SlideShare a Scribd company logo

API design principles for accelerated development

Download as PPTX, PDF
Jonathan LeBlanc
Jonathan LeBlanc

Audio from this presentation is available at https://archive.org/details/api_design One of the largest issues in API architecture development is that the task is often driven by the pragmatic indoctrination of a specification into a product rather than designing around the speed and ease of development, usually due to a separation between the engineering teams and their core developer user base. Extending upon the ideas of API design around developer accelerated development, we will take a deeper look into some of the great techniques delivered to us through the RESTful specification, applying them to developer API consumption practices with the intention of creating efficient best practices for rapid development. Within this talk we will explore what we have learned through reconstructing our API backbone at PayPal for our developer community, including: - API automation practices for code reduction and application longevity - Open security standards that promote developer integration ease and maintain strict security practices - RESTful API architecture best practices for developer centric accelerated development

1 of 41
Downloaded 125 times
API Design Principles For Accelerated Development Jonathan LeBlanc (@jcleblanc) Head of Developer Evangelism PayPal North America
The Exploration of API Design Blank Slate Constraints
Building APIs for Developers
The Tradeoff Decision
Developer efficiency task 1 Lowering perceived latency for developers Lower Perceived Latency
What’s the Tradeoff? System Layering Result Caching
Layering the System Encapsulates legacy systems Simplified components Better load balancing abilities Systems can evolve independently
Separation of Concerns
Stateless System Latency Issues Data Duplication A + B A + C
Caching for Latency Reduction
Developer efficiency task 2 Use HTTP properly – standard request and response types Not Hindering with HTTP
What’s the Tradeoff?
Requests and Responses GET / PUT / POST / DELETE have specific actions Proper status codes and error responses
Don’t do This {"error": "error 10008"} Do This HTTP/1.1 400 Bad Request Content-Length: 35 {"message":"Problems parsing JSON"} Descriptive Messaging
X-Rate-Limit-Limit Number of requests allowed in current period X-Rate-Limit-Remaining Number of remaining requests in current period X-Rate-Limit-Reset Number of seconds left in current period Useful Responses on Rate Limiting
Use Status Cats! http://httpcats.herokuapp.com/ Don’t Want to Use Boring Responses?
Allowing HTTP Overriding curl -i -X POST https://api.sandbox.paypal.com/v1/payments/ -H "Content-Type:application/json" -H "X-HTTP-Method-Override: PUT" Injecting PUT / DELETE methods when HTTP client only supports GET / POST
Action Automation
What’s the Tradeoff? Payload Size Code Length
RESTful API Core Concepts Honor HTTP request verbs Use proper HTTP status codes No version numbering in URIs Return format via HTTP Accept header Double Rainbow: Discovery via HATEOAS
To Version or Not to Version
Uniform Interface Sub-Constraints Resource Identification Resources must be manipulated via representations Self descriptive messages Hypermedia as the engine of application state
How we Normally Consume APIs
Using HATEOAS to Automate
How HATEOAS Works curl -v -X GET https://api.sandbox.paypal.com/v1/payments/authoriz ation/2DC87612EK520411B -H "Content-Type:application/json" -H "Authorization:Bearer ENxom5Fof1KqAffEsXtx1HTEK__KVdIsaCYF8C" You make an API request
"links": [ { "href":"https://api.sandbox.paypal.com/v1/payments/ authorization/6H149011U8307001M", "rel":"self", "method":"GET" },{ "href":"https://api.sandbox.paypal.com/v1/payments/ authorization/6H149011U8307001M/capture", "rel":"capture", "method":"POST" },{ "href":"https://api.sandbox.paypal.com/v1/payments/ authorization/6H149011U8307001M/void", "rel":"void", "method":"POST" } ]
Developer efficiency task 2 Secure Data Resources
What’s the Tradeoff? Security Usability
Some Security Models Proprietary Solution Basic Authentication OAuth 1.0a OAuth 2 / OpenID Connect Cross-Origin Resource Sharing (CORS)
A Modern Approach CORS Client-side SDK OpenID Connect Server-side SDKs
Working on the Server Side SDKs Secure Token Management Simplified Development
Cross Origin Issues and Options Access to other domains / subdomains is restricted (same origin policy) JSONP to request resources across domains Only supports HTTP GET requests Cross-origin resource sharing (CORS) Supports additional range of HTTP requests
Can you use it? http://caniuse.com/cors
How Does it Work? OPTIONS /v1/oauth2/token HTTP/1.1 Origin: http://jcleblanc.com Access-Control-Request-Method: PUT Host: api.sandbox.paypal.com Accept-Language: en-US Connection: keep-alive ... Site sends Origin header to server
How Does it Work? Server responds with matching Access-Control-Allow-Origin header Access-Control-Allow-Origin: http://jcleblanc.com Access-Control-Allow-Methods: GET, POST, PUT Content-Type: text/html; charset=utf-8
Developer efficiency task 4 Offload complexity to the implementing provider Offload Complexity
The Complexities Authentication / Authorization Legacy API support Working between versioning API changes that break implementations Reduction in latency
GET /payment POST /sale POST /payment DELETE /refund GET /getSinglePayment POST /setNewSingleSale POST /addNewSinglePayment DELETE /issueSingleRefund URL Structure, Verbs, and Nouns
Representations on Update / Create { "id": "PAY-17S8410768582940NKEE66EQ", "create_time": "2013-01-31T04:12:02Z", "update_time": "2013-01-31T04:12:04Z", "state": "approved", "intent": "sale", "payer": {...}, "transactions": [{...}], "links": [{...}] } Send enough detail to not have to make another request to the API
API architecture is all about tradeoffs You are not making a perfect system, you are making a perfect system for your developers Bringing it all Together
Thanks! Questions? http://slideshare.net/jcleblanc Jonathan LeBlanc (@jcleblanc) Head of Developer Evangelism PayPal North America
Ad

