Downloaded 86 times
Uploaded byAshok Pundit
REST API Design & Development
The document discusses demystifying APIs. It begins with an introduction to APIs, including their evolution and benefits. It then discusses RESTful APIs and their key aspects like uniform interface and use of HTTP methods. The document outlines best practices for API design, development, and challenges. It provides examples of designing APIs using Node.js and Hapi.js and discusses challenges like security, authentication, rate limiting, and scalability. Tools mentioned include Express, Swagger, Postman, and Kong.
More Related Content
Similar to REST API Design & Development
![UiPath Automation Suite Installation (Hands-On) [2/3]](https://cdn.slidesharecdn.com/ss_thumbnails/automationsuitecommunitysession2-251015095633-a6d862f1-thumbnail.jpg?width=600ounds&width=560&fit=bounds)
REST API Design & Development
- 1.
- 2.
- 3. Agenda API Introduction RESTFul paradigm Design,Development & Challenges Best practices Tools Resources Q&A
- 4.
- 5. Introduction API stands forApplication Programming Interface. API is a set of functions and procedures allowing the creation of applications that access the features or data of an operating system, application, or other service. API is a software intermediary that allows two applications to talk to each other.
- 6. APIs have existedfor a long time. Since the first computer programs were written, APIs have been providing “contracts” for information exchange between programs. XML-RPC SOAP RESTful GraphQL OS APIs Platform APIs Application APIs Web APIs Evolution
- 9. Why should youhave API Efficiency Flexibility Integrations Security Metered Usages
- 10. RESTful A RESTful APIis an application program interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data.
- 11.
- 12. Design, Development &Challenges
- 13. Design Use nouns andNOT the verbs Use of right HTTP methods Use Plurals Use parameters Use proper HTTP codes Versioning Use Pagination Supported Formats Use Proper Error Messages https://hackernoon.com/restful-api-design-step-by-step-guide-2f2c9f9fcdbf OAS https://swagger.io/resources/open-api/
- 14.
- 15. Hello World https://medium.com/@purposenigeria/build-a-restful-api-with-node-js-and-express-js-d7e59c7a3dfb import expressfrom 'express';import db from './db/db'; // Set up the express app const app = express(); // get all todos app.get('/api/v1/hello', (req, res) => { res.status(200).send({ success: 'true', message: 'Hello World', todos: db })}); const PORT = 5000; app.listen(PORT, () => { console.log(`server running on port ${PORT}`) });
- 16. 'use strict'; const Hapi=require('hapi'); //Create a server with a host and port const server=Hapi.server({ host:'localhost', port:8000 }); // Add the route server.route({ method:'GET', path:'/hello', handler:function(request,h) { return'hello world'; }}); // Start the server const start = async function() { try { await server.start(); } catch (err) { console.log(err); process.exit(1); } console.log('Server running at:', server.info.uri); }; start();
- 17. Kong ● Cloud-Native ● DynamicLoad Balancing ● Hash-based Load Balancing ● Circuit-Breaker ● Health Checks ● Service Discovery ● Serverless ● WebSockets ● OAuth2.0 ● Logging ● Security ● Syslog ● SSL ● Monitoring ● Forward Proxy ● Authentications ● Rate-limiting. ● Transformations ● Caching ● CLI ● REST API ● Geo-Replicated ● Failure Detection & Recovery ● Clustering ● Scalability ● Performance ● Plugins
- 18. Challenges Security Authentication & Authorization RateLimit Scalability
- 19. Security HTTPS Access Control Restrict HTTPmethods Input validation Validate content types Management endpoints Error handling Audit logs Security headers CORS Sensitive information in HTTP requests ● Parameters Exploitation ● Identity Theft ● Abusing authorization system ● Man-In-The-Middle ● DOS & DDOS
- 20.
- 21. Authentication & Authorization APIkeys OAuth access tokens JSON Web Tokens https://zapier.com/engineering/apikey -oauth-jwt/ ● Use API keys if you expect developers to build internal applications that don’t need to access more than a single user’s data. ● Use OAuth access tokens if you want users to easily provide authorization to applications without needing to share private data or dig through developer documentation. ● Use JWT in concert with OAuth if you want to limit database lookups and you don’t require the ability to immediately revoke access.https://blog.restcase.com/restful- api-authentication-basics/
- 22.
- 23. Rate Limit User ratelimits IP/Network rate limits Server rate limits Regional data limits Resource specific rate limits Dynamic rate limits Leaky Bucket Fixed Window Sliding Log Sliding Window express-rate-limit hapi-ratelimiter flask-limiter
- 24. Rate Limit const rateLimit= require("express-rate-limit"); app.enable("trust proxy"); // only if you're behind a reverse proxy (Heroku, Bluemix, AWS ELB, Nginx, etc) const apiLimiter = rateLimit({ windowMs: 15 * 60 * 1000, // 15 minutes max: 100 }); app.use("/api/", apiLimiter);
- 25. Scaling CDN Application level caching DatabaseCaching Cloudflare/ Cloudfront/Akamai Varnish/NGINX Redis/Memcache
- 26.