RSS

Web API Design Part Eight: HATEOAS

Episode 93

Temperatures around are deeply disturbing when I’m writing this post, so I decided to banish myself to a place with air conditioning and cold brew coffee. Time from the last post is a bit longer than expected, but as an excuse, I wrote (almost) two different articles meanwhile on the subject of microservices, that will be hosted on other blogs. I will link them here later. Digression aside, today we are going to talk about Hypermedia as the Engine of Application State, also known under a lovely acronym HATEOAS.

diablo_ii_fanart_by_alswns3421-d99299k.jpg

The previous article, about security, has a brief reference to a soundtrack of a classic game Diablo II, and so has the art I used on the slide about HATEOAS on my API design presentation. Remember the boss of act III, Mephisto? Apparently, any serious demon needs an appropriate title, in that case, it was: Lord of Hate. Hate, HATEOAS, you know, it worked well together. Okay, I’m over with digressions, I promise. Let’s get down to Dungeons of Hate… I meant, let’s get down to business.

The Overlord

I meant: The overview… HATEOAS is a part of REST architectural style. It might be considered a high-level part according to Richardson maturity model, as Read the rest of this entry »

 
Leave a comment

Posted by on August 8, 2018 in API, Technology

 

Tags: , , ,

Web API Design Part Seven: Security

Episode 92

Short digression first. I’m currently sitting in a lovely and almost on-time train from Wrocław to Kraków in order to get to Devoxx PL conference and rant again about, guess what, web API. I was assessing which part of the design should I write about today, put on the headphones and kicked my usual collection of writing music mainly composed of video games soundtracks. The first track that pops up randomly is “Diablo II – The Wilderness”. It’s dangerous out there, I thought, API security it is then.

Welcome to the next chapter of our journey through the vast realms of web API. We have wandered far away from home now, and the wilderness is getting scary and dangerous. Let’s see what we can do to stay safe here.

ee5972e76e3e7b0be1925b6a334dc58a-d5hzy0x

It’s not the first security focused article here, but probably the most technology agnostic. In episode 63 we tackled some hands-on examples of security aspects in Spring framework. In episode 77 we looked at details of AWS IAM – Identity and Access Management while following in episode 78 with other AWS services related to security.

Today we will talk about authentication and authorization ways in web APIs, keys, JWT, OAuth, TSL, throttling, threats and attacks and explore some general tips on Read the rest of this entry »

 
Leave a comment

Posted by on June 27, 2018 in API, Technology

 

Tags: , , , , ,

Web API Design Part Six: Cache

Episode 91

In the previous episode of this series, we talked about communicating response status through HTTP codes and error objects with several fields describing what the hell happened and how to deal with it. It was the last part of the core business aspects of web APIs, those that are the most visible to our clients and connected with a product domain. Today we will start a second big part of our journey, supporting aspects – things that are more generic, technical, a bit in the background and not always noticeable from a business perspective, but nonetheless important. First topic here will be cache.

hostile_hideout_by_nele_diel-d5znf4m

As we might remember from an episode about the origins of REST, cacheability is one of six fundamentals of REST. The idea is that every response from the server must contain Read the rest of this entry »

 
Leave a comment

Posted by on May 20, 2018 in API, Technology

 

Tags: , , , ,

Web API Design Part Five: Status and Error Handling

Episode 90

In the previous installment of the web API design series we looked into ways of implementing various operations on object collections: filtering, searching, sorting and pagination. We also tackled ways to parametrize HTTP requests in order to employ mentioned operations.

e0yFDA1.jpg

After an article focused on requests, let’s work on our responses. We will talk about HTTP codes, which of them are actually worth using and how to use them. Before delving into specific codes, let’s talk about how we should inform our API consumer about problems.

There is a dragon in the server room

The dragon set the server on fire and we have troubles with processing your request, please try again late. Sometimes bad things happen. Read the rest of this entry »

 
1 Comment

Posted by on April 22, 2018 in API, Technology

 

Tags: , ,

Web API Design Part Four: Collections

Episode 89

In the previous episode we talked about core concepts of web API designs, including resources and representations, naming, relations, functions and sanity checks. We looked at what should be the expected behavior of HTTP methods regarding operations on single objects and collections.

f59368ef274b9329435f2f11683bd4f4--fantasy-art-landscapes-concept-art.jpg

Today we will focus expand on the topic of collections, namely: filtering, sorting and pagination. While talking about filtering collections, we will look at filtering fields in particular single objects. In order to do that Read the rest of this entry »

 
Leave a comment

Posted by on March 28, 2018 in API, Technology

 

Tags: , , ,

Web API Design Part Three: Core Concepts

Episode 88

Two months ago, we started with motivations behind web APIs and looked at their design from UX point of view. The important conclusion was, that API and its ecosystem is to developers what GUI is to regular web applications users. A month ago, we looked from the scientific point of view at the properties of a modern web systems architectural style, REST, through the lenses of Roy Fielding’s famous Ph.D. dissertation.

adam-kuczek-simra-web.jpg

Having those foundations, today we are going to get our hands dirty and talk about how to actually get the work done. Today we will talk about resources and representations, naming, relations, HTTP methods, collections, functions and sanity checks.

