Hands-On RESTful API Design Patterns and Best Practices电子书

Title Page

Copyright and Credits

Hands-On RESTful API Design Patterns and Best Practices

About Packt

Why subscribe?

PacktPub.com

Contributors

About the authors

About the reviewers

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Conventions used

Get in touch

Reviews

Introduction to the Basics of RESTful Architecture

Technical requirements

Evolution of web technologies

Learning about Web 3.0

Learning about web service architecture

Discussing the web API

Learning about service-oriented architecture

Learning about resource-oriented architecture

Resource-oriented design

The benefits of ROA

Beginning with REST

REST architecture style constraints

Beginning with client-server

The client in client-server architecture

The service in client-server architecture

Understanding statelessness

Advantages and disadvantages of statelessness

Caching constraint in REST

Benefits of caching

Understanding the uniform interface

Identification of resources

Manipulation of resources

Self-descriptive messages

Hypermedia as the Engine of Application State

Layered systems

Code on demand

RESTful service mandates

Architectural goals of REST

Summary

Design Strategy, Guidelines, and Best Practices

Technical requirements

Learning about REST API and its importance

Goals of RESTful API design

Affordance

Loosely coupled

Leverage web architecture

API designer roles and responsibilities

API design best practices

API design principles

Ubiquitous web standards

Flexibility

Granularity

Optimized APIs

Functionality

Learning about unusual circumstances

Community standardization

API playgrounds

RESTful API design rules

Learning about Uniform Resource Identifiers

URI formats

REST API URI authority

Resource modelling

Resource archetypes

URI path

URI query

HTTP interactions

Request methods

Response status codes

Metadata design

HTTP headers

Media types and media type design rules

Representations

Message body format

Hypermedia representation

Media type representation

Errors representation

Client concerns

Versioning

Security

Response representation composition

Processing hypermedia

JavaScript clients

Summary

Further reading

Essential RESTful API Patterns

Technical requirements

Beginning with the installations

Beginning with RESTful API patterns – part I

Statelessness

Content negotiation

Content negotiation with HTTP headers

URI templates

Design for intent

Pagination

Discoverability

Error and exception logging

Unicode

Summary

Advanced RESTful API Patterns

Technical requirements

RESTful API advanced patterns

Versioning

Versioning through the URI path

Versioning through query parameters

Versioning through custom headers

Versioning through content-negotiation

Authorization

Authorization with the default key

Authorization with credentials

Uniform contract

Entity endpoints

Endpoint redirection

Idempotent

Bulk operation

Circuit breaker

Combining the circuit pattern and the retry pattern

API facade

Backend for frontend

Summary

Further reading

Microservice API Gateways

Technical requirements

About microservice architecture

The prominent infrastructure modules in microservice-centric applications

Service registry

Service discovery

Composition/orchestration

Transformation

Monitoring

Load balancing and scaling

High availability and failover

HA and failover guidelines

Governance

About API gateway solutions

API gateways for microservice-centric applications

The issues with microservice API gateways

Security features of API gateways

Prominent API gateway solutions

Service mesh versus API gateway

Summary

RESTful Services API Testing and Security

An overview of software testing

RESTful APIs and testing

Basics of API testing

Understanding API testing approaches

API testing types

Unit tests

API validation tests

Functional tests

UI or end-to-end tests

Load testing

Runtime error detection tests

Monitoring APIs

Execution errors

Resource leaks

Error detection

REST API security vulnerabilities

Exposing sensitive data

Understanding authentication and authentication attacks

Understanding authorization and OAuth2 schemes

Cross-site scripting

Reflected XSS

Stored XSS

DOM XSS

Cross-site request forgery

Denial-of-service attack

Distributed denial of service

Injection attacks

Insecure direct object references

Missing function-level access control

Man-in-the-middle attacks

Common types of MITM attacks and protection measures

Replay attacks and spoofing

Causes of vulnerabilities

API design and development flaws

Poor system configuration

Human error

Internal and external connectivity

Security tests

Penetration tests or pen tests

Importance of penetration tests

Pen testing lifecycle

Preparation, planning, and reconnaissance

Scanning

Gaining access

Maintaining access

Analysis

Pen testing types for API testing

White-box penetration testing

Fuzz tests

The life cycle of fuzz tests

Fuzz testing strategy

Mutation-based fuzz tests

Generation-based fuzz tests

Advantages and disadvantages of fuzz tests

Back to API testing

API test cases

Essential aspects of API test cases and test case preparation

API testing challenges

Initial setup

API schema updates for testing

Testing parameter combinations

API call sequence

Validating parameters

Tracking system integration

API testing best practices

API testing tools

CQRS

Summary

Further reading

RESTful Service Composition for Smart Applications

Technical requirements

Briefing RESTful microservices

