Top Banner
#NeverRest RESTful API Design Best Practices Using ASP.NET Web API Spencer Schneidenbach @schneidenbach
69

RESTful API Design Best Practices Using ASP.NET Web API

Feb 11, 2017

Download

Software

Spencer Schneidenbach
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: RESTful API Design Best Practices Using ASP.NET Web API

#NeverRestRESTful API Design Best

PracticesUsing ASP.NET Web API

Spencer Schneidenbach

@schneidenbach

Page 2: RESTful API Design Best Practices Using ASP.NET Web API

Slides, links, and more at rest.schneids.net

@schneidenbach#NeverRest

http://rest.schneids.net/
Page 3: RESTful API Design Best Practices Using ASP.NET Web API

Why?@schneidenbach#NeverRest

Page 4: RESTful API Design Best Practices Using ASP.NET Web API

Developers have the power of choice

@schneidenbach#NeverRest

Page 5: RESTful API Design Best Practices Using ASP.NET Web API

Long-term benefits

@schneidenbach#NeverRest

Go from 0 to “make magic happen”

Learn stuff and manage exceptions

Page 6: RESTful API Design Best Practices Using ASP.NET Web API

Developers have the power of choice

@schneidenbach#NeverRest

Page 7: RESTful API Design Best Practices Using ASP.NET Web API

Developers have an opportunity create something better than the

competition

@schneidenbach#NeverRest

Page 8: RESTful API Design Best Practices Using ASP.NET Web API

API Design is UX for Developers

@schneidenbach#NeverRest

Page 9: RESTful API Design Best Practices Using ASP.NET Web API

This quote sums it up nicely

If you don’t make usability a priority, you’ll never have to worry about scalability.

-Kirsten Hunter @synedra

@schneidenbach#NeverRest

Page 10: RESTful API Design Best Practices Using ASP.NET Web API

Some common themes

@schneidenbach#NeverRest

Page 11: RESTful API Design Best Practices Using ASP.NET Web API

@schneidenbach#NeverRest

Page 12: RESTful API Design Best Practices Using ASP.NET Web API

Simple != Easy

@schneidenbach#NeverRest

Page 13: RESTful API Design Best Practices Using ASP.NET Web API

There’s No Silver Bullet

@schneidenbach#NeverRest

Page 14: RESTful API Design Best Practices Using ASP.NET Web API

What is REST?

Representational State Transfer

@schneidenbach#NeverRest

Page 15: RESTful API Design Best Practices Using ASP.NET Web API

Uniform InterfaceCode on Demand

(optional)Layered

StatelessCacheableClient-Server

The Six Constraints of REST

@schneidenbach#NeverRest

Page 16: RESTful API Design Best Practices Using ASP.NET Web API

Resource identification

Uniform Interface constraint

Content-Type:

application/json

Resource manipulation with

representations

Self-descriptive Hypermedia as the engine of

application state (HATEOAS)

GET /employees/1234

PUT /employees/1234

@schneidenbach#NeverRest

Page 17: RESTful API Design Best Practices Using ASP.NET Web API

What is a RESTful API?RESTful API == an API that follows REST architecture

Term has been sort of co-opted

REST != JSONREST != HTTP

Lots of people say “REST API” when they really mean HTTP JSON API

@schneidenbach#NeverRest

Page 18: RESTful API Design Best Practices Using ASP.NET Web API

Pragmatic REST

RESTful API != Good API

@schneidenbach#NeverRest

Page 19: RESTful API Design Best Practices Using ASP.NET Web API

Do what makes sense. Throw out the rest.

Is that vague enough for you?

