SlideShare ist ein Scribd-Unternehmen logo

RESTful API Design Best Practices Using ASP.NET Web API

💻 Spencer Schneidenbach

Designing and building RESTful APIs isn’t easy. On its surface, it may seem simple – after all, we’re only marshaling JSON back and forth over HTTP right? However, that’s only a small part of the equation. There are many things to keep in mind while building the systems that act as the key to your system. In this session, we’ll delve into several best practices to keep in mind when designing your RESTful API. We’ll discuss authentication, versioning, controller/model design, and testability. We’ll also explore the do’s and don’t’s of RESTful API management so that you make sure your APIs are simple, consistent, and easy-to-use. Finally, we’ll discuss the importance of documentation and change management. The session will show examples using ASP.NET Web API and C#. However, this session will benefit anyone who is or might be working on a RESTful API.

Software
1 von 69
Downloaden Sie, um offline zu lesen
#NeverRest RESTful API Design Best Practices Using ASP.NET Web API Spencer Schneidenbach @schneidenbach
Slides, links, and more at rest.schneids.net @schneidenbach#NeverRest
Why? @schneidenbach#NeverRest
Developers have the power of choice @schneidenbach#NeverRest
Long-term benefits @schneidenbach#NeverRest Go from 0 to “make magic happen” Learn stuff and manage exceptions
Developers have the power of choice @schneidenbach#NeverRest
Developers have an opportunity create something better than the competition @schneidenbach#NeverRest
API Design is UX for Developers @schneidenbach#NeverRest
This quote sums it up nicely If you don’t make usability a priority, you’ll never have to worry about scalability. -Kirsten Hunter @synedra @schneidenbach#NeverRest
Some common themes @schneidenbach#NeverRest
@schneidenbach#NeverRest
Simple != Easy @schneidenbach#NeverRest
There’s No Silver Bullet @schneidenbach#NeverRest
What is REST? Representational State Transfer @schneidenbach#NeverRest
Uniform Interface Code on Demand (optional) Layered StatelessCacheableClient-Server The Six Constraints of REST @schneidenbach#NeverRest
Resource identification Uniform Interface constraint Content-Type: application/json Resource manipulation with representations Self-descriptive Hypermedia as the engine of application state (HATEOAS) GET /employees/1234 PUT /employees/1234 @schneidenbach#NeverRest
What is a RESTful API? RESTful API == an API that follows REST architecture Term has been sort of co-opted REST != JSON REST != HTTP Lots of people say “REST API” when they really mean HTTP JSON API @schneidenbach#NeverRest
Pragmatic REST RESTful API != Good API @schneidenbach#NeverRest
Do what makes sense. Throw out the rest. Is that vague enough for you? @schneidenbach#NeverRest
MaintainDocument ImplementDesign API Design Process @schneidenbach#NeverRest
Designing your RESTful API I HAVE ONE RULE… okay I actually have two rules @schneidenbach#NeverRest
(or, Keep it Simple, Stupid) @schneidenbach#NeverRest
KISS Don’t be creative. Provide what is necessary – no more, no less. Use a handful of HTTP status codes. @schneidenbach#NeverRest
403 Forbidden (aka you can’t do that) 401 Unauthorized (aka not authenticated) 404 Not Found 400 Bad Request201 Created200 OK Good HTTP Codes @schneidenbach#NeverRest
KISS { "id": 1234, "active": true, "nameId": 345 } { "id": 345, "name": "Acme" } Customer API Name API GET /customers/1234 GET /names/345 @schneidenbach#NeverRest
KISS That’s TWO REQUESTS per GET That’s TWO REQUESTS per POST What’s the point? @schneidenbach#NeverRest
Don’t let your specific implementations leak if they are hard to use or understand. @schneidenbach#NeverRest
KISS { "id": 1234, "active": true, "name": "Acme" } Customer API GET /customers/1234 @schneidenbach#NeverRest
KISS Theory Annex Threshold Lilia @schneidenbach#NeverRest
KISS Inactive Deleted Visible Retired @schneidenbach#NeverRest
