REST API Integration Considerations

PayM8 Tech EdAPI Integration Considerations

Why this session?

• Go through Web API as a integration technology

• Get face to face feedback and initiate dialog on integration• What would you as integrators like to see in our API’s• Discuss best practices and integration strategies

• Get our hands dirty with integration with lab session were we will try out REST Services and play Rock Paper Scissors against each other.

Integration Strategy

Integration TechnologiesSecurity

Versioning

Automatic Documentation

Structure

Error Handling

Tools

Integration Technologies

Web Services

Web API

Sockets / SFTP / Message Queues

Google Trends

SOAP vs. REST

Advantages

Disadvantages

• More out of the box protocol support (TCP, HTTP, etc.)

• Security and Authorization is part of the protocol

• Fully contractible using WSDL

• Open Web / OCP Friendly• Simple in design• Easily return multiple formats (XML,

JSON, etc.)

• Need to build in Security• Out of the box support for HTTP

only

• Uses more bandwidth for meta data than REST over JSON

• More complex from scripting languages

REST Resources

Resource

POST GET PUT DELETE PATCH

Single api/dogs/{dog} api/dogs/{id} api/dogs/{id}Body {dog}

api/dogs/{id} api/dogs/{id}Body {dog}

List api/dogsBody [{dog},{dog}]

api/dogs api/dogsBody [{dog},{dog}]

api/dogs api/dogsBody [{dog},{dog}]

Hide complexity behind ? with optional parameters:

GET api/v01/dogs?name={name}&breed={breed}

• Expose Resources not Services (E.g. Noun not verb)• Pluralized names in Lower Camel Case• Resources exposed in CRUD for single and list

Integration ToolsPostman

SOAPUI

Automatic Documentation

Web API Help Page

Swagger

Versioning

HeaderURL

ParameterCustom Header / Accept Header Not suggested

http://domain/api/sample/dogs

http://domain/api/v01/dogs

http://domain/api/v02/dogsBackwards compatible last 2x versions

Error Handling

• Standard Response Object• Using specific applicable HTTP result codes• Tokenized Error Handling

Code Description

200 OK / Success

400 Bad Request

401 Un Authorized

404 Not Found

405 *(REST) Method Not Allowed

500 Internal Server Error

Security

OAuthBasic Auth

Digest AuthOpen standard for authorization

Commonly used against Google/Facebook Username Password (Base64 encoded)Username Password (Nonce Hashed)

2048 TLS thawte encryption

*For non public integration Services/API’s IP whitelisting will be considered

Q & A

Pre Lab BriefingPayM8 Developer Team (Ask us question, flag us if you have any problems or feel free to just talk about tech)

• Get connected against Wireless (AlwaysOn – And register) *Limited to 100mb• Group into teams (4-6 people) and choose a Team Name• Get development environment right (.NET, PHP, Java) or ask for VM

• Get the Rock Paper Source Code (https://github.com/lost441/RockPapaer)• Get the right consumer running (.NET, PHP or JAVA)

Kempen Marius David Mpho Lindile Ewald

Rock Paper Scissors Briefing

1. Every team should have a working API consumer (.NET, PHP or JAVA)

2. By default the consumer will play random hand, this need to be changed to do the following• Call game history (rounds) – Use this to seed you play hand logic• Remove random hand play and implement a custom algorithm to

choose a hand to play

3. Play against each other in elimination rounds to find the best team