Download
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Wed 17 Apr 2PM PowerPoint Presentation
Download Presentation
Wed 17 Apr 2PM

Wed 17 Apr 2PM

58 Vues Download Presentation
Télécharger la présentation

Wed 17 Apr 2PM

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. How to write a great API (and why you need to have one) Presentation by: Daniel Chilcott Managing Director, Flowgear @Flowgear @DanielChilcott www.Flowgear.net/developers www.Flowgear.net/challenge Wed 17 Apr 2PM

  2. Why you need an API • For your product • SaaS & Cloud adoption are forcing use of API’s • Consumers expect integration • In enterprise • Simplifies projects with customers and vendors (EDI) Introduction

  3. Benefits: API’s are Developer UI • Structured form of integration • Ensure business logic & validation applied • Compatibility & Abstraction • Stay relevant Introduction

  4. Picking a methodology Library (SDK) • Stateful • Can’t be easily called remotely • Can be faster (fewer transport layers) • Example: Pastel Evolution Web API • Stateless • Easy to call remotely • Supports wider range of use-cases • Example: Pick n Pay Which Technology?

  5. Picking a transport SOAP • Cluttered payload • Self-describing (WSDL) • XML only REST • Lean on data • No self-describing standard (can use WSDL2 or WADL) • XML & JSON • Example: Twitter Which Technology?

  6. More about REST • Uses full spectrum of HTTP codes • 200 OK • 400 Bad Request • 403 Forbidden • 404 Not Found • Common Mistake: Placing verbs in URL: • api.domain.com/getCustomer/?id=123 • GET api.domain.com/customer/?id=123 Which Technology?

  7. Serialisation Options XML • Bloated • Less readable • Supports namespaces • Support attributes JSON • Cleaner • More readable • No namespaces • No attributes Which Technology?

  8. Authentication • Authenticate as a user or require an API token • Set a session or token expiry policy • Absolute timeout • Last-touch timeout • Negotiate version • Alternative to separate methods for different versions Features OAuth • Provide delegated authority to 3rd party apps • No credential sharing • Granular permissions Protect Credentials • Use a directory service (AD) or OR • Salt, Hash, Repeat!

  9. Versioning • Negotiate version on session commencement • Parition versions https://api.twitter.com/1.1/statuses/user_timeline.json https://api.twitter.com/1/statuses/user_timeline.json • Be backward compatible • Add new methods • Add new fields • No rename/delete Features

  10. Completeness Cover all actions (CRUD) on all objects • Grow it over time • Live your own API Support Bulk Queries • Often overlooked – dev’s forced to query database • Make it efficient and fast • Support paged requests Features

  11. Supporting the Community Provide great documentation • PDF’s are good for sequential reading, not reference guides • Build a Wiki • Create more than a reference guide, create a Getting Started and topical Tutorials • Provide a test harness & SDK • Make your devprogram free Features Facebook Good Documentation DocuSign Great Test Harness Technical Competence 1 x Certified Engineer 1 x Certified Technician

  12. Handle Abuse Make sure you’ve covered all the bases • Verify new users (email, SMS, captcha) • Require authentication for all calls • Apply bandwidth limiting • Apply rate limiting • Apply concurrent request limiting • Don’t forget injection vulnerabilities Features

  13. Web API Demo Web API is a platform for building RESTful API’s in Visual Studio DEMO Getting Started

  14. Thank You ! Daniel Chilcott daniel@Flowgear.net @Flowgear @DanielChilcott Section Heading