Recommended

The API-Application Semantic Gap
The API-Application Semantic GapThe API-Application Semantic Gap
The API-Application Semantic Gap
3scale
 
API Virtualization: Mocking on Steroids
API Virtualization: Mocking on SteroidsAPI Virtualization: Mocking on Steroids
API Virtualization: Mocking on Steroids
SmartBear
 
The API Facade Pattern: Common Patterns - Episode 2
The API Facade Pattern: Common Patterns - Episode 2The API Facade Pattern: Common Patterns - Episode 2
The API Facade Pattern: Common Patterns - Episode 2
Apigee | Google Cloud
 
API Test Automation
API Test Automation API Test Automation
API Test Automation
SQALab
 
Evaluating and Testing Web APIs
Evaluating and Testing Web APIsEvaluating and Testing Web APIs
Evaluating and Testing Web APIs
SmartBear
 
Api Abstraction & Api Chaining
Api Abstraction & Api ChainingApi Abstraction & Api Chaining
Api Abstraction & Api Chaining
Owen Rubel
 
Operational API design anti-patterns (Jason Harmon)
Operational API design anti-patterns (Jason Harmon)Operational API design anti-patterns (Jason Harmon)
Operational API design anti-patterns (Jason Harmon)
Nordic APIs
 
Postman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioPostman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenario
HYS Enterprise
 
Mocking APIs Collaboratively with Postman
Mocking APIs Collaboratively with PostmanMocking APIs Collaboratively with Postman
Mocking APIs Collaboratively with Postman
Nordic APIs
 
Scala & Swagger at Wordnik
Scala & Swagger at WordnikScala & Swagger at Wordnik
Scala & Swagger at Wordnik
Tony Tam
 
Api testing
Api testingApi testing
Api testing
Keshav Kashyap
 
API Security with Postman and Qualys
API Security with Postman and QualysAPI Security with Postman and Qualys
API Security with Postman and Qualys
Postman
 