@schneidenbach#NeverRest

Page 20: RESTful API Design Best Practices Using ASP.NET Web API

MaintainDocument

ImplementDesign

API Design Process

@schneidenbach#NeverRest

Page 21: RESTful API Design Best Practices Using ASP.NET Web API

Designing your RESTful APII HAVE ONE RULE… okay I actually have two rules

@schneidenbach#NeverRest

Page 22: RESTful API Design Best Practices Using ASP.NET Web API

KISS(or, Keep it Simple, Stupid)

@schneidenbach#NeverRest

Page 23: RESTful API Design Best Practices Using ASP.NET Web API

KISS

Don’t be creative.

Provide what is necessary – no more, no less.

Use a handful of HTTP status codes.

@schneidenbach#NeverRest

Page 24: RESTful API Design Best Practices Using ASP.NET Web API

403 Forbidden(aka you can’t do that)

401 Unauthorized(aka not authenticated)

404 Not Found

400 Bad Request201 Created200 OK

Good HTTP Codes

@schneidenbach#NeverRest

Page 25: RESTful API Design Best Practices Using ASP.NET Web API

KISS

{ "id": 1234, "active": true, "nameId": 345}

{ "id": 345, "name": "Acme"}

Customer API Name API

GET /customers/1234 GET /names/345

@schneidenbach#NeverRest

Page 26: RESTful API Design Best Practices Using ASP.NET Web API

KISS

That’s TWO REQUESTS per GET

That’s TWO REQUESTS per POST

What’s the point?

@schneidenbach#NeverRest

Page 27: RESTful API Design Best Practices Using ASP.NET Web API

Don’t let your specific implementations leak if they are

hard to use or understand.

@schneidenbach#NeverRest

Page 28: RESTful API Design Best Practices Using ASP.NET Web API

KISS

{ "id": 1234, "active": true, "name": "Acme"}

Customer API

GET /customers/1234

@schneidenbach#NeverRest

Page 29: RESTful API Design Best Practices Using ASP.NET Web API

KISS

TheoryAnnexThresholdLilia

@schneidenbach#NeverRest

Page 30: RESTful API Design Best Practices Using ASP.NET Web API

KISSInactiveDeletedVisibleRetired

@schneidenbach#NeverRest

Page 31: RESTful API Design Best Practices Using ASP.NET Web API

Second big rule – Be Consistent

Be consistent with accepted best practices.

Be consistent with yourself.

@schneidenbach#NeverRest

Page 32: RESTful API Design Best Practices Using ASP.NET Web API

PATCHDELETE

POSTPUTGET

Understanding verbs

Remember consistency!@schneidenbach#NeverRest

Page 33: RESTful API Design Best Practices Using ASP.NET Web API

Don’t mutate data with GETs.

@schneidenbach#NeverRest

Page 34: RESTful API Design Best Practices Using ASP.NET Web API

Resource identificationNouns vs. verbs

Basically, use plural nouns

@schneidenbach#NeverRest

Page 35: RESTful API Design Best Practices Using ASP.NET Web API

{ "invoices": [ { ... }, { ... } ]}

GET /customers/1234/invoic

es

GET /customers/1234?expand=invoices

Within the parent object

Sub-resource strategies

As a separate request Using an expand parameter

Be consistent, but be flexible when it makes sense

@schneidenbach#NeverRest

Page 36: RESTful API Design Best Practices Using ASP.NET Web API

GET considerations

SortingFiltering

Paging@schneidenbach#NeverRest

Page 37: RESTful API Design Best Practices Using ASP.NET Web API

Sorting/Ordering

$orderBy=name desc

$orderBy=name desc,hireDate

@schneidenbach#NeverRest

Page 38: RESTful API Design Best Practices Using ASP.NET Web API

Filtering

$filter=(name eq 'Milk' or name eq 'Eggs') and price lt 2.55

@schneidenbach#NeverRest

Page 39: RESTful API Design Best Practices Using ASP.NET Web API

Sorting and filtering for free

Google “OData web api”

@schneidenbach#NeverRest

Page 40: RESTful API Design Best Practices Using ASP.NET Web API

PagingGET /customers? page=1 & pageSize=1000

{"pageNumber": 1,"results": [...],"nextPage": "/customers?page=2"

}

Good paging example on my blog: rest.schneids.net

@schneidenbach#NeverRest

http://rest.schneids.net/
Page 41: RESTful API Design Best Practices Using ASP.NET Web API

Do I need to sort/page/filter?

