This document discusses RESTful microservices and best practices for designing REST APIs. It covers topics like why REST is important for API design, common REST principles, naming conventions, resource relationships, security, versioning, documentation, and management of REST APIs. It also provides examples of how various companies implement practices like filtering, searching, paging, and error handling in their REST APIs. Finally, it discusses how the WebSphere Liberty application server supports REST APIs through features like API discovery and collective APIs.
apidays LIVE India - REST the Events - REST APIs for Event-Driven Architectur...apidays
apidays LIVE India 2021 - Connecting 1.3 billion digital innovators
May 20, 2021
REST the Events - REST APIs for Event-Driven Architecture
Mark Teehan, Principal Solution Engineer at Confluent APAC
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2y2yPiS.
Colin McCabe talks about the ongoing effort to replace the use of Zookeeper in Kafka: why they want to do it and how it will work. He discusses the limitations they have found and how Kafka benefits both in terms of stability and scalability by bringing consensus in house. He talks about their progress, what work is remaining, and how contributors can help. Filmed at qconsf.com.
Colin McCabe is a Kafka committer at Confluent, working on the scalability and extensibility of Kafka. Previously, he worked on the Hadoop Distributed Filesystem and the Ceph Filesystem.
As you go into the cloud, the applications you are building will often be built on service-oriented architectures that communicate through RESTful APIs. Where API design and development used to be an uncommon thing, today it has become a basic application requirement. George Reese will cover the basic considerations in designing and implementing an API for your applications.
George Reese is the author of a number of technology books and a regular speaker on RESTful APIs, cloud computing, Java, and database systems. His most recent books are The REST API Design Handbook and O’Reilly’s Cloud Application Architectures. Professionally, he is the Executive Director of Cloud Computing at Dell as a result of Dell's recent acquisition of Enstratius, a company George co-founded. George has also led a number of Open Source projects, including several MUD libraries and the Imaginary Home home automation libraries for Java. He is also the primary maintainer of Dasein Cloud, a cloud abstraction API for Java.
George holds a BA from Bates College in Maine and an MBA from the Kellogg School of Management at Northwestern University.
apidays LIVE India - REST the Events - REST APIs for Event-Driven Architectur...apidays
apidays LIVE India 2021 - Connecting 1.3 billion digital innovators
May 20, 2021
REST the Events - REST APIs for Event-Driven Architecture
Mark Teehan, Principal Solution Engineer at Confluent APAC
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2y2yPiS.
Colin McCabe talks about the ongoing effort to replace the use of Zookeeper in Kafka: why they want to do it and how it will work. He discusses the limitations they have found and how Kafka benefits both in terms of stability and scalability by bringing consensus in house. He talks about their progress, what work is remaining, and how contributors can help. Filmed at qconsf.com.
Colin McCabe is a Kafka committer at Confluent, working on the scalability and extensibility of Kafka. Previously, he worked on the Hadoop Distributed Filesystem and the Ceph Filesystem.
As you go into the cloud, the applications you are building will often be built on service-oriented architectures that communicate through RESTful APIs. Where API design and development used to be an uncommon thing, today it has become a basic application requirement. George Reese will cover the basic considerations in designing and implementing an API for your applications.
George Reese is the author of a number of technology books and a regular speaker on RESTful APIs, cloud computing, Java, and database systems. His most recent books are The REST API Design Handbook and O’Reilly’s Cloud Application Architectures. Professionally, he is the Executive Director of Cloud Computing at Dell as a result of Dell's recent acquisition of Enstratius, a company George co-founded. George has also led a number of Open Source projects, including several MUD libraries and the Imaginary Home home automation libraries for Java. He is also the primary maintainer of Dasein Cloud, a cloud abstraction API for Java.
George holds a BA from Bates College in Maine and an MBA from the Kellogg School of Management at Northwestern University.
At the Devoxx 2015 conference in Belgium, Guillaume Laforge, Product Ninja & Advocate at Restlet, presented about the never-ending REST API design debate, covering many topics like HTTP status codes, Hypermedia APIs, pagination/searching/filtering, and more.
Super simple introduction to REST-APIs (2nd version)Patrick Savalle
See also: https://hersengarage.nl/rest-api-design-as-a-craft-not-an-art-a3fd97ed3ef4
An API in an interface or client-server-contract and REST is an HTTP design pattern. A REST-API is the de facto standard in web interface. It maps server resources onto URLs and allows CRUD-like manipulations of those (Create-Read-Update-Delete).