Api Design
Api DesignApi Design
Api Design
Jason Harmon
 
A Tasty deep-dive into Open API Specification Links
A Tasty deep-dive into Open API Specification LinksA Tasty deep-dive into Open API Specification Links
A Tasty deep-dive into Open API Specification Links
Tony Tam
 
API for Beginners
API for BeginnersAPI for Beginners
API for Beginners
Gustavo De Vita
 
Web API testing : A quick glance
Web API testing : A quick glanceWeb API testing : A quick glance
Web API testing : A quick glance
Dhanalaxmi K
 
Automate REST API Testing
Automate REST API TestingAutomate REST API Testing
Automate REST API Testing
TechWell
 
Common Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using PostmanCommon Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using Postman
Postman
 
Pain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywherePain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re Everywhere
Nordic APIs
 
API Design Principles for Accelerated Development
API Design Principles for Accelerated DevelopmentAPI Design Principles for Accelerated Development
API Design Principles for Accelerated Development
Jonathan LeBlanc
 
Herding Microservices – the Atlassian Way
Herding Microservices – the Atlassian WayHerding Microservices – the Atlassian Way
Herding Microservices – the Atlassian Way
Atlassian
 
Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)
Nordic APIs
 
How To Design A Good A P I And Why It Matters G O O G L E
How To Design A Good A P I And Why It Matters G O O G L EHow To Design A Good A P I And Why It Matters G O O G L E
How To Design A Good A P I And Why It Matters G O O G L E
guestbe92f4
 
IO State In Distributed API Architecture
IO State In Distributed API ArchitectureIO State In Distributed API Architecture
IO State In Distributed API Architecture
Owen Rubel
 
API 101 - Understanding APIs
API 101 - Understanding APIsAPI 101 - Understanding APIs
API 101 - Understanding APIs
3scale
 
App & API Monitoring: Building a 5-Star Reputation for your Apps
App & API Monitoring: Building a 5-Star Reputation for your AppsApp & API Monitoring: Building a 5-Star Reputation for your Apps
App & API Monitoring: Building a 5-Star Reputation for your Apps
Apigee | Google Cloud
 
Golden Rules of API Design
Golden Rules of API DesignGolden Rules of API Design
Golden Rules of API Design
David Koelle
 
Rest in practice
Rest in practiceRest in practice
Rest in practice
Ian Brennan
 
Test and Protect Your API
Test and Protect Your APITest and Protect Your API
Test and Protect Your API
SmartBear
 
The Fundamentals of Platform Strategy: Creating Genuine Value with APIs
The Fundamentals of Platform Strategy: Creating Genuine Value with APIsThe Fundamentals of Platform Strategy: Creating Genuine Value with APIs
The Fundamentals of Platform Strategy: Creating Genuine Value with APIs
3scale
 
Ad

More Related Content

What's hot (20)

Mocking APIs Collaboratively with Postman
Mocking APIs Collaboratively with PostmanMocking APIs Collaboratively with Postman
Mocking APIs Collaboratively with Postman
Nordic APIs
 
Scala & Swagger at Wordnik
Scala & Swagger at WordnikScala & Swagger at Wordnik
Scala & Swagger at Wordnik
Tony Tam
 
Api testing
Api testingApi testing
Api testing
Keshav Kashyap
 
API Security with Postman and Qualys
API Security with Postman and QualysAPI Security with Postman and Qualys
API Security with Postman and Qualys
Postman
 
Api Design
Api DesignApi Design
Api Design
Jason Harmon
 
A Tasty deep-dive into Open API Specification Links
A Tasty deep-dive into Open API Specification LinksA Tasty deep-dive into Open API Specification Links
A Tasty deep-dive into Open API Specification Links
Tony Tam
 
API for Beginners
API for BeginnersAPI for Beginners
API for Beginners
Gustavo De Vita
 
Web API testing : A quick glance
Web API testing : A quick glanceWeb API testing : A quick glance
Web API testing : A quick glance
Dhanalaxmi K
 
