Post on 15-Apr-2017
Birds Eye View on API Development7 December 2015
Presenter: Sebastian Krueger – Co-Founder and Technical Director at API Talent
Agenda• Part I: API Overviews• Definition• REST• HTTP• Data structure• Versioning• Authentication
• Part II: Building APIs on AWS• Demo: Server-based APIs on AWS• Demo: Server-less APIs on AWS
Part I – API Overview - Definition
A collection of endpoints to interact with an application.
Internal and External APIs. This talk is all about External APIs.
Different architectures:• XML-RPC• REST• SOAP
Part I – API Overview - RESTRepresentational State TransferArchitectural properties• Performance• Scalability• Simplicity• Modifiability• Visibility• Portability• Reliability
Architectural constraints• Client-server• Stateless• Cacheable• Layered system• Code on demand (optional)• Uniform interface
https://en.wikipedia.org/wiki/Representational_state_transfer
Part I – API Overview - RESTUniform interface• Identification of resources• Manipulation of resources
through representations• Self-descriptive messages
• HATEOAS(Hypermedia As The Engine Of Application State)
Resource as URIs – http://api.co/cars/123JSON / XML / CSV
HTTP GET, POST, PUT, DELETEmediatypes, cacheability, etc
Hypermedia APIsHAL, JSON-LD, Siren, etc
Part I – API Overview - HTTPHTTP methods - URIs for collection/item
http://api.co/v2/cars/ http://api.co/v2/cars/123
GET List all the cars Retrieve an individual car
POST Create a new car ERROR
PUT Replace the entire collection with a whole new list of cars
Replace of create an individual car
DELETE Delete all the cars Delete an individual car
Part I – API Overview - HTTPHTTP Status CodesPopular codes:• 200 OK• 301 Page Moved Permanently• 404 Page Not Found• 418 ? (RFC 2324)https://en.wikipedia.org/wiki/List_of_HTTP_status_codeshttp://restlet.com/http-status-codes-maphttps://http.cat/
Part I – API Overview – Data structureJSON – described in RFC 4627
String:“this is a string”
List:[1,2,3]
Object:{“key”: “value”}
Part I – API Overview – Data structureHow to Read an HTTP Response
Part I – API Overview – Data structureHow to Read an HTTP ResponseJSON RFC
Collection+JSON
Standard for publishing a searchable list of resources over the Web.Collection+JSON is a way of serving lists—not lists of data structures, which you can do with normal JSON, but lists that describe HTTP resources.
Part I – API Overview – Data structureHow to Read an HTTP Response
Part I – API Overview – Data structure
http://jsonapi.org/
Part I – API Overview – Data structure
Part I – API Overview - Versioning• Most frequent, in the URL:
https://api.co/v2/cars/123
• Custom header:X-API-Version: 2
• Less frequent, with an accept headerGET / carsAccept: application/vnd.cars.v2+json
Clients don’t have to change endpoint, but update headers
Part I – API Overview - Authentication• HTTP Basic• Easy to implement. Least secure.• Always use SSL/HTTPS with base64 encoded username/password.
• JSON Web Tokens• Send credentials to login endpoint• Endpoint returns JWT token• Send token with every request
• OAuth2• Most popular• Similar to JWT• http://oauthbible.com/
Part I – API Overview – Description Language
Part II - Building APIs on AWS
What about the Runtime?
Part II - Building APIs on AWSThere are a many options:• Roll your own (raw EC2) (could use AWS CodeDeploy)• Docker / AWS Elastic Container Service• AWS OpsWorks• AWS Elastic Beanstalk• AWS API Gateway / AWS Lambda
Use 3rd Party PaaS (on top of AWS):• Heroku, Cloud 66, etc, etc, etc
Elastic Beanstalk in a Nutshell• EC2 Server• + Linux• + OpenJDK• + Tomcat• Scaling Elastic Load Balancer /
Auto Scaling• Deploy artefacts on S3• Can add database (RDS)
Let’s build a Java-based Web APIDEMO TIME
GET http://somewhere/hello/seb
Returns:“Hello seb”
Thanks For Your TimeSebastian Krueger – Director of Cloud Engineering
– API Talent Limitedemail: sebastian.krueger@apitalent.co.nztel: +64 21 131 84 97