The document discusses RESTful APIs and some of their key concepts and design principles. It defines REST as an architectural style for building web APIs and describes six constraints of REST including a uniform interface, statelessness, cacheability, being client-server, having a layered system, and using hypermedia as the engine of application state. It then provides more details on concepts like resources, endpoints, verbs, versioning, authentication, and filtering.
This presentation walks through essential points for developing and working with REST APIs or web services to communicate through various platforms. This also explains HTTP methods.
What is REST API? REST API Concepts and Examples | EdurekaEdureka!
YouTube Link: https://youtu.be/rtWH70_MMHM
** Node.js Certification Training: https://www.edureka.co/nodejs-certification-training **
This Edureka PPT on 'What is REST API?' will help you understand the concept of RESTful APIs and show you the implementation of REST APIs'. Following topics are covered in this REST API tutorial for beginners:
Need for REST API
What is REST API?
Features of REST API
Principles of REST API
Methods of REST API
How to implement REST API?
Follow us to never miss an update in the future.
YouTube: https://www.youtube.com/user/edurekaIN
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Castbox: https://castbox.fm/networks/505?country=in
This presentation walks through essential points for developing and working with REST APIs or web services to communicate through various platforms. This also explains HTTP methods.
What is REST API? REST API Concepts and Examples | EdurekaEdureka!
YouTube Link: https://youtu.be/rtWH70_MMHM
** Node.js Certification Training: https://www.edureka.co/nodejs-certification-training **
This Edureka PPT on 'What is REST API?' will help you understand the concept of RESTful APIs and show you the implementation of REST APIs'. Following topics are covered in this REST API tutorial for beginners:
Need for REST API
What is REST API?
Features of REST API
Principles of REST API
Methods of REST API
How to implement REST API?
Follow us to never miss an update in the future.
YouTube: https://www.youtube.com/user/edurekaIN
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Castbox: https://castbox.fm/networks/505?country=in
RESTful Architecture is effectively an implementation of Resource-Oriented architecture (ROA). ROA - is a good fit for Service oriented Architecture (SOA) implementation. Check out KickStartPros approach on RESTful API Design.
* REST = REpresentational State Transfer
* REST is Resource Based Representation. REST identifies things by JSON or XML & URIs.
* REST behavior/actions are identified by HTTP methods (GET, POST, PUT, DELETE).
* Using Uniform Interface Architecture with REST you can decouple Client (like Browser/Android App/iOS App) and Server.
* REST using Layered System and Cacheable Architecture gives better performance.
This is a presentation which describe the big picture of the Rest API. In this presentation I simply describe the theories with practical examples. Hope this presentation will cover the overall Rest API domain.
http://www.justin.tv/hackertv/49975/Tech_Talk_1_Leah_Culver_on_OAuth
Tech talk about OAuth, and open standard for API authentication. Originally broadcast on Justin.tv.
Presented by Nikola Vasilev on SkopjeTechMeetup 7.
Representational state transfer (REST) can be thought of as the language of the Internet. Now with cloud usage on the rise, REST is a logical choice for building APIs that allow end users to connect and interact with cloud services. This talk will deliver more insight into the challenges on building and maintaining good and clean RESTful APIs.
APIs are the lynchpin to the success of your digital business. Explore how you can effectively design, secure, monitor and manage APIs across the enterprise.
RESTful Architecture is effectively an implementation of Resource-Oriented architecture (ROA). ROA - is a good fit for Service oriented Architecture (SOA) implementation. Check out KickStartPros approach on RESTful API Design.
* REST = REpresentational State Transfer
* REST is Resource Based Representation. REST identifies things by JSON or XML & URIs.
* REST behavior/actions are identified by HTTP methods (GET, POST, PUT, DELETE).
* Using Uniform Interface Architecture with REST you can decouple Client (like Browser/Android App/iOS App) and Server.
* REST using Layered System and Cacheable Architecture gives better performance.
This is a presentation which describe the big picture of the Rest API. In this presentation I simply describe the theories with practical examples. Hope this presentation will cover the overall Rest API domain.
http://www.justin.tv/hackertv/49975/Tech_Talk_1_Leah_Culver_on_OAuth
Tech talk about OAuth, and open standard for API authentication. Originally broadcast on Justin.tv.
Presented by Nikola Vasilev on SkopjeTechMeetup 7.
Representational state transfer (REST) can be thought of as the language of the Internet. Now with cloud usage on the rise, REST is a logical choice for building APIs that allow end users to connect and interact with cloud services. This talk will deliver more insight into the challenges on building and maintaining good and clean RESTful APIs.