Automate REST API Testing
Automate REST API TestingAutomate REST API Testing
Automate REST API Testing
TechWell
 
Common Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using PostmanCommon Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using Postman
Postman
 
Pain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywherePain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re Everywhere
Nordic APIs
 
API Design Principles for Accelerated Development
API Design Principles for Accelerated DevelopmentAPI Design Principles for Accelerated Development
API Design Principles for Accelerated Development
Jonathan LeBlanc
 
Herding Microservices – the Atlassian Way
Herding Microservices – the Atlassian WayHerding Microservices – the Atlassian Way
Herding Microservices – the Atlassian Way
Atlassian
 
Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)
Nordic APIs
 
How To Design A Good A P I And Why It Matters G O O G L E
How To Design A Good A P I And Why It Matters G O O G L EHow To Design A Good A P I And Why It Matters G O O G L E
How To Design A Good A P I And Why It Matters G O O G L E
guestbe92f4
 
IO State In Distributed API Architecture
IO State In Distributed API ArchitectureIO State In Distributed API Architecture
IO State In Distributed API Architecture
Owen Rubel
 
API 101 - Understanding APIs
API 101 - Understanding APIsAPI 101 - Understanding APIs
API 101 - Understanding APIs
3scale
 
App & API Monitoring: Building a 5-Star Reputation for your Apps
App & API Monitoring: Building a 5-Star Reputation for your AppsApp & API Monitoring: Building a 5-Star Reputation for your Apps
App & API Monitoring: Building a 5-Star Reputation for your Apps
Apigee | Google Cloud
 
Golden Rules of API Design
Golden Rules of API DesignGolden Rules of API Design
Golden Rules of API Design
David Koelle
 
Rest in practice
Rest in practiceRest in practice
Rest in practice
Ian Brennan
 
Mocking APIs Collaboratively with Postman
Mocking APIs Collaboratively with PostmanMocking APIs Collaboratively with Postman
Mocking APIs Collaboratively with Postman
Nordic APIs
 
Scala & Swagger at Wordnik
Scala & Swagger at WordnikScala & Swagger at Wordnik
Scala & Swagger at Wordnik
Tony Tam
 
Api testing
Api testingApi testing
Api testing
Keshav Kashyap
 
API Security with Postman and Qualys
API Security with Postman and QualysAPI Security with Postman and Qualys
API Security with Postman and Qualys
Postman
 
Api Design
Api DesignApi Design
Api Design
Jason Harmon
 
A Tasty deep-dive into Open API Specification Links
A Tasty deep-dive into Open API Specification LinksA Tasty deep-dive into Open API Specification Links
A Tasty deep-dive into Open API Specification Links
Tony Tam
 
API for Beginners
API for BeginnersAPI for Beginners
API for Beginners
Gustavo De Vita
 
Web API testing : A quick glance
Web API testing : A quick glanceWeb API testing : A quick glance
Web API testing : A quick glance
Dhanalaxmi K
 
Automate REST API Testing
Automate REST API TestingAutomate REST API Testing
Automate REST API Testing
TechWell
 
Common Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using PostmanCommon Security API Issues and How to Mitigate Them Using Postman
Common Security API Issues and How to Mitigate Them Using Postman
Postman
 
Pain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywherePain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re Everywhere
Nordic APIs
 
API Design Principles for Accelerated Development
API Design Principles for Accelerated DevelopmentAPI Design Principles for Accelerated Development
API Design Principles for Accelerated Development
Jonathan LeBlanc
 
Herding Microservices – the Atlassian Way
Herding Microservices – the Atlassian WayHerding Microservices – the Atlassian Way
Herding Microservices – the Atlassian Way
Atlassian
 
Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)
Nordic APIs
 
How To Design A Good A P I And Why It Matters G O O G L E
How To Design A Good A P I And Why It Matters G O O G L EHow To Design A Good A P I And Why It Matters G O O G L E
How To Design A Good A P I And Why It Matters G O O G L E
guestbe92f4
 
