SlideShare a Scribd company logo

REST-Api Design & Develop

Download as PPTX, PDF
Sabbir Rupom
Sabbir Rupom

A REST-Ful API design and development session for web development.

Technology
1 of 19
A Road to { REST : API } Design & Develop Sabbir Hossain (Rupom) Web Developer https://sabbirrupom.com/
What is REST? Representation State Transfer !!!
A simple question between two person How are you?
Someone is requesting for an answer Other party is responding based on his state
So, what is a RESTful API? An application program interface (API) that receives a request from client (web/mobile application) and send a response based on the state of server over the HTTP protocol.
REST vs SOAP • REST performs better and faster than SOAP • Coupled with JSON, easily readable language by both human and machine • Though in some cases in data security and transaction reliability, SOAP performs better
What is JSON? • JavaScript Object Notation • Minimal, readable format for structuring data • An alternative for XML, more light weighted in nature • A key features of REST API response is JSON
REST API Design Architecture Key things to be noted Simple request Secure request Fast response Status code Appropriate response Secure response Documentation Console Versioning
Simple Request • URL should be light and meaningful • Avoid unnecessary query string • Use basic HTTP request methods [GET, POST, PUT, PATCH, DELETE] based on API use case
Secure Request • Authentication & Authorization • Token based authentication [e.g JWT] • Client must know the secret key to sign the token for persistent connection • Server will verify the signature by same key • If mismatched, request is unauthorized • Oath2 authentication & authorization • Register client identity in Authorization server firsthand • Request access token from Authorization server • Request resource server with the access token granted from Authorization server • Provide encrypted/encoded session token for persistent connection between user and server • Input filter handling • Cross-site scripting (XSS) protection • SQL-injection protection • SSL installation in server • Block IP of DDos attacker
Fast response • Make backend as light as possible • PHP Microframework (Slim, Lumen, Flight etc.) • Use Non-blocking I/O over blocking I/O • Express JS • Python Django • Cache server to store relatively non-dynamic and light weighted data for faster reading • Memcache / Radis • Backend code optimization
Status codes • Forecast the client to be prepared which comes next • HTTP status codes • 1xx (Informational): The request was received, continuing process • 2xx (Successful): The request was successfully received, understood, and accepted • 3xx (Redirection): Further action needs to be taken in order to complete the request • 4xx (Client Error): The request contains bad syntax or cannot be fulfilled • 5xx (Server Error): The server failed to fulfill an apparently valid request • Result codes • Make client understand the state of requested result
Appropriate response • Send response in correct format • JSON data as response • Avoid data redundancy • Avoid unwanted data { "result_code":0, "time":"2018-12-10 12:20:00", "data":{ "user":{ "id":4, "name":"Mr. X", "items":[ { "id":1, "name":"laptop", "count":1 }, { "id":2, "name":"monitor", "count":1 } ] } } }
Secure response • Masking file directory path with custom URL or Third party cloud storage path http://example.com/uploads/image/users/1.jpg http://example.com/image/user/1?ref=xxxxxxxxxx1 • Remove unnecessary response header to hide server information from exposing to threat
Documentation API must be well documented
Console • A testing ground for API request/response testing • Should be available to system developer/s and tester/s only • Tools • POSTMAN • Custom console tool
Versioning • Keep your api version up while major changes is on • Keep older api versions for old- not yet updated client users • Example: • http://host/v1/get_user_info?user_id=1 • http://host/v2/users/info/1
Code example • A custom REST-API template can be found here • https://github.com/sabbir-rupom/rest-api-flight-PHP • Based on PHP-Flight microframework • Follow the documentation flow • Study the source architecture
Thank You

Recommended

cross document messaging, html 5
cross document messaging, html 5cross document messaging, html 5
cross document messaging, html 5Kristoffer Snabb
 
W-JAX Performance Workshop - Web and AJAX
W-JAX Performance Workshop - Web and AJAXW-JAX Performance Workshop - Web and AJAX
W-JAX Performance Workshop - Web and AJAXAlois Reitbauer
 
Best Practice in Web Service Design
Best Practice in Web Service DesignBest Practice in Web Service Design
Best Practice in Web Service DesignLorna Mitchell
 
CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesSam Bowne
 
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)Sam Bowne
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2Sam Bowne
 
