REST API Design, Development & Management

Course details

Today Enterprises are using REST APIs for not just building mobile applications but also for:

• Creating new channels for partnership
• Building new revenue streams & business models
• Promoting their brands

Just creating the API does not guarantee that the enterprise will be able to achieve the desired goals from API perspective. Adoption of API by developers depend on multiple aspects such as its utility, ease of use, performance, scalability, security. The API provider must apply best practices throughout the lifecycle of an API.

This course covers all the important aspects related to design, development and management of API. The best practices, challenges, suggestions & options discussed in this course are either:

• Created by analyzing how the popular API providers such as Facebook, Twitter, Capital One etc are building and managing their API

Or/And

• Taken from personal experiences of the author

This course is suited for any technologist interested in learning REST API from end to end perspective not just from the coding perspective. Though this course uses NodeJS for demonstrating the design best practices, it does not require students to have any prior experience wth NodeJS. 

To take this course the student is expected to know any one (or more) programming language; have understanding of web application architecture; to be familiar with the concept of services ; understands the data formats such as JSON or XML

Please note that this course will NOT teach how to code REST API in NodeJS.

Course is divided into 6 sections:

1. Setting the stage

Lectures in this section will provide the outline of the course, discuss a case study (ACME Travel) that will be used as an example through the course, provide a list of tools used in the course.

2. REST API Concepts

Lectures in this section will cover the foundational concepts such as the evolution of RESTful API and the 6 architectural constraints.

3. Designing the REST API

Focus in this section is on best practices for designing the REST API. The approach taken in this section is to show how some of the popular API providers (E.g., Twitter, Facebook, Twilio ...) have designed their REST API. Some of the RESTful design aspect covered in this section are:

• Resources, CRUD implementation
• Error Handling, HTTP status codes
• Change management & Versioning
• Pagination, Partial responses

To demonstrate the implementation aspects, a set of NodeJS based API is also implemented for a fictitious enterprise ACME Travels.

4. Securing the REST API

Commonly used BasicAuth standard is not the best way to implement API security. In this section student will learn the commonly adopted Authentication and Authorization schemes used for REST API

• Tokens (Jason Web Tokens or JWT)
• Key/Secret
• OAuth 2.0 (Using Spotify implementation as a reference)

When an API is exposed by an enterprise to the public internet, it poses a risk to the enterprise as hackers may use the vulnerabilities in the API to launch attacks against the enterprise. There are multiple types of such Functional attacks that the API provider must consider. You will learn about the common attacks and the best practices for protecting the API.

5. Swagger 2.0 / Open API Initiative specifications

This section will begin with the description of Collaborative specifications development process & benefits of adopting contract first approach. Students will learn

• Swagger 2.0 specification standard 
• How to create REST API specifications in YAML format
• Tools options for Swagger specs editing
• Benefits of Swagger 2.0
• Demonstration of how specifications are leveraged by common platforms such as Apigee, Mulesoft & IBM API Connect

As part of the lectures, a complete specification will be created for ACME Vacations. At the end of this section student will be able to write Swagger/OAI specifications for their own API.

6. API Management

API management  is the process of publishing, documenting and overseeing application programming interfaces (APIs) in a secure, scalable environment. Lectures in this section cover the details of the following activities that an API provider carry out within the scope of API management.

• Lifecycle management
• Developer productivity
• Developer portal
• Security
• Traffic management
• Analytics
• Productization
• Monetization (API Economy)

APIgee, IBM API Connect & Mulesoft platforms will be used for demonstrating the various API management aspects discussed in the lectures. Students are encouraged to try out these platforms on their own to get a good feel of what API management platforms bring to table. The three platforms offer a free trial version that can be used for testing.