In this presentation we cover the basics of:
- The HTTP protocol
- The REST design pattern
- The API
RESTful Architecture is effectively an implementation of Resource-Oriented architecture (ROA). ROA - is a good fit for Service oriented Architecture (SOA) implementation. Check out KickStartPros approach on RESTful API Design.
* REST = REpresentational State Transfer
* REST is Resource Based Representation. REST identifies things by JSON or XML & URIs.
* REST behavior/actions are identified by HTTP methods (GET, POST, PUT, DELETE).
* Using Uniform Interface Architecture with REST you can decouple Client (like Browser/Android App/iOS App) and Server.
* REST using Layered System and Cacheable Architecture gives better performance.
Integrating Alfresco @ Scale (via event-driven micro-services)J V
Alfresco DevCon 2018 (Lisbon) - https://devcon.alfresco.com/
Alfresco provides a rich set of options for integrating third-party systems with services across the Digital Business Platform. We will deep-dive into the architecture of the new Alfresco Integration Services framework – a set of event-driven micro-services that can be easily deployed & scaled.
https://www.youtube.com/watch?v=TyB-t7wsDEE
Building Beautiful REST APIs with ASP.NET CoreStormpath
Join Stormpath .NET Developer Evangelist, Nate Barbettini, to learn best practices for designing your REST API in ASP.NET Core. Nate will explain how to build HATEOS-compliant JSON APIs while supporting security best practices and even improving performance and scale.
Topics Covered:
What is REST and HATEOS?
How to think about RESTful APIs
How to model hypermedia in C#
Building JSON APIs in ASP.NET Core
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...apidays
apidays LIVE Hong Kong 2021 - API Ecosystem & Data Interchange
August 25 & 26, 2021
Multi-Protocol APIs at Scale in Adidas
Jesus de Diego, API Evangelist at Adidas
Learn how to monitor and manage your serverless APIs in production. We show you how to set up Amazon CloudWatch alarms, interpret CloudWatch logs for Amazon API Gateway and AWS Lambda, and automate common maintenance and management tasks on your service.
The Query Service is the new platform solution for querying a variety of data sources. The goal of Query Service is that administrators can configure a metadata description of the data source that can then be used by end users without detailed knowledge of the underlying data source. This session explains how to configure Query Service data sources and use them with the RESTful API or component collection.
At the Devoxx 2015 conference in Belgium, Guillaume Laforge, Product Ninja & Advocate at Restlet, presented about the never-ending REST API design debate, covering many topics like HTTP status codes, Hypermedia APIs, pagination/searching/filtering, and more.
Super simple introduction to REST-APIs (2nd version)Patrick Savalle
See also: https://hersengarage.nl/rest-api-design-as-a-craft-not-an-art-a3fd97ed3ef4
An API in an interface or client-server-contract and REST is an HTTP design pattern. A REST-API is the de facto standard in web interface. It maps server resources onto URLs and allows CRUD-like manipulations of those (Create-Read-Update-Delete).
In this presentation we cover the basics of:
- The HTTP protocol
- The REST design pattern
- The API
RESTful Architecture is effectively an implementation of Resource-Oriented architecture (ROA). ROA - is a good fit for Service oriented Architecture (SOA) implementation. Check out KickStartPros approach on RESTful API Design.
* REST = REpresentational State Transfer
* REST is Resource Based Representation. REST identifies things by JSON or XML & URIs.
* REST behavior/actions are identified by HTTP methods (GET, POST, PUT, DELETE).
* Using Uniform Interface Architecture with REST you can decouple Client (like Browser/Android App/iOS App) and Server.
* REST using Layered System and Cacheable Architecture gives better performance.
Integrating Alfresco @ Scale (via event-driven micro-services)J V
Alfresco DevCon 2018 (Lisbon) - https://devcon.alfresco.com/
Alfresco provides a rich set of options for integrating third-party systems with services across the Digital Business Platform. We will deep-dive into the architecture of the new Alfresco Integration Services framework – a set of event-driven micro-services that can be easily deployed & scaled.
https://www.youtube.com/watch?v=TyB-t7wsDEE
Building Beautiful REST APIs with ASP.NET CoreStormpath
Join Stormpath .NET Developer Evangelist, Nate Barbettini, to learn best practices for designing your REST API in ASP.NET Core. Nate will explain how to build HATEOS-compliant JSON APIs while supporting security best practices and even improving performance and scale.
Topics Covered:
What is REST and HATEOS?