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)Sam Bowne
 
CNIT 129S: Ch 5: Bypassing Client-Side Controls
CNIT 129S: Ch 5: Bypassing Client-Side ControlsCNIT 129S: Ch 5: Bypassing Client-Side Controls
CNIT 129S: Ch 5: Bypassing Client-Side ControlsSam Bowne
 

Recommended

cross document messaging, html 5
cross document messaging, html 5cross document messaging, html 5
cross document messaging, html 5Kristoffer Snabb
 
W-JAX Performance Workshop - Web and AJAX
W-JAX Performance Workshop - Web and AJAXW-JAX Performance Workshop - Web and AJAX
W-JAX Performance Workshop - Web and AJAXAlois Reitbauer
 
Best Practice in Web Service Design
Best Practice in Web Service DesignBest Practice in Web Service Design
Best Practice in Web Service DesignLorna Mitchell
 
CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesSam Bowne
 
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)Sam Bowne
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2Sam Bowne
 
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)Sam Bowne
 
CNIT 129S: Ch 5: Bypassing Client-Side Controls
CNIT 129S: Ch 5: Bypassing Client-Side ControlsCNIT 129S: Ch 5: Bypassing Client-Side Controls
CNIT 129S: Ch 5: Bypassing Client-Side ControlsSam Bowne
 
Proxy server
Proxy serverProxy server
Proxy serverDlovan Salih
 
CNIT 129S: 8: Attacking Access Controls
CNIT 129S: 8: Attacking Access ControlsCNIT 129S: 8: Attacking Access Controls
CNIT 129S: 8: Attacking Access ControlsSam Bowne
 
zigbee
zigbeezigbee
zigbeemahamad juber
 
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)Sam Bowne
 
CNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the ApplicationCNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the ApplicationSam Bowne
 
CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management Sam Bowne
 
CNIT 129S: Ch 6: Attacking Authentication
CNIT 129S: Ch 6: Attacking AuthenticationCNIT 129S: Ch 6: Attacking Authentication
CNIT 129S: Ch 6: Attacking AuthenticationSam Bowne
 
REST and ASP.NET Web API (Milan)
REST and ASP.NET Web API (Milan)REST and ASP.NET Web API (Milan)
REST and ASP.NET Web API (Milan)Jef Claes
 
CNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesCNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesSam Bowne
 
CNIT 129S: 11: Attacking Application Logic
CNIT 129S: 11: Attacking Application LogicCNIT 129S: 11: Attacking Application Logic
CNIT 129S: 11: Attacking Application LogicSam Bowne
 
How proxy works
How proxy worksHow proxy works
How proxy worksMuhammad Taqi
 
Web Fundamental
Web FundamentalWeb Fundamental
Web FundamentalSiliconExpert Technologies
 
Web Fundamentals
Web FundamentalsWeb Fundamentals
Web Fundamentalsarunv
 
GraphQL Security
GraphQL SecurityGraphQL Security
GraphQL SecurityShiu-Fun Poon
 
Overview of Rest Service and ASP.NET WEB API
Overview of Rest Service and ASP.NET WEB APIOverview of Rest Service and ASP.NET WEB API
Overview of Rest Service and ASP.NET WEB APIPankaj Bajaj
 
Sfdc soap vs rest
Sfdc soap vs restSfdc soap vs rest
Sfdc soap vs restGaurav Singh
 
Mobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseMobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseBlueinfy Solutions
 
introduction about REST API
introduction about REST APIintroduction about REST API
introduction about REST APIAmilaSilva13
 
Tapir user manager
Tapir user managerTapir user manager
Tapir user managerPaul Houle
 
Caching up is hard to do: Improving your Web Services' Performance
Caching up is hard to do: Improving your Web Services' PerformanceCaching up is hard to do: Improving your Web Services' Performance
Caching up is hard to do: Improving your Web Services' PerformanceRTigger
 
Micro Web Service - Slim and JWT
Micro Web Service - Slim and JWTMicro Web Service - Slim and JWT
Micro Web Service - Slim and JWTTuyen Vuong
 
Coding 100-session-slides
Coding 100-session-slidesCoding 100-session-slides
Coding 100-session-slidesCisco DevNet
 

