Hands-On RESTful API Design Patterns and Best Practices

Book description

Build effective RESTful APIs for enterprise with design patterns and REST framework's out-of-the-box capabilities

Key Features

  • Understand advanced topics such as API gateways, API securities, and cloud
  • Implement patterns programmatically with easy-to-follow examples
  • Modernize legacy codebase using API connectors, layers, and microservices

Book Description

This book deals with the Representational State Transfer (REST) paradigm, which is an architectural style that allows networked devices to communicate with each other over the internet. With the help of this book, you'll explore the concepts of service-oriented architecture (SOA), event-driven architecture (EDA), and resource-oriented architecture (ROA). This book covers why there is an insistence for high-quality APIs toward enterprise integration.

It also covers how to optimize and explore endpoints for microservices with API gateways and touches upon integrated platforms and Hubs for RESTful APIs. You'll also understand how application delivery and deployments can be simplified and streamlined in the REST world. The book will help you dig deeper into the distinct contributions of RESTful services for IoT analytics and applications.

Besides detailing the API design and development aspects, this book will assist you in designing and developing production-ready, testable, sustainable, and enterprise-grade APIs. By the end of the book, you'll be empowered with all that you need to create highly flexible APIs for next-generation RESTful services and applications.

What you will learn

  • Explore RESTful concepts, including URI, HATEOAS, and Code on Demand
  • Study core patterns like Statelessness, Pagination, and Discoverability
  • Optimize endpoints for linked microservices with API gateways
  • Delve into API authentication, authorization, and API security implementations
  • Work with Service Orchestration to craft composite and process-aware services
  • Expose RESTful protocol-based APIs for cloud computing

Who this book is for

This book is primarily for web, mobile, and cloud services developers, architects, and consultants who want to build well-designed APIs for creating and sustaining enterprise-class applications. You'll also benefit from this book if you want to understand the finer details of RESTful APIs and their design techniques along with some tricks and tips.

