SlideShare a Scribd company logo

Design Web Api

Tailor Fontela
Tailor Fontela

This document provides an introduction to designing web APIs. It discusses motivations for APIs like multiple clients and startups/business needs. Key points about API design include keeping URLs simple and intuitive, using HTTP verbs properly, returning appropriate status codes, allowing data filtering, following JSON formatting conventions, implementing authentication, handling errors, and supporting versioning. The document recommends tools like Apiary for collaborative design and mock servers. It provides references for further reading on best practices for API design.

1 of 33
Download to read offline
1
Design Web APIs Tailor Fontela An brief introduction to start crafting API
2
@tailorfontela
3
mytraining.pro
4
Motivations Multiple Clients Browsers, Iphone and Android Apps, etc.. JavaScript Libraries Angular, Ember, Backbone, Knockout Startups and Business Core, Social Data, Marketing
5
“IF SOFTWARE IS EATING THE WORLD, APIS ARE EATING SOFTWARE.” Steven Willmott CEO of 3Scale, during APIdays 2012 conference in San Francisco. “SOFTWARE IS EATING THE WORLD” Marc Andreessen in 2011.
6
API Application Programming Interface
7
REST Representational State Transfer
8
The success of an API design is measured by how quickly developers can get up to start using your API..
9
Characteristics of a Good API Easy to learn Easy to use, even without documentation Well documented Easy to extend Appropriate to audience Design Web APIs
10
Imagine how developers will use your API
11
Fail Fast Mock Share Design First Design Web APIs
12
Design Web APIs apiary.io Collaborative design, instant API mock, generated documentation..
13
Design Web APIs GuruRS API Mock Server http://gururs.apiary-mock.com $ curl http://gururs.apiary-mock.com/books $ curl http://gururs.apiary-mock.com/books/2 $ curl http://gururs.apiary-mock.com/books/1/author https://gist.github.com/taylorrf/b2a3e5ffcd49c1cf4c29
14
Keep URL Simple and Intuitive /GetLastBook Nouns are Good. Verbs are Bad. /ListAllBooks /SetBookStateTo /ListAllAvaibleBooksOf /Books Design Web APIs
15
Use HTTP Verbs Properly POST - Create a new resource. PUT - Update a specific resource (by an identifier) or a collection of. GET - Read a specific resource (by an identifier) or a collection of. 
 DELETE - Delete/remove a specific resource by an identifier DELETE /books/:id GET /books/:id/delete Design Web APIs
16
Use HTTP Status Code Properly Over 70 HTTP status code officially registered ( http://bit.ly/1qMa7aS ) 200 - :ok - (Everthing worked) 400 - :bad_request - (The client did something wrong) 500 - :internal_server_error - (The API did something wrong) 201 :created 304 :not_modified 404 :not_found - The requested resource doesn't exist 401 : unauthorized - Not authenticated or allowed Design Web APIs
17
Use HTTP Status Code Properly CLI API post /books [title: "book2"] 200 {error: “Author required"} CLI API post /books [title: "book2"] 400 {error: “Author required"} Design Web APIs
18
Use HTTP Status Code Properly CLI API post /books [title: "book2"] CLI API post /books [title: "book2"] 400 {error: “You are not Admin"} 401 {error: “You are not Admin"} Design Web APIs 400 :bad_request 401 : unauthorized
19
Filtering your Data Design Web APIs Pagination offset - Initial point to consider limit/length - number of elements you need orderby - attribute to sort on sort - ASC/DESC Allow your users API to get only some parts of resources https://api.gururs.com/books/?limit=20&sort=DESC Ordering
20
Filtering your Data Design Web APIs Provide only the fields your client need https://api.gururs.com/books/?limit=20&sort=DESC&fields=title,url Filtering Searching https://api.gururs.com/books/?q=Design API https://api.gururs.com/books/?type=ebook
21
Filtering your Data Design Web APIs Aliases for common queries https://api.gururs.com/books/used https://api.gururs.com/books/free_ebooks https://api.gururs.com/books/deals
22
JSON format Follow some JSON format convention for your great good. Design Web APIs http://jsonapi.org/ (Steve Klabnik & Yehuda Katz) A standard for building APIs in JSON. ! If you've ever argued with your team about the way your JSON responses should be formatted, JSON API is your anti-bikeshedding weapon.
23
JSON format http://jsonapi.org/ Design Web APIs { "links": { "books.author": { "href": "http://api.gururs.com/users/{books.author}", "type": "users" } }, "books": [{ "id": "2", "title": "Your API is Bad", "links": { "author": "1" } }] }
24
Authentications Design Web APIs A RESTful API should be stateless. Each request should come with some authentication credentials. Basic HTTP Authentication over SSL SSL everywhere. Always use SSL. No exceptions.
 http://ssl.comodo.com/
25
Authentications Design Web APIs $ curl -IH "Authorization: Token token=16d7d60" http://api.gururs.com/books Easily expire or regenerate tokens without affecting the user’s password. Greater control for each token, different access rules can be implemented. Multiple tokens for each user to grant access to different API clients. Token Based Authentication
26
Errors Design Web APIs { "error" : “Something wrong.. sorry. try again.”, } { "code" : 576, "message" : "Something bad happened here..”, "description" : "More details about the error here” "url" :“http://api.gururs.com/docs/errors#576“ }
27
Errors Design Web APIs { "code" : "validation_failed", "message" : "Validation failed because you are stupid", "errors" : [ { "code" : "blank_field", "field" : "title", "message" : "Title cannot be blank" }, { "code" : "blank_field", "field" : "author", "message" : "Author cannot be blank" } ] }
28
Errors Design Web APIs
29
Versioning Design Web APIs https://api.gururs.com/v2/books URL Versioning https://api.gururs.com/books Custom request reader api-version: 2 http://www.troyhunt.com/2014/02/your-api-versioning-is-wrong-which-is.html https://api.gururs.com/books Content type Accept: application/vnd.gururs.v3+json
30
Wrapping Up • Design First
 • Keep URL Simple
 • Use HTTP Verbs Properly
 • Use HTTP Status Code Properly
 • Allow your users to filter your data
 • Follow some JSON format convention ! • Authentication ! • Errors ! • Versioning !
31
References Surviving API’s with Rails - CodeSchool https://www.codeschool.com/courses/surviving-apis-with-rails ! Code Samples on Rails 4 https://github.com/codeschool/SurvivingAPIsDemoApp Your API is Bad https://leanpub.com/yourapiisbad HTTP Succinctly https://www.syncfusion.com/resources/techportal/ebooks/http Web API Design: Crafting Interfaces that Developers Love
 https://pages.apigee.com/web-api-design-ebook.html
32
