API Design, Development
Course Features
Course Details
Description
This COURSE will NOT teach coding of REST API from scratch. Please do NOT enroll if that is your objective/Goal.
Please check the audio of preview lectures before purchasing as some students have complained about low volume (fix is in works)
Today Enterprises are using REST APIs for not just building mobile applications but also for:
Creating new channels for partnership
Building new revenue streams & business models
Promoting their brands
Just creating the API does not guarantee that the enterprise will be able to achieve the desired goals from API perspective. Adoption of API by developers depend on multiple aspects such as its utility, ease of use, performance, scalability, security. The API provider must apply best practices throughout the lifecycle of an API.
Please note that this course will NOT teach how to code REST API in NodeJS.
Course is divided into 6 sections:
1. Setting the stage
Lectures in this section will provide the outline of the course, discuss a case study (ACME Travel) that will be used as an example through the course, provide a list of tools used in the course.
2. REST API Concepts
2. REST API Concepts
Lectures in this section will cover the foundational concepts such as the evolution of RESTful API and the 6 architectural constraints.
3. Designing the REST API
3. Designing the REST API
Focus in this section is on best practices for designing the REST API. The approach taken in this section is to show how some of the popular API providers (E.g., Twitter, Facebook, Twilio ...) have designed their REST API. Some of the RESTful design aspect covered in this section are:
Resources, CRUD implementation
Error Handling, HTTP status codes
Change management & Versioning
Pagination, Partial responses
To demonstrate the implementation aspects, a set of NodeJS based API is also implemented for a fictitious enterprise ACME Travels.
4. Securing the REST API
Commonly used BasicAuth standard is not the best way to implement API security. In this section student will learn the commonly adopted Authentication and Authorization schemes used for REST API
Tokens (Jason Web Tokens or JWT)
Key/Secret
OAuth 2.0 (Using Spotify implementation as a reference)
When an API is exposed by an enterprise to the public internet, it poses a risk to the enterprise as hackers may use the vulnerabilities in the API to launch attacks against the enterprise. There are multiple types of such Functional attacks that the API provider must consider. You will learn about the common attacks and the best practices for protecting the API.
5.Swagger 2.0 / Open API Initiative specifications
This section will begin with the description of Collaborative specifications development process & benefits of adopting contract first approach. Students will learn
Swagger 2.0 specification standard
How to create REST API specifications in YAML format
Tools options for Swagger specs editing
Benefits of Swagger 2.0
Demonstration of how specifications are leveraged by common platforms such as Apigee, Mulesoft & IBM API Connect
As part of the lectures, a complete specification will be created for ACME Vacations. At the end of this section student will be able to write Swagger/OAI specifications for their own API.
6. API Management
API management is the process of publishing, documenting and overseeing application programming interfaces (APIs) in a secure, scalable environment. Lectures in this section cover the details of the following activities that an API provider carry out within the scope of API management.
Lifecycle management
Developer productivity
Developer portal
Security
Traffic management
Analytics
Productization
Monetization (API Economy)
APIgee, IBM API Connect & Mulesoft platforms will be used for demonstrating the various API management aspects discussed in the lectures. Students are encouraged to try out these platforms on their own to get a good feel of what API management platforms bring to table. The three platforms offer a free trial version that can be used for testing.
What Will I Learn?
Design and Develop RESTful API by applying the best practices & REST constraints
Create practices for API security, versioning, lifecycle management, documentation and other important aspects
Write specifications in Swagger2.0/OAI specifications in YAML format
Create an API management strategy for your enterprise
Leverage some of the common API management platforms for building API proxies (APIGEE, IBM API Connect, Mulesoft Anypoint)
Course Outline:
1.Setting the stage
Introduction to the Author and the Course
Summary decks download link for the course
ACME Travels - Case study
Tools for Design, Development,Testing and Management or REST API
Crash course on MongoLabs
2.Evolution of RESTful services
What is an API
Evolution of REST/JSON API
Introduction to RESTful API
API 101
Private, Public and Partner API
3.REST API Architectural Constraints
Introduction to REST Architecture Constraints
REST API Architectural Constraint - Client Server
REST API Architectural Constraint - Uniform Interface
REST API Architectural Constraint - Statelessness
REST API Architectural Constraint - Caching
REST API Architectural Constraint - Layered System
REST API Architectural Constraint - Code On Demand
Richardson Maturity Model for REST API
REST API Architectural Constraints
4.Desigining REST API
API Value Chain
Practices for Resource Names, Actions & Associations
Implementing REST API CRUD operations
Walkthrough: Creating a Vacations API in Node JS
REST API Error Handling Practices
Implement REST API
Walkthrough: Implementation of error handling for POST API
REST API Error Handling
Handling changes to API
Versioning the API
API Caching (1 of 2) Concepts & Design decisions
API Caching (2 of 2) Cache Control Directive
Demo - API Caching using Cache-Control Directives
API Caching
Building support for Partial Responses
Building support for Pagination
Building support for Partial Responses & Pagination
5.REST API Security
REST API Security - Introduction
Securing API with Basic Authentication
API Basic Authentication
Securing API with Tokens & JWT
API Token based Authentication & JWT
Securing API with API Key & Secret
API Keys and Secret
API Authorization using OAuth2.0
API Authorization OAuth2.0
API Security - Functional Attack
6.REST API Specifications using Swagger 2.0 / OAI
Requirements Analysis Process & Intro to REST Specifications
REST API Specifications
Swagger/OAI Specifications Walkthrough
Introduction to Swagger/OAI specifications
Swagger/OAI Specifications, Part 1 of 3
Structure & Elements of Swagger/OAI specifications
Swagger/OAI Specifications, Part 2 of 3
Structure & Elements of Swagger/OAI specifications (2/3)
Swagger/OAI Specifications, Part 3 of 3
Structure & Elements of Swagger/OAI specifications (3/3)
7.API Management
Introduction to API Management
API Lifecycle & Developer Productivity
API Developer Portal
API Security Management
API Traffic Management
API Analytics
API Product and API Monetization
This course does not have any sections.