IO State In Distributed API Architecture
IO State In Distributed API ArchitectureIO State In Distributed API Architecture
IO State In Distributed API Architecture
Owen Rubel
 
API 101 - Understanding APIs
API 101 - Understanding APIsAPI 101 - Understanding APIs
API 101 - Understanding APIs
3scale
 
App & API Monitoring: Building a 5-Star Reputation for your Apps
App & API Monitoring: Building a 5-Star Reputation for your AppsApp & API Monitoring: Building a 5-Star Reputation for your Apps
App & API Monitoring: Building a 5-Star Reputation for your Apps
Apigee | Google Cloud
 
Golden Rules of API Design
Golden Rules of API DesignGolden Rules of API Design
Golden Rules of API Design
David Koelle
 
Rest in practice
Rest in practiceRest in practice
Rest in practice
Ian Brennan
 

Viewers also liked (9)

Test and Protect Your API
Test and Protect Your APITest and Protect Your API
Test and Protect Your API
SmartBear
 
The Fundamentals of Platform Strategy: Creating Genuine Value with APIs
The Fundamentals of Platform Strategy: Creating Genuine Value with APIsThe Fundamentals of Platform Strategy: Creating Genuine Value with APIs
The Fundamentals of Platform Strategy: Creating Genuine Value with APIs
3scale
 
APIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside OutAPIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside Out
3scale
 
How to use Donuts and Onions for Scaling API Programs
How to use Donuts and Onions for Scaling API ProgramsHow to use Donuts and Onions for Scaling API Programs
How to use Donuts and Onions for Scaling API Programs
3scale
 
Oracle api gateway overview
Oracle api gateway overviewOracle api gateway overview
Oracle api gateway overview
Oracle Corporation
 
Take Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice ArchitectureTake Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice Architecture
3scale
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentation
sflynn073
 
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
Publicis Sapient Engineering
 
Integrating, exposing and managing distributed data with RESTful APIs and op...
Integrating, exposing and managing distributed data with RESTful APIs and op...Integrating, exposing and managing distributed data with RESTful APIs and op...
Integrating, exposing and managing distributed data with RESTful APIs and op...
3scale
 
Test and Protect Your API
Test and Protect Your APITest and Protect Your API
Test and Protect Your API
SmartBear
 
The Fundamentals of Platform Strategy: Creating Genuine Value with APIs
The Fundamentals of Platform Strategy: Creating Genuine Value with APIsThe Fundamentals of Platform Strategy: Creating Genuine Value with APIs
The Fundamentals of Platform Strategy: Creating Genuine Value with APIs
3scale
 
APIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside OutAPIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside Out
3scale
 
How to use Donuts and Onions for Scaling API Programs
How to use Donuts and Onions for Scaling API ProgramsHow to use Donuts and Onions for Scaling API Programs
How to use Donuts and Onions for Scaling API Programs
3scale
 
Oracle api gateway overview
Oracle api gateway overviewOracle api gateway overview
Oracle api gateway overview
Oracle Corporation
 
Take Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice ArchitectureTake Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice Architecture
3scale
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentation
sflynn073
 
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
XebiCon'16 : GraphQL et Falcor, un nouveau regard sur les architectures REST ...
Publicis Sapient Engineering
 
Integrating, exposing and managing distributed data with RESTful APIs and op...
Integrating, exposing and managing distributed data with RESTful APIs and op...Integrating, exposing and managing distributed data with RESTful APIs and op...
Integrating, exposing and managing distributed data with RESTful APIs and op...
3scale
 
Ad

Similar to API design principles for accelerated development (20)

Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
Jonathan LeBlanc
 
Designing JavaScript APIs
Designing JavaScript APIsDesigning JavaScript APIs
Designing JavaScript APIs
Jonathan LeBlanc
 
Service approach for development Rest API in Symfony2
Service approach for development Rest API in Symfony2Service approach for development Rest API in Symfony2
Service approach for development Rest API in Symfony2
Sumy PHP User Grpoup
 
