Upload File

restful api design best practices using asp.net web api

  • Home
  • Software
  • RESTful API Design Best Practices Using ASP.NET Web API
69
#NeverRest RESTful API Design Best Practices Using ASP.NET Web API Spencer Schneidenbach @schneidenbach

Upload: spencer-schneidenbach

Post on 11-Feb-2017

924 views

Category:

Software


4 download

Report

TRANSCRIPT

Page 1: RESTful API Design Best Practices Using ASP.NET Web API

#NeverRestRESTful API Design Best

PracticesUsing ASP.NET Web API

Spencer Schneidenbach

@schneidenbach

Page 2: RESTful API Design Best Practices Using ASP.NET Web API

Slides, links, and more at rest.schneids.net

@schneidenbach#NeverRest

http://rest.schneids.net/
Page 3: RESTful API Design Best Practices Using ASP.NET Web API

Why?@schneidenbach#NeverRest

Page 4: RESTful API Design Best Practices Using ASP.NET Web API

Developers have the power of choice

@schneidenbach#NeverRest

Page 5: RESTful API Design Best Practices Using ASP.NET Web API

Long-term benefits

@schneidenbach#NeverRest

Go from 0 to “make magic happen”

Learn stuff and manage exceptions

Page 6: RESTful API Design Best Practices Using ASP.NET Web API

Developers have the power of choice

@schneidenbach#NeverRest

Page 7: RESTful API Design Best Practices Using ASP.NET Web API

Developers have an opportunity create something better than the

competition

@schneidenbach#NeverRest

Page 8: RESTful API Design Best Practices Using ASP.NET Web API

API Design is UX for Developers

@schneidenbach#NeverRest

Page 9: RESTful API Design Best Practices Using ASP.NET Web API

This quote sums it up nicely

If you don’t make usability a priority, you’ll never have to worry about scalability.

-Kirsten Hunter @synedra

@schneidenbach#NeverRest

Page 10: RESTful API Design Best Practices Using ASP.NET Web API

Some common themes

@schneidenbach#NeverRest

Page 11: RESTful API Design Best Practices Using ASP.NET Web API

@schneidenbach#NeverRest

Page 12: RESTful API Design Best Practices Using ASP.NET Web API

Simple != Easy

@schneidenbach#NeverRest

Page 13: RESTful API Design Best Practices Using ASP.NET Web API

There’s No Silver Bullet

@schneidenbach#NeverRest

Page 14: RESTful API Design Best Practices Using ASP.NET Web API

What is REST?

Representational State Transfer

@schneidenbach#NeverRest

Page 15: RESTful API Design Best Practices Using ASP.NET Web API

Uniform InterfaceCode on Demand

(optional)Layered

StatelessCacheableClient-Server

The Six Constraints of REST

@schneidenbach#NeverRest

Page 16: RESTful API Design Best Practices Using ASP.NET Web API

Resource identification

Uniform Interface constraint

Content-Type:

application/json

Resource manipulation with

representations

Self-descriptive Hypermedia as the engine of

application state (HATEOAS)

GET /employees/1234

PUT /employees/1234

@schneidenbach#NeverRest

Page 17: RESTful API Design Best Practices Using ASP.NET Web API

What is a RESTful API?RESTful API == an API that follows REST architecture

Term has been sort of co-opted

REST != JSONREST != HTTP

Lots of people say “REST API” when they really mean HTTP JSON API

@schneidenbach#NeverRest

Page 18: RESTful API Design Best Practices Using ASP.NET Web API

Pragmatic REST

RESTful API != Good API

@schneidenbach#NeverRest

Page 19: RESTful API Design Best Practices Using ASP.NET Web API

Do what makes sense. Throw out the rest.

Is that vague enough for you?