Second big rule – Be Consistent Be consistent with accepted best practices. Be consistent with yourself. @schneidenbach#NeverRest
PATCHDELETE POSTPUTGET Understanding verbs Remember consistency! @schneidenbach#NeverRest
Don’t mutate data with GETs. @schneidenbach#NeverRest
Resource identification Nouns vs. verbs Basically, use plural nouns @schneidenbach#NeverRest
{ "invoices": [ { ... }, { ... } ] } GET /customers/1234/invoices GET /customers/1234 ?expand=invoices Within the parent object Sub-resource strategies As a separate request Using an expand parameter Be consistent, but be flexible when it makes sense @schneidenbach#NeverRest
GET considerations Sorting Filtering Paging @schneidenbach#NeverRest
Sorting/Ordering $orderBy=name desc $orderBy=name desc,hireDate @schneidenbach#NeverRest
Filtering $filter=(name eq 'Milk' or name eq 'Eggs') and price lt 2.55 @schneidenbach#NeverRest
Sorting and filtering for free Google “OData web api” @schneidenbach#NeverRest
Paging GET /customers? page=1 & pageSize=1000 { "pageNumber": 1, "results": [...], "nextPage": "/customers?page=2" } Good paging example on my blog: rest.schneids.net @schneidenbach#NeverRest
Do I need to sort/page/filter? Maybe! What do your consumers need? @schneidenbach#NeverRest
Versioning Your APIs should stand a test of time @schneidenbach#NeverRest
Versioning GET /customers Host: contoso.com Accept: application/json X-Api-Version: 1 @schneidenbach#NeverRest POST /customers Host: contoso.com Accept: application/json X-Api-Version: 2.0
Versioning Use URL versioning @schneidenbach#NeverRest GET /v1/customers Host: contoso.com Accept: application/json
Error reporting Errors are going to happen. How will you manage them? @schneidenbach#NeverRest
Error reporting { "name": "Arana Software" } @schneidenbach#NeverRest Requires name and state POST /vendors 400 Bad Request Content-Type: application/json "State is required." { "firstName": "Spencer" } Requires first and last name POST /employees 400 Bad Request Content-Type: application/json { "errorMessage": "Your request was invalid." }
Error reporting @schneidenbach#NeverRest
Error reporting Make finding and fixing errors as easy on your consumer as possible. @schneidenbach#NeverRest
AuthenticationEncryption Security @schneidenbach#NeverRest
Use SSL. Don’t roll your own encryption. Pick an auth strategy that isn’t Basic. @schneidenbach#NeverRest Security
Ok, time for some code examples and practical advise @schneidenbach#NeverRest
@schneidenbach#NeverRest Controller Anatomy
@schneidenbach#NeverRest
@schneidenbach#NeverRest
@schneidenbach#NeverRest
Use DTOs/per-request objects @schneidenbach#NeverRest
Separation of concerns @schneidenbach#NeverRest
@schneidenbach#NeverRest
@schneidenbach#NeverRest
Separation of concerns @schneidenbach#NeverRest Controllers should know “where,” not ”how.”
@schneidenbach#NeverRest
Validation @schneidenbach#NeverRest
Validation Validate. Validate. Validate. @schneidenbach#NeverRest Separate validation logic from object. Google Fluent Validation
Controller Good Architecture Request Handler/ServiceValidator Enforce separation of concerns for maintainability and testability. Google MediatR
Gotchas/ErrorsFormatting SchemaParametersEndpoints Documentation @schneidenbach#NeverRest
Documentation A good API lives and dies by its documentation. (you should tweet that out) @schneidenbach#NeverRest
Maintaining your API Vendor: “Hey, we’ve made some under-the-cover changes to our endpoint. It shouldn’t impact you, but let us know if it breaks something.” Us: ”Okay. Can you release it to test first so we can run our integration tests against the endpoint and make sure everything works?” Vendor: ”Well, actually we need it ASAP, so we’re releasing to prod in an hour.” @schneidenbach#NeverRest
Maintaining your API Fix bugs and optimize. Don’t introduce breaking changes like removing properties. @schneidenbach#NeverRest
Thank you! Slides, resources at rest.schneids.net schneids.net @schneidenbach