Resources

REST web API is built around exposing representations of resources being part of our system. The distinction is important: resource is some piece of data stored on our system or accessed ad hoc from somewhere else. It might be a record in a relational database, a document in NoSQL, a file on disk, or a stone tablet with hieroglyphs stored in an ancient tomb. Read the rest of this entry »

 
2 Comments

Posted by on February 8, 2018 in API, Technology

 

Tags: , , , ,

Web API Design Part Two: The Origins of REST

Episode 87

What is REST, or what does it mean to be RESTful? It seems to mean something a bit different for everyone, when looking at various API implementations and their documentation. When examining different materials on the art of web API design, one eventually stumbles upon one particular name. Roy Fielding, a computer scientist who was member of the team behind HTTP 1.1 and URI specifications. During this undertaking he created a set of principles around HTTP object model that culminated in his PhD dissertation “Architectural Styles and the Design of Network-based Software Architectures” published in 2000. Probably not too many people in software development industry read PhD dissertations, but I’ve decided to do that, and extract the essence in this article.

old-sage.jpg

First part of the thesis introduces various preliminary notions relevant in consequent parts. We learn the definition of Software Architecture and its elements including components, connectors and data. Then we proceed to Read the rest of this entry »

 
1 Comment

Posted by on January 14, 2018 in API, Books, Technology

 

Tags: , , , ,

Web API Design Part One: Tech and UX

Episode 86

When it comes to creating a piece of software, we need to ask ourselves three important questions. Why are we doing this? What are we doing? How are we going to do that? Software developers tend to focus on the last one, since technology seems to be their domain. However, the question that should be considered first is why, as Simon Senek pointed out in his book. Let’s explore those three question in the context of designing web APIs.

Great_Mine.jpg

In the second part of the article, we will take closer look at the “how” part from the user experience design point of view. The user will be a software developer consuming our API in this case.

Why?

For money, of course. Traditionally web applications earned money by serving their users data and functionality via some kind of front-end. The front-end was talking to the back-end and back-end was talking to the database. In order to satisfy growing needs, enrich user experience, and avoid reinventing the wheel, applications started to Read the rest of this entry »

 
3 Comments

Posted by on December 12, 2017 in API, Technology

 

Tags: ,

JDD Kraków 2017: Day Two

Episode 85

After summarizing the first day of the JDD conference in the last episode, let’s traditionally move on to day two. I was able to attend almost seven talks, most of them very interesting (technically after-party ended after midnight, so it count as part of both days…)

22181204_1852842091410984_6735170671209501327_o.jpg

Neil C. Smith: Write NOW, run anywhere

Since it was the only talk on that hour, I’m assuming it was a keynote. More of a show than the talk actually. Neil, an artist coder, introduced a new definition of Live-coding, where various forms of audiovisual performance are created on the fly through writing code. Each line of code might Read the rest of this entry »

 
Leave a comment

Posted by on November 12, 2017 in Events, News, Technology

 

Tags: , ,

JDD Kraków 2017: Day One

Episode 84

As mentioned in episode 82, I was recently invited to attend JDD conference in Kraków, and make a little bit of noise on social media and my blog alongside. We had pre-noise, it’s time to transition to post-noise otherwise known as the conference report.

22050329_1851156831579510_8387272374792407212_n

Quick facts: Kraków Expo building, two days, four concurrent tracks, around a thousand people from Java world, marvelous after-party and overall lots of fun. The weather kinda sucked, but what can you do. Upon arriving, the girl at the reception ringed me with a black bracelet and gave me a quick briefing for speakers. Actually, I was there to write, not to speak, so let’s get to the first important part: the talks.

Tomasz Kleszczyński: Kotlin for Java developers

I haven’t seen Kotlin before, so I’ve decided it’s time to take a look at the offspring of IntelliJ IDEA’s creators. Especially, since it’s now one of official languages for Android, as well as one of languages supported by Spring 5. Tomek went through Read the rest of this entry »

 
3 Comments

Posted by on October 30, 2017 in Events, News, Technology

 

Tags: , ,