@schneidenbach#NeverRest

Page 20: RESTful API Design Best Practices Using ASP.NET Web API

MaintainDocument

ImplementDesign

API Design Process

@schneidenbach#NeverRest

Page 21: RESTful API Design Best Practices Using ASP.NET Web API

Designing your RESTful APII HAVE ONE RULE… okay I actually have two rules

@schneidenbach#NeverRest

Page 22: RESTful API Design Best Practices Using ASP.NET Web API

KISS(or, Keep it Simple, Stupid)

@schneidenbach#NeverRest

Page 23: RESTful API Design Best Practices Using ASP.NET Web API

KISS

Don’t be creative.

Provide what is necessary – no more, no less.

Use a handful of HTTP status codes.

@schneidenbach#NeverRest

Page 24: RESTful API Design Best Practices Using ASP.NET Web API

403 Forbidden(aka you can’t do that)

401 Unauthorized(aka not authenticated)

404 Not Found

400 Bad Request201 Created200 OK

Good HTTP Codes

@schneidenbach#NeverRest

Page 25: RESTful API Design Best Practices Using ASP.NET Web API

KISS

{ "id": 1234, "active": true, "nameId": 345}

{ "id": 345, "name": "Acme"}

Customer API Name API

GET /customers/1234 GET /names/345

@schneidenbach#NeverRest

Page 26: RESTful API Design Best Practices Using ASP.NET Web API

KISS

That’s TWO REQUESTS per GET

That’s TWO REQUESTS per POST

What’s the point?

@schneidenbach#NeverRest

Page 27: RESTful API Design Best Practices Using ASP.NET Web API

Don’t let your specific implementations leak if they are

hard to use or understand.

@schneidenbach#NeverRest

Page 28: RESTful API Design Best Practices Using ASP.NET Web API

KISS

{ "id": 1234, "active": true, "name": "Acme"}

Customer API

GET /customers/1234

@schneidenbach#NeverRest

Page 29: RESTful API Design Best Practices Using ASP.NET Web API

KISS

TheoryAnnexThresholdLilia

@schneidenbach#NeverRest

Page 30: RESTful API Design Best Practices Using ASP.NET Web API

KISSInactiveDeletedVisibleRetired

@schneidenbach#NeverRest

Page 31: RESTful API Design Best Practices Using ASP.NET Web API

Second big rule – Be Consistent

Be consistent with accepted best practices.

Be consistent with yourself.

@schneidenbach#NeverRest

Page 32: RESTful API Design Best Practices Using ASP.NET Web API

PATCHDELETE

POSTPUTGET

Understanding verbs

Remember consistency!@schneidenbach#NeverRest

Page 33: RESTful API Design Best Practices Using ASP.NET Web API

Don’t mutate data with GETs.

@schneidenbach#NeverRest

Page 34: RESTful API Design Best Practices Using ASP.NET Web API

Resource identificationNouns vs. verbs

Basically, use plural nouns

@schneidenbach#NeverRest

Page 35: RESTful API Design Best Practices Using ASP.NET Web API

{ "invoices": [ { ... }, { ... } ]}

GET /customers/1234/invoic

es

GET /customers/1234?expand=invoices

Within the parent object

Sub-resource strategies

As a separate request Using an expand parameter

Be consistent, but be flexible when it makes sense

@schneidenbach#NeverRest

Page 36: RESTful API Design Best Practices Using ASP.NET Web API

GET considerations

SortingFiltering

Paging@schneidenbach#NeverRest

Page 37: RESTful API Design Best Practices Using ASP.NET Web API

Sorting/Ordering

$orderBy=name desc

$orderBy=name desc,hireDate

@schneidenbach#NeverRest

Page 38: RESTful API Design Best Practices Using ASP.NET Web API

Filtering

$filter=(name eq 'Milk' or name eq 'Eggs') and price lt 2.55

@schneidenbach#NeverRest

Page 39: RESTful API Design Best Practices Using ASP.NET Web API

Sorting and filtering for free

Google “OData web api”

@schneidenbach#NeverRest

Page 40: RESTful API Design Best Practices Using ASP.NET Web API

PagingGET /customers? page=1 & pageSize=1000

{"pageNumber": 1,"results": [...],"nextPage": "/customers?page=2"

}

Good paging example on my blog: rest.schneids.net

@schneidenbach#NeverRest

http://rest.schneids.net/
Page 41: RESTful API Design Best Practices Using ASP.NET Web API

Do I need to sort/page/filter?