Empfohlen

API Design- Best Practices
API Design- Best PracticesAPI Design- Best Practices
API Design- Best PracticesPrakash Bhandari
 
API Management within a Microservice Architecture
API Management within a Microservice ArchitectureAPI Management within a Microservice Architecture
API Management within a Microservice ArchitectureWSO2
 
Rest api standards and best practices
Rest api standards and best practicesRest api standards and best practices
Rest api standards and best practicesAnkita Mahajan
 
Introduction to Swagger
Introduction to SwaggerIntroduction to Swagger
Introduction to SwaggerKnoldus Inc.
 
API Testing for everyone.pptx
API Testing for everyone.pptxAPI Testing for everyone.pptx
API Testing for everyone.pptxPricilla Bilavendran
 
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecAdam Paxton
 
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaTech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaNexus FrontierTech
 
Overview of API Management Architectures
Overview of API Management ArchitecturesOverview of API Management Architectures
Overview of API Management ArchitecturesNordic APIs
 

Weitere ähnliche Inhalte

Was ist angesagt?

Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeEmre Dündar
 
API Best Practices
API Best PracticesAPI Best Practices
API Best PracticesSai Koppala
 
How to Automate API Testing
How to Automate API TestingHow to Automate API Testing
How to Automate API TestingBruno Pedro
 
Introducing Swagger
Introducing SwaggerIntroducing Swagger
Introducing SwaggerTony Tam
 
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...apidays
 
REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & DevelopmentAshok Pundit
 
API Management Within a Microservices Architecture
API Management Within a Microservices Architecture API Management Within a Microservices Architecture
API Management Within a Microservices Architecture Nadeesha Gamage
 
Reducing Microservice Complexity with Kafka and Reactive Streams
Reducing Microservice Complexity with Kafka and Reactive StreamsReducing Microservice Complexity with Kafka and Reactive Streams
Reducing Microservice Complexity with Kafka and Reactive Streamsjimriecken
 
OpenAPI 3.0, And What It Means for the Future of Swagger
OpenAPI 3.0, And What It Means for the Future of SwaggerOpenAPI 3.0, And What It Means for the Future of Swagger
OpenAPI 3.0, And What It Means for the Future of SwaggerSmartBear
 
Swagger / Quick Start Guide
Swagger / Quick Start GuideSwagger / Quick Start Guide
Swagger / Quick Start GuideAndrii Gakhov
 
The never-ending REST API design debate
The never-ending REST API design debateThe never-ending REST API design debate
The never-ending REST API design debateRestlet
 
API Testing Presentations.pptx
API Testing Presentations.pptxAPI Testing Presentations.pptx
API Testing Presentations.pptxManmitSalunke
 
API Description Languages
API Description LanguagesAPI Description Languages
API Description LanguagesAkana
 

Was ist angesagt? (20)

API Docs with OpenAPI 3.0
API Docs with OpenAPI 3.0API Docs with OpenAPI 3.0
API Docs with OpenAPI 3.0
 
Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQube
 
API Best Practices
API Best PracticesAPI Best Practices
API Best Practices
 
How to Automate API Testing
How to Automate API TestingHow to Automate API Testing
How to Automate API Testing
 
Introducing Swagger
Introducing SwaggerIntroducing Swagger
Introducing Swagger
 
MongoDB and Node.js
MongoDB and Node.jsMongoDB and Node.js
MongoDB and Node.js
 
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
 
REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & Development
 
API Management Within a Microservices Architecture
API Management Within a Microservices Architecture API Management Within a Microservices Architecture
API Management Within a Microservices Architecture
 