More Related Content

What's hot

CNIT 129S: 8: Attacking Access Controls
CNIT 129S: 8: Attacking Access ControlsCNIT 129S: 8: Attacking Access Controls
CNIT 129S: 8: Attacking Access ControlsSam Bowne
 
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)Sam Bowne
 
CNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the ApplicationCNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the ApplicationSam Bowne
 
CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management Sam Bowne
 
CNIT 129S: Ch 6: Attacking Authentication
CNIT 129S: Ch 6: Attacking AuthenticationCNIT 129S: Ch 6: Attacking Authentication
CNIT 129S: Ch 6: Attacking AuthenticationSam Bowne
 
REST and ASP.NET Web API (Milan)
REST and ASP.NET Web API (Milan)REST and ASP.NET Web API (Milan)
REST and ASP.NET Web API (Milan)Jef Claes
 
CNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesCNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesSam Bowne
 
CNIT 129S: 11: Attacking Application Logic
CNIT 129S: 11: Attacking Application LogicCNIT 129S: 11: Attacking Application Logic
CNIT 129S: 11: Attacking Application LogicSam Bowne
 
Web Fundamentals
Web FundamentalsWeb Fundamentals
Web Fundamentalsarunv
 
Overview of Rest Service and ASP.NET WEB API
Overview of Rest Service and ASP.NET WEB APIOverview of Rest Service and ASP.NET WEB API
Overview of Rest Service and ASP.NET WEB APIPankaj Bajaj
 
Mobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseMobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseBlueinfy Solutions
 
introduction about REST API
introduction about REST APIintroduction about REST API
introduction about REST APIAmilaSilva13
 
Tapir user manager
Tapir user managerTapir user manager
Tapir user managerPaul Houle
 
Caching up is hard to do: Improving your Web Services' Performance
Caching up is hard to do: Improving your Web Services' PerformanceCaching up is hard to do: Improving your Web Services' Performance
Caching up is hard to do: Improving your Web Services' PerformanceRTigger
 

What's hot (20)

Proxy server
Proxy serverProxy server
Proxy server
 
CNIT 129S: 8: Attacking Access Controls
CNIT 129S: 8: Attacking Access ControlsCNIT 129S: 8: Attacking Access Controls
CNIT 129S: 8: Attacking Access Controls
 
zigbee
zigbeezigbee
zigbee
 
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
 
CNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the ApplicationCNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the Application
 
CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management
 
CNIT 129S: Ch 6: Attacking Authentication
CNIT 129S: Ch 6: Attacking AuthenticationCNIT 129S: Ch 6: Attacking Authentication
CNIT 129S: Ch 6: Attacking Authentication
 
REST and ASP.NET Web API (Milan)
REST and ASP.NET Web API (Milan)REST and ASP.NET Web API (Milan)
REST and ASP.NET Web API (Milan)
 
CNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application TechnologiesCNIT 129S - Ch 3: Web Application Technologies
CNIT 129S - Ch 3: Web Application Technologies
 
CNIT 129S: 11: Attacking Application Logic
CNIT 129S: 11: Attacking Application LogicCNIT 129S: 11: Attacking Application Logic
CNIT 129S: 11: Attacking Application Logic
 
How proxy works
How proxy worksHow proxy works
How proxy works
 
Web Fundamental
Web FundamentalWeb Fundamental
Web Fundamental
 
Web Fundamentals
Web FundamentalsWeb Fundamentals
Web Fundamentals
 
GraphQL Security
GraphQL SecurityGraphQL Security
GraphQL Security
 
Overview of Rest Service and ASP.NET WEB API
Overview of Rest Service and ASP.NET WEB APIOverview of Rest Service and ASP.NET WEB API
Overview of Rest Service and ASP.NET WEB API
 
Sfdc soap vs rest
Sfdc soap vs restSfdc soap vs rest
Sfdc soap vs rest
 
Mobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseMobile security chess board - attacks & defense
Mobile security chess board - attacks & defense
 
introduction about REST API
introduction about REST APIintroduction about REST API
introduction about REST API
 
Tapir user manager
Tapir user managerTapir user manager
Tapir user manager
 
Caching up is hard to do: Improving your Web Services' Performance
Caching up is hard to do: Improving your Web Services' PerformanceCaching up is hard to do: Improving your Web Services' Performance
Caching up is hard to do: Improving your Web Services' Performance
 