Maybe!

What do your consumers need?

@schneidenbach#NeverRest

Page 42: RESTful API Design Best Practices Using ASP.NET Web API

Versioning

Your APIs should stand a test of time

@schneidenbach#NeverRest

Page 43: RESTful API Design Best Practices Using ASP.NET Web API

Versioning

GET /customersHost: contoso.comAccept: application/jsonX-Api-Version: 1

@schneidenbach#NeverRest

POST /customersHost: contoso.comAccept: application/jsonX-Api-Version: 2.0

Page 44: RESTful API Design Best Practices Using ASP.NET Web API

Versioning

Use URL versioning@schneidenbach#NeverRest

GET /v1/customersHost: contoso.comAccept: application/json

Page 45: RESTful API Design Best Practices Using ASP.NET Web API

Error reporting

Errors are going to happen.

How will you manage them?

@schneidenbach#NeverRest

Page 46: RESTful API Design Best Practices Using ASP.NET Web API

Error reporting

{ "name": "Arana Software"}

@schneidenbach#NeverRest

Requires name and state

POST /vendors

400 Bad Request

Content-Type: application/json

"State is required."

{ "firstName": "Spencer"}

Requires first and last name

POST /employees

400 Bad Request

Content-Type: application/json

{

"errorMessage": "Your request was invalid."

}

Page 47: RESTful API Design Best Practices Using ASP.NET Web API

Error reporting

@schneidenbach#NeverRest

Page 48: RESTful API Design Best Practices Using ASP.NET Web API

Error reporting

Make finding and fixing errors as easy on your consumer as possible.

@schneidenbach#NeverRest

Page 49: RESTful API Design Best Practices Using ASP.NET Web API

AuthenticationEncryption

Security

@schneidenbach#NeverRest

Page 50: RESTful API Design Best Practices Using ASP.NET Web API

Use SSL.

Don’t roll your own encryption.

Pick an auth strategy that isn’t Basic.

@schneidenbach#NeverRest

Security

Page 51: RESTful API Design Best Practices Using ASP.NET Web API

Ok, time for some code examplesand practical advise

@schneidenbach#NeverRest

Page 52: RESTful API Design Best Practices Using ASP.NET Web API

@schneidenbach#NeverRest

Controller Anatomy

Page 53: RESTful API Design Best Practices Using ASP.NET Web API

@schneidenbach#NeverRest

Page 54: RESTful API Design Best Practices Using ASP.NET Web API

@schneidenbach#NeverRest

Page 55: RESTful API Design Best Practices Using ASP.NET Web API

@schneidenbach#NeverRest

Page 56: RESTful API Design Best Practices Using ASP.NET Web API

Use DTOs/per-request objects@schneidenbach#NeverRest

Page 57: RESTful API Design Best Practices Using ASP.NET Web API

Separation of concerns

@schneidenbach#NeverRest

Page 58: RESTful API Design Best Practices Using ASP.NET Web API

@schneidenbach#NeverRest

Page 59: RESTful API Design Best Practices Using ASP.NET Web API

@schneidenbach#NeverRest

Page 60: RESTful API Design Best Practices Using ASP.NET Web API

Separation of concerns

@schneidenbach#NeverRest

Controllers should know “where,” not ”how.”

Page 61: RESTful API Design Best Practices Using ASP.NET Web API

@schneidenbach#NeverRest

Page 62: RESTful API Design Best Practices Using ASP.NET Web API

Validation

@schneidenbach#NeverRest

Page 63: RESTful API Design Best Practices Using ASP.NET Web API

Validation

Validate. Validate. Validate.

@schneidenbach#NeverRest

Separate validation logic from object.

Google Fluent Validation

https://github.com/JeremySkinner/FluentValidation
Page 64: RESTful API Design Best Practices Using ASP.NET Web API

Controller

Good Architecture

Request Handler/ServiceValidator

Enforce separation of concerns for maintainability and testability.

