1 / 14

Wed 17 Apr 2PM

How to write a great API (and why you need to have one) Presentation by: Daniel Chilcott Managing Director, Flowgear @Flowgear @ DanielChilcott www.Flowgear.net/developers www.Flowgear.net/challenge. Wed 17 Apr 2PM. Why you need an API. For your product

shiro
Télécharger la présentation

Wed 17 Apr 2PM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How to write a great API (and why you need to have one) Presentation by: Daniel Chilcott Managing Director, Flowgear @Flowgear @DanielChilcott www.Flowgear.net/developers www.Flowgear.net/challenge Wed 17 Apr 2PM

  2. Why you need an API • For your product • SaaS & Cloud adoption are forcing use of API’s • Consumers expect integration • In enterprise • Simplifies projects with customers and vendors (EDI) Introduction

  3. Benefits: API’s are Developer UI • Structured form of integration • Ensure business logic & validation applied • Compatibility & Abstraction • Stay relevant Introduction

  4. Picking a methodology Library (SDK) • Stateful • Can’t be easily called remotely • Can be faster (fewer transport layers) • Example: Pastel Evolution Web API • Stateless • Easy to call remotely • Supports wider range of use-cases • Example: Pick n Pay Which Technology?

  5. Picking a transport SOAP • Cluttered payload • Self-describing (WSDL) • XML only REST • Lean on data • No self-describing standard (can use WSDL2 or WADL) • XML & JSON • Example: Twitter Which Technology?

  6. More about REST • Uses full spectrum of HTTP codes • 200 OK • 400 Bad Request • 403 Forbidden • 404 Not Found • Common Mistake: Placing verbs in URL: • api.domain.com/getCustomer/?id=123 • GET api.domain.com/customer/?id=123 Which Technology?

  7. Serialisation Options XML • Bloated • Less readable • Supports namespaces • Support attributes JSON • Cleaner • More readable • No namespaces • No attributes Which Technology?

  8. Authentication • Authenticate as a user or require an API token • Set a session or token expiry policy • Absolute timeout • Last-touch timeout • Negotiate version • Alternative to separate methods for different versions Features OAuth • Provide delegated authority to 3rd party apps • No credential sharing • Granular permissions Protect Credentials • Use a directory service (AD) or OR • Salt, Hash, Repeat!

  9. Versioning • Negotiate version on session commencement • Parition versions https://api.twitter.com/1.1/statuses/user_timeline.json https://api.twitter.com/1/statuses/user_timeline.json • Be backward compatible • Add new methods • Add new fields • No rename/delete Features

  10. Completeness Cover all actions (CRUD) on all objects • Grow it over time • Live your own API Support Bulk Queries • Often overlooked – dev’s forced to query database • Make it efficient and fast • Support paged requests Features

  11. Supporting the Community Provide great documentation • PDF’s are good for sequential reading, not reference guides • Build a Wiki • Create more than a reference guide, create a Getting Started and topical Tutorials • Provide a test harness & SDK • Make your devprogram free Features Facebook Good Documentation DocuSign Great Test Harness Technical Competence 1 x Certified Engineer 1 x Certified Technician

  12. Handle Abuse Make sure you’ve covered all the bases • Verify new users (email, SMS, captcha) • Require authentication for all calls • Apply bandwidth limiting • Apply rate limiting • Apply concurrent request limiting • Don’t forget injection vulnerabilities Features

  13. Web API Demo Web API is a platform for building RESTful API’s in Visual Studio DEMO Getting Started

  14. Thank You ! Daniel Chilcott daniel@Flowgear.net @Flowgear @DanielChilcott Section Heading

More Related