Similar to REST-Api Design & Develop

Micro Web Service - Slim and JWT
Micro Web Service - Slim and JWTMicro Web Service - Slim and JWT
Micro Web Service - Slim and JWTTuyen Vuong
 
Coding 100-session-slides
Coding 100-session-slidesCoding 100-session-slides
Coding 100-session-slidesCisco DevNet
 
RESTful web
RESTful webRESTful web
RESTful webAlvin Qi
 
REST API Recommendations
REST API RecommendationsREST API Recommendations
REST API RecommendationsJeelani Shaik
 
Build Modern Web Apps Using ASP.NET Web API and AngularJS
Build Modern Web Apps Using ASP.NET Web API and AngularJSBuild Modern Web Apps Using ASP.NET Web API and AngularJS
Build Modern Web Apps Using ASP.NET Web API and AngularJSTaiseer Joudeh
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacksFrank Victory
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUDPrem Sanil
 
An Overview of Web Services: SOAP and REST
An Overview of Web Services: SOAP and REST An Overview of Web Services: SOAP and REST
An Overview of Web Services: SOAP and REST Ram Awadh Prasad, PMP
 
World wide web architecture presentation
World wide web architecture presentationWorld wide web architecture presentation
World wide web architecture presentationImMe Khan
 
Build RPC for PHP
Build RPC for PHPBuild RPC for PHP
Build RPC for PHPHuqiu Liao
 
Introductiontowebarchitecture 090922221506-phpapp01
Introductiontowebarchitecture 090922221506-phpapp01Introductiontowebarchitecture 090922221506-phpapp01
Introductiontowebarchitecture 090922221506-phpapp01Maisha Price
 
zendframework2 restful
zendframework2 restfulzendframework2 restful
zendframework2 restfultom_li
 
REST and ASP.NET Web API (Tunisia)
REST and ASP.NET Web API (Tunisia)REST and ASP.NET Web API (Tunisia)
REST and ASP.NET Web API (Tunisia)Jef Claes
 
oracle ebs free web service integration tools
oracle ebs free web service integration toolsoracle ebs free web service integration tools
oracle ebs free web service integration toolsSmartDog Services
 
Restful风格ž„web服务架构
Restful风格ž„web服务架构Restful风格ž„web服务架构
Restful风格ž„web服务架构Benjamin Tan
 

Similar to REST-Api Design & Develop (20)

Micro Web Service - Slim and JWT
Micro Web Service - Slim and JWTMicro Web Service - Slim and JWT
Micro Web Service - Slim and JWT
 
Coding 100-session-slides
Coding 100-session-slidesCoding 100-session-slides
Coding 100-session-slides
 
RESTful web
RESTful webRESTful web
RESTful web
 
Switch to Backend 2023
Switch to Backend 2023Switch to Backend 2023
Switch to Backend 2023
 
Api 101
Api 101Api 101
Api 101
 
REST API Recommendations
REST API RecommendationsREST API Recommendations
REST API Recommendations
 
a
aa
a
 
Build Modern Web Apps Using ASP.NET Web API and AngularJS
Build Modern Web Apps Using ASP.NET Web API and AngularJSBuild Modern Web Apps Using ASP.NET Web API and AngularJS
Build Modern Web Apps Using ASP.NET Web API and AngularJS
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacks
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUD
 
gofortution
gofortutiongofortution
gofortution
 
An Overview of Web Services: SOAP and REST
An Overview of Web Services: SOAP and REST An Overview of Web Services: SOAP and REST
An Overview of Web Services: SOAP and REST
 
World wide web architecture presentation
World wide web architecture presentationWorld wide web architecture presentation
World wide web architecture presentation
 
Build RPC for PHP
Build RPC for PHPBuild RPC for PHP
Build RPC for PHP
 
Introductiontowebarchitecture 090922221506-phpapp01
Introductiontowebarchitecture 090922221506-phpapp01Introductiontowebarchitecture 090922221506-phpapp01
Introductiontowebarchitecture 090922221506-phpapp01
 
zendframework2 restful
zendframework2 restfulzendframework2 restful
zendframework2 restful
 
Spa Secure Coding Guide
Spa Secure Coding GuideSpa Secure Coding Guide
Spa Secure Coding Guide
 