Swagger
SwaggerSwagger
Swagger
 
Reducing Microservice Complexity with Kafka and Reactive Streams
Reducing Microservice Complexity with Kafka and Reactive StreamsReducing Microservice Complexity with Kafka and Reactive Streams
Reducing Microservice Complexity with Kafka and Reactive Streams
 
SonarQube Overview
SonarQube OverviewSonarQube Overview
SonarQube Overview
 
OpenAPI 3.0, And What It Means for the Future of Swagger
OpenAPI 3.0, And What It Means for the Future of SwaggerOpenAPI 3.0, And What It Means for the Future of Swagger
OpenAPI 3.0, And What It Means for the Future of Swagger
 
Swagger / Quick Start Guide
Swagger / Quick Start GuideSwagger / Quick Start Guide
Swagger / Quick Start Guide
 
Belajar Postman test runner
Belajar Postman test runnerBelajar Postman test runner
Belajar Postman test runner
 
The never-ending REST API design debate
The never-ending REST API design debateThe never-ending REST API design debate
The never-ending REST API design debate
 
API Testing Presentations.pptx
API Testing Presentations.pptxAPI Testing Presentations.pptx
API Testing Presentations.pptx
 
Swagger UI
Swagger UISwagger UI
Swagger UI
 
API Description Languages
API Description LanguagesAPI Description Languages
API Description Languages
 
API Management
API ManagementAPI Management
API Management
 

Andere mochten auch

Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Mario Cardinal
 
REST and ASP.NET Web API (Tunisia)
REST and ASP.NET Web API (Tunisia)REST and ASP.NET Web API (Tunisia)
REST and ASP.NET Web API (Tunisia)Jef Claes
 
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009Cesare Pautasso
 
The never-ending REST API design debate -- Devoxx France 2016
The never-ending REST API design debate -- Devoxx France 2016The never-ending REST API design debate -- Devoxx France 2016
The never-ending REST API design debate -- Devoxx France 2016Restlet
 
The ASP.NET Web API for Beginners
The ASP.NET Web API for BeginnersThe ASP.NET Web API for Beginners
The ASP.NET Web API for BeginnersKevin Hazzard
 
REST: From GET to HATEOAS
REST: From GET to HATEOASREST: From GET to HATEOAS
REST: From GET to HATEOASJos Dirksen
 
C# ASP.NET WEB API APPLICATION DEVELOPMENT
C# ASP.NET WEB API APPLICATION DEVELOPMENTC# ASP.NET WEB API APPLICATION DEVELOPMENT
C# ASP.NET WEB API APPLICATION DEVELOPMENTDr. Awase Khirni Syed
 
Rest API Security
Rest API SecurityRest API Security
Rest API SecurityStormpath
 
Understanding REST
Understanding RESTUnderstanding REST
Understanding RESTNitin Pande
 
Design Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIsDesign Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIsStormpath
 
Best practices for RESTful web service design
Best practices for RESTful web service designBest practices for RESTful web service design
Best practices for RESTful web service designRamin Orujov
 
Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Stormpath
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management
 
[S lide] java_sig-spring-framework
[S lide] java_sig-spring-framework[S lide] java_sig-spring-framework
[S lide] java_sig-spring-frameworkptlong96
 

Andere mochten auch (20)

Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.
 
RESTful API Design, Second Edition
RESTful API Design, Second EditionRESTful API Design, Second Edition
RESTful API Design, Second Edition
 
REST and ASP.NET Web API (Tunisia)
REST and ASP.NET Web API (Tunisia)REST and ASP.NET Web API (Tunisia)
REST and ASP.NET Web API (Tunisia)
 
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
Some REST Design Patterns (and Anti-Patterns) - SOA Symposium 2009
 
Enterprise REST
Enterprise RESTEnterprise REST
Enterprise REST
 
The never-ending REST API design debate -- Devoxx France 2016
The never-ending REST API design debate -- Devoxx France 2016The never-ending REST API design debate -- Devoxx France 2016
The never-ending REST API design debate -- Devoxx France 2016
 
