Visão Geral

Este Curso API Design Development, ensinará a codificação da API REST do zero. Hoje, as empresas estão usando APIs REST não apenas para criar aplicativos móveis. Apenas criar a API não garante que a empresa será capaz de atingir os objetivos desejados da perspectiva da API. A adoção da API pelos desenvolvedores depende de vários aspectos, como sua utilidade, facilidade de uso, desempenho, escalabilidade, segurança. O provedor de API deve aplicar as práticas recomendadas durante todo o ciclo de vida de uma API.

Objetivo

Após realizar Curso API Design Development curso você será capaz de:

• Projetar e desenvolver API RESTful aplicando as melhores práticas e restrições REST
• Criar práticas para segurança de API, controle de versão, gerenciamento de ciclo de vida, documentação e outros aspectos importantes
• Escrever especificações em especificações Swagger2.0/OAI no formato YAML
• Criar uma estratégia de gerenciamento de API para sua empresa
• Alavancar algumas das plataformas de gerenciamento de API comuns para construir proxies de API (APIGEE, IBM API Connect, Mulesoft Anypoint)

Materiais

Conteúdo Programatico

Setting the stage:

1. Lectures in this section will provide the outline of the course, discuss a case study (ACME Travel) that will be used as an example through the course, provide a list of tools used in the course.

REST API Concepts:

1. Lectures in this section will cover the foundational concepts such as the evolution of RESTful API and the 6 architectural constraints.

Designing the REST API:

1. The focus in this section is on best practices for designing the REST API. The approach taken in this section is to show how some of the popular API providers (E.g., Twitter, Facebook, Twilio ...) have designed their REST API. Some of the RESTful design aspect covered in this section are:
2. Resources, CRUD implementation
3. Error Handling, HTTP status codes
4. Change management & Versioning
5. Pagination, Partial responses
6. To demonstrate the implementation aspects, a set of NodeJS based API is also implemented for a fictitious enterprise ACME Travels.

Securing the REST API:

1. Commonly used BasicAuth standard is not the best way to implement API security. In this section student will learn the commonly adopted Authentication and Authorization schemes used for REST API
2. Tokens (Jason Web Tokens or JWT)
3. Key/Secret
4. OAuth 2.0 (Using Spotify implementation as a reference)
5. When an API is exposed by an enterprise to the public internet, it poses a risk to the enterprise as hackers may use the vulnerabilities in the API to launch attacks against the enterprise. There are multiple types of such Functional attacks that the API provider must consider. You will learn about the common attacks and the best practices for protecting the API.

Swagger 2.0 / Open API Initiative specifications:

1. This section will begin with the description of the Collaborative specifications development process & benefits of adopting the contract-first approach. Students will learn
2. Swagger 2.0 specification standard
3. How to create REST API specifications in YAML format
4. Tools options for Swagger specs editing
5. Benefits of Swagger 2.0
6. Demonstration of how specifications are leveraged by common platforms such as Apigee, Mulesoft & IBM API Connect
7. As part of the lectures, a complete specification will be created for ACME Vacations. At the end of this section student will be able to write Swagger/OAI specifications for their own API.

API Management:

1. API management is the process of publishing, documenting and overseeing application programming interfaces (APIs) in a secure, scalable environment. Lectures in this section cover the details of the following activities that an API provider carry out within the scope of API management.
2. Lifecycle management
3. Developer productivity
4. Developer portal
5. Security
6. Traffic management
7. Analytics
8. Productization
9. Monetization (API Economy)
10. APIgee, IBM API Connect & Mulesoft platforms will be used for demonstrating the various API management aspects discussed in the lectures. Students are encouraged to try out these platforms on their own to get a good feel of what API management platforms bring to table. The three platforms offer a free trial version that can be used for testing.

Setting the stage:

1. Introduction to the Author and the Course
2. Summary decks download link for the course
3. ACME Travels - Case study
4. Tools for Design, Development,Testing and Management or REST API
5. Crash course on MongoLabs

Evolution of RESTful services:

1. What is an API
2. Evolution of REST/JSON API
3. Introduction to RESTful API
4. API 101
5. Private, Public and Partner API

REST API Architectural Constraints:

1. Introduction to REST Architecture Constraints
2. REST API Architectural Constraint - Client Server
3. REST API Architectural Constraint - Uniform Interface
4. REST API Architectural Constraint - Statelessness
5. REST API Architectural Constraint - Caching
6. REST API Architectural Constraint - Layered System
7. REST API Architectural Constraint - Code On Demand
8. Richardson Maturity Model for REST API
9. REST API Architectural Constraints

Designing the REST API:

1. API Value Chain
2. Practices for Resource Names, Actions & Associations
3. Implementing REST API CRUD operations
4. Walkthrough: Creating a Vacations API in Node JS
5. REST API Error Handling Practices
6. Implement REST API
7. Walkthrough: Implementation of error handling for POST API
8. REST API Error Handling
9. Handling changes to API
10. Versioning the API
11. API Caching (1 of 2) Concepts & Design decisions
12. API Caching (2 of 2) Cache Control Directive
13. Demo - API Caching using Cache-Control Directives
14. API Caching
15. Building support for Partial Responses
16. Building support for Pagination
17. Building support for Partial Responses & Pagination

REST API Security:

1. REST API Security - Introduction
2. Securing API with Basic Authentication
3. API Basic Authentication
4. Securing API with Tokens & JWT
5. API Token based Authentication & JWT
6. Securing API with API Key & Secret
7. API Keys and Secret
8. API Authorization using OAuth2.0
9. API Authorization OAuth2.0
10. API Security - Functional Attack

REST API Specifications using Swagger 2.0 / OAI:

1. Requirements Analysis Process & Intro to REST Specifications
2. REST API Specifications
3. Swagger/OAI Specifications Walkthrough
4. Introduction to Swagger/OAI specifications
5. Swagger/OAI Specifications, Part 1 of 3
6. Structure & Elements of Swagger/OAI specifications
7. Swagger/OAI Specifications, Part 2 of 3
8. Structure & Elements of Swagger/OAI specifications (2/3)
9. Swagger/OAI Specifications, Part 3 of 3
10. Structure & Elements of Swagger/OAI specifications (3/3)

API Management:

1. Introduction to API Management
2. API Lifecycle & Developer Productivity
3. API Developer Portal
4. API Security Management
5. API Traffic Management
6. API Analytics
7. API Product and API Monetization