REST and ASP.NET Web API (Tunisia)
REST and ASP.NET Web API (Tunisia)REST and ASP.NET Web API (Tunisia)
REST and ASP.NET Web API (Tunisia)
 
oracle ebs free web service integration tools
oracle ebs free web service integration toolsoracle ebs free web service integration tools
oracle ebs free web service integration tools
 
Restful风格ž„web服务架构
Restful风格ž„web服务架构Restful风格ž„web服务架构
Restful风格ž„web服务架构
 

Recently uploaded

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 

Recently uploaded (20)

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 

REST-Api Design & Develop

  • 1. A Road to { REST : API } Design & Develop Sabbir Hossain (Rupom) Web Developer https://sabbirrupom.com/
  • 2. What is REST? Representation State Transfer !!!
  • 3. A simple question between two person How are you?
  • 4. Someone is requesting for an answer Other party is responding based on his state
  • 5. So, what is a RESTful API? An application program interface (API) that receives a request from client (web/mobile application) and send a response based on the state of server over the HTTP protocol.
  • 6. REST vs SOAP • REST performs better and faster than SOAP • Coupled with JSON, easily readable language by both human and machine • Though in some cases in data security and transaction reliability, SOAP performs better
  • 7. What is JSON? • JavaScript Object Notation • Minimal, readable format for structuring data • An alternative for XML, more light weighted in nature • A key features of REST API response is JSON
  • 8. REST API Design Architecture Key things to be noted Simple request Secure request Fast response Status code Appropriate response Secure response Documentation Console Versioning
  • 9. Simple Request • URL should be light and meaningful • Avoid unnecessary query string • Use basic HTTP request methods [GET, POST, PUT, PATCH, DELETE] based on API use case
  • 10. Secure Request • Authentication & Authorization • Token based authentication [e.g JWT] • Client must know the secret key to sign the token for persistent connection • Server will verify the signature by same key • If mismatched, request is unauthorized • Oath2 authentication & authorization • Register client identity in Authorization server firsthand • Request access token from Authorization server • Request resource server with the access token granted from Authorization server • Provide encrypted/encoded session token for persistent connection between user and server • Input filter handling • Cross-site scripting (XSS) protection • SQL-injection protection • SSL installation in server • Block IP of DDos attacker
  • 11. Fast response • Make backend as light as possible • PHP Microframework (Slim, Lumen, Flight etc.) • Use Non-blocking I/O over blocking I/O • Express JS • Python Django • Cache server to store relatively non-dynamic and light weighted data for faster reading • Memcache / Radis • Backend code optimization
  • 12. Status codes • Forecast the client to be prepared which comes next • HTTP status codes • 1xx (Informational): The request was received, continuing process • 2xx (Successful): The request was successfully received, understood, and accepted • 3xx (Redirection): Further action needs to be taken in order to complete the request • 4xx (Client Error): The request contains bad syntax or cannot be fulfilled • 5xx (Server Error): The server failed to fulfill an apparently valid request • Result codes • Make client understand the state of requested result
  • 13. Appropriate response • Send response in correct format • JSON data as response • Avoid data redundancy • Avoid unwanted data { "result_code":0, "time":"2018-12-10 12:20:00", "data":{ "user":{ "id":4, "name":"Mr. X", "items":[ { "id":1, "name":"laptop", "count":1 }, { "id":2, "name":"monitor", "count":1 } ] } } }
  • 14. Secure response • Masking file directory path with custom URL or Third party cloud storage path http://example.com/uploads/image/users/1.jpg http://example.com/image/user/1?ref=xxxxxxxxxx1 • Remove unnecessary response header to hide server information from exposing to threat
  • 15. Documentation API must be well documented
  • 16. Console • A testing ground for API request/response testing • Should be available to system developer/s and tester/s only • Tools • POSTMAN • Custom console tool
  • 17. Versioning • Keep your api version up while major changes is on • Keep older api versions for old- not yet updated client users • Example: • http://host/v1/get_user_info?user_id=1 • http://host/v2/users/info/1
  • 18. Code example • A custom REST-API template can be found here • https://github.com/sabbir-rupom/rest-api-flight-PHP • Based on PHP-Flight microframework • Follow the documentation flow • Study the source architecture