The ASP.NET Web API for Beginners
The ASP.NET Web API for BeginnersThe ASP.NET Web API for Beginners
The ASP.NET Web API for Beginners
 
REST: From GET to HATEOAS
REST: From GET to HATEOASREST: From GET to HATEOAS
REST: From GET to HATEOAS
 
ASP.NET WEB API
ASP.NET WEB APIASP.NET WEB API
ASP.NET WEB API
 
C# ASP.NET WEB API APPLICATION DEVELOPMENT
C# ASP.NET WEB API APPLICATION DEVELOPMENTC# ASP.NET WEB API APPLICATION DEVELOPMENT
C# ASP.NET WEB API APPLICATION DEVELOPMENT
 
Rest API Security
Rest API SecurityRest API Security
Rest API Security
 
Understanding REST
Understanding RESTUnderstanding REST
Understanding REST
 
REST & RESTful Web Services
REST & RESTful Web ServicesREST & RESTful Web Services
REST & RESTful Web Services
 
RESTful Web Services
RESTful Web ServicesRESTful Web Services
RESTful Web Services
 
Design Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIsDesign Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIs
 
Best practices for RESTful web service design
Best practices for RESTful web service designBest practices for RESTful web service design
Best practices for RESTful web service design
 
Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
 
ASP.NET Web API
ASP.NET Web APIASP.NET Web API
ASP.NET Web API
 
[S lide] java_sig-spring-framework
[S lide] java_sig-spring-framework[S lide] java_sig-spring-framework
[S lide] java_sig-spring-framework
 

Ähnlich wie RESTful API Design Best Practices Using ASP.NET Web API

API Description Languages
API Description LanguagesAPI Description Languages
API Description LanguagesAkana
 
API 101 - Understanding APIs
API 101 - Understanding APIsAPI 101 - Understanding APIs
API 101 - Understanding APIs3scale
 
API 101 - Understanding APIs.
API 101 - Understanding APIs.API 101 - Understanding APIs.
API 101 - Understanding APIs.Kirsten Hunter
 
Documenting Your API
Documenting Your APIDocumenting Your API
Documenting Your APIMailjet
 
"Design and Test First"-Workflow für REST APIs
"Design and Test First"-Workflow für REST APIs"Design and Test First"-Workflow für REST APIs
"Design and Test First"-Workflow für REST APIsMarkus Decke
 
Web Server Application Logs LTEC2013
Web Server Application Logs LTEC2013Web Server Application Logs LTEC2013
Web Server Application Logs LTEC2013Michal Špaček
 
API 101 Workshop from APIStrat Conference
API 101 Workshop from APIStrat ConferenceAPI 101 Workshop from APIStrat Conference
API 101 Workshop from APIStrat ConferenceKirsten Hunter
 
Punta Dreamin 17 Generic Apex and Tooling Api
Punta Dreamin 17 Generic Apex and Tooling ApiPunta Dreamin 17 Generic Apex and Tooling Api
Punta Dreamin 17 Generic Apex and Tooling ApiAdam Olshansky
 
API's - Successes to Replicate. Pitfalls to Avoid.
API's - Successes to Replicate. Pitfalls to Avoid.API's - Successes to Replicate. Pitfalls to Avoid.
API's - Successes to Replicate. Pitfalls to Avoid.Inman News
 
API101 Workshop - APIStrat Amsterdam 2014
API101 Workshop - APIStrat Amsterdam 2014API101 Workshop - APIStrat Amsterdam 2014
API101 Workshop - APIStrat Amsterdam 20143scale
 
API's - Successes to Replicate. Pitfalls to Avoid.
API's - Successes to Replicate. Pitfalls to Avoid.API's - Successes to Replicate. Pitfalls to Avoid.
API's - Successes to Replicate. Pitfalls to Avoid.Peter Goldey
 
APIdays Paris 2019 - API Descriptions as Product Code by Phil Sturgeon, Stopl...
APIdays Paris 2019 - API Descriptions as Product Code by Phil Sturgeon, Stopl...APIdays Paris 2019 - API Descriptions as Product Code by Phil Sturgeon, Stopl...
APIdays Paris 2019 - API Descriptions as Product Code by Phil Sturgeon, Stopl...apidays
 
