Intro to Rest API`s

Representational State Transfer API’s is a style for designing web services as they increasingly being used by a wide range of customers.
To be conversant with Rest API’s one must understand how HTTP API’s are deconstructed:
How the HTTP API’s request are deconstructed :
a.) Verbs -GET which request a resource
-POST which creates a resource
-PUT which updates a resource
-PATCH which updates a partial resource
b.) Headers – Content type – which contains the format
– Content length – which contains the size of the
content
– Authorization – who is making the calls
-Accept- what type(s) can accept
c.) Content – the content concerning the request
d.) Cookies – which contain the passenger data in the request

How the HTTP API’s response are deconstructed :
a.) Status Codes – the operational status codes.
b.) Headers – which contain the content type , content length , expires and cookies .
c.) Content – the content concerning the response

DESIGNING Rest API’s
Design it first before writing code as fixing an API after publishing it is not that recommended thought its possible.
Designing an API means designing it all not just the URI (UNIFORM RESOURCE IDENTIFIER)
API should be based on simple URI’S that are understandable.

Design principles include:

1. Use nouns instead of verbs in endpoint paths
2. Allow API to filter , order and paginate data
3. Versioning the REST API.
4. Accept and respond with json.
5. Error handling should be tackled.
6. Using caching should also be welcomed.

*Designing Results *
a.) Member Names -Should not expose server details such as ruby ,
javascript etc
-Prefer camelCasing
-Be consistent
b.) Hypermedia – Allow results to be self describing
-Allow pragmatic results
-Adds complexity

ASSOCIATION – making your API more intuitive for developers to
use.
PAGING – important aspect in which you must plan for it.
Cross Origin Request – it occurs when a web page on a domain
request on a web resource hosted on

another domain:
a.)Browser request access
b.)Server replies with rules
c.)Browser issues with CORS HEADERS
Error handling – handling errors is not all about the status
codes.
-One should communicate errors in your response.
-How do you help users to recover.

  **VERSIONING YOUR API**

Enter fullscreen mode Exit fullscreen mode

• Is simply the act of creating and maintaining multiple versions of an API to support updates over time as developers can fix bugs and even maintain it.

Ways of versioning your API.

1. In URI path
2. Query string
3. With headers
4. With accept headers

5. With content headers – most complex

      ## **API AND SECURITY**
   

   -Designing an API without considering security is a big mistake.
   -Be pragmatic with security
   -Security requirements will affect what data you are willing to
   expose

Questions before you secure your API….
-Are you using private or personalized data?
-Are you sending sensitive data and tryin to protect it?
-Are you using credentials of any kind against overuse of your server?

AUTHENTICATION
Is typically the first step in the security process.
It involves verifying the identity of a user by requesting some form of identification, such as a username and password, security token, or biometric data. Once the user’s identity has been confirmed, the system grants the user access to resources or actions that they are authorized to access.
-Typically who are you.
-Information to determine identity for example username and
password
for examples basic Auth , OAuth , Token Auth and cookies

Authorization
Authorization is the process of determining whether a user has the right to access a particular resource or perform a particular action.
Authorization is based on the user’s identity, as determined by the authentication process, as well as any additional information about the user’s role, privileges, or permissions.
Authorization typically involves defining a set of rules or policies that specify which resources or actions are accessible by different types of users, and then enforcing those rules in the system.
-Identify a user and what one can do

Hopefully you now have a better understanding when interacting with REST API’s

Thank you for your time. Do you have any thoughts on the article? Did you enjoy it? Let’s connect, follow me on Twitter @stanleymaina123 , and we’ll talk about it.

原文链接：Intro to Rest API`s