How to think about RESTful APIs
How to model hypermedia in C#
Building JSON APIs in ASP.NET Core
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...apidays
apidays LIVE Hong Kong 2021 - API Ecosystem & Data Interchange
August 25 & 26, 2021
Multi-Protocol APIs at Scale in Adidas
Jesus de Diego, API Evangelist at Adidas
Learn how to monitor and manage your serverless APIs in production. We show you how to set up Amazon CloudWatch alarms, interpret CloudWatch logs for Amazon API Gateway and AWS Lambda, and automate common maintenance and management tasks on your service.
The Query Service is the new platform solution for querying a variety of data sources. The goal of Query Service is that administrators can configure a metadata description of the data source that can then be used by end users without detailed knowledge of the underlying data source. This session explains how to configure Query Service data sources and use them with the RESTful API or component collection.
Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. With a few clicks in the AWS Management Console, you can create an API that acts as a “front door” for applications to access data, business logic, or functionality from your back-end services, such as workloads running on Amazon Elastic Compute Cloud (Amazon EC2), code running on AWS Lambda, or any Web application.
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...apidays
apidays LIVE Paris 2021 - APIs and the Future of Software
December 7, 8 & 9, 2021
Lessons from the API Stewardship Journey in Azure
Ryan Sweet, Principal Architect at Microsoft
The “Twelve-Factor” application model has come to represent twelve best practices for building modern, cloud-native applications. With guidance on things like configuration, deployment, runtime, and multiple service communication, the Twelve-Factor model prescribes best practices that apply to everything from web applications to APIs to data processing applications. Although serverless computing and AWS Lambda have changed how application development is done, the “Twelve-Factor” best practices remain relevant and applicable in a serverless world. In this talk, we’ll apply the “Twelve-Factor” model to serverless application development with AWS Lambda and Amazon API Gateway and show you how these services enable you to build scalable, low cost, and low administration applications.
Resting on your laurels will get you pownedDinis Cruz
Presentation delivered at BlackHat 2013. See these posts for more details on the Demos: http://blog.diniscruz.com/2013/08/using-xmldecoder-to-execute-server-side.html ., http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html
The “Twelve-Factor” application model has come to represent twelve best practices for building modern, cloud-native applications. With guidance on things like configuration, deployment, runtime, and multiple service communication, the Twelve-Factor model prescribes best practices that apply to everything from web applications to APIs to data processing applications.
Although serverless computing and AWS Lambda have changed how application development is done, the “Twelve-Factor” best practices remain relevant and applicable in a serverless world. In this talk, Chris will share with you how to apply the “Twelve-Factor” model to serverless application development with AWS Lambda and Amazon API Gateway and show you how these services enable you to build scalable, low cost, and low administration applications.
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Mind IT Systems
Healthcare providers often struggle with the complexities of chronic conditions and remote patient monitoring, as each patient requires personalized care and ongoing monitoring. Off-the-shelf solutions may not meet these diverse needs, leading to inefficiencies and gaps in care. It’s here, custom healthcare software offers a tailored solution, ensuring improved care and effectiveness.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
4. Why do we need REST?
• So many languages, how do they expose data & functionality
consistently?
• How is communication between all the “Internet of Things”
components?
• REST abstracts languages (client and server), implementations
(libraries), and frameworks (VMs, HA, on-demand)
• But remember, not all REST apps are microservices!
3
6. Monetarize existing assets!
5
Systems of Engagement
Systems of Record
Integration bus
Team
Stats
Ticketing
Systems of Insight
Audrey
Cloud App Dev
Ron
Enterprise
Developer
Catalog and
Publish APIs
Discover
APIs
FANAPP
App Server Cloud
8. HTTP verbs - use them! (…with caution)
7
• Idempotent - identical requests get the same result
• Safe - can be called without modification to data.
9. Resource Naming
• Use an appropriate resource name rather than the backend name:
• Good: http://api.ibm.com/offering/customers/{customer_name}
• Bad: http://api.ibm.com/offering/UserContextHandler
8
10. Resource Chaining
• Resources in RESTful URLs can be chained together to form a
hierarchy of relationships.
– resource1/{id}/resource2/{id}
• Always use a collection followed by a member
– …/customers/123/orders/456/items/789
– Items belong to orders, orders belong to customers.
9
11. Resource Chaining (2)
• URLs should be Hackable ‘up the tree’
– User should be able to remove the leaf path and get an expected response
back.
– …/customers/123/orders
– Removing the end of the URL up to orders should return back all of the
orders for that customer.