Table of contents

  1. Title Page
  2. Copyright and Credits
    1. Hands-On RESTful API Design Patterns and Best Practices
  3. About Packt
    1. Why subscribe?
    2. PacktPub.com
  4. Contributors
    1. About the authors
    2. About the reviewers
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the example code files
      2. Conventions used
    4. Get in touch
      1. Reviews
  6. Introduction to the Basics of RESTful Architecture
    1. Technical requirements
    2. Evolution of web technologies
    3. Learning about Web 3.0
      1. Learning about web service architecture
      2. Discussing the web API
      3. Learning about service-oriented architecture
      4. Learning about resource-oriented architecture
        1. Resource-oriented design
        2. The benefits of ROA
      5. Beginning with REST
      6. REST architecture style constraints
        1. Beginning with client-server
          1. The client in client-server architecture
          2. The service in client-server architecture
        2. Understanding statelessness
          1. Advantages and disadvantages of statelessness
        3. Caching constraint in REST
          1. Benefits of caching
        4. Understanding the uniform interface
          1. Identification of resources
          2. Manipulation of resources
          3. Self-descriptive messages
          4. Hypermedia as the Engine of Application State
      7. Layered systems
        1. Code on demand
      8. RESTful service mandates
      9. Architectural goals of REST
    4. Summary
  7. Design Strategy, Guidelines, and Best Practices
    1. Technical requirements
    2. Learning about REST API and its importance
    3. Goals of RESTful API design
      1. Affordance
      2. Loosely coupled
      3. Leverage web architecture
    4. API designer roles and responsibilities
    5. API design best practices
    6. API design principles
      1. Ubiquitous web standards
      2. Flexibility
      3. Granularity
      4. Optimized APIs
      5. Functionality
      6. Learning about unusual circumstances
      7. Community standardization
      8. API playgrounds
    7. RESTful API design rules
      1. Learning about Uniform Resource Identifiers
        1. URI formats
      2. REST API URI authority
      3. Resource modelling
      4. Resource archetypes
      5. URI path
      6. URI query
      7. HTTP interactions
        1. Request methods
        2. Response status codes
      8. Metadata design
        1. HTTP headers
      9. Media types and media type design rules
      10. Representations
        1. Message body format
        2. Hypermedia representation
        3. Media type representation
        4. Errors representation
      11. Client concerns
        1. Versioning
        2. Security
        3. Response representation composition
        4. Processing hypermedia
        5. JavaScript clients
    8. Summary
    9. Further reading
  8. Essential RESTful API Patterns
    1. Technical requirements
    2. Beginning with the installations
    3. Beginning with RESTful API patterns – part I
      1. Statelessness
      2. Content negotiation
        1. Content negotiation with HTTP headers
      3. URI templates
      4. Design for intent
      5. Pagination
      6. Discoverability
      7. Error and exception logging
      8. Unicode
    4. Summary
  9. Advanced RESTful API Patterns
    1. Technical requirements
    2. RESTful API advanced patterns
      1. Versioning
        1. Versioning through the URI path
        2. Versioning through query parameters
        3. Versioning through custom headers
        4. Versioning through content-negotiation
      2. Authorization
        1. Authorization with the default key
        2. Authorization with credentials
      3. Uniform contract
      4. Entity endpoints
      5. Endpoint redirection
      6. Idempotent
      7. Bulk operation
      8. Circuit breaker
        1. Combining the circuit pattern and the retry pattern
      9. API facade
      10. Backend for frontend
    3. Summary
    4. Further reading
  10. Microservice API Gateways
    1. Technical requirements
    2. About microservice architecture
    3. The prominent infrastructure modules in microservice-centric applications
      1. Service registry
      2. Service discovery
      3. Composition/orchestration
      4. Transformation
      5. Monitoring
      6. Load balancing and scaling
      7. High availability and failover
      8. HA and failover guidelines
      9. Governance
    4. About API gateway solutions
    5. API gateways for microservice-centric applications
    6. The issues with microservice API gateways
    7. Security features of API gateways
    8. Prominent API gateway solutions
    9. Service mesh versus API gateway
    10. Summary
  11. RESTful Services API Testing and Security
    1. An overview of software testing
    2. RESTful APIs and testing
      1. Basics of API testing
      2. Understanding API testing approaches
      3. API testing types
        1. Unit tests
        2. API validation tests
        3. Functional tests
        4. UI or end-to-end tests
        5. Load testing
        6. Runtime error detection tests
          1. Monitoring APIs
          2. Execution errors
          3. Resource leaks
          4. Error detection
      4. REST API security vulnerabilities
        1. Exposing sensitive data
        2. Understanding authentication and authentication attacks
        3. Understanding authorization and OAuth2 schemes
        4. Cross-site scripting
          1. Reflected XSS
          2. Stored XSS
          3. DOM XSS
        5. Cross-site request forgery
        6. Denial-of-service attack
          1. Distributed denial of service
        7. Injection attacks
          1. Insecure direct object references
          2. Missing function-level access control
          3. Man-in-the-middle attacks
          4. Common types of MITM attacks and protection measures
          5. Replay attacks and spoofing
      5. Causes of vulnerabilities
        1. API design and development flaws
        2. Poor system configuration
        3. Human error
        4. Internal and external connectivity
      6. Security tests
        1. Penetration tests or pen tests
          1. Importance of penetration tests
          2. Pen testing lifecycle
          3. Preparation, planning, and reconnaissance
          4. Scanning
          5. Gaining access
          6. Maintaining access
          7. Analysis
        2. Pen testing types for API testing
          1. White-box penetration testing
        3. Fuzz tests
          1. The life cycle of fuzz tests
          2. Fuzz testing strategy
          3. Mutation-based fuzz tests
          4. Generation-based fuzz tests
          5. Advantages and disadvantages of fuzz tests
      7. Back to API testing
        1. API test cases
          1. Essential aspects of API test cases and test case preparation
        2. API testing challenges
          1. Initial setup
          2. API schema updates for testing
          3. Testing parameter combinations
          4. API call sequence
          5. Validating parameters
          6. Tracking system integration
        3. API testing best practices
        4. API testing tools
    3. CQRS
    4. Summary
    5. Further reading
  12. RESTful Service Composition for Smart Applications
    1. Technical requirements
      1. Briefing RESTful microservices
      2. Demystifying the MSA style