APIs are the lynchpin to the success of your digital business. Explore how you can effectively design, secure, monitor and manage APIs across the enterprise.
Automation API testing becoming a crucial part of most of the project. This whitepaper provides an insight into how API automation with REST Assured is certainly the way forward in API testing.
Survey on Restful Web Services Using Open Authorization (Oauth)I01545356IOSR Journals
Abstract: Web services are application based programming interfaces (API) or web APIs that are accessed
through Hypertext Transfer Protocol (HTTP) to execute on a remote system hosting the requested services. A
RESTFUL web service is a budding technology, and a light weight approach that do not restrict the clientserver
communication. The open authorization (OAuth) 2.0 protocol enables the users to grant third-party
application access to their web resources without sharing their login credential data. The Authorization Server
includes authorization information with the Access Token and signs the Access Token. An access token can be
reused until it expires. An authentication filter is used for business services. This paper presents a secure
communication at the message level with minimum overhead and provides a fine grained authenticity using the
Jersey framework.
Keywords: Open authorization (oauth), Restful web services, HTTP protocols and uniform resource
identifier(URI).
Basics of API Design and development. After the presentation, we developed a python flask-based app that you use to remind yourself anything via an api https://github.com/oquidave/reminderme
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...Good Dog Labs, Inc.
OAuth 2.0 seems to be a comprehensive framework for authorizing access to protected resources, but is it really? We can argue that OpenID Connect will make it enterprise ready, but level of adoption in the enterprise is yet to be seen. This primer describes the framework fundamentals,the good, the bad, and common OAuth 2.0 flows.
JAX-RS. Developing RESTful APIs with JavaJerry Kurian
The presentation discusses the basic REST principles and how to define a RESTful API.
The presentation then looks at the various facilities provided by JAX-RS for developing REST API using Java.
All the supported annotations and its usage are discussed with example
Restful Web Services is a lightweight, manageable and scalable service based on the REST architecture. Restful Web Service exposes your application’s API in a secure, uniform, and stateless manner to the calling client.
APIs are now the standard entry point to the majority of newly created ‘back-end’ functionality. These APIs exist to provide not only a standardized, structured way to access the required features or functions, but also to act as ‘gatekeepers’, ensuring appropriate security, auditing, accounting etc. Security is always underpinned by identity and as such, APIs need to know if not who is accessing them, what is the context in which they are being accessed.
This best-practices article intends for developers interested in creating Restful Web services that provide high reliability and consistency across multiple service suites; following these guidelines; services are positioned for rapid, widespread, public adoption by internal and external clients.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
2. What is REST
REST is the underlying architectural principle of the web. The amazing thing about the web
is the fact that clients (browsers) and servers can interact in complex ways without the client
knowing anything beforehand about the server and the resources it hosts.
The REST architectural style describes six constraints.
Uniform Interface
Stateless
Cacheable
Client-Server
Layered System
3. Uniform Interface
The uniform interface constraint defines the interface between clients and servers. It
simplifies and decouples the architecture, which enables each part to evolve independently.
The main guiding principles of the uniform interface are:
Resource-Based
Individual resources are identified in requests using URIs as resource identifiers. The
resources themselves are conceptually separate from the representations that are returned
to the client. For example, the server does not send its database, but rather, some HTML,
XML or JSON that represents some database records expressed.
4. Uniform Interface
Manipulation of Resources Through Representations
When a client holds a representation of a resource, including any metadata attached, it has
enough information to modify or delete the resource on the server, provided it has
permission to do so.
Hypermedia as the Engine of Application State (HATEOAS)
Clients deliver state via body contents, query-string parameters, request headers and the
requested URI (the resource name). Services deliver state to clients via body content,
response codes, and response headers. This is technically referred-to as hypermedia (or
hyperlinks within hypertext).
5. Hypermedia as the Engine of Application State
(HATEOAS)
lHATEOAS stands for Hypertext As The Engine Of Application State. It means that hypertext
should be used to find your way through the API.
An example:
GET /account/12345 HTTP/1.1
HTTP/1.1 200 OK
<?xml version="1.0"?>
<account>
<account_number>12345</account_number>
<balance currency="usd">100.00</balance>
<link rel="deposit" href="/account/12345/deposit" />
<link rel="withdraw" href="/account/12345/withdraw" />
<link rel="transfer" href="/account/12345/transfer" />
<link rel="close" href="/account/12345/close" />
</account>
6. Stateless
As REST is an acronym for REpresentational State Transfer, statelessness is key.