Demystifying the MSA style

The advantages of microservices

The emergence of cloud-native applications

The growing ecosystem of IoT device services

The changing application ecosystem

Tending toward the API-driven world

The Representational State Transfer service paradigm

API design best practices

Learning about service-composition methods

Service orchestration and choreography

Beginning with service orchestration

The shortcomings of service orchestration

Applying orchestration-based composition

Beginning with service choreography

The shortcomings of service choreography

Applying choreography-based composition

The hybridization of orchestration and choreography

Another example of the hybridization of orchestration and choreography

Choreography

Service choreography using the message broker

Service orchestration

Service orchestration using BPMN and REST

The hybridization – event-driven service orchestration

Data management

Thinking in REST

Discarding SQL join

Eventual consistency

Polyglot persistence

Summary

RESTful API Design Tips

Technical requirements

Beginning with APIs

Learning about application programming interfaces

APIs have become indispensable

Learning about the major types of APIs

Describing API platforms

Creating API development platforms

API-integration platforms

Legacy integration

API management platforms

Demystifying the RESTful services paradigm

Characterizing the REST architecture style

REST Resource Representation Compression

Idempotent REST APIs

REST API design considerations

Enumerating RESTful API design patterns

Media types

API security design patterns

Whitelist allowable methods

Summary

Further reading

A More In-depth View of the RESTful Services Paradigm

Technical requirements

Tending toward the software-defined and software-driven world

Software-enabled clouds for the digital intelligence era

The IoT applications and services

Cloud-enabled applications

Cloud-native applications

Mobile, handheld, and wearable applications

Transactional, operational, and analytical applications

Knowledge visualization applications

Social applications

Scientific and technical applications

Centralized and distributed applications

Decentralized and intelligent applications with blockchain technology

Composite and multi-container applications

Event-driven applications

High-quality applications

Resilient applications

The REST paradigm for application modernization and integration

Application programming interfaces

Public APIs for external integration and innovation

Private APIs for internal purposes

APIs for IoT devices

APIs for application integration

Describing the RESTful services paradigm

REST architectural constraints

The advantages of REST

Self-descriptive messages

SOAP versus REST

When to use REST versus SOAP

Best practices for REST-based microservices

The API-first approach

Developing API-first

Building services API-first

Summary

Further reading

Frameworks, Standard Languages, and Toolkits

Technical requirements

Core features of a framework

Spring Boot

Core features of Spring

Database integration with Spring data

Messaging integration

Extending Spring with auto-configuration

Writing unit tests and integration test cases

Benefits of Spring Boot

Drawbacks of Spring Boot

Beginning about Light 4j

Core features of Light 4j

Learning about Light Rest 4j

Light-code-gen

Choosing Light 4j over the rest

Spark Framework

Core features of Spark Framework

Creating an API with fewer lines

Benefits of Spark

Drawbacks of Spark

Dropwizard

Overview

Core features of Dropwizard

Jetty for HTTP

Jersey for REST

Jackson

Metrics

Liquibase

Other noteworthy features

Benefits of Dropwizard

Drawbacks of Dropwizard

Understanding Go framework for the RESTful API

An overview

Gin-gonic

Core features

HttpRouter

Http2 server push

Multi-template

Upload files

Other noteworthy features

Benefits of Gin-Gonic

Drawbacks of Gin-Gonic

Revel

Core features

Router

Server engine

Controllers

Handlers

Interceptors

Filters

Cache

Other noteworthy features

Benefits of Revel

Drawbacks of Revel

Python RESTful API frameworks

Overview of Python

Django

Django Rest Framework

Core features

Web-browsable API

Authentication

Serialization and deserialization

Other noteworthy features

Benefits of the DRF

Drawbacks of the DRF

Flask

Flask-RESTful

Core features of Flask-RESTful

Resourceful routing

Restful request parsing

Output fields

Other noteworthy features

Benefits of the Flask framework

Drawbacks of Flask

Frameworks – a table of reference

Summary

Further reading

Legacy Modernization to Microservices-Centric Apps

Technical requirements

A preview of containers and microservices

Introducing the microservices architecture

Why legacy modernization?

Legacy-to-digital application modernization

Accomplishing modernization

Approaching legacy application modernization

Microservices-centric legacy application modernization

Service extraction

Service composition

Service migration

Container-centric legacy application modernization

Refactoring and rewriting

Modernization technique terms

Legacy modernization through microservices

The distinctions of microservices

The code samples

The major hurdles to overcome

Modernizing and migrating legacy applications – the role of cloud environments

The need for cloud environments

A case study for legacy modernization and migration

The combination of microservices and serverless computing speeds up legacy modernization

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think