Google MediatR

https://github.com/jbogard/MediatR
Page 65: RESTful API Design Best Practices Using ASP.NET Web API

Gotchas/ErrorsFormatting

SchemaParametersEndpoints

Documentation

@schneidenbach#NeverRest

Page 66: RESTful API Design Best Practices Using ASP.NET Web API

Documentation

A good API lives and dies by its documentation.

(you should tweet that out)

@schneidenbach#NeverRest

Page 67: RESTful API Design Best Practices Using ASP.NET Web API

Maintaining your APIVendor: “Hey, we’ve made some under-the-cover changes to our endpoint. It shouldn’t impact you, but let us know if it breaks something.”

Us: ”Okay. Can you release it to test first so we can run our integration tests against the endpoint and make sure everything works?”

Vendor: ”Well, actually we need it ASAP, so we’re releasing to prod in an hour.”

@schneidenbach#NeverRest

Page 68: RESTful API Design Best Practices Using ASP.NET Web API

Maintaining your API

Fix bugs and optimize.

Don’t introduce breaking changes like removing properties.

@schneidenbach#NeverRest

Page 69: RESTful API Design Best Practices Using ASP.NET Web API

Thank you!Slides, resources at rest.schneids.net

schneids.net

@schneidenbach


WorkFlow RESTful API Documentation - CallidusCloud · WorkFlow RESTful API Documentation - CallidusCloud ... x ] ] x

ASP.NET Web API

RESTful Server Configuration with iDRAC RESTful API

RESTful Server Configuration with iDRAC RESTful API€¦ · RESTful Server Configuration with iDRAC RESTful API Dell EMC Customer Solutions Center October 2018 Authors ... RESTful

Building a RESTful API

Thoughts on RESTful API design - media.readthedocs.org · Thoughts on RESTful API design, Release 1.0 1.2The Job of the API Designer Before we dive fully into RESTful API design,

ASP.NET Web API. ASP.NET Members MS Open Source ASP.NET MVC 4, ASP.NET Web API and ASP.NET Web Pages v2 (Razor) now all open source ASP.NET MVC 4, ASP.NET

RESTFul Web API Services @ DotNetToscana

Safenames API 1Safenames RESTful Web API Version 1.2 Page 4 of 30 24 January 2019 1 Introduction The Safenames Web API 2 is a RESTful web service built using ASP.NET Web API framework

Integrating Angular with ASP.NET Core RESTful Services...ASP.NET Core Web API Database Data Layer HTML (Razor) JSON The Big Picture

Ripening of a RESTful API

RESTFul api

Dialogic® PowerMedia™ XMS RESTful API/media/manuals/xms/XMS_RESTfulAPIDe… · RESTful API Description PowerMedia XMS RESTful API uses a Representational State Transfer (RESTful)

OpenSocial RESTful API

RESTful apps and services with ASP.NET MVC

REST, RESTful API

NetMVC - Restful API

Restful api design

COMPUTING SUBJECT: Restful ASP.Net Core-servicespele-easj.dk/2019e-tek/exercises/RESTService4-Testing-and-Azure.pdf · consume restful ASP.Net Core web services, to prepare the ‘RestService’

Lionframe - Rapid RESTful API development

Secure RESTful Web Services for ASP.NET Web API

Introduction to RESTful API Designs

RESTful API development with Symfony2

RESTful API in teamkube

Nodejs - Building a RESTful API

Pro ASP.NET Web API Security3A978-1-4302-5783-7%2F… · Pro ASP.NET Web API Security Securing ASP.NET Web API Badrinarayanan Lakshmiraghavan Apress

RESTful API - Best Practices

Laravel Restful API and AngularJS

ASP.NET Web API & Azure API Management

DataPower Restful API Security

RESTful API Automation with JavaScript

RESTful Web API

Restful API On Grape

RESTful Web API Design - software-architects.com...RESTful Web API Design Rainer Stropek. Saves the day. Software Architecture Summit 2015 RESTful Rainer Stropek ... Building Web API

RestFul Api documentation with Swagger