Secure RESTful API Automation With JavaScript
Secure RESTful API Automation With JavaScriptSecure RESTful API Automation With JavaScript
Secure RESTful API Automation With JavaScript
Jonathan LeBlanc
 
ASP.NET WEB API Training
ASP.NET WEB API TrainingASP.NET WEB API Training
ASP.NET WEB API Training
Chalermpon Areepong
 
Progressive web apps
Progressive web appsProgressive web apps
Progressive web apps
Fastly
 
Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.
Mario Cardinal
 
Do not automate GUI testing
Do not automate GUI testingDo not automate GUI testing
Do not automate GUI testing
Atila Inovecký
 
CSG 2012
CSG 2012CSG 2012
CSG 2012
Scotty Logan
 
Eric Beland Ajax Load Testing Considerations
Eric Beland Ajax Load Testing ConsiderationsEric Beland Ajax Load Testing Considerations
Eric Beland Ajax Load Testing Considerations
Ajax Experience 2009
 
Ajax Load Testing Concerns By Eric Beland
Ajax Load Testing Concerns By Eric BelandAjax Load Testing Concerns By Eric Beland
Ajax Load Testing Concerns By Eric Beland
Testomatix
 
Crafting APIs
Crafting APIsCrafting APIs
Crafting APIs
Tatiana Al-Chueyr
 
Web api
Web apiWeb api
Web api
Sudhakar Sharma
 
Talking to Web Services
Talking to Web ServicesTalking to Web Services
Talking to Web Services
DrupalcampAtlanta2012
 
How APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile EnvironmentsHow APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile Environments
WSO2
 
Rest api standards and best practices
Rest api standards and best practicesRest api standards and best practices
Rest api standards and best practices
Ankita Mahajan
 
RESTful SOA - 中科院暑期讲座
RESTful SOA - 中科院暑期讲座RESTful SOA - 中科院暑期讲座
RESTful SOA - 中科院暑期讲座
Li Yi
 
Gohan
GohanGohan
Gohan
Nachi Ueno
 
Servlets
ServletsServlets
Servlets
Manav Prasad
 
REST-API introduction for developers
REST-API introduction for developersREST-API introduction for developers
REST-API introduction for developers
Patrick Savalle
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
Jonathan LeBlanc
 
Designing JavaScript APIs
Designing JavaScript APIsDesigning JavaScript APIs
Designing JavaScript APIs
Jonathan LeBlanc
 
Service approach for development Rest API in Symfony2
Service approach for development Rest API in Symfony2Service approach for development Rest API in Symfony2
Service approach for development Rest API in Symfony2
Sumy PHP User Grpoup
 
Secure RESTful API Automation With JavaScript
Secure RESTful API Automation With JavaScriptSecure RESTful API Automation With JavaScript
Secure RESTful API Automation With JavaScript
Jonathan LeBlanc
 
ASP.NET WEB API Training
ASP.NET WEB API TrainingASP.NET WEB API Training
ASP.NET WEB API Training
Chalermpon Areepong
 
Progressive web apps
Progressive web appsProgressive web apps
Progressive web apps
Fastly
 
Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.
Mario Cardinal
 
Do not automate GUI testing
Do not automate GUI testingDo not automate GUI testing
Do not automate GUI testing
Atila Inovecký
 
CSG 2012
CSG 2012CSG 2012
CSG 2012
Scotty Logan
 
Eric Beland Ajax Load Testing Considerations
Eric Beland Ajax Load Testing ConsiderationsEric Beland Ajax Load Testing Considerations
Eric Beland Ajax Load Testing Considerations
Ajax Experience 2009
 
Ajax Load Testing Concerns By Eric Beland
Ajax Load Testing Concerns By Eric BelandAjax Load Testing Concerns By Eric Beland
Ajax Load Testing Concerns By Eric Beland
Testomatix
 
