Birds Eye View on API Development7 December 2015

Presenter: Sebastian Krueger – Co-Founder and Technical Director at API Talent

Agenda• Part I: API Overviews• Definition• REST• HTTP• Data structure• Versioning• Authentication

• Part II: Building APIs on AWS• Demo: Server-based APIs on AWS• Demo: Server-less APIs on AWS

Part I – API Overview - Definition

A collection of endpoints to interact with an application.

Internal and External APIs. This talk is all about External APIs.

Different architectures:• XML-RPC• REST• SOAP

Part I – API Overview - RESTRepresentational State TransferArchitectural properties• Performance• Scalability• Simplicity• Modifiability• Visibility• Portability• Reliability

Architectural constraints• Client-server• Stateless• Cacheable• Layered system• Code on demand (optional)• Uniform interface

https://en.wikipedia.org/wiki/Representational_state_transfer

Part I – API Overview - RESTUniform interface• Identification of resources• Manipulation of resources

through representations• Self-descriptive messages

• HATEOAS(Hypermedia As The Engine Of Application State)

Resource as URIs – http://api.co/cars/123JSON / XML / CSV

HTTP GET, POST, PUT, DELETEmediatypes, cacheability, etc

Hypermedia APIsHAL, JSON-LD, Siren, etc

Part I – API Overview - HTTPHTTP methods - URIs for collection/item

http://api.co/v2/cars/ http://api.co/v2/cars/123

GET List all the cars Retrieve an individual car

POST Create a new car ERROR

PUT Replace the entire collection with a whole new list of cars

Replace of create an individual car

DELETE Delete all the cars Delete an individual car

Part I – API Overview - HTTPHTTP Status CodesPopular codes:• 200 OK• 301 Page Moved Permanently• 404 Page Not Found• 418 ? (RFC 2324)https://en.wikipedia.org/wiki/List_of_HTTP_status_codeshttp://restlet.com/http-status-codes-maphttps://http.cat/

Part I – API Overview – Data structureJSON – described in RFC 4627

String:“this is a string”

List:[1,2,3]

Object:{“key”: “value”}

Part I – API Overview – Data structureHow to Read an HTTP Response

Part I – API Overview – Data structureHow to Read an HTTP ResponseJSON RFC

Collection+JSON

Standard for publishing a searchable list of resources over the Web.Collection+JSON is a way of serving lists—not lists of data structures, which you can do with normal JSON, but lists that describe HTTP resources.

Part I – API Overview – Data structureHow to Read an HTTP Response

Part I – API Overview – Data structure

http://jsonapi.org/

Part I – API Overview – Data structure

Part I – API Overview - Versioning• Most frequent, in the URL:

https://api.co/v2/cars/123

• Custom header:X-API-Version: 2

• Less frequent, with an accept headerGET / carsAccept: application/vnd.cars.v2+json

Clients don’t have to change endpoint, but update headers

Part I – API Overview - Authentication• HTTP Basic• Easy to implement. Least secure.• Always use SSL/HTTPS with base64 encoded username/password.

• JSON Web Tokens• Send credentials to login endpoint• Endpoint returns JWT token• Send token with every request

• OAuth2• Most popular• Similar to JWT• http://oauthbible.com/

Part I – API Overview – Description Language

Part II - Building APIs on AWS

What about the Runtime?

Part II - Building APIs on AWSThere are a many options:• Roll your own (raw EC2) (could use AWS CodeDeploy)• Docker / AWS Elastic Container Service• AWS OpsWorks• AWS Elastic Beanstalk• AWS API Gateway / AWS Lambda

Use 3rd Party PaaS (on top of AWS):• Heroku, Cloud 66, etc, etc, etc

Elastic Beanstalk in a Nutshell• EC2 Server• + Linux• + OpenJDK• + Tomcat• Scaling Elastic Load Balancer /

Auto Scaling• Deploy artefacts on S3• Can add database (RDS)

Let’s build a Java-based Web APIDEMO TIME

GET http://somewhere/hello/seb

Returns:“Hello seb”

Thanks For Your TimeSebastian Krueger – Director of Cloud Engineering

– API Talent Limitedemail: sebastian.krueger@apitalent.co.nztel: +64 21 131 84 97