References Build the API First http://confreaks.com/videos/3362-railsconf-build-the-api-first "JSON API: convention driven API design", by Steve Klabnik APIdays Paris 2013 https://www.youtube.com/watch?v=FpS_E90-6O8 API Days Conference - YT Channel https://www.youtube.com/user/apidays/videos Traffic and Weather Podcast http://trafficandweather.io/
33
Thanks! @tailorfontela me@taylorrf.com Questions?
Design Web APIs Tailor Fontela An brief introduction to start crafting API
@tailorfontela
mytraining.pro
Motivations Multiple Clients Browsers, Iphone and Android Apps, etc.. JavaScript Libraries Angular, Ember, Backbone, Knockout Startups and Business Core, Social Data, Marketing
“IF SOFTWARE IS EATING THE WORLD, APIS ARE EATING SOFTWARE.” Steven Willmott CEO of 3Scale, during APIdays 2012 conference in San Francisco. “SOFTWARE IS EATING THE WORLD” Marc Andreessen in 2011.
API Application Programming Interface
REST Representational State Transfer
The success of an API design is measured by how quickly developers can get up to start using your API..
Characteristics of a Good API Easy to learn Easy to use, even without documentation Well documented Easy to extend Appropriate to audience Design Web APIs
Imagine how developers will use your API
Fail Fast Mock Share Design First Design Web APIs
Design Web APIs apiary.io Collaborative design, instant API mock, generated documentation..
Design Web APIs GuruRS API Mock Server http://gururs.apiary-mock.com $ curl http://gururs.apiary-mock.com/books $ curl http://gururs.apiary-mock.com/books/2 $ curl http://gururs.apiary-mock.com/books/1/author https://gist.github.com/taylorrf/b2a3e5ffcd49c1cf4c29
Keep URL Simple and Intuitive /GetLastBook Nouns are Good. Verbs are Bad. /ListAllBooks /SetBookStateTo /ListAllAvaibleBooksOf /Books Design Web APIs
Use HTTP Verbs Properly POST - Create a new resource. PUT - Update a specific resource (by an identifier) or a collection of. GET - Read a specific resource (by an identifier) or a collection of. 
 DELETE - Delete/remove a specific resource by an identifier DELETE /books/:id GET /books/:id/delete Design Web APIs
Use HTTP Status Code Properly Over 70 HTTP status code officially registered ( http://bit.ly/1qMa7aS ) 200 - :ok - (Everthing worked) 400 - :bad_request - (The client did something wrong) 500 - :internal_server_error - (The API did something wrong) 201 :created 304 :not_modified 404 :not_found - The requested resource doesn't exist 401 : unauthorized - Not authenticated or allowed Design Web APIs
Use HTTP Status Code Properly CLI API post /books [title: "book2"] 200 {error: “Author required"} CLI API post /books [title: "book2"] 400 {error: “Author required"} Design Web APIs
Use HTTP Status Code Properly CLI API post /books [title: "book2"] CLI API post /books [title: "book2"] 400 {error: “You are not Admin"} 401 {error: “You are not Admin"} Design Web APIs 400 :bad_request 401 : unauthorized
Filtering your Data Design Web APIs Pagination offset - Initial point to consider limit/length - number of elements you need orderby - attribute to sort on sort - ASC/DESC Allow your users API to get only some parts of resources https://api.gururs.com/books/?limit=20&sort=DESC Ordering
Filtering your Data Design Web APIs Provide only the fields your client need https://api.gururs.com/books/?limit=20&sort=DESC&fields=title,url Filtering Searching https://api.gururs.com/books/?q=Design API https://api.gururs.com/books/?type=ebook
Filtering your Data Design Web APIs Aliases for common queries https://api.gururs.com/books/used https://api.gururs.com/books/free_ebooks https://api.gururs.com/books/deals
JSON format Follow some JSON format convention for your great good. Design Web APIs http://jsonapi.org/ (Steve Klabnik & Yehuda Katz) A standard for building APIs in JSON. ! If you've ever argued with your team about the way your JSON responses should be formatted, JSON API is your anti-bikeshedding weapon.
JSON format http://jsonapi.org/ Design Web APIs { "links": { "books.author": { "href": "http://api.gururs.com/users/{books.author}", "type": "users" } }, "books": [{ "id": "2", "title": "Your API is Bad", "links": { "author": "1" } }] }
Authentications Design Web APIs A RESTful API should be stateless. Each request should come with some authentication credentials. Basic HTTP Authentication over SSL SSL everywhere. Always use SSL. No exceptions.
 http://ssl.comodo.com/
Authentications Design Web APIs $ curl -IH "Authorization: Token token=16d7d60" http://api.gururs.com/books Easily expire or regenerate tokens without affecting the user’s password. Greater control for each token, different access rules can be implemented. Multiple tokens for each user to grant access to different API clients. Token Based Authentication
Errors Design Web APIs { "error" : “Something wrong.. sorry. try again.”, } { "code" : 576, "message" : "Something bad happened here..”, "description" : "More details about the error here” "url" :“http://api.gururs.com/docs/errors#576“ }
Errors Design Web APIs { "code" : "validation_failed", "message" : "Validation failed because you are stupid", "errors" : [ { "code" : "blank_field", "field" : "title", "message" : "Title cannot be blank" }, { "code" : "blank_field", "field" : "author", "message" : "Author cannot be blank" } ] }
Errors Design Web APIs
Versioning Design Web APIs https://api.gururs.com/v2/books URL Versioning https://api.gururs.com/books Custom request reader api-version: 2 http://www.troyhunt.com/2014/02/your-api-versioning-is-wrong-which-is.html https://api.gururs.com/books Content type Accept: application/vnd.gururs.v3+json
Wrapping Up • Design First
 • Keep URL Simple
 • Use HTTP Verbs Properly
 • Use HTTP Status Code Properly
 • Allow your users to filter your data
 • Follow some JSON format convention ! • Authentication ! • Errors ! • Versioning !
References Surviving API’s with Rails - CodeSchool https://www.codeschool.com/courses/surviving-apis-with-rails ! Code Samples on Rails 4 https://github.com/codeschool/SurvivingAPIsDemoApp Your API is Bad https://leanpub.com/yourapiisbad HTTP Succinctly https://www.syncfusion.com/resources/techportal/ebooks/http Web API Design: Crafting Interfaces that Developers Love
 https://pages.apigee.com/web-api-design-ebook.html
References Build the API First http://confreaks.com/videos/3362-railsconf-build-the-api-first "JSON API: convention driven API design", by Steve Klabnik APIdays Paris 2013 https://www.youtube.com/watch?v=FpS_E90-6O8 API Days Conference - YT Channel https://www.youtube.com/user/apidays/videos Traffic and Weather Podcast http://trafficandweather.io/
Thanks! @tailorfontela me@taylorrf.com Questions?
Ad

