REST API Design, Development & Management

REST API Design, Development & Management

English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 7.5 Hours | 825 MB

Learn the REST API Concepts, Design best practices, Security practices, Swagger 2.0/OAI, Hands on API Management

Course is divided into 6 sections:

1. Setting the stage

Lectures in this section will provide the outline of the course, discuss a case study (ACME Travel) that will be used as an example through the course, provide a list of tools used in the course.

2. REST API Concepts

Lectures in this section will cover the foundational concepts such as the evolution of RESTful API and the 6 architectural constraints.

3. Designing the REST API

Focus in this section is on best practices for designing the REST API. The approach taken in this section is to show how some of the popular API providers (E.g., Twitter, Facebook, Twilio …) have designed their REST API. Some of the RESTful design aspect covered in this section are:

  • Resources, CRUD implementation
  • Error Handling, HTTP status codes
  • Change management & Versioning
  • Pagination, Partial responses

To demonstrate the implementation aspects, a set of NodeJS based API is also implemented for a fictitious enterprise ACME Travels.

4. Securing the REST API

Commonly used BasicAuth standard is not the best way to implement API security. In this section student will learn the commonly adopted Authentication and Authorization schemes used for REST API

  • Tokens (Jason Web Tokens or JWT)
  • Key/Secret
  • OAuth 2.0 (Using Spotify implementation as a reference)

When an API is exposed by an enterprise to the public internet, it poses a risk to the enterprise as hackers may use the vulnerabilities in the API to launch attacks against the enterprise. There are multiple types of such Functional attacks that the API provider must consider. You will learn about the common attacks and the best practices for protecting the API.

5. Swagger 2.0 / Open API Initiative specifications

This section will begin with the description of Collaborative specifications development process & benefits of adopting contract first approach. Students will learn

  • Swagger 2.0 specification standard
  • How to create REST API specifications in YAML format
  • Tools options for Swagger specs editing
  • Benefits of Swagger 2.0
  • Demonstration of how specifications are leveraged by common platforms such as Apigee, Mulesoft & IBM API Connect

As part of the lectures, a complete specification will be created for ACME Vacations. At the end of this section student will be able to write Swagger/OAI specifications for their own API.

6. API Management

API management is the process of publishing, documenting and overseeing application programming interfaces (APIs) in a secure, scalable environment. Lectures in this section cover the details of the following activities that an API provider carry out within the scope of API management.

  • Lifecycle management
  • Developer productivity
  • Developer portal
  • Security
  • Traffic management
  • Analytics
  • Productization
  • Monetization (API Economy)

APIgee, IBM API Connect & Mulesoft platforms will be used for demonstrating the various API management aspects discussed in the lectures. Students are encouraged to try out these platforms on their own to get a good feel of what API management platforms bring to table. The three platforms offer a free trial version that can be used for testing.

Table of Contents

Setting the stage
1 Introduction to the Author and the Course
2 Summary decks download link for the course
3 ACME Travels – Case study
4 Tools for Design_ Development_Testing and Management or REST API
5 Crash course on MongoLabs

Evolution of RESTful services
6 What is an API
7 Evolution of REST_JSON API
8 Introduction to RESTful API
9 Private_ Public and Partner API

REST API Architectural Constraints
10 Introduction to REST Architecture Constraints
11 REST API Architectural Constraint – Client Server
12 REST API Architectural Constraint – Uniform Interface
13 REST API Architectural Constraint – Statelessness
14 REST API Architectural Constraint – Caching
15 REST API Architectural Constraint – Layered System
16 REST API Architectural Constraint – Code On Demand
17 Richardson Maturity Model for REST API

Desigining REST API
18 API Value Chain
19 Practices for Resource Names_ Actions & Associations
20 Implementing REST API CRUD operations
21 Walkthrough_ Creating a Vacations API in Node JS
22 REST API Error Handling Practices
23 Walkthrough_ Implementation of error handling for POST API
24 Handling changes to API
25 Versioning the API
26 API Caching (1 of 2) Concepts & Design decisions
27 API Caching (2 of 2) Cache Control Directive
28 Demo – API Caching using Cache-Control Directives
29 Building support for Partial Responses
30 Building support for Pagination

REST API Security
31 REST API Security – Introduction
32 Securing API with Basic Authentication
33 Securing API with Tokens & JWT
34 Securing API with API Key & Secret
35 API Authorization using OAuth2_0
36 API Security – Functional Attack

REST API Specifications using Swagger 2_0 _ OAI
37 Requirements Analysis Process & Intro to REST Specifications
38 Swagger_OAI Specifications Walkthrough
39 Swagger_OAI Specifications_ Part 1 of 3
40 Swagger_OAI Specifications_ Part 2 of 3
41 Swagger_OAI Specifications_ Part 3 of 3

API Management
42 Introduction to API Management
43 API Lifecycle & Developer Productivity
44 API Developer Portal
45 API Security Management
46 API Traffic Management
47 API Analytics
48 API Product and API Monetization

Good Bye & All the Best
49 Good bye