Maybe!

What do your consumers need?

@schneidenbach#NeverRest

Page 42: RESTful API Design Best Practices Using ASP.NET Web API

Versioning

Your APIs should stand a test of time

@schneidenbach#NeverRest

Page 43: RESTful API Design Best Practices Using ASP.NET Web API

Versioning

GET /customersHost: contoso.comAccept: application/jsonX-Api-Version: 1

@schneidenbach#NeverRest

POST /customersHost: contoso.comAccept: application/jsonX-Api-Version: 2.0

Page 44: RESTful API Design Best Practices Using ASP.NET Web API

Versioning

Use URL versioning@schneidenbach#NeverRest

GET /v1/customersHost: contoso.comAccept: application/json

Page 45: RESTful API Design Best Practices Using ASP.NET Web API

Error reporting

Errors are going to happen.

How will you manage them?

@schneidenbach#NeverRest

Page 46: RESTful API Design Best Practices Using ASP.NET Web API

Error reporting

{ "name": "Arana Software"}

@schneidenbach#NeverRest

Requires name and state

POST /vendors

400 Bad Request

Content-Type: application/json

"State is required."

{ "firstName": "Spencer"}

Requires first and last name

POST /employees

400 Bad Request

Content-Type: application/json

{

"errorMessage": "Your request was invalid."

}

Page 47: RESTful API Design Best Practices Using ASP.NET Web API

Error reporting

@schneidenbach#NeverRest

Page 48: RESTful API Design Best Practices Using ASP.NET Web API

Error reporting

Make finding and fixing errors as easy on your consumer as possible.

@schneidenbach#NeverRest

Page 49: RESTful API Design Best Practices Using ASP.NET Web API

AuthenticationEncryption

Security

@schneidenbach#NeverRest

Page 50: RESTful API Design Best Practices Using ASP.NET Web API

Use SSL.

Don’t roll your own encryption.

Pick an auth strategy that isn’t Basic.

@schneidenbach#NeverRest

Security

Page 51: RESTful API Design Best Practices Using ASP.NET Web API

Ok, time for some code examplesand practical advise

@schneidenbach#NeverRest

Page 52: RESTful API Design Best Practices Using ASP.NET Web API

@schneidenbach#NeverRest

Controller Anatomy

Page 53: RESTful API Design Best Practices Using ASP.NET Web API

@schneidenbach#NeverRest

Page 54: RESTful API Design Best Practices Using ASP.NET Web API

@schneidenbach#NeverRest

Page 55: RESTful API Design Best Practices Using ASP.NET Web API

@schneidenbach#NeverRest

Page 56: RESTful API Design Best Practices Using ASP.NET Web API

Use DTOs/per-request objects@schneidenbach#NeverRest

Page 57: RESTful API Design Best Practices Using ASP.NET Web API

Separation of concerns

@schneidenbach#NeverRest

Page 58: RESTful API Design Best Practices Using ASP.NET Web API

@schneidenbach#NeverRest

Page 59: RESTful API Design Best Practices Using ASP.NET Web API

@schneidenbach#NeverRest

Page 60: RESTful API Design Best Practices Using ASP.NET Web API

Separation of concerns

@schneidenbach#NeverRest

Controllers should know “where,” not ”how.”

Page 61: RESTful API Design Best Practices Using ASP.NET Web API

@schneidenbach#NeverRest

Page 62: RESTful API Design Best Practices Using ASP.NET Web API

Validation

@schneidenbach#NeverRest

Page 63: RESTful API Design Best Practices Using ASP.NET Web API

Validation

Validate. Validate. Validate.

@schneidenbach#NeverRest

Separate validation logic from object.

