restful api automation with javascript
DESCRIPTION
Pragmatic RESTful API principles, along with a solid consumption architecture, can allow for a great amount of automation in your program development. At the same time, securing the application can be extremely tricky from JavaScript. In this session we will explore several principles behind RESTful API design and consumption using JavaScript, many of the standards that were integrated in the redevelopment of the PayPal API architecture in the new RESTful APIs. We will cover many of these architecture standards, including: * Building in action automation using HATEOAS * OAuth 2 in the JavaScript model * The challenges behind secure resource consumption through JavaScriptTRANSCRIPT
![Page 1: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/1.jpg)
With JavaScript
RESTful API Automation
Jonathan LeBlancHead of Developer Evangelism (North
America)Github: http://github.com/jcleblanc
Slides: http://slideshare.net/jcleblancTwitter: @jcleblanc
![Page 2: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/2.jpg)
What We’re Covering
REST Concepts
Automation through hypermedia constraints
OAuth 2 in JavaScript
![Page 3: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/3.jpg)
What We Want
![Page 4: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/4.jpg)
JavaScript Challenges
![Page 5: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/5.jpg)
Cross Origin Resource Sharing
Access to other domains / subdomains is restricted (same origin policy)
JSONP to request resources across domains
Cross-origin resource sharing (CORS)You Send: Origin: http://site.com
They Send: Access-Control-Allow-Origin: http://site.com
![Page 6: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/6.jpg)
Keeping Things Hidden
Token based auth mechanismOAuth: Client Secret
Basic Auth: Password
API request action to reaction mapping
A schematic for how data forces site changes
![Page 7: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/7.jpg)
Action Automation
![Page 8: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/8.jpg)
RESTful API Core Concepts
Honor HTTP request verbs
Use proper HTTP status codes
No version numbering in URIs
Return format via HTTP Accept header
Double Rainbow: Discovery via HATEOAS
![Page 9: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/9.jpg)
Uniform Interface Sub-Constraints
Resource Identification
Resources must be manipulated via representations
Self descriptive messages
Hypermedia as the engine of application state
![Page 10: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/10.jpg)
How we Normally Consume APIs
![Page 11: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/11.jpg)
Using HATEOAS to Automate
![Page 12: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/12.jpg)
"links": [ { "href":"https://api.sandbox.paypal.com/v1/payments/ authorization/6H149011U8307001M", "rel":"self", "method":"GET" },{ "href":"https://api.sandbox.paypal.com/v1/payments/ authorization/6H149011U8307001M/capture", "rel":"capture", "method":"POST" },{ "href":"https://api.sandbox.paypal.com/v1/payments/ authorization/6H149011U8307001M/void", "rel":"void", "method":"POST" }]
![Page 13: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/13.jpg)
OAuth 2 & JavaScript?
![Page 14: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/14.jpg)
A Little Use Background
User login
Application only
User Involvement
![Page 15: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/15.jpg)
User Agent Flow: Redirect
Prepare the Redirect URIAuthorization Endpointclient_id response_type (token)scope redirect_uri
Browser RedirectRedirect URI
![Page 16: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/16.jpg)
User Agent Flow: Redirect
Building the redirect link
var auth_uri = auth_endpoint + "?response_type=token" + "&client_id=" + client_id + "&scope=profile" + "&redirect_uri=" + window.location; $("#auth_btn").attr("href", auth_uri);
![Page 17: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/17.jpg)
User Agent Flow: Hash Mod
Fetch the Hash Modaccess_tokenrefresh_tokenexpires_in
Extract Access Token
![Page 18: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/18.jpg)
User Agent Flow: Hash Mod
http://site.com/callback#access_token=rBEGu1FQr54AzqE3Q&refresh_token=rEBt51FZr54HayqE3V4a&expires_in=3600
var hash = document.location.hash;var match = hash.match(/access_token=(\w+)/);
Extracting the access token from the hash
![Page 19: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/19.jpg)
User Agent Flow: Get Resources
Set Request Headers + URIResource EndpointHeader: token type + access tokenHeader: accept data type
HTTPS Request
![Page 20: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/20.jpg)
User Agent Flow: Get Resources
$.ajax({ url: resource_uri, beforeSend: function (xhr) { xhr.setRequestHeader('Authorization', 'OAuth ' + token); xhr.setRequestHeader('Accept', 'application/json'); }, success: function (response) { //use response object }});
Making an authorized request
![Page 21: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/21.jpg)
Good JavaScript API Interaction
Using Proper REST standards
Automation through hypermedia constraints
Using OAuth 2 appropriately
![Page 22: RESTful API Automation with JavaScript](https://reader033.vdocument.in/reader033/viewer/2022061300/54c844184a79591e158b4571/html5/thumbnails/22.jpg)
http://bit.ly/rest_automation_js
Thank You! Questions?
Jonathan LeBlancHead of Developer Evangelism (North
America)Github: http://github.com/jcleblanc
Slides: http://slideshare.net/jcleblancTwitter: @jcleblanc