Recommended

Web Apps for the Masses
Web Apps for the MassesWeb Apps for the Masses
Web Apps for the Masses
David Tufts
 
OAuth in the new .NET world (OWIN)
OAuth in the new .NET world (OWIN)OAuth in the new .NET world (OWIN)
OAuth in the new .NET world (OWIN)
Emad Alashi
 
Salesforce apex hours PayPal with Salesforce Integration
Salesforce apex hours PayPal with Salesforce IntegrationSalesforce apex hours PayPal with Salesforce Integration
Salesforce apex hours PayPal with Salesforce Integration
Amit Singh
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Aaron Parecki
 
Gamecore
GamecoreGamecore
Gamecore
Caiden2557
 
E Pi Server Easy Search Technical Overview
E Pi Server Easy Search Technical OverviewE Pi Server Easy Search Technical Overview
E Pi Server Easy Search Technical Overview
guestd9aa5
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
CA API Management
 
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Atlassian
 
Restful api design
Restful api designRestful api design
Restful api design
Mizan Riqzia
 
Create great mobile apps with Xamarin, Visual Studio and Azure
Create great mobile apps with Xamarin, Visual Studio and AzureCreate great mobile apps with Xamarin, Visual Studio and Azure
Create great mobile apps with Xamarin, Visual Studio and Azure
Matteo Pagani
 
Sdfc forbidden and advanced techniques
Sdfc forbidden and advanced techniquesSdfc forbidden and advanced techniques
Sdfc forbidden and advanced techniques
Bohdan Dovhań
 
O365con14 - a developer jam with yammer
O365con14 - a developer jam with yammerO365con14 - a developer jam with yammer
O365con14 - a developer jam with yammer
NCCOMMS
 
OAuth2 and LinkedIn
OAuth2 and LinkedInOAuth2 and LinkedIn
OAuth2 and LinkedIn
Kamyar Mohager
 
Develop Offline Hybrid Mobile Applications with Wordrpess and Phonegap
Develop Offline Hybrid Mobile Applications with Wordrpess and PhonegapDevelop Offline Hybrid Mobile Applications with Wordrpess and Phonegap
Develop Offline Hybrid Mobile Applications with Wordrpess and Phonegap
Nikolaos Giannopoulos
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuth
Umang Goyal
 
Mule integration with linkedin
Mule integration with linkedinMule integration with linkedin
Mule integration with linkedin
Khasim Saheb
 
Power Apps community call-June 2020
Power Apps community call-June 2020Power Apps community call-June 2020
Power Apps community call-June 2020
Microsoft 365 Developer
 
Effectively Testing Services - Burlington Ruby Conf
Effectively Testing Services - Burlington Ruby ConfEffectively Testing Services - Burlington Ruby Conf
Effectively Testing Services - Burlington Ruby Conf
neal_kemp
 
How to implement authorization in your backend with AWS IAM
How to implement authorization in your backend with AWS IAMHow to implement authorization in your backend with AWS IAM
How to implement authorization in your backend with AWS IAM
Provectus
 
WordCamp GR 2012 Web Apps for the Masses
WordCamp GR 2012 Web Apps for the MassesWordCamp GR 2012 Web Apps for the Masses
WordCamp GR 2012 Web Apps for the Masses
David Tufts
 
7 Deadly Sins in Azure AD App Development
7 Deadly Sins in Azure AD App Development7 Deadly Sins in Azure AD App Development
7 Deadly Sins in Azure AD App Development
Joonas Westlin
 
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Eric Shupps
 
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
Eric Shupps
 
AEM Client Context Customisation
AEM Client Context CustomisationAEM Client Context Customisation
AEM Client Context Customisation
Ankit Gubrani
 
Making your first alexa skills using lambda functions
Making your first alexa skills using lambda functionsMaking your first alexa skills using lambda functions
Making your first alexa skills using lambda functions
Mukul Jain
 
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014Green Light for the Apps with Calaba.sh - DroidCon Paris 2014
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014
Jean-Loup Yu
 
Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020
Microsoft 365 Developer
 
Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2
Nabeel Yoosuf
 
API Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsAPI Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIs
Tom Johnson
 
APIs REST Usables con Hypermedia por Javier Ramirez, para codemotion
APIs REST Usables con Hypermedia por Javier Ramirez, para codemotionAPIs REST Usables con Hypermedia por Javier Ramirez, para codemotion
APIs REST Usables con Hypermedia por Javier Ramirez, para codemotion
javier ramirez
 

More Related Content

What's hot (20)

Restful api design
Restful api designRestful api design
Restful api design
Mizan Riqzia
 
Create great mobile apps with Xamarin, Visual Studio and Azure
Create great mobile apps with Xamarin, Visual Studio and AzureCreate great mobile apps with Xamarin, Visual Studio and Azure
Create great mobile apps with Xamarin, Visual Studio and Azure
Matteo Pagani
 
