods)
40. Publishing your API documentation is
extremely vital. Not only do these help
developers, but users as well. When you publish
the API documentation, developers view what
they are dealing with while making an
implementation. Besides this, publishing
enables potential users to look into what is
made available through your API.
API Documentation must offer information
regarding the existing methods and endpoints,
potential response codes, request/response
examples, existing throttling or limits, and
information about authorization. An excellent
idea for this is to publish the documentation in
a browsable web page format that has engaging
options, playground, and curl examples.
12. API Documentation
41. Bear in mind that the API documentation even
represents your organization. A comprehensive,
well-written, and exceptionally presented
document will be acknowledged by the
developers and partners, thereby creating an
example of how it must be created. However, if
a clumsy and poorly designed documentation
that has no examples has plenty of errors and is
outdated, it may eventually harm the image of
your organization.
Some excellent examples of API documentation
are,
• Mailchimp
• Twilio
• Stripe
43. The chief takeaway required to design a high-
quality REST API standards is maintaining
consistency by sticking to conventions and web
standards. Developers are required to devote a
good time to design REST APIs. Why? Because
APIs hold the capacity to turn any service
extremely easy or extremely complicated.
When it comes to the modern web, JSON, HTTP,
SSL/TLS status codes are some standard
building blocks. As a quick wrap-up, we need to
put focus on performance as well. To elevate
performance, make sure you don’t return too
much data simultaneously. With caching, you
don’t need to query for data each time.
Additionally, maintain consistency in the paths
of endpoints. This was a guide that states the
top REST API best practices. Looking for
explicit REST API architecture designers,
Bacancy Technology is the right window for
your business.