• Do not use members that belong to collections without having the
collection in the path first.
– Good: /customers/123/orders/456/items/789
– Bad: /customers/123/orders/456/789
10
12. Attributes
• A leaf resource will return attributes about itself
GET /employees/1a2b3c
{ “name” : “Bob”, “telephone” : “905-231-3410” }
• Allow attributes to be queried and updated directly (unless read-only or
virtual, like state), but not created from parent resource
Good: GET /employees/1a2b3c/telephone
Good: PUT /employees/1a2b3c/telephone { “416-974-2418” }
Bad: POST /employees/1a2b3c { “newAttribute” : “value” }
11
13. Algorithmic attributes
• Transforming operations into algorithmic attributes
• Example: APIs to start and stop a server
– Bad: POST /servers { “server” : “myhost.com/sv1”, “operation” : “start”}
– Bad: POST /servers { “server” : “myhost.com/sv1”, “operation” : “stop”}
– Good: POST /host/{host_id}/servers/{server_id}/start { ..optional..}
– Good: POST /host/{host_id}/servers/{server_id}/stop { ..optional..}
• Supports a read-only / virtual attribute GET /host/{host_id}/servers/{server_id}/state
– POST instead of PUT, because algorithmic attributes are not idempotent
12
14. Query parameters vs header
• Use query parameters for characteristics that have an affinity to the
resource
– Ex: paging, filtering, sorting
• Use header for characteristics that have an affinity to the whole request
– Ex: security credentials, caching attribute
13
15. Filtering in Industry
• Filtering which fields are returned from the resource
• LinkedIn
– /people:(id,first-name,last-name,industry)
• Facebook
– /joe.smith/friends?fields=id,name,picture
• Google
– ?fields=title,media:group(media:thumbnail)
14
16. Searching / Querying
• Searching for specific resources
• Always apply to a collection
• Best practice is to use “name=value” pairs, matching fields
– Ex: /employees?name=Bob&city=Mooresville
• Non-RESTful examples:
15
17. Paging in Industry
• Paging the results of a resource
https://api.mycompany.com/v1/users?offset=50&limit=50
• Facebook
– offset, before, after, limit, next, previous
• Twitter
– cursor, count, next_cursor, total_count
• LinkedIn
– start, count
16
18. Versioning
• Best practice is to put the version as "vX" after context root, ie:
/myApp/v2, /myApp/v3
• Top level GET should yield what versions are available.
– ie:GET /myApp should return something like {v1 : /myApp/v1, v2:
/myApp/v2}
• No version implies v1, so specifying v1 is optional, but if expecting new
versions to come along, adding v1 from the start is considered best
practice.
17
19. Versioning in the industry
• Twilio
– /2010-04-01/Accounts/
• Salesforce.com
– /services/data/v20.0/objects/Account
• •Facebook
– ?v=1.0
18
20. Versioning should be simple
• Guidelines is to keep major (v1) or major.minor (v1.1) versioning
• Beyond that brings confusion to clients, and hinders server-side
flexibility
• Ex: Docker APIs.
– Which clusters do I have running v1.18 which need to be upgraded?
– Someone requested a v1.21 API, but I routed them to a v1.19 server…
– Client:
if (server.version = v1.23)
….
else if (server.version = v1.22)
…. 19
21. Security of REST APIs
• No security
– Only for trials or prototypes, never for production-level
– Need enforcement of overall transaction rate
• Basic authorization
– Simplest and oldest form of authorization
– User/Password, or Certificates
– Ex: header(“Authorization”, “Basic kjz022zxlksa”)
20
22. Security of REST APIs
• API keys
– Can be simply a key that identifies an user:
• GET /employees/1a2b3c?apiKey=d2lk10xl2
– Can be stronger, and also include a signature of the data which matches a
private key:
• DELETE /employees/1a2b3c?apiKey=d2lk10xl2&sig=3s00xkll213kxxl
• OAuth (OpenID Connect)
– Most modern systems support this authorization method
– Significantly increases the flexibility of your APIs (ie: log into with Google or
Facebook account)
– Can also increase security by utilizing Scopes 21
25. CORS
• Cross-origin resource sharing
• Web browsers add extra constraints for Javascript code calling to
remote servers, to avoid phishing scams and other attacks
• CORS headers:
– Origin
– Access-Control-Request-Method
– Access-Control-Request-Headers
– Access-Control-Allow-Origin
– Access-Control-Allow-Credentials
– Access-Control-Expose-Headers
– Access-Control-Max-Age
– Access-Control-Allow-Methods
– Access-Control-Allow-Headers
24
26. Documentation: Swagger Introduction
• Industry leading specification for defining REST APIs.