Sdfc forbidden and advanced techniques
Sdfc forbidden and advanced techniquesSdfc forbidden and advanced techniques
Sdfc forbidden and advanced techniques
Bohdan Dovhań
 
O365con14 - a developer jam with yammer
O365con14 - a developer jam with yammerO365con14 - a developer jam with yammer
O365con14 - a developer jam with yammer
NCCOMMS
 
OAuth2 and LinkedIn
OAuth2 and LinkedInOAuth2 and LinkedIn
OAuth2 and LinkedIn
Kamyar Mohager
 
Develop Offline Hybrid Mobile Applications with Wordrpess and Phonegap
Develop Offline Hybrid Mobile Applications with Wordrpess and PhonegapDevelop Offline Hybrid Mobile Applications with Wordrpess and Phonegap
Develop Offline Hybrid Mobile Applications with Wordrpess and Phonegap
Nikolaos Giannopoulos
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuth
Umang Goyal
 
Mule integration with linkedin
Mule integration with linkedinMule integration with linkedin
Mule integration with linkedin
Khasim Saheb
 
Power Apps community call-June 2020
Power Apps community call-June 2020Power Apps community call-June 2020
Power Apps community call-June 2020
Microsoft 365 Developer
 
Effectively Testing Services - Burlington Ruby Conf
Effectively Testing Services - Burlington Ruby ConfEffectively Testing Services - Burlington Ruby Conf
Effectively Testing Services - Burlington Ruby Conf
neal_kemp
 
How to implement authorization in your backend with AWS IAM
How to implement authorization in your backend with AWS IAMHow to implement authorization in your backend with AWS IAM
How to implement authorization in your backend with AWS IAM
Provectus
 
WordCamp GR 2012 Web Apps for the Masses
WordCamp GR 2012 Web Apps for the MassesWordCamp GR 2012 Web Apps for the Masses
WordCamp GR 2012 Web Apps for the Masses
David Tufts
 
7 Deadly Sins in Azure AD App Development
7 Deadly Sins in Azure AD App Development7 Deadly Sins in Azure AD App Development
7 Deadly Sins in Azure AD App Development
Joonas Westlin
 
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Eric Shupps
 
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
Eric Shupps
 
AEM Client Context Customisation
AEM Client Context CustomisationAEM Client Context Customisation
AEM Client Context Customisation
Ankit Gubrani
 
Making your first alexa skills using lambda functions
Making your first alexa skills using lambda functionsMaking your first alexa skills using lambda functions
Making your first alexa skills using lambda functions
Mukul Jain
 
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014Green Light for the Apps with Calaba.sh - DroidCon Paris 2014
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014
Jean-Loup Yu
 
Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020
Microsoft 365 Developer
 
Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2
Nabeel Yoosuf
 
Restful api design
Restful api designRestful api design
Restful api design
Mizan Riqzia
 
Create great mobile apps with Xamarin, Visual Studio and Azure
Create great mobile apps with Xamarin, Visual Studio and AzureCreate great mobile apps with Xamarin, Visual Studio and Azure
Create great mobile apps with Xamarin, Visual Studio and Azure
Matteo Pagani
 
Sdfc forbidden and advanced techniques
Sdfc forbidden and advanced techniquesSdfc forbidden and advanced techniques
Sdfc forbidden and advanced techniques
Bohdan Dovhań
 
O365con14 - a developer jam with yammer
O365con14 - a developer jam with yammerO365con14 - a developer jam with yammer
O365con14 - a developer jam with yammer
NCCOMMS
 
OAuth2 and LinkedIn
OAuth2 and LinkedInOAuth2 and LinkedIn
OAuth2 and LinkedIn
Kamyar Mohager
 
Develop Offline Hybrid Mobile Applications with Wordrpess and Phonegap
Develop Offline Hybrid Mobile Applications with Wordrpess and PhonegapDevelop Offline Hybrid Mobile Applications with Wordrpess and Phonegap
Develop Offline Hybrid Mobile Applications with Wordrpess and Phonegap
Nikolaos Giannopoulos
 
Linkedin & OAuth
Linkedin & OAuthLinkedin & OAuth
Linkedin & OAuth
Umang Goyal
 
Mule integration with linkedin
Mule integration with linkedinMule integration with linkedin
Mule integration with linkedin
Khasim Saheb
 
Power Apps community call-June 2020
Power Apps community call-June 2020Power Apps community call-June 2020
Power Apps community call-June 2020
Microsoft 365 Developer
 
Effectively Testing Services - Burlington Ruby Conf
Effectively Testing Services - Burlington Ruby ConfEffectively Testing Services - Burlington Ruby Conf
Effectively Testing Services - Burlington Ruby Conf
neal_kemp
 
How to implement authorization in your backend with AWS IAM
How to implement authorization in your backend with AWS IAMHow to implement authorization in your backend with AWS IAM
How to implement authorization in your backend with AWS IAM
Provectus
 
WordCamp GR 2012 Web Apps for the Masses
WordCamp GR 2012 Web Apps for the MassesWordCamp GR 2012 Web Apps for the Masses
WordCamp GR 2012 Web Apps for the Masses
David Tufts
 
7 Deadly Sins in Azure AD App Development
7 Deadly Sins in Azure AD App Development7 Deadly Sins in Azure AD App Development
7 Deadly Sins in Azure AD App Development
Joonas Westlin
 
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Eric Shupps
 
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
SPTECHCON - Who are You and What Do You Want - Working with OAuth in SharePoi...
Eric Shupps
 
AEM Client Context Customisation
AEM Client Context CustomisationAEM Client Context Customisation
AEM Client Context Customisation
Ankit Gubrani
 
Making your first alexa skills using lambda functions
Making your first alexa skills using lambda functionsMaking your first alexa skills using lambda functions
Making your first alexa skills using lambda functions
Mukul Jain
 
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014Green Light for the Apps with Calaba.sh - DroidCon Paris 2014
Green Light for the Apps with Calaba.sh - DroidCon Paris 2014
Jean-Loup Yu
 
Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020Implement Authorization in your Apps with Microsoft identity platform-June 2020
Implement Authorization in your Apps with Microsoft identity platform-June 2020
Microsoft 365 Developer
 
Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2
Nabeel Yoosuf
 

Similar to Design Web Api (20)

API Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsAPI Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIs
Tom Johnson
 
APIs REST Usables con Hypermedia por Javier Ramirez, para codemotion
APIs REST Usables con Hypermedia por Javier Ramirez, para codemotionAPIs REST Usables con Hypermedia por Javier Ramirez, para codemotion
APIs REST Usables con Hypermedia por Javier Ramirez, para codemotion
javier ramirez
 
RefCard RESTful API Design
RefCard RESTful API DesignRefCard RESTful API Design
RefCard RESTful API Design
OCTO Technology
 
Developing Apps with Azure AD
Developing Apps with Azure ADDeveloping Apps with Azure AD
Developing Apps with Azure AD
SharePointRadi
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
CA API Management
 
Создание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружениеСоздание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружение
SQALab
 
Survival Strategies for API Documentation: Presentation to Southwestern Ontar...
Survival Strategies for API Documentation: Presentation to Southwestern Ontar...Survival Strategies for API Documentation: Presentation to Southwestern Ontar...
Survival Strategies for API Documentation: Presentation to Southwestern Ontar...
Tom Johnson
 
アプリで簡単にスタンプを販売するためのAPI開発
アプリで簡単にスタンプを販売するためのAPI開発アプリで簡単にスタンプを販売するためのAPI開発
アプリで簡単にスタンプを販売するためのAPI開発
LINE Corporation
 
SharePoint and Office Development Workshop
SharePoint and Office Development WorkshopSharePoint and Office Development Workshop
SharePoint and Office Development Workshop
Eric Shupps
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
CA API Management
 
Creating a World-Class RESTful Web Services API
Creating a World-Class RESTful Web Services APICreating a World-Class RESTful Web Services API
Creating a World-Class RESTful Web Services API
David Keener
 
Building RESTful APIs
Building RESTful APIsBuilding RESTful APIs
Building RESTful APIs
Silota Inc.
 
Single Page Applications - Where Security Goes to Die
Single Page Applications - Where Security Goes to DieSingle Page Applications - Where Security Goes to Die
Single Page Applications - Where Security Goes to Die
Curity
 
Creating Rich Server API’s for your Mobile Apps - Best Practices and Guidelines
Creating Rich Server API’s for your Mobile Apps - Best Practices and GuidelinesCreating Rich Server API’s for your Mobile Apps - Best Practices and Guidelines
Creating Rich Server API’s for your Mobile Apps - Best Practices and Guidelines
Jonathan Guthrie
 
Modern Authentication With Azure Active Directory For Web Applications Develo...
Modern Authentication With Azure Active Directory For Web Applications Develo...Modern Authentication With Azure Active Directory For Web Applications Develo...
Modern Authentication With Azure Active Directory For Web Applications Develo...
ikhinesagang32
 
Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API Platform
Antonio Peric-Mazar
 
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Anna Klepacka
 
Telerik AppBuilder Presentation for TelerikNEXT Conference
Telerik AppBuilder Presentation for TelerikNEXT ConferenceTelerik AppBuilder Presentation for TelerikNEXT Conference
Telerik AppBuilder Presentation for TelerikNEXT Conference
Jen Looper
 
API SECURITY
API SECURITYAPI SECURITY
API SECURITY
Tubagus Rizky Dharmawan
 
Web Development Presentation
Web Development PresentationWeb Development Presentation
Web Development Presentation
TurnToTech
 
API Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIsAPI Workshop: Deep dive into REST APIs
API Workshop: Deep dive into REST APIs
Tom Johnson
 
APIs REST Usables con Hypermedia por Javier Ramirez, para codemotion
APIs REST Usables con Hypermedia por Javier Ramirez, para codemotionAPIs REST Usables con Hypermedia por Javier Ramirez, para codemotion
APIs REST Usables con Hypermedia por Javier Ramirez, para codemotion
javier ramirez
 
RefCard RESTful API Design
RefCard RESTful API DesignRefCard RESTful API Design
RefCard RESTful API Design
OCTO Technology
 
Developing Apps with Azure AD
Developing Apps with Azure ADDeveloping Apps with Azure AD
Developing Apps with Azure AD
SharePointRadi
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
CA API Management
 
Создание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружениеСоздание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружение
SQALab
 
Survival Strategies for API Documentation: Presentation to Southwestern Ontar...
Survival Strategies for API Documentation: Presentation to Southwestern Ontar...Survival Strategies for API Documentation: Presentation to Southwestern Ontar...
Survival Strategies for API Documentation: Presentation to Southwestern Ontar...
Tom Johnson
 
アプリで簡単にスタンプを販売するためのAPI開発
アプリで簡単にスタンプを販売するためのAPI開発アプリで簡単にスタンプを販売するためのAPI開発
アプリで簡単にスタンプを販売するためのAPI開発
LINE Corporation
 
SharePoint and Office Development Workshop
SharePoint and Office Development WorkshopSharePoint and Office Development Workshop
SharePoint and Office Development Workshop
Eric Shupps
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
CA API Management
 
Creating a World-Class RESTful Web Services API
Creating a World-Class RESTful Web Services APICreating a World-Class RESTful Web Services API
Creating a World-Class RESTful Web Services API
David Keener
 
Building RESTful APIs
Building RESTful APIsBuilding RESTful APIs
Building RESTful APIs
Silota Inc.
 