Essentially, what this means is that the necessary state to handle the request is contained
within the request itself, whether as part of the URI, query-string parameters, body, or
headers. The URI uniquely identifies the resource and the body contains the state (or state
change) of that resource. Then after the server does it's processing, the appropriate state, or
the piece(s) of state that matter, are communicated back to the client via headers, status
and response body.
So what's the difference between state and a resource? State, or application state, is that
which the server cares about to fulfill a request—data necessary for the current session or
request. A resource, or resource state, is the data that defines the resource representation—
the data stored in the database, for instance. Consider application state to be data that could
vary by client, and per request. Resource state, on the other hand, is constant across every
client who requests it.
8. Cacheable
As on the World Wide Web, clients can cache responses. Responses must
therefore, implicitly or explicitly, define themselves as cacheable, or not, to prevent
clients reusing state or inappropriate data in response to further requests. Well-
managed caching partially or completely eliminates some client–server
interactions, further improving scalability and performance.
10. Client-Server
The uniform interface separates clients from servers. This separation of concerns
means that, for example, clients are not concerned with data storage, which
remains internal to each server, so that the portability of client code is improved.
Servers are not concerned with the user interface or user state, so that servers
can be simpler and more scalable. Servers and clients may also be replaced and
developed independently, as long as the interface is not altered.
12. Layered System
A client cannot ordinarily tell whether it is connected directly to the end server, or
to an intermediary along the way. Intermediary servers may improve system
scalability by enabling load-balancing and by providing shared caches. Layers
may also enforce security policies.
13.
14. API
Building an API is one of the most important things you can do to increase the
value of your service. By having an API, your service / core application has the
potential to become a platform from which other services grow.
Facebook, Twitter, Google, GitHub, Amazon
The easier your API is to consume, the more people that will consume it.
16. RESTful API Design Definitions
Resource: A single instance of an object. For example, an animal.
Collection: A collection of homogeneous objects. For example, animals.
HTTP: A protocol for communicating over a network.
Consumer: A client computer application capable of making HTTP requests.
Third Party Developer: A developer who wishes to consume your data.
Server: An HTTP server/application accessible from a Consumer over a network.
Endpoint: An API URL on a Server which represents either a Resource or an
entire Collection.
URL Segment: A slash-separated piece of information in the URL.
17. Authentication
An app can use one of two forms of authentication - Basic
Auth and Session Auth. All credentials used to access any of
the REST APIs can be used with either style of authentication.
18. Basic Authentication
Basic Auth - authenticates each individual request using a username and password pair.
The Basic Auth token is reversible, however when all communication is over HTTPS the
security context is completely protected. Basic Auth is trivial to use from HTTP client libraries.
Tools such as cURL provide corresponding command line options.
To use Basic Auth, an app must send an HTTP Authorization header containing the username
and password with every request.
A Basic Auth authorization string is composed of the word Basic followed by a base64-
encoded string containing the username and password separated by a colon.
Simple example:
Auth string (before encoding in base64): Basic myUsername:myPassword
Auth string (after base64 encoding): Basic bXlVc2VybmFtZTpteVBhc3N3b3Jk
Complete authorization header: Authorization: Basic bXlVc2VybmFtZTpteVBhc3N3b3Jk
19. Session Authentication
Session Auth - authenticates each individual request using a auth token.By using Session
Auth, an app eliminates exposure of passwords on every individual request. Only the initial
request for setting up the session needs to be sent with the username and password.
To use Session Auth, an app must first make a login request to collect an auth token from the
backend. The auth token is returned in the JSON returned in the response. This auth token
can then be used for authentication in subsequent requests across all REST APIs.
The auth token is cryptographically secured and cannot be reversed. Hence, it’s impervious to
forgery. The auth token is cleared from a device when a user is logged out.
20. Token based authentication
The general concept behind a token-based authentication system is simple.
Allow users to enter their username and password in order to obtain a token
which allows them to fetch a specific resource - without using their username and
password. Once their token has been obtained, the user can offer the token -
which offers access to a specific resource for a time period - to the remote site.
21. Token based authentication
It will use the following flow of control:
The user provides a username and password in the login form and clicks Log In.
After a request is made, validate the user on the backend by querying in the
database. If the request is valid, create a token by using the user information
fetched from the database, and then return that information in the response
header so that we can store the token browser in local storage.
Provide token information in every request header for accessing restricted
endpoints in the application.
If the token fetched from the request header information is valid, let the user
access the specified end point, and respond with JSON or XML.
23. JWTJSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact
and self-contained way for securely transmitting information between parties as a
JSON object. This information can be verified and trusted because it is digitally
signed. JWTs can be signed using a secret (with the HMAC algorithm) or a
public/private key pair using RSA.
Let's explain some concepts of this definition further.
Compact: Because of its smaller size, JWTs can be sent through an URL,
POST parameter, or inside an HTTP header. Additionally, the smaller size
means transmission is fast.
Self-contained: The payload contains all the required information about the
user, avoiding the need to query the database more than once.
24. JWT
JWT stands for JSON Web Token and is a token format used in authorization
headers. This token helps you to design communication between two systems in
a secure way. Let's rephrase JWT as the "bearer token" for the purposes of this
tutorial. A bearer token consists of three parts: header, payload, and signature.
The header is the part of the token that keeps the token type and encryption
method, which is also encrypted with base-64.
The payload includes the information. You can put any kind of data like user
info, product info and so on, all of which is stored with base-64 encryption.
The signature consists of combinations of the header, payload, and secret key.
The secret key must be kept securely on the server-side. You can see the JWT
schema and an example token below;
25. JWT
A JWT would look like the following:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE0MTY5MjkxMDksImp0aSI6ImFhN2Y4ZDBhOTVjIiwic2NvcGVzIjpbInJlcG8iLCJwdWJsaWNfcmVwbyJ
dfQ.XCEwpBGvOLma4TCoh36FU7XhUbcskygS81HE1uHLf0E
26.
27. JWTif ($credentialsAreValid) {
$tokenId = base64_encode(mcrypt_create_iv(32));
$issuedAt = time();
$notBefore = $issuedAt + 10; //Adding 10 seconds
$expire = $notBefore + 60; // Adding 60 seconds
$serverName = $config->get('serverName'); // Retrieve the server name from config file
/*
* Create the token as an array
*/
$data = [
'iat' => $issuedAt, // Issued at: time when the token was generated
'jti' => $tokenId, // Json Token Id: an unique identifier for the token
'iss' => $serverName, // Issuer
'nbf' => $notBefore, // Not before
'exp' => $expire, // Expire
'data' => [ // Data related to the signer user
'userId' => $rs['id'], // userid from the users table
'userName' => $username, // User name
]
28. JWT
Please notice that you can define the data structure however you want, there are however some
reserved claims, such as the ones used above:
iat – timestamp of token issuing.
jti – A unique string, could be used to validate a token, but goes against not having a centralized
issuer authority.
iss – A string containing the name or identifier of the issuer application. Can be a domain name and
can be used to discard tokens from other applications.
nbf – Timestamp of when the token should start being considered valid. Should be equal to or greater
than iat. In this case, the token will begin to be valid 10 seconds
after being issued.
exp – Timestamp of when the token should cease to be valid. Should be greater than iat and nbf. In
this case, the token will expire 60 seconds after being issued.
29. JWTTransforming this array into a JWT is super easy:
$secretKey = base64_decode($config->get('jwtKey'));
/*
* Encode the array to a JWT string.
* Second parameter is the key to encode the token.
*
* The output string can be validated at http://jwt.io/
*/
$jwt = JWT::encode(
$data, //Data to be encoded in the JWT
$secretKey, // The signing key
'HS512' // Algorithm used to sign the token, see https://tools.ietf.org/html/draft-ietf-jose-json-web-
algorithms-40#section-3
);
$unencodedArray = ['jwt' => $jwt];
echo json_encode($unencodedArray);
30. Data Design and Abstraction
Planning how your API will look begins earlier than you’d think; first you need to
decide how your data will be designed and how your core service / application will
work. If you’re doing API First Development this should be easy. If you’re
attaching an API to an existing project, you may need to provide more abstraction.
Occasionally, a Collection can represent a database table, and a Resource can
represent a row within that table. However, this is not the usual case. In fact, your
API should abstract away as much of your data and business logic as possible.
There are also many parts of your service which you SHOULD NOT expose via
API at all. A common example is that many APIs will not allow third parties to
create users.
31. Verbs
Surely you know about GET and POST requests. These are the two most commonly used
requests when your browser visits different webpages. The term POST is so popular that it
has even invaded common language, where people who know nothing about how the
Internet works do know they can “post” something on a friends Facebook wall.
There are four and a half very important HTTP verbs that you need to know about. I say
“and a half”, because the PATCH verb is very similar to the PUT verb, and two two are often
combined by many an API developer. Here are the verbs, and next to them are their
associated database call.
GET (SELECT): Retrieve a specific Resource from the Server, or a listing of Resources.
