1. « BUILD, DOCUMENT, MANAGE » CLASS
RESTful Web APIs
February 2015
@SteveSfartz
2. APIS ARE THE FUEL OF THE WEB
APIGee 2015 – Web API Strategy
3. A BIT OF THEORY
REST, web APIs, RESTful web APIs
4. THE REST STYLE
Based on the web’s architecture
Formalised by Roy T. Fielding in his PhD dissertation
The main properties of REST
- Client-server
- Stateless
- Every request contains the information
required to process it
- REST is cache-friendly
- Interoperable
- Uniform interface
- Loose coupling
Constraints of a REST interface
- identifiable resources
- resources are manipulated via
their representations
- messages are self-contained
- hypermedia as the engine of
application state (HATEOAS)
14. FIRST WEB API WITH SAILS.JS BLUEPRINT
• POSTMAN collection : http://goo.gl/2MSQZY
> sails new firstapi-withsailsjs
> sails generate api users
> sails lift
15. QUESTIONS / ANSWERS
• Terminology : /users for a collection
• Path : support both user and users/
• PUT versus POST : design option
• HTTP statuts : http://restapitutorial.com/
18. ALL-IN-ONE WEB PLATFORM
Create your Web API quickly
– 5 minutes scenario based on existing API template (e.g. blog API)
– Open source foundation (Restlet Framework) , the full code can be
exported
Integrated hosting
– Scalable and reactive backend (low latency, integrated management)
– Permanent availability 24/24 7/7 and secured (SSL confidentiality,
precise management of authorizations)
Automatic versioning
– Manage several versions of your APIs
– Free to update your APIs with no impact on current users
– Simple and clear lifecycle (draft, published, deprecated, archived,
removed)
19. Automatic documentation
– Always up-to-date
– Test your API live
– Easy export to multiple formats
Clients SDKs generation
– Ease the use of your API
– Support of most popular platforms (iPhone/iPad, Android,
Java, .NET, PHP, Python)
Community management
– Manage the users and their signins
– Private or public communities
– Send announcements
ALL-IN-ONE WEB PLATFORM
21. HOL 1
• sign in APISpark
• take the tutorial « Turn a Gsheet into a web API”
– http://restlet.com/technical-
resources/apispark/tutorials/
• gsheet sample
– list rows
– add a row
• invoke with
POSTMAN
22. HOL 2
• sign in on APISpark
• take the tutorial “Create a web API”
– http://restlet.com/technical-
resources/apispark/tutorials/
• invoke with POSTMAN
• to go further : host an angular app
– check sample :
https://github.com/guiblondeau/bookStore
24. WHY ?
• Remember: web APIs are your company key assets
• Technical monitoring
– ensure they are always up
– give visibility to your consumers
– detect issues (low perfs)
– ease maintenance (compatibility test suites)
• Business monitor
– Analytics, Analytics, Analytics !!!