Single Page Applications - Where Security Goes to Die
Single Page Applications - Where Security Goes to DieSingle Page Applications - Where Security Goes to Die
Single Page Applications - Where Security Goes to Die
Curity
 
Creating Rich Server API’s for your Mobile Apps - Best Practices and Guidelines
Creating Rich Server API’s for your Mobile Apps - Best Practices and GuidelinesCreating Rich Server API’s for your Mobile Apps - Best Practices and Guidelines
Creating Rich Server API’s for your Mobile Apps - Best Practices and Guidelines
Jonathan Guthrie
 
Modern Authentication With Azure Active Directory For Web Applications Develo...
Modern Authentication With Azure Active Directory For Web Applications Develo...Modern Authentication With Azure Active Directory For Web Applications Develo...
Modern Authentication With Azure Active Directory For Web Applications Develo...
ikhinesagang32
 
Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API Platform
Antonio Peric-Mazar
 
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example
Anna Klepacka
 
Telerik AppBuilder Presentation for TelerikNEXT Conference
Telerik AppBuilder Presentation for TelerikNEXT ConferenceTelerik AppBuilder Presentation for TelerikNEXT Conference
Telerik AppBuilder Presentation for TelerikNEXT Conference
Jen Looper
 
API SECURITY
API SECURITYAPI SECURITY
API SECURITY
Tubagus Rizky Dharmawan
 
Web Development Presentation
Web Development PresentationWeb Development Presentation
Web Development Presentation
TurnToTech
 
Ad

Recently uploaded (20)

Oracle Cloud Infrastructure Generative AI Professional
Oracle Cloud Infrastructure Generative AI ProfessionalOracle Cloud Infrastructure Generative AI Professional
Oracle Cloud Infrastructure Generative AI Professional
VICTOR MAESTRE RAMIREZ
 
Oracle Cloud Infrastructure AI Foundations
Oracle Cloud Infrastructure AI FoundationsOracle Cloud Infrastructure AI Foundations
Oracle Cloud Infrastructure AI Foundations
VICTOR MAESTRE RAMIREZ
 
Cybersecurity Fundamentals: Apprentice - Palo Alto Certificate
Cybersecurity Fundamentals: Apprentice - Palo Alto CertificateCybersecurity Fundamentals: Apprentice - Palo Alto Certificate
Cybersecurity Fundamentals: Apprentice - Palo Alto Certificate
VICTOR MAESTRE RAMIREZ
 
Introduction to Typescript - GDG On Campus EUE
Introduction to Typescript - GDG On Campus EUEIntroduction to Typescript - GDG On Campus EUE
Introduction to Typescript - GDG On Campus EUE
Google Developer Group On Campus European Universities in Egypt
 
Trends Artificial Intelligence - Mary Meeker
Trends Artificial Intelligence - Mary MeekerTrends Artificial Intelligence - Mary Meeker
Trends Artificial Intelligence - Mary Meeker
Clive Dickens
 
Soulmaite review - Find Real AI soulmate review
Soulmaite review - Find Real AI soulmate reviewSoulmaite review - Find Real AI soulmate review
Soulmaite review - Find Real AI soulmate review
Soulmaite
 
Compliance-as-a-Service document pdf text
Compliance-as-a-Service document pdf textCompliance-as-a-Service document pdf text
Compliance-as-a-Service document pdf text
Earthling security
 
If You Use Databricks, You Definitely Need FME
If You Use Databricks, You Definitely Need FMEIf You Use Databricks, You Definitely Need FME
If You Use Databricks, You Definitely Need FME
Safe Software
 
LSNIF: Locally-Subdivided Neural Intersection Function
LSNIF: Locally-Subdivided Neural Intersection FunctionLSNIF: Locally-Subdivided Neural Intersection Function
LSNIF: Locally-Subdivided Neural Intersection Function
Takahiro Harada
 
Evaluation Challenges in Using Generative AI for Science & Technical Content
Evaluation Challenges in Using Generative AI for Science & Technical ContentEvaluation Challenges in Using Generative AI for Science & Technical Content
Evaluation Challenges in Using Generative AI for Science & Technical Content
Paul Groth
 
Jeremy Millul - A Talented Software Developer
Jeremy Millul - A Talented Software DeveloperJeremy Millul - A Talented Software Developer
Jeremy Millul - A Talented Software Developer
Jeremy Millul
 
End-to-end Assurance for SD-WAN & SASE with ThousandEyes
End-to-end Assurance for SD-WAN & SASE with ThousandEyesEnd-to-end Assurance for SD-WAN & SASE with ThousandEyes
End-to-end Assurance for SD-WAN & SASE with ThousandEyes
ThousandEyes
 
Developing Schemas with FME and Excel - Peak of Data & AI 2025
Developing Schemas with FME and Excel - Peak of Data & AI 2025Developing Schemas with FME and Excel - Peak of Data & AI 2025
Developing Schemas with FME and Excel - Peak of Data & AI 2025
Safe Software
 
AI Agents in Logistics and Supply Chain Applications Benefits and Implementation
AI Agents in Logistics and Supply Chain Applications Benefits and ImplementationAI Agents in Logistics and Supply Chain Applications Benefits and Implementation
AI Agents in Logistics and Supply Chain Applications Benefits and Implementation
Christine Shepherd
 
Create Your First AI Agent with UiPath Agent Builder
Create Your First AI Agent with UiPath Agent BuilderCreate Your First AI Agent with UiPath Agent Builder
Create Your First AI Agent with UiPath Agent Builder
DianaGray10
 
MCP vs A2A vs ACP: Choosing the Right Protocol | Bluebash
MCP vs A2A vs ACP: Choosing the Right Protocol | BluebashMCP vs A2A vs ACP: Choosing the Right Protocol | Bluebash
MCP vs A2A vs ACP: Choosing the Right Protocol | Bluebash
Bluebash
 
ISOIEC 42005 Revolutionalises AI Impact Assessment.pptx
ISOIEC 42005 Revolutionalises AI Impact Assessment.pptxISOIEC 42005 Revolutionalises AI Impact Assessment.pptx
ISOIEC 42005 Revolutionalises AI Impact Assessment.pptx
AyilurRamnath1
 
Top 25 AI Coding Agents for Vibe Coders to Use in 2025.pdf
Top 25 AI Coding Agents for Vibe Coders to Use in 2025.pdfTop 25 AI Coding Agents for Vibe Coders to Use in 2025.pdf
Top 25 AI Coding Agents for Vibe Coders to Use in 2025.pdf
SOFTTECHHUB
 
DevOps in the Modern Era - Thoughtfully Critical Podcast
DevOps in the Modern Era - Thoughtfully Critical PodcastDevOps in the Modern Era - Thoughtfully Critical Podcast
DevOps in the Modern Era - Thoughtfully Critical Podcast
Chris Wahl
 