POST (CREATE): Create a new Resource on the Server.
PUT (UPDATE): Update a Resource on the Server, providing the entire Resource.
PATCH (UPDATE): Update a Resource on the Server, providing only changed attributes.
DELETE (DELETE): Remove a Resource from the Server.
33. Versioning
No matter what you are building, no matter how much planning you do
beforehand, your core application is going to change, your data relationships will
change, attributes will invariably be added and removed from your Resources.
This is just how software development works, and is especially true if your project
is alive and used by many people (which is likely the case if you’re building an
API).
34. Versioning
Planning ahead to ensure your software can evolve along with the rest of the
tech world is even more essential when you’re developing an API.
Once an API is published, it’s frozen. You can’t change that original code, or
you’ll mess everyone up who has plugged into the API. So you create versions,
build the right tests to give you confidence that the versions will work, and live by
RAD (Rapid Application Development) so that you don’t spin too many wheels
before seeing human interactions with your code.
35. What is the correct way to version my API?
The "URL" way
A commonly used way to version your API is to add a version number in the URL.
For instance:
/api/v1/article/1234
To "move" to another API, one could increase the version number:
/api/v2/article/1234
36.
37. Endpoints
An Endpoint is a URL within your API which points to a specific Resource or a Collection of Resources.
If you were building a fictional API to represent several different Zoo’s, each containing many Animals
(with an animal belonging to exactly one Zoo), employees (who can work at multiple zoos) and keeping
track of the species of each animal, you might have the following endpoints:
https://api.example.com/v1/zoos
https://api.example.com/v1/animals
https://api.example.com/v1/animal_types
https://api.example.com/v1/employees
HTTP Request header.
GET /zoos: List all Zoos (ID and Name, not too much detail)
POST /zoos: Create a new Zoo
GET /zoos/ZID: Retrieve an entire Zoo object
PUT /zoos/ZID: Update a Zoo (entire object)
PATCH /zoos/ZID: Update a Zoo (partial object)
DELETE /zoos/ZID: Delete a Zoo
GET /zoos/ZID/animals: Retrieve a listing of Animals (ID and Name).
GET /animals: List all Animals (ID and Name).
POST /animals: Create a new Animal
40. Filtering
When a Consumer makes a request for a listing of objects, it is important that you
give them a list of every single object matching the requested criteria. This list
could be massive. But, it is important that you don’t perform any arbitrary
limitations of the data.
It is important, however, that you do offer the ability for a Consumer to specify
some sort of filtering/limitation of the results. The most important reason for this is
that the network activity is minimal and the Consumer gets their results back as
soon as possible. The second most important reason for this is the Consumer may
be lazy, and if the Server can do filtering and pagination for them, all the better.
The not-so-important reason (from the Consumers perspective), yet a great
benefit for the Server, is that the request will be less resource heavy.
41. Filtering
Filtering is mostly useful for performing GETs on Collections of resources. Since
these are GET requests, filtering information should be passed via the URL. Here
are some examples of the types of filtering you could conceivably add to your API:
l?limit=10: Reduce the number of results returned to the Consumer (for
Pagination)
l?offset=10: Send sets of information to the Consumer (for Pagination)
l?animal_type_id=1: Filter records which match the following condition (WHERE
animal_type_id = 1)
l?sortby=name&order=asc: Sort the results based on the specified attribute
(ORDER BY name ASC)
42. Swagger
The goal of Swagger™ is to define a standard, language-agnostic interface to REST APIs
which allows both humans and computers to discover and understand the capabilities of
the service without access to source code, documentation, or through network traffic
inspection. When properly defined via Swagger, a consumer can understand and interact
with the remote service with a minimal amount of implementation logic. Similar to what
interfaces have done for lower-level programming, Swagger removes the guesswork in
calling the service.
Technically speaking - Swagger is a formal specification surrounded by a large ecosystem
of tools, which includes everything from front-end user interfaces, low-level code libraries
and commercial API management solutions.
http://petstore.swagger.io/
http://zircote.com/swagger-php/
43. Swagger-PHP
A complete framework for "describing, producing, consuming, and visualizing
RESTful web services."
Swagger-PHP is a PHP annotations library for generating Swagger compatible JSON
documentation for your API. The resulting JSON documentation may then be utilized for
internal and external user friendly documentation, API portal sandbox with Swagger UI as
well as client code generation with the Swagger Code Generation tooling.
https://github.com/swagger-api/swagger-ui
https://github.com/swagger-api/swagger-codegen
https://github.com/zircote/swagger-php