BDD to the Bone: Using Behave and Selenium to Test-Drive Web Applications
BDD to the Bone: Using Behave and Selenium to Test-Drive Web ApplicationsBDD to the Bone: Using Behave and Selenium to Test-Drive Web Applications
BDD to the Bone: Using Behave and Selenium to Test-Drive Web ApplicationsPatrick Viafore
 
Liferay as a headless platform
Liferay as a headless platform Liferay as a headless platform
Liferay as a headless platform Jorge Ferrer
 
Scaling Machine Learning Systems up to Billions of Predictions per Day
Scaling Machine Learning Systems up to Billions of Predictions per DayScaling Machine Learning Systems up to Billions of Predictions per Day
Scaling Machine Learning Systems up to Billions of Predictions per DayCarmine Paolino
 
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...OWASP Kyiv
 
Look, Ma! No servers! Serverless application development with MongoDB Stitch
Look, Ma! No servers! Serverless application development with MongoDB StitchLook, Ma! No servers! Serverless application development with MongoDB Stitch
Look, Ma! No servers! Serverless application development with MongoDB StitchLauren Hayward Schaefer
 
Ibm_interconnect_restapi_workshop
Ibm_interconnect_restapi_workshopIbm_interconnect_restapi_workshop
Ibm_interconnect_restapi_workshopShubhra Kar
 
MongoDB World 2019: Look, Ma, No Servers! Serverless Application Development ...
MongoDB World 2019: Look, Ma, No Servers! Serverless Application Development ...MongoDB World 2019: Look, Ma, No Servers! Serverless Application Development ...
MongoDB World 2019: Look, Ma, No Servers! Serverless Application Development ...MongoDB
 
Serhat Can- 4 keytakeaways from running serverless on production for 4 years
Serhat Can- 4 keytakeaways from running serverless on production for 4 yearsSerhat Can- 4 keytakeaways from running serverless on production for 4 years
Serhat Can- 4 keytakeaways from running serverless on production for 4 yearsAWSCOMSUM
 

Ähnlich wie RESTful API Design Best Practices Using ASP.NET Web API (20)

API Description Languages
API Description LanguagesAPI Description Languages
API Description Languages
 
API 101 - Understanding APIs
API 101 - Understanding APIsAPI 101 - Understanding APIs
API 101 - Understanding APIs
 
API 101 - Understanding APIs.
API 101 - Understanding APIs.API 101 - Understanding APIs.
API 101 - Understanding APIs.
 
Documenting Your API
Documenting Your APIDocumenting Your API
Documenting Your API
 
"Design and Test First"-Workflow für REST APIs
"Design and Test First"-Workflow für REST APIs"Design and Test First"-Workflow für REST APIs
"Design and Test First"-Workflow für REST APIs
 
Web Server Application Logs LTEC2013
Web Server Application Logs LTEC2013Web Server Application Logs LTEC2013
Web Server Application Logs LTEC2013
 
API 101 Workshop from APIStrat Conference
API 101 Workshop from APIStrat ConferenceAPI 101 Workshop from APIStrat Conference
API 101 Workshop from APIStrat Conference
 
Punta Dreamin 17 Generic Apex and Tooling Api
Punta Dreamin 17 Generic Apex and Tooling ApiPunta Dreamin 17 Generic Apex and Tooling Api
Punta Dreamin 17 Generic Apex and Tooling Api
 
API's - Successes to Replicate. Pitfalls to Avoid.
API's - Successes to Replicate. Pitfalls to Avoid.API's - Successes to Replicate. Pitfalls to Avoid.
API's - Successes to Replicate. Pitfalls to Avoid.
 