7 Salesforce Data Cloud Best Practices.pdf
7 Salesforce Data Cloud Best Practices.pdf7 Salesforce Data Cloud Best Practices.pdf
7 Salesforce Data Cloud Best Practices.pdf
Minuscule Technologies
 
Oracle Cloud Infrastructure Generative AI Professional
Oracle Cloud Infrastructure Generative AI ProfessionalOracle Cloud Infrastructure Generative AI Professional
Oracle Cloud Infrastructure Generative AI Professional
VICTOR MAESTRE RAMIREZ
 
Oracle Cloud Infrastructure AI Foundations
Oracle Cloud Infrastructure AI FoundationsOracle Cloud Infrastructure AI Foundations
Oracle Cloud Infrastructure AI Foundations
VICTOR MAESTRE RAMIREZ
 
Cybersecurity Fundamentals: Apprentice - Palo Alto Certificate
Cybersecurity Fundamentals: Apprentice - Palo Alto CertificateCybersecurity Fundamentals: Apprentice - Palo Alto Certificate
Cybersecurity Fundamentals: Apprentice - Palo Alto Certificate
VICTOR MAESTRE RAMIREZ
 
Introduction to Typescript - GDG On Campus EUE
Introduction to Typescript - GDG On Campus EUEIntroduction to Typescript - GDG On Campus EUE
Introduction to Typescript - GDG On Campus EUE
Google Developer Group On Campus European Universities in Egypt
 
Trends Artificial Intelligence - Mary Meeker
Trends Artificial Intelligence - Mary MeekerTrends Artificial Intelligence - Mary Meeker
Trends Artificial Intelligence - Mary Meeker
Clive Dickens
 
Soulmaite review - Find Real AI soulmate review
Soulmaite review - Find Real AI soulmate reviewSoulmaite review - Find Real AI soulmate review
Soulmaite review - Find Real AI soulmate review
Soulmaite
 
Compliance-as-a-Service document pdf text
Compliance-as-a-Service document pdf textCompliance-as-a-Service document pdf text
Compliance-as-a-Service document pdf text
Earthling security
 
If You Use Databricks, You Definitely Need FME
If You Use Databricks, You Definitely Need FMEIf You Use Databricks, You Definitely Need FME
If You Use Databricks, You Definitely Need FME
Safe Software
 
LSNIF: Locally-Subdivided Neural Intersection Function
LSNIF: Locally-Subdivided Neural Intersection FunctionLSNIF: Locally-Subdivided Neural Intersection Function
LSNIF: Locally-Subdivided Neural Intersection Function
Takahiro Harada
 
Evaluation Challenges in Using Generative AI for Science & Technical Content
Evaluation Challenges in Using Generative AI for Science & Technical ContentEvaluation Challenges in Using Generative AI for Science & Technical Content
Evaluation Challenges in Using Generative AI for Science & Technical Content
Paul Groth
 
Jeremy Millul - A Talented Software Developer
Jeremy Millul - A Talented Software DeveloperJeremy Millul - A Talented Software Developer
Jeremy Millul - A Talented Software Developer
Jeremy Millul
 
End-to-end Assurance for SD-WAN & SASE with ThousandEyes
End-to-end Assurance for SD-WAN & SASE with ThousandEyesEnd-to-end Assurance for SD-WAN & SASE with ThousandEyes
End-to-end Assurance for SD-WAN & SASE with ThousandEyes
ThousandEyes
 
Developing Schemas with FME and Excel - Peak of Data & AI 2025
Developing Schemas with FME and Excel - Peak of Data & AI 2025Developing Schemas with FME and Excel - Peak of Data & AI 2025
Developing Schemas with FME and Excel - Peak of Data & AI 2025
Safe Software
 
AI Agents in Logistics and Supply Chain Applications Benefits and Implementation
AI Agents in Logistics and Supply Chain Applications Benefits and ImplementationAI Agents in Logistics and Supply Chain Applications Benefits and Implementation
AI Agents in Logistics and Supply Chain Applications Benefits and Implementation
Christine Shepherd
 
Create Your First AI Agent with UiPath Agent Builder
Create Your First AI Agent with UiPath Agent BuilderCreate Your First AI Agent with UiPath Agent Builder
Create Your First AI Agent with UiPath Agent Builder
DianaGray10
 
MCP vs A2A vs ACP: Choosing the Right Protocol | Bluebash
MCP vs A2A vs ACP: Choosing the Right Protocol | BluebashMCP vs A2A vs ACP: Choosing the Right Protocol | Bluebash
MCP vs A2A vs ACP: Choosing the Right Protocol | Bluebash
Bluebash
 
ISOIEC 42005 Revolutionalises AI Impact Assessment.pptx
ISOIEC 42005 Revolutionalises AI Impact Assessment.pptxISOIEC 42005 Revolutionalises AI Impact Assessment.pptx
ISOIEC 42005 Revolutionalises AI Impact Assessment.pptx
AyilurRamnath1
 
Top 25 AI Coding Agents for Vibe Coders to Use in 2025.pdf
Top 25 AI Coding Agents for Vibe Coders to Use in 2025.pdfTop 25 AI Coding Agents for Vibe Coders to Use in 2025.pdf
Top 25 AI Coding Agents for Vibe Coders to Use in 2025.pdf
SOFTTECHHUB
 
DevOps in the Modern Era - Thoughtfully Critical Podcast
DevOps in the Modern Era - Thoughtfully Critical PodcastDevOps in the Modern Era - Thoughtfully Critical Podcast
DevOps in the Modern Era - Thoughtfully Critical Podcast
Chris Wahl
 
7 Salesforce Data Cloud Best Practices.pdf
7 Salesforce Data Cloud Best Practices.pdf7 Salesforce Data Cloud Best Practices.pdf
7 Salesforce Data Cloud Best Practices.pdf
Minuscule Technologies
 