• Supports both JSON and YAML formats.
• Large open source community with various projects on GitHub:
• Client code generation (26 languages).
• Server code generation (9 languages).
• Online editor and GUI.
• Over 2000 related open-source repository, with 15000 daily downloads.
• Base specification for Open API Initiative (https://openapis.org/), under
Linux foundation.
25
27. Documentation: Swagger YAML Sample
26
paths:
/pet:
post:
tags:
- pet
summary: Add a new pet to the store
description: ''
operationId: addPet
consumes:
- application/json
- application/xml
produces:
- application/xml
- application/json
parameters:
- in: body
name: body
description: Pet object that needs to be added to the store
required: true
schema:
$ref: '#/definitions/Pet'
responses:
'405':
description: Invalid input
security:
- petstore_auth:
- 'write:pets'
- 'read:pets'
31. Languages
30
• Which languages are you familiar with?
• What are your requirements today? (routing, db access)
• What are your requirements tomorrow? (on-prem vs cloud)
• Look at all the entire lifecycle of your REST APIs
• Development, Maintenance, Fire-drills, Upgrades, Access
control, etc.
• Don’t just focus on how quickly they can be made available
33. API Discovery
• All applications are discoverable in a single RESTful endpoint,
/ibm/api/docs
• Query parameter allows filtering based on context root.
• Support both JSON and YAML.
• Application participation can be configured in server.xml (location, on/off).
• Available through apiDiscovery-1.0 feature.
32
Admin UI
Applications
Liberty
REST
APIProviders
API Manager
34. API Discovery User Interface
• Based on the Open Source Swagger UI
• Available at /ibm/api/explorer
33
35. API Discovery Collective Support
• Enabling apiDiscovery-1.0 on a collective member will expose their
aggregated Swagger documentation available.
• Endpoints:
– /ibm/api/collective/docs
– /ibm/api/collective/explorer
34
Admin UI
RepositoryREST
Controller
API Manager
M M
M
REST APIs from Members
M
36. API Discovery Cloud Scenario
• Can push Liberty package into Cloud Foundry
• Creates an auto-discoverable container in the cloud.
• cf push <yourappname> -p wlp/usr/servers/defaultServer
35
app
app
app
WLP
Developer
ibm.biz/wlp-api (dev / dev)
38. CI flow #2: auto-processing APIs after deployment
37
1. Git commit java or node code or dockerfile
6. APIs are now available in APIC’s developer portal
Deploy Invoke
2. Jenkins builds and packages apps & containers, and invokes UCD
3. UCD deploys artifacts onto collective
(on-prem, cloud, etc)
4. UCD invokes “curl POST /ibm/api/collective/docs/apiconnect,”
sending a committed product.yaml as input
M M
MM
40. Public and Branded UIs | Collective UI redesign
39
• Branded and public Swagger UI
• Inlined collective APIs
[
{
"title" : "ACME Air",
"description" : “Flight booking service",
"version" : "1.0.0",
"hosts" : [ "myHost1:9080",
"myHost2:9085"]
}
]
• Query APIs as services
41. API integration with data
40
1. Many new apps use loopback to quickly expose APIs over a DB
2. Expose these system APIs via a single aggregated Swagger catalog
3. Use the app accelerator (Swagger -> jaxrs client/server) to build interaction APIs that call
various system APIs, and deploy them in Docker containers.
Data Data
system APIs collective
Data
Data
on-premises
interaction APIs
private cloud
app developers
public cloud
42. API integration with other cloud platforms
41
Amazon API gateway Azure API management Google Cloud Endpoint + Apigee
Liberty Collective Docker w/ Liberty
43. Using subset of Swagger to register services
42
• Taking advantage of our discovery framework ‘s dynamic behavior to register and
heartbeat APIs as services
• title, description, version, URL, hosts, plus others
Bluemix Service Registry
Liberty Collective Docker w/ Liberty
45. Additional Info / Resources
• IBM Middleware User Community (WAS Forum)
https://www.imwuc.org/p/fo/si/topic=1007
• Create and vote for enhancements
https://www.ibm.com/developerworks/rfe
• dwAnswers
https://developer.ibm.com/answers/
• StackOverflow
Tags: swagger, websphere-liberty
44