Google Fluent Validation

https://github.com/JeremySkinner/FluentValidation
Page 64: RESTful API Design Best Practices Using ASP.NET Web API

Controller

Good Architecture

Request Handler/ServiceValidator

Enforce separation of concerns for maintainability and testability.

Google MediatR

https://github.com/jbogard/MediatR
Page 65: RESTful API Design Best Practices Using ASP.NET Web API

Gotchas/ErrorsFormatting

SchemaParametersEndpoints

Documentation

@schneidenbach#NeverRest

Page 66: RESTful API Design Best Practices Using ASP.NET Web API

Documentation

A good API lives and dies by its documentation.

(you should tweet that out)

@schneidenbach#NeverRest

Page 67: RESTful API Design Best Practices Using ASP.NET Web API

Maintaining your APIVendor: “Hey, we’ve made some under-the-cover changes to our endpoint. It shouldn’t impact you, but let us know if it breaks something.”

Us: ”Okay. Can you release it to test first so we can run our integration tests against the endpoint and make sure everything works?”

Vendor: ”Well, actually we need it ASAP, so we’re releasing to prod in an hour.”

@schneidenbach#NeverRest

Page 68: RESTful API Design Best Practices Using ASP.NET Web API

Maintaining your API

Fix bugs and optimize.

Don’t introduce breaking changes like removing properties.

@schneidenbach#NeverRest

Page 69: RESTful API Design Best Practices Using ASP.NET Web API

Thank you!Slides, resources at rest.schneids.net

schneids.net

@schneidenbach


Related Documents
Safenames API 1Safenames RESTful Web API Version 1.2 Page 4 of 30 24 January 2019 1 Introduction The Safenames Web API 2 is a RESTful web service built using ASP.NET Web API framework

Safenames API 1Safenames RESTful Web API Version 1.2 Page 4....

Category: Documents
OpenSocial RESTful API

OpenSocial RESTful API

Category: Technology
RESTful Web API Design - software-architects.com...RESTful Web API Design Rainer Stropek. Saves the day. Software Architecture Summit 2015 RESTful Rainer Stropek ... Building Web API

RESTful Web API Design - software-architects.com...RESTful.....

Category: Documents
RESTful API-centric Universe

RESTful API-centric Universe

Category: Software
RESTful apps and services with ASP.NET MVC

RESTful apps and services with ASP.NET MVC

Category: Technology
ASP.NET Web API & Azure API Management

ASP.NET Web API & Azure API Management

Category: Technology
Oracle® ZFS Storage Appliance RESTful API 설명서, 릴리스 OS8.6 · 2017. 1. 2. · RESTful API 버전 RESTful API 버전 지정된 어플라이언스 릴리스에 대한 RESTful

Oracle® ZFS Storage Appliance RESTful API 설명서,...

Category: Documents
EASILY EXPOSING LEGACY SYSTEMS TO YOUR MOBILE APPS · Auth Services RESTful API RESTful API RESTful API. SCALABILITY, SECURITY AND CONTROL #redhat #rhsummit 13. SCALABILITY, SECURITY,

EASILY EXPOSING LEGACY SYSTEMS TO YOUR MOBILE APPS · Auth....

Category: Documents
Building a RESTful API

Building a RESTful API

Category: Technology
RESTful Web API

RESTful Web API

Category: Software
MindConnect A-pTEìJll REST ful API MindConnect API ... · MindConnect A-pTEìJll REST ful API MindConnect API, RESTful API MindSphere RESTful API (REST), HTTP web MindSphere RESTful

MindConnect A-pTEìJll REST ful API MindConnect API ... ·....

Category: Documents
Dialogic® PowerMedia™ XMS RESTful API/media/manuals/xms/XMS_RESTfulAPIDe… · RESTful API Description PowerMedia XMS RESTful API uses a Representational State Transfer (RESTful)

Dialogic® PowerMedia™ XMS RESTful...

Category: Documents