API101 Workshop - APIStrat Amsterdam 2014
API101 Workshop - APIStrat Amsterdam 2014API101 Workshop - APIStrat Amsterdam 2014
API101 Workshop - APIStrat Amsterdam 2014
 
API's - Successes to Replicate. Pitfalls to Avoid.
API's - Successes to Replicate. Pitfalls to Avoid.API's - Successes to Replicate. Pitfalls to Avoid.
API's - Successes to Replicate. Pitfalls to Avoid.
 
APIdays Paris 2019 - API Descriptions as Product Code by Phil Sturgeon, Stopl...
APIdays Paris 2019 - API Descriptions as Product Code by Phil Sturgeon, Stopl...APIdays Paris 2019 - API Descriptions as Product Code by Phil Sturgeon, Stopl...
APIdays Paris 2019 - API Descriptions as Product Code by Phil Sturgeon, Stopl...
 
BDD to the Bone: Using Behave and Selenium to Test-Drive Web Applications
BDD to the Bone: Using Behave and Selenium to Test-Drive Web ApplicationsBDD to the Bone: Using Behave and Selenium to Test-Drive Web Applications
BDD to the Bone: Using Behave and Selenium to Test-Drive Web Applications
 
Liferay as a headless platform
Liferay as a headless platform Liferay as a headless platform
Liferay as a headless platform
 
Scaling Machine Learning Systems up to Billions of Predictions per Day
Scaling Machine Learning Systems up to Billions of Predictions per DayScaling Machine Learning Systems up to Billions of Predictions per Day
Scaling Machine Learning Systems up to Billions of Predictions per Day
 
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
 
Look, Ma! No servers! Serverless application development with MongoDB Stitch
Look, Ma! No servers! Serverless application development with MongoDB StitchLook, Ma! No servers! Serverless application development with MongoDB Stitch
Look, Ma! No servers! Serverless application development with MongoDB Stitch
 
Ibm_interconnect_restapi_workshop
Ibm_interconnect_restapi_workshopIbm_interconnect_restapi_workshop
Ibm_interconnect_restapi_workshop
 
MongoDB World 2019: Look, Ma, No Servers! Serverless Application Development ...
MongoDB World 2019: Look, Ma, No Servers! Serverless Application Development ...MongoDB World 2019: Look, Ma, No Servers! Serverless Application Development ...
MongoDB World 2019: Look, Ma, No Servers! Serverless Application Development ...
 
Serhat Can- 4 keytakeaways from running serverless on production for 4 years
Serhat Can- 4 keytakeaways from running serverless on production for 4 yearsSerhat Can- 4 keytakeaways from running serverless on production for 4 years
Serhat Can- 4 keytakeaways from running serverless on production for 4 years
 

Kürzlich hochgeladen

The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...
The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...
The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...kalichargn70th171
 
Best Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITBest Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITmanoharjgpsolutions
 
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfEnhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfRTS corp
 
Understanding Plagiarism: Causes, Consequences and Prevention.pptx
Understanding Plagiarism: Causes, Consequences and Prevention.pptxUnderstanding Plagiarism: Causes, Consequences and Prevention.pptx
Understanding Plagiarism: Causes, Consequences and Prevention.pptxSasikiranMarri
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogueitservices996
 
Key Steps in Agile Software Delivery Roadmap
Key Steps in Agile Software Delivery RoadmapKey Steps in Agile Software Delivery Roadmap
Key Steps in Agile Software Delivery RoadmapIshara Amarasekera
 
Effort Estimation Techniques used in Software Projects
Effort Estimation Techniques used in Software ProjectsEffort Estimation Techniques used in Software Projects
Effort Estimation Techniques used in Software ProjectsDEEPRAJ PATHAK
 
Effectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorEffectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorTier1 app
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptxVinzoCenzo
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...OnePlan Solutions
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesVictoriaMetrics
 
eSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration toolseSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration toolsosttopstonverter
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfmaor17
 
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdfAndrey Devyatkin
 
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...Bert Jan Schrijver
 
Advantages of Cargo Cloud Solutions.pptx
Advantages of Cargo Cloud Solutions.pptxAdvantages of Cargo Cloud Solutions.pptx
Advantages of Cargo Cloud Solutions.pptxRTS corp
 
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jGraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jNeo4j
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldRoberto Pérez Alcolea
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shardsChristopher Curtin
 

Kürzlich hochgeladen (20)

The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...
The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...
The Ultimate Guide to Performance Testing in Low-Code, No-Code Environments (...
 
