PS:
This COURSE does NOT focus on Coding of REST API - Focus is on Designing using proven patterns.
Please do NOT enroll if your objective/Goal is just to learn "Coding" part of the REST API.
How was this course created?
PS:
This COURSE does NOT focus on Coding of REST API - Focus is on Designing using proven patterns.
Please do NOT enroll if your objective/Goal is just to learn "Coding" part of the REST API.
How was this course created?
Author (Raj) has worked with many large organizations for building their Digital Strategy in which API was a central theme. Over the years author recognized certain patterns and practices that led to successful API initiatives. Intrigued by his findings author did thorough research of 100's other successful API providers (examples: Facebook, Expedia, Capital One ...) and that resulted in a collection of Best practices and Design patterns that are covered in this course.
This course covers all the important aspects related to design, development and management of API. The best practices, design patterns, challenges, suggestions & options discussed in this course are either:
Created by analyzing how the popular API providers such as Facebook, Twitter, Capital One etc are building and managing their API
Taken from personal experiences of the author
Course is divided into 6 Parts:
1. Setting the stage - Discusses a case study (ACME travels) used through the course + provides information on tools used
2. Evolution of REST API - Lectures in this section will cover the foundational concepts + Why REST/JSON has become a defacto standard
3. Designing the REST API (Covered in multiple sections)
This is where students will learn the:
Best Practices
Implementation patterns
To demonstrate the implementation aspects, a set of NodeJS based API is also implemented for a fictitious enterprise ACME Travels.
4. Securing the REST API
When an API is exposed by an enterprise to the public internet, it poses a risk to the enterprise as hackers may use the vulnerabilities in the API to launch attacks against the enterprise. There are multiple types of such Functional attacks that the API provider must consider. You will learn about the common attacks and the best practices for protecting the API.
5. Swagger 2.0 / Open API Initiative specifications
This section will begin with the description of Collaborative specifications development process & benefits of adopting contract first approach. At the end of this section student will be able to write Swagger/OAI specifications for their own API. As part of the lectures, a complete specification will be created for ACME Vacations.
6. API Management
API management is the process of publishing, documenting and overseeing application programming interfaces (APIs) in a secure, scalable environment. Lectures in this section cover the details of the following activities that an API provider carry out within the scope of API management.
APIgee, IBM API Connect & Mulesoft platforms will be used for demonstrating the various API management aspects discussed in the lectures. Students are encouraged to try out these platforms on their own to get a good feel of what API management platforms bring to table. The three platforms offer a free trial version that can be used for testing.
WHY REST API?
Today Enterprises are using REST APIs for not just building mobile applications but also for:
Creating new channels for partnership
Building new revenue streams & business models
Promoting their brands
Just creating the API does not guarantee that the enterprise will be able to achieve the desired goals from API perspective. Adoption of API by developers depend on multiple aspects such as its utility, ease of use, performance, scalability, security. The API provider must apply best practices throughout the life cycle of an API.
Who should take this course?
This course is suited for any technologist interested in learning REST API from end to end perspective not just from the coding perspective. Though this course uses NodeJS for demonstrating the design best practices, it does not require students to have any prior experience wth NodeJS.
To take this course the student is expected to know any one (or more) programming language; have understanding of web application architecture; to be familiar with the concept of services ; understands the data formats such as JSON or XML
Please note that this course will NOT teach how to code REST API in NodeJS.
Quick introduction to the course
Tips on how to get the most out of this course
Provides link for summary decks download.
ACME Travels is a fictitious company that is going through a crisis as they did not keep up to speed with the technology. Their CTO has a vision to create an API driven organization.
This quick lecture describes the ACME case study that will be used in discussions of various concepts discussed in this course. All APIs created in the course are for ACME travels.
In this course multiple tools will be used. This quick lecture describes the tools that will be used in this course. Students are not expected to have any prior experience with any of the tools discussed
In this lecture students will learn about the free MongoDB sandbox environment offered by http://mlab.com
Samples in this course will use the MongoDB instance on mlab.com
Walkthrough of a scenario to explain what an API is.
Students will learn about the
Students will learn the core concepts of RESTful API. At end of the lecture they would understand the following terms:
Also covers the demonstration of a publicly available REST API from Walmart.
Checks students understanding of general concepts of API
Students will learn about the three types of APIs.
In this lecture students will learn about the API exposed by TicketMaster.
Student will learn about:
Just using the JSON+HTTP does not automatically make the API RESTful. In this student will get a overview of the REST constraints described by Roy Fielding in his dissertation paper.
Student will learn about the benefit of following the "Client-Server" constraint which is considered the foundation for the RESTful API.