Crafting APIs
Crafting APIsCrafting APIs
Crafting APIs
Tatiana Al-Chueyr
 
Web api
Web apiWeb api
Web api
Sudhakar Sharma
 
Talking to Web Services
Talking to Web ServicesTalking to Web Services
Talking to Web Services
DrupalcampAtlanta2012
 
How APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile EnvironmentsHow APIs Can Be Secured in Mobile Environments
How APIs Can Be Secured in Mobile Environments
WSO2
 
Rest api standards and best practices
Rest api standards and best practicesRest api standards and best practices
Rest api standards and best practices
Ankita Mahajan
 
RESTful SOA - 中科院暑期讲座
RESTful SOA - 中科院暑期讲座RESTful SOA - 中科院暑期讲座
RESTful SOA - 中科院暑期讲座
Li Yi
 
Gohan
GohanGohan
Gohan
Nachi Ueno
 
Servlets
ServletsServlets
Servlets
Manav Prasad
 
REST-API introduction for developers
REST-API introduction for developersREST-API introduction for developers
REST-API introduction for developers
Patrick Savalle
 
Ad

More from Jonathan LeBlanc (20)

JavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the ClientJavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the Client
Jonathan LeBlanc
 
Improving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data InsightsImproving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data Insights
Jonathan LeBlanc
 
Better Data with Machine Learning and Serverless
Better Data with Machine Learning and ServerlessBetter Data with Machine Learning and Serverless
Better Data with Machine Learning and Serverless
Jonathan LeBlanc
 
Best Practices for Application Development with Box
Best Practices for Application Development with BoxBest Practices for Application Development with Box
Best Practices for Application Development with Box
Jonathan LeBlanc
 
Box Platform Overview
Box Platform OverviewBox Platform Overview
Box Platform Overview
Jonathan LeBlanc
 
Box Platform Developer Workshop
Box Platform Developer WorkshopBox Platform Developer Workshop
Box Platform Developer Workshop
Jonathan LeBlanc
 
Modern Cloud Data Security Practices
Modern Cloud Data Security PracticesModern Cloud Data Security Practices
Modern Cloud Data Security Practices
Jonathan LeBlanc
 
Box Authentication Types
Box Authentication TypesBox Authentication Types
Box Authentication Types
Jonathan LeBlanc
 
Understanding Box UI Elements
Understanding Box UI ElementsUnderstanding Box UI Elements
Understanding Box UI Elements
Jonathan LeBlanc
 
Understanding Box applications, tokens, and scoping
Understanding Box applications, tokens, and scopingUnderstanding Box applications, tokens, and scoping
Understanding Box applications, tokens, and scoping
Jonathan LeBlanc
 
The Future of Online Money: Creating Secure Payments Globally
The Future of Online Money: Creating Secure Payments GloballyThe Future of Online Money: Creating Secure Payments Globally
The Future of Online Money: Creating Secure Payments Globally
Jonathan LeBlanc
 
Modern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web Tokens
Jonathan LeBlanc
 
Creating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from ScratchCreating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from Scratch
Jonathan LeBlanc
 
Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc
 
Protecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile Payments
Jonathan LeBlanc
 
Node.js Authentication and Data Security
Node.js Authentication and Data SecurityNode.js Authentication and Data Security
Node.js Authentication and Data Security
Jonathan LeBlanc
 
PHP Identity and Data Security
PHP Identity and Data SecurityPHP Identity and Data Security
PHP Identity and Data Security
Jonathan LeBlanc
 
Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc
 
Protecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile Payments
Jonathan LeBlanc
 
Future of Identity, Data, and Wearable Security
Future of Identity, Data, and Wearable SecurityFuture of Identity, Data, and Wearable Security
Future of Identity, Data, and Wearable Security
Jonathan LeBlanc
 
JavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the ClientJavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the Client
Jonathan LeBlanc
 
Improving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data InsightsImproving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data Insights
Jonathan LeBlanc
 
Better Data with Machine Learning and Serverless
Better Data with Machine Learning and ServerlessBetter Data with Machine Learning and Serverless
Better Data with Machine Learning and Serverless
Jonathan LeBlanc
 