Ad

Design Web Api

  • 1. Design Web APIs Tailor Fontela An brief introduction to start crafting API
  • 4. Motivations Multiple Clients Browsers, Iphone and Android Apps, etc.. JavaScript Libraries Angular, Ember, Backbone, Knockout Startups and Business Core, Social Data, Marketing
  • 5. “IF SOFTWARE IS EATING THE WORLD, APIS ARE EATING SOFTWARE.” Steven Willmott CEO of 3Scale, during APIdays 2012 conference in San Francisco. “SOFTWARE IS EATING THE WORLD” Marc Andreessen in 2011.
  • 8. The success of an API design is measured by how quickly developers can get up to start using your API..
  • 9. Characteristics of a Good API Easy to learn Easy to use, even without documentation Well documented Easy to extend Appropriate to audience Design Web APIs
  • 10. Imagine how developers will use your API
  • 12. Design Web APIs apiary.io Collaborative design, instant API mock, generated documentation..
  • 13. Design Web APIs GuruRS API Mock Server http://gururs.apiary-mock.com $ curl http://gururs.apiary-mock.com/books $ curl http://gururs.apiary-mock.com/books/2 $ curl http://gururs.apiary-mock.com/books/1/author https://gist.github.com/taylorrf/b2a3e5ffcd49c1cf4c29
  • 14. Keep URL Simple and Intuitive /GetLastBook Nouns are Good. Verbs are Bad. /ListAllBooks /SetBookStateTo /ListAllAvaibleBooksOf /Books Design Web APIs
  • 15. Use HTTP Verbs Properly POST - Create a new resource. PUT - Update a specific resource (by an identifier) or a collection of. GET - Read a specific resource (by an identifier) or a collection of. 
 DELETE - Delete/remove a specific resource by an identifier DELETE /books/:id GET /books/:id/delete Design Web APIs
  • 16. Use HTTP Status Code Properly Over 70 HTTP status code officially registered ( http://bit.ly/1qMa7aS ) 200 - :ok - (Everthing worked) 400 - :bad_request - (The client did something wrong) 500 - :internal_server_error - (The API did something wrong) 201 :created 304 :not_modified 404 :not_found - The requested resource doesn't exist 401 : unauthorized - Not authenticated or allowed Design Web APIs
  • 17. Use HTTP Status Code Properly CLI API post /books [title: "book2"] 200 {error: “Author required"} CLI API post /books [title: "book2"] 400 {error: “Author required"} Design Web APIs
  • 18. Use HTTP Status Code Properly CLI API post /books [title: "book2"] CLI API post /books [title: "book2"] 400 {error: “You are not Admin"} 401 {error: “You are not Admin"} Design Web APIs 400 :bad_request 401 : unauthorized
  • 19. Filtering your Data Design Web APIs Pagination offset - Initial point to consider limit/length - number of elements you need orderby - attribute to sort on sort - ASC/DESC Allow your users API to get only some parts of resources https://api.gururs.com/books/?limit=20&sort=DESC Ordering
  • 20. Filtering your Data Design Web APIs Provide only the fields your client need https://api.gururs.com/books/?limit=20&sort=DESC&fields=title,url Filtering Searching https://api.gururs.com/books/?q=Design API https://api.gururs.com/books/?type=ebook
  • 21. Filtering your Data Design Web APIs Aliases for common queries https://api.gururs.com/books/used https://api.gururs.com/books/free_ebooks https://api.gururs.com/books/deals
  • 22. JSON format Follow some JSON format convention for your great good. Design Web APIs http://jsonapi.org/ (Steve Klabnik & Yehuda Katz) A standard for building APIs in JSON. ! If you've ever argued with your team about the way your JSON responses should be formatted, JSON API is your anti-bikeshedding weapon.
  • 23. JSON format http://jsonapi.org/ Design Web APIs { "links": { "books.author": { "href": "http://api.gururs.com/users/{books.author}", "type": "users" } }, "books": [{ "id": "2", "title": "Your API is Bad", "links": { "author": "1" } }] }
  • 24. Authentications Design Web APIs A RESTful API should be stateless. Each request should come with some authentication credentials. Basic HTTP Authentication over SSL SSL everywhere. Always use SSL. No exceptions.
 http://ssl.comodo.com/
  • 25. Authentications Design Web APIs $ curl -IH "Authorization: Token token=16d7d60" http://api.gururs.com/books Easily expire or regenerate tokens without affecting the user’s password. Greater control for each token, different access rules can be implemented. Multiple tokens for each user to grant access to different API clients. Token Based Authentication
  • 26. Errors Design Web APIs { "error" : “Something wrong.. sorry. try again.”, } { "code" : 576, "message" : "Something bad happened here..”, "description" : "More details about the error here” "url" :“http://api.gururs.com/docs/errors#576“ }
  • 27. Errors Design Web APIs { "code" : "validation_failed", "message" : "Validation failed because you are stupid", "errors" : [ { "code" : "blank_field", "field" : "title", "message" : "Title cannot be blank" }, { "code" : "blank_field", "field" : "author", "message" : "Author cannot be blank" } ] }
  • 29. Versioning Design Web APIs https://api.gururs.com/v2/books URL Versioning https://api.gururs.com/books Custom request reader api-version: 2 http://www.troyhunt.com/2014/02/your-api-versioning-is-wrong-which-is.html https://api.gururs.com/books Content type Accept: application/vnd.gururs.v3+json
  • 30. Wrapping Up • Design First
 • Keep URL Simple
 • Use HTTP Verbs Properly
 • Use HTTP Status Code Properly
 • Allow your users to filter your data
 • Follow some JSON format convention ! • Authentication ! • Errors ! • Versioning !
  • 31. References Surviving API’s with Rails - CodeSchool https://www.codeschool.com/courses/surviving-apis-with-rails ! Code Samples on Rails 4 https://github.com/codeschool/SurvivingAPIsDemoApp Your API is Bad https://leanpub.com/yourapiisbad HTTP Succinctly https://www.syncfusion.com/resources/techportal/ebooks/http Web API Design: Crafting Interfaces that Developers Love
 https://pages.apigee.com/web-api-design-ebook.html
  • 32. References Build the API First http://confreaks.com/videos/3362-railsconf-build-the-api-first "JSON API: convention driven API design", by Steve Klabnik APIdays Paris 2013 https://www.youtube.com/watch?v=FpS_E90-6O8 API Days Conference - YT Channel https://www.youtube.com/user/apidays/videos Traffic and Weather Podcast http://trafficandweather.io/