        1. The advantages of microservices
      3. The emergence of cloud-native applications
      4. The growing ecosystem of IoT device services
        1. The changing application ecosystem
      5. Tending toward the API-driven world
    2. The Representational State Transfer service paradigm
      1. API design best practices
        1. Learning about service-composition methods
    3. Service orchestration and choreography
      1. Beginning with service orchestration
        1. The shortcomings of service orchestration
      2. Applying orchestration-based composition
      3. Beginning with service choreography
        1. The shortcomings of service choreography
      4. Applying choreography-based composition
      5. The hybridization of orchestration and choreography
        1. Another example of the hybridization of orchestration and choreography
          1. Choreography
          2. Service choreography using the message broker
          3. Service orchestration
          4. Service orchestration using BPMN and REST
      6. The hybridization – event-driven service orchestration
    4. Data management
      1. Thinking in REST
        1. Discarding SQL join
        2. Eventual consistency
        3. Polyglot persistence
    5. Summary
  13. RESTful API Design Tips
    1. Technical requirements
    2. Beginning with APIs
    3. Learning about application programming interfaces
    4. APIs have become indispensable
      1. Learning about the major types of APIs
        1. Describing API platforms
      2. Creating API development platforms
        1. API-integration platforms
          1. Legacy integration
      3. API management platforms
    5. Demystifying the RESTful services paradigm
    6. Characterizing the REST architecture style
      1. REST Resource Representation Compression
      2. Idempotent REST APIs
      3. REST API design considerations
      4. Enumerating RESTful API design patterns
        1. Media types
      5. API security design patterns
      6. Whitelist allowable methods
    7. Summary
    8. Further reading
  14. A More In-depth View of the RESTful Services Paradigm
    1. Technical requirements
    2. Tending toward the software-defined and software-driven world
      1. Software-enabled clouds for the digital intelligence era
        1. The IoT applications and services
        2. Cloud-enabled applications
        3. Cloud-native applications
        4. Mobile, handheld, and wearable applications
        5. Transactional, operational, and analytical applications
        6. Knowledge visualization applications
          1. Social applications
          2. Scientific and technical applications
          3. Centralized and distributed applications
          4. Decentralized and intelligent applications with blockchain technology
          5. Composite and multi-container applications
          6. Event-driven applications
          7. High-quality applications
          8. Resilient applications
    3. The REST paradigm for application modernization and integration
      1. Application programming interfaces
        1. Public APIs for external integration and innovation
        2. Private APIs for internal purposes
        3. APIs for IoT devices
        4. APIs for application integration
      2. Describing the RESTful services paradigm
        1. REST architectural constraints
        2. The advantages of REST
          1. Self-descriptive messages
    4. SOAP versus REST
      1. When to use REST versus SOAP
    5. Best practices for REST-based microservices
      1. The API-first approach
        1. Developing API-first
        2. Building services API-first
    6. Summary
    7. Further reading
  15. Frameworks, Standard Languages, and Toolkits
    1. Technical requirements
    2. Core features of a framework
    3. Spring Boot
      1. Core features of Spring
      2. Database integration with Spring data
      3. Messaging integration
      4. Extending Spring with auto-configuration
      5. Writing unit tests and integration test cases
      6. Benefits of Spring Boot
      7. Drawbacks of Spring Boot
    4. Beginning about Light 4j
      1. Core features of Light 4j
        1. Learning about Light Rest 4j
      2. Light-code-gen
      3. Choosing Light 4j over the rest
    5. Spark Framework
      1. Core features of Spark Framework
      2. Creating an API with fewer lines
      3. Benefits of Spark
      4. Drawbacks of Spark
    6. Dropwizard
      1. Overview
      2. Core features of Dropwizard
        1. Jetty for HTTP
        2. Jersey for REST
        3. Jackson
        4. Metrics
        5. Liquibase
      3. Other noteworthy features
      4. Benefits of Dropwizard
      5. Drawbacks of Dropwizard
    7. Understanding Go framework for the RESTful API
      1. An overview
      2. Gin-gonic
        1. Core features
          1. HttpRouter
          2. Http2 server push
          3. Multi-template
          4. Upload files
          5. Other noteworthy features
        2. Benefits of Gin-Gonic
        3. Drawbacks of Gin-Gonic
      3. Revel
        1. Core features
          1. Router
          2. Server engine
          3. Controllers
          4. Handlers
          5. Interceptors
          6. Filters
          7. Cache
        2. Other noteworthy features
        3. Benefits of Revel
        4. Drawbacks of Revel
    8. Python RESTful API frameworks
      1. Overview of Python
      2. Django
      3. Django Rest Framework
        1. Core features
          1. Web-browsable API
          2. Authentication
          3. Serialization and deserialization
        2. Other noteworthy features
        3. Benefits of the DRF
        4. Drawbacks of the DRF
      4. Flask
      5. Flask-RESTful
        1. Core features of Flask-RESTful
          1. Resourceful routing
          2. Restful request parsing
          3. Output fields
        2. Other noteworthy features
        3. Benefits of the Flask framework
        4. Drawbacks of Flask
    9. Frameworks – a table of reference
    10. Summary
    11. Further reading
  16. Legacy Modernization to Microservices-Centric Apps
    1. Technical requirements
    2. A preview of containers and microservices
      1. Introducing the microservices architecture
      2. Why legacy modernization?
      3. Legacy-to-digital application modernization
        1. Accomplishing modernization
    3. Approaching legacy application modernization
      1. Microservices-centric legacy application modernization
        1. Service extraction
        2. Service composition
        3. Service migration
      2. Container-centric legacy application modernization
    4. Refactoring and rewriting
      1. Modernization technique terms
    5. Legacy modernization through microservices
      1. The distinctions of microservices
      2. The code samples
      3. The major hurdles to overcome
    6. Modernizing and migrating legacy applications – the role of cloud environments
      1. The need for cloud environments
      2. A case study for legacy modernization and migration
        1. The combination of microservices and serverless computing speeds up legacy modernization
    7. Summary
  17. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think

Product information

  • Title: Hands-On RESTful API Design Patterns and Best Practices
  • Author(s): Harihara Subramanian, Pethuru Raj
  • Release date: January 2019
  • Publisher(s): Packt Publishing
  • ISBN: 9781788992664