Best Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITBest Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh IT
 
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfEnhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
 
Understanding Plagiarism: Causes, Consequences and Prevention.pptx
Understanding Plagiarism: Causes, Consequences and Prevention.pptxUnderstanding Plagiarism: Causes, Consequences and Prevention.pptx
Understanding Plagiarism: Causes, Consequences and Prevention.pptx
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogue
 
Key Steps in Agile Software Delivery Roadmap
Key Steps in Agile Software Delivery RoadmapKey Steps in Agile Software Delivery Roadmap
Key Steps in Agile Software Delivery Roadmap
 
Effort Estimation Techniques used in Software Projects
Effort Estimation Techniques used in Software ProjectsEffort Estimation Techniques used in Software Projects
Effort Estimation Techniques used in Software Projects
 
Effectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorEffectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryError
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptx
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 Updates
 
eSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration toolseSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration tools
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdf
 
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
 
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
JavaLand 2024 - Going serverless with Quarkus GraalVM native images and AWS L...
 
Advantages of Cargo Cloud Solutions.pptx
Advantages of Cargo Cloud Solutions.pptxAdvantages of Cargo Cloud Solutions.pptx
Advantages of Cargo Cloud Solutions.pptx
 
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jGraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository world
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards
 

RESTful API Design Best Practices Using ASP.NET Web API

Hinweis der Redaktion

  1. As an integrator, I see a lot of APIs that are good. I see far more that are bad. I’ve seen good SOAP APIs and bad ”REST” APIs.
  2. Developers have the ultimate power – the power to choose. The power to influence. When you need to use a service, you want that service to be consistent, easy to use, and well-documented, among other things.
  3. Developers have the ultimate power – the power to choose. The power to influence. When you need to use a service, you want that service to be consistent, easy to use, and well-documented, among other things.
  4. Developers have the ultimate power – the power to choose. The power to influence. When you need to use a service, you want that service to be consistent, easy to use, and well-documented, among other things.
  5. Think about the business you’re in. Think about the services your business could provide to external consumers if you have an API. Now think about your competition. A good API can means the difference between a lead and a customer.
  6. Think about the business you’re in. Think about the services your business could provide to external consumers if you have an API. Now think about your competition. A good API can means the difference between a lead and a customer.
  7. Simple means simple for your users. Think about the effort put into creating a user interface that’s easy to use. Making it easy for developers to consume your API is not a trivial task. Requires lots of thinking, research, and design. Not to mention good documentation!
  8. There’s no silver bullet, or one answer, to your API problems. Sometimes you’re limited by scalability.
  9. It’s the architecture of the web
  10. Error codes/API structure/HTTP principles (GET vs POST)
  11. Error codes/API structure/HTTP principles (GET vs POST)
  12. Note that I said A test of time, not THE test of time. An API should be built with some kind of lifecycle in mind. You will end up rewriting it later and
  13. Encryption – use SSL, don’t roll your own (tell story about substitution cypher) Authentication – talk about Basic vs OAuth
  14. Error codes/API structure/HTTP principles (GET vs POST)
  15. Controllers should know who needs to do something, not how to do it Maintains a separation of concerns Much more broken down and testable
  16. Controllers should know who needs to do something, not how to do it Maintains a separation of concerns Much more broken down and testable
  17. Controllers should know who needs to do something, not how to do it Maintains a separation of concerns Much more broken down and testable
  18. Controllers should know who needs to do something, not how to do it Maintains a separation of concerns Much more broken down and testable
  19. Error codes/API structure/HTTP principles (GET vs POST)
  20. Great resource: https://github.com/Microsoft/api-guidelines/blob/master/Guidelines.md