Student will learn about the constraint#2 Uniform Interface + the 4 guiding principles that are part of the Uniform Interface constraint.
Student will learn about the "Statelessness" constraint.
In this lecture student will learn
Student how "Layered System" architecture enables a incremental evolutionary approach.
This lecture describes the (optional) REST constraint referred to as the "Code on Demand"
At the end of this lecture the Student will be able to evaluate the maturity level of an organization from the perspective of adoption of RESTful architecture & practices.
Test student's knowledge of REST architectural constraints.
Students will learn about the structure of the API Endpoint URL
Student will learn about:
Describes how to implement the API CRUD operations. Covers the use of HTTP verbs, status codes and how to implement the support for multiple data formats.
You will be seeing the API(s) in actions. This lecture will provide you the steps to setup the local environment.
In this lecture students will learn how to create a simple API in Node. At the end of the lecture students are expected to be able to extend the vacations API to add more operations.
This quiz will test the student's understanding of how to implement basic operations & error handling for REST API.
Students will how to implement error handling in REST API
Walk through of the code for demonstrating the error handling for REST API
Code available at https://www.github.com/acloudfan
Test student's knowledge of designing the error handling for their API
Students will learn about common changes required for API after they have been released. Also included is a discussion on practices for handling API changes.
Student will learn the common version strategies for the REST API. Also understand the API lifeservice from version perspective.
Students will learn
Student will lear how to use the HTTP cache control directive
API implementations can use the HTTP header Cache-Control to take advantage of the HTTP protocol built in support for caching. In this lecture students will learn the various directives (instructions) they can use for building API with cache support.
This lecture demonstrates the use of the HTTP caching header from the Node JS API.
Checks students knowledge of general concepts of caching and Cache-Control directives.
Its common for many popular API providers (Facebook, LinkedIn, Pinterest...) to support partial response in their APIs. In this lecture student will learn the benefits of supporting partial responses and they will see a demo of building API with support for partial responses (ACME Hotels API)
Students will see the implementation of partial response pattern
In this lecture students will learn common ways in which Pagination support may be implemented in an API. At the end of this lecture they would learn how to build pagination in a MongoDB/Node application using the limit/skip functions
Checks students understanding of how to design API with support for partial responses and pagination
Student will learn about security aspects related to API:
Basic authentication is the simplest form of authentication that may be applied to the API. Student will learns concepts and then understand how to code Basic Auth in Node JS code.
Tests the student on their understanding of Basic authentication
Student will learn:
Checks student's understanding of Token based authentication and JWT
The API Key/Secret is the most common way the API providers protect the API. In this lecture student will learn about:
Tests students understanding of concept of client key & secret
Student will learn the concepts of OAuth2.0.
In this lecture, student will also learn how Spotify (Streaming music) has implemented the OAuth2 for their public API.
Tests student's understanding of concepts of API authorization and OAuth 2.0
Hackers are always looking for threats/vulnerabilities in publicly available API. Student will learn abut common types of attack. In the lecture the student will also see a demonstration of a "SQLInjection" attack.
In this lecture student will learn:
Checks student's knowledge of basic concepts of REST API specifications
In this lecture student will get an overview of he Swagger/OAI + YAML specifications. Also discuss the various editor options for Swagger/OIA
Tests the student on their knowledge of Swagger
Students will learn:
Checks student's understanding of the specifications format
Student will learn how to define the following in Swagger/OAI specs:
Student will learn how to create Paths/Operations in the Swagger/OAI specifications. Walkthrough of the developer documentation generated from the specifications.
Checks student's understanding of the Paths/Resources
In this lecture student will learn about the
In this lecture student will learn about the practices for managing the API "Lifecycle" that has 5 stages.
How API developer productivity is enhanced by way of adoption of the API management platforms.
Demonstration of specification import process on the "Mulesoft" and "IBM API Connect" platform
Generate the API proxy on "Apigee" platform using the vacation specification generated in previous section. Apply policies to control the behavior of the API.
Student will learn about the essential features of the API developer portal. At the end of the lecture will be in a position to decide whether to build or buy a portal for their API.
At end of the lecture student will see how easily an off the shelf developer portal (Mulesoft) can easily be customized.
Students will learn about:
Student will learn
API Analytics is an important aspect of API management. There are multiple types of analytics collected on the API platform. Student will learn abut the common analytics collected on API platforms and how it can be leveraged by the developers.
Students will learn about the good practice that states "Treat your API like a product if you would like to sell it like a product".
Also the student will understand the
OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.
Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.
Find this site helpful? Tell a friend about us.
We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.
Your purchases help us maintain our catalog and keep our servers humming without ads.
Thank you for supporting OpenCourser.