Best Practices for Application Development with Box
Best Practices for Application Development with BoxBest Practices for Application Development with Box
Best Practices for Application Development with Box
Jonathan LeBlanc
 
Box Platform Overview
Box Platform OverviewBox Platform Overview
Box Platform Overview
Jonathan LeBlanc
 
Box Platform Developer Workshop
Box Platform Developer WorkshopBox Platform Developer Workshop
Box Platform Developer Workshop
Jonathan LeBlanc
 
Modern Cloud Data Security Practices
Modern Cloud Data Security PracticesModern Cloud Data Security Practices
Modern Cloud Data Security Practices
Jonathan LeBlanc
 
Box Authentication Types
Box Authentication TypesBox Authentication Types
Box Authentication Types
Jonathan LeBlanc
 
Understanding Box UI Elements
Understanding Box UI ElementsUnderstanding Box UI Elements
Understanding Box UI Elements
Jonathan LeBlanc
 
Understanding Box applications, tokens, and scoping
Understanding Box applications, tokens, and scopingUnderstanding Box applications, tokens, and scoping
Understanding Box applications, tokens, and scoping
Jonathan LeBlanc
 
The Future of Online Money: Creating Secure Payments Globally
The Future of Online Money: Creating Secure Payments GloballyThe Future of Online Money: Creating Secure Payments Globally
The Future of Online Money: Creating Secure Payments Globally
Jonathan LeBlanc
 
Modern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web Tokens
Jonathan LeBlanc
 
Creating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from ScratchCreating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from Scratch
Jonathan LeBlanc
 
Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc
 
Protecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile Payments
Jonathan LeBlanc
 
Node.js Authentication and Data Security
Node.js Authentication and Data SecurityNode.js Authentication and Data Security
Node.js Authentication and Data Security
Jonathan LeBlanc
 
PHP Identity and Data Security
PHP Identity and Data SecurityPHP Identity and Data Security
PHP Identity and Data Security
Jonathan LeBlanc
 
Secure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc
 
Protecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile Payments
Jonathan LeBlanc
 
Future of Identity, Data, and Wearable Security
Future of Identity, Data, and Wearable SecurityFuture of Identity, Data, and Wearable Security
Future of Identity, Data, and Wearable Security
Jonathan LeBlanc
 

Recently uploaded (20)

HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Semantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AISemantic Cultivators : The Critical Future Role to Enable AI
Semantic Cultivators : The Critical Future Role to Enable AI
artmondano
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 

API design principles for accelerated development

Editor's Notes

  • #4: At the end of the day, we need to be designing for the developers
  • #5: API system standards vs. efficient developmentREST is all about the tradeoffs
  • #6: Lowering perceived latency for developers
  • #7: Reduction in system layeringCaching can reduce reliability (stale data)
  • #8: Protects new systems from legacy APIs
  • #9: Layering the system to separate legacy systems
  • #12: Use HTTP properly – standard request and response types
  • #16: http://stackoverflow.com/questions/16022624/examples-of-http-api-rate-limiting-http-response-headers
  • #18: curl -i -H "Accept: application/json" -H "X-HTTP-Method-Override: DELETE" -X POST http://192.168.0.3:8090/persons/person/1
  • #20: Heavier payloads being sent throughReduction in developer code size & scalable architecture
  • #22: A lot of debate on whether versioning should go in the headers or URLhttp://www.vinaysahni.com/best-practices-for-a-pragmatic-restful-api#versioninghttp://stackoverflow.com/questions/389169/best-practices-for-api-versioning
  • #28: Use HTTP properly – standard request and response types
  • #33: JSONP can cause XSS issues where the external site is compromised, CORS allows websites to manually parse responses to ensure security
  • #37: Offload complexity to the implementing provider
  • #39: Nouns are good, verbs are badhttps://blog.apigee.com/detail/restful_api_design_nouns_are_good_verbs_are_bad