1 / 79

REST + JSON APIs with JAX-RS

REST + JSON APIs with JAX-RS. Les Hazlewood CTO, Stormpath s tormpath.com. .com. Identity Management and Access Control API Security for your applications User security workflows Security best practices Developer tools, SDKs, libraries. Outline. REST Fundamentals Design:. Errors

kirestin-pollard
Download Presentation

REST + JSON APIs with JAX-RS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. REST + JSON APIswith JAX-RS Les Hazlewood CTO, Stormpath stormpath.com

  2. .com • Identity Management andAccess Control API • Security for your applications • User security workflows • Security best practices • Developer tools, SDKs, libraries

  3. Outline • REST Fundamentals • Design: • Errors • IDs • Method Overloading • Resource Expansion • Partial Responses • Caching & Etags • Security • Multi Tenancy • Maintenance • Base URL • Versioning • Resource Format • Return Values • Content Negotiation • References (Linking) • Pagination • Query Parameters • Associations • Coding Time! (JAX-RS-based App)

  4. Why REST? • Scalability • Generality • Independence • Latency (Caching) • Security • Encapsulation

  5. HATEOAS • Hypermedia • As • The • Engine • Of • Application • State Further restriction on REST architectures.

  6. REST Is Easy

  7. REST Is *&@#$! Hard(for providers)

  8. REST can be easy(if you follow some guidelines)

  9. Example Domain: Stormpath Applications Directories Accounts Groups Associations Workflows

  10. Fundamentals

  11. Resources Nouns, not Verbs Coarse Grained, not Fine Grained Architectural style for use-case scalability

  12. What If? /getAccount /createDirectory /updateGroup /verifyAccountEmailAddress

  13. What If? /getAccount /getAllAccounts /searchAccounts /createDirectory /createLdapDirectory /updateGroup /updateGroupName /findGroupsByDirectory /searchGroupsByName /verifyAccountEmailAddress /verifyAccountEmailAddressByToken … Smells like bad RPC. DON’T DO THIS.

  14. Keep It Simple

  15. The Answer Fundamentally two types of resources: Collection Resource Instance Resource

  16. Collection Resource /applications

  17. Instance Resource /applications/a1b2c3

  18. Behavior • GET • PUT • POST • DELETE • HEAD

  19. Behavior POST, GET, PUT, DELETE ≠ 1:1 Create, Read, Update, Delete

  20. Behavior As you would expect: GET = Read DELETE = Delete HEAD = Headers, no Body

  21. Behavior Not so obvious: PUT and POST can both be used for Create and Update

  22. PUT for Create Identifier is known by the client: PUT /applications/clientSpecifiedId { … }

  23. PUT for Update Full Replacement PUT /applications/existingId { “name”: “Best App Ever”, “description”: “Awesomeness” }

  24. PUT Idempotent

  25. POST as Create On a parent resource POST /applications { “name”: “Best App Ever” } Response: 201 Created Location: https://api.stormpath.com/applications/a1b2c3

  26. POST as Update On instance resource POST /applications/a1b2c3 { “name”: “Best App Ever. Srsly.” } Response: 200 OK

  27. POST NOT Idempotent

  28. Media Types • Format Specification + Parsing Rules • Request: Accept header • Response: Content-Type header • application/json • application/foo+json • application/foo+json;application • …

  29. Design Time!

  30. Base URL

  31. http(s)://api.foo.comvshttp://www.foo.com/dev/service/api/resthttp(s)://api.foo.comvshttp://www.foo.com/dev/service/api/rest

  32. http(s)://api.foo.comRest Clientvs Browser

  33. Versioning

  34. URL https://api.stormpath.com/v1 vs. Media-Type application/json+foo;application&v=1

  35. Resource Format

  36. Media Type Content-Type: application/json When time allows: application/foo+json application/foo+json;bar=baz&v=1 …

  37. camelCase ‘JS’ in ‘JSON’ = JavaScript myArray.forEach Not myArray.for_each account.givenName Not account.given_name Underscores for property/function names are unconventional for JS. Stay consistent.

  38. Date/Time/Timestamp There’s already a standard. Use it: ISO 8601 Example: { …, “createdTimestamp”: “2012-07-10T18:02:24.343Z” } Use UTC!

  39. HREF • Distributed Hypermedia is paramount! • Every accessible Resource has a unique URL. • Replaces IDs (IDs exist, but are opaque). { “href”: https://api.stormpath.com/v1/accounts/x7y8z9”, … } Critical for linking, as we’ll soon see

  40. Response Body

  41. GET obvious What about POST? Return the representation in the response when feasible. Add override (?_body=false) for control

  42. Content Negotiation

  43. Header • Accept header • Header values comma delimited in order of preference GET /applications/a1b2c3 Accept: application/json, text/plain

  44. Resource Extension /applications/a1b2c3.json /applications/a1b2c3.csv … Conventionally overrides Accept header

  45. Resource Referencesaka ‘Linking’

  46. Hypermedia is paramount. • Linking is fundamental to scalability. • Tricky in JSON • XML has it (XLink), JSON doesn’t • How do we do it?

  47. Instance Reference GET /accounts/x7y8z9 200 OK { “href”: “https://api.stormpath.com/v1/accounts/x7y8z9”, “givenName”: “Tony”, “surname”: “Stark”, …, “directory”: ???? }

  48. Instance Reference GET /accounts/x7y8z9 200 OK { “href”: “https://api.stormpath.com/v1/accounts/x7y8z9”, “givenName”: “Tony”, “surname”: “Stark”, …, “directory”: { “href”: “https://api.stormpath.com/v1/directories/g4h5i6” } }

  49. Collection Reference GET /accounts/x7y8z9 200 OK { “href”: “https://api.stormpath.com/v1/accounts/x7y8z9”, “givenName”: “Tony”, “surname”: “Stark”, …, “groups”: { “href”: “https://api.stormpath.com/v1/accounts/x7y8z9/groups” } }

  50. Reference Expansion(aka Entity Expansion, Link Expansion)

More Related