25. HOL 3
• Monitoring with RunScope
– import your POSTMAN collection
• Traffic Inspector > Import Requests
– create test
– run
– add assertions
– schedule
27. HOW ?
• Top down : create manually or via an editor
• Bottom up : code annotations, introspection
• No standardization
– Swagger
– RAML
– API-blueprint
– …
28. HOL 4
• Document via the Swagger Editor
– turn public your APISpark documentation
• Web API > General Information > Public access (true)
– load your swagger2 endpoint in editor.swagger.io/
– adapt definition
– invoke
30. SYNTHESIS
• No clear winner at this stage
– don’t get locked-in
– translate your API definition between various languages
– use the best of each language ecosystem (tooling,
directory)
• Take API copyright seriously (now)
– play nice in the API economy
– choose a license for your Web API
– publish it to the « API Commons »
– verify the legal terms of the APIs you depend on
32. BOTTOM UP WITH RESTLET INTROSPECTOR
JAX-RS API
Restlet API
Spring REST
Swagger
annotations
Bean Validation
annotations
Google Cloud
Endpoints API
1. Select
a main
Java API
Java
source
code
3. Write your
Java code
JAXB
annotations
2. Add extra
annotation
APIs
Jackson
annotations
RESTful
Web API
4. Get your
web API
33. DOCUMENT YOUR WEB API
IN JAVA LANGUAGE
RESTful
Web API
Web API
definition
1. Code your
web API
(iterate)
2. Introspect
source code
3. Complete
API definition
manually
Intro-
spector
4. Select
target API
specs
RAML
API
Blueprint
Swagger
Google API
Discovery
WADL
34. HOL 5
• clone https://github.com/restlet/restlet-sample-
descriptor.git
• introspect
• open Descriptor
on APISpark
• play with
annotations
• introspect again
• turn access to public
• open Swagger2
endpoint in Studio
35. HOL 6
• Generate source code from an existing APISpark API
– API > generate downloads
– download tab > get source code
• Unzip, maven build
• Add Swagger support
37. HOW IT WORKS
• Reverse proxy in front of your API
– Filter incoming calls
– Authentication, Authorizations
– Firewall
– Analytics
– …
38. HOL 7
• Leverage the APISpark firewall
– add a RateLimiter to an APISpark Full Stack API
• Settings > Rate Limits (3 calls / minute / user)
– Redeploy your Web API
– Invoke >3 times and check for HTTP status 429
39. APISPARK CONNECTOR
• APISpark Connector
– User friendly interface to configure your proxy
• Open-source proxy
– Part of the Restlet Framework APISpark extension
• Deployment
– as a standalone agent
– or embedded in a Restlet application
40. HOL 8
• Add a RateLimiter to a local Web API
– see http://restlet.com/technical-
resources/apispark/guide/manage/connectors
– create a Connector on APISpark
– configure (add a Rate limiter)
– deploy the connector
– install the agent on your local devenv
42. WEB API FRAMEWORK FOR JAVA
OPEN SOURCE SINCE 2005
6 editions
44 extensions
1,5 M downloads
100 000 developers
Version 2.3.0 launched
in November 2014
Covers our ROA/D
API guidelines
Consistent client & server API
Powerful routing & filtering
Comprehensive web security
Aligned with REST & HTTP
Fast & scalable
43. HOL 9
• load the web API reference implementation
– https://github.com/restlet/restlet-tutorial
• run org.restlet.tutorial.WebApiTutorial
• invoke via POSTMAN
45. WEB API ARCHITECTURE
• basic design
– no distinction between app and backend
– the app is the sum of data and UX
app data
46. WEB API ARCHITECTURE
• « api-aware » design
– multiple apps, multiple devices, need to evolve
independently
app dataapiapp
47. WEB API ARCHITECTURE
• « api-centric » design
– your API gets richer to simplify app code
– business logic moves to the API, as well as security, and
versioning stakes
app dataapiapp
48. WEB API ARCHITECTURE
• « channel oriented » design
– taking into accounts specifis (sync/async, bandwith,
streaming, callbacks, IoT)
– automated generation of client SDKs adapted to
consumption scenarios
app dataapichannelapp channel
49. RESTFULL WEB APIS RESSOURCES
• ongoing debate regarding the proper way to design
– Hypermedia APIs (see this O’Reilly book)
– REST endpoints (see Roy T. Fielding’s tweet)
– REST APIs (see this O’Reilly book and Roy T. Fielding’s
blog post)
– RESTful Web Services (see this O’Reilly book)
– RESTful Web APIs (see Restlet in Action’ book)
– Pragmatic REST (see Kin Lane /API Evangelist web page)
50. SEE YOU IN THE WEB API GALAXY
mailto : steve@sfartz.com
twitter : @SteveSfartz
blog : Think big … mais pas trop !
« Vision without execution is
hallucination ». Thomas Edison
« Tout objectif flou se traduit par des
conneries précises » Frédéric Dard