Upgrade to Pro — share decks privately, control downloads, hide ads and more …

[DevReach 2019] Never RESTing - RESTful API Bes...

Spencer Schneidenbach
October 22, 2019
Programming
0
330

[DevReach 2019] Never RESTing - RESTful API Best Practices using ASP.NET Core Web API

Designing and building RESTful APIs isn’t easy. On its surface, it may seem simple – after all, developers are only marshaling JSON back and forth over HTTP, right? Believe it or not, that’s only a small part of the equation. There are many things to keep in mind while building the systems that act as the key to your system.

In this session, we’ll delve into several best practices to keep in mind when designing your RESTful API. Attendees will learn about authentication, versioning, controller/model design, testability, documentation and change management. This session will also explore the do’s and don’t’s of RESTful API management so that you make sure your APIs are simple, consistent, and easy-to-use.

Examples will be done using ASP.NET Core Web API and C#. However, this session will benefit anyone who is or might be working on a RESTful API.

Spencer Schneidenbach

October 22, 2019
Tweet

More Decks by Spencer Schneidenbach

See All by Spencer Schneidenbach
Exploring Serverless Options for .NET in Azure, AWS, and Beyond
schneidenbach
0
56
Evaluating the State of APIs - Comparing REST, GraphQL, gRPC
schneidenbach
1
140
.NET Microservices
schneidenbach
0
120
An Opinionated, Maintainable API Code Architecture for ASP.NET Core
schneidenbach
0
68
Designing and Implementing REST APIs for the Long Haul
schneidenbach
1
58

Other Decks in Programming

See All in Programming
Kotlin2でdataクラスの copyメソッドを禁止する/Data class copy function to have the same visibility as constructor
eichisanden
1
130
生成 AI を活用した toitta 切片分類機能の裏側 / Inside toitta's AI-Based Factoid Clustering
pokutuna
0
570
VR HMDとしてのVision Pro+ゲーム開発について
yasei_no_otoko
0
100
Vitest Browser Mode への期待 / Vitest Browser Mode
odanado
PRO
2
1.7k
macOS でできる リアルタイム動画像処理
biacco42
7
1.8k
Android 15 でアクションバー表示時にステータスバーが白くなってしまう問題
tonionagauzzi
0
140
PLoP 2024: The evolution of the microservice architecture pattern language
cer
PRO
0
1.6k
AWS IaCの注目アップデート 2024年10月版
konokenj
3
3.1k
Webの技術スタックで マルチプラットフォームアプリ開発を可能にするElixirDesktopの紹介
thehaigo
2
920
LLM生成文章の精度評価自動化とプロンプトチューニングの効率化について
layerx
PRO
2
140
約9000個の自動テストの 時間を50分->10分に短縮 Flakyテストを1%以下に抑えた話
hatsu38
23
11k
色々なIaCツールを実際に触って比較してみる
iriikeita
0
270

Featured

See All Featured
Navigating Team Friction
lara
183
14k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
32
1.8k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k
BBQ
matthewcrist
85
9.3k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
504
140k
Side Projects
sachag
452
42k
Bash Introduction
62gerente
608
210k
The Cult of Friendly URLs
andyhume
78
6k
How STYLIGHT went responsive
nonsquared
95
5.2k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
Code Reviewing Like a Champion
maltzj
519
39k
Making Projects Easy
brettharned
115
5.9k

Transcript

  1. Tue, 22 Oct | 11:30 AM – 12:20 PM Beta

    Room Spencer Schneidenbach
 RESTful API Best Practices Using ASP.NET Core

  2. Slides, links, and more at rest.schneids.net @schneidenbach #NeverRest

  3. Why? @schneidenbach #NeverRest

  4. @schneidenbach #NeverRest

  5. @schneidenbach #NeverRest

  6. API Design is UX for Developers @schneidenbach #NeverRest

  7. Some common themes @schneidenbach #NeverRest

  8. @schneidenbach #NeverRest

  9. Simple != Easy @schneidenbach #NeverRest

  10. There’s No Silver Bullet @schneidenbach #NeverRest

  11. What is REST? Representational State Transfer @schneidenbach #NeverRest

  12. Uniform Interface Code on Demand (optional) Layered Stateless Cacheable Client-Server

    The Six Constraints of REST @schneidenbach #NeverRest

  13. Resource identification Uniform Interface constraint Content-Type: application/json Resource manipulation with

    representations Self-descriptive Hypermedia as the engine of application state (HATEOAS) GET /employees/1234 PUT /employees/1234 @schneidenbach #NeverRest

  14. What is a RESTful API? RESTful API == an API

    that follows REST architecture Term has been sort of co-opted REST != JSON REST != HTTP Lots of people say “REST API” when they really mean HTTP JSON API @schneidenbach #NeverRest

  15. Pragmatic REST RESTful API != Good API @schneidenbach #NeverRest

  16. Do what makes sense. Throw out the rest. Is that

    vague enough for you? @schneidenbach #NeverRest

  17. Maintain Document Implement Design API Design Process @schneidenbach #NeverRest

  18. Designing your RESTful API I HAVE ONE RULE… okay I

    actually have TWO RULES @schneidenbach #NeverRest

  19. KISS (or, Keep it Simple, Stupid) @schneidenbach #NeverRest

  20. KISS Don’t be creative. Provide what is necessary – no

    more, no less. Use a handful of HTTP status codes. @schneidenbach #NeverRest

  21. 403 Forbidden (aka you can’t do that) 401 Unauthorized (aka

    not authenticated) 404 Not Found 400 Bad Request 201 Created 200 OK Good HTTP Codes @schneidenbach #NeverRest

  22. KISS { "id": 1234, "active": true, "nameId": 345 } {

    "id": 345, "name": "Acme" } Customer API Name API GET /customers/1234 GET /names/345 @schneidenbach #NeverRest

  23. KISS That’s TWO REQUESTS per GET That’s TWO REQUESTS per

    POST What’s the point? @schneidenbach #NeverRest

  24. Don’t let your specific implementations leak if they are hard

    to use or understand. @schneidenbach #NeverRest

  25. KISS { "id": 1234, "active": true, "name": "Acme" } Customer

    API GET /customers/1234 @schneidenbach #NeverRest

  26. KISS Inactive Deleted Visible Retired @schneidenbach #NeverRest

  27. @schneidenbach #NeverRest

  28. @schneidenbach #NeverRest

  29. Second big rule – Be Consistent Be consistent with accepted

    best practices. Be consistent with yourself. @schneidenbach #NeverRest

  30. PATCH DELETE POST PUT GET Understanding verbs Remember consistency! @schneidenbach

    #NeverRest

  31. Don’t mutate data with GETs. @schneidenbach #NeverRest

  32. Resource identification Nouns vs. verbs Basically, use plural nouns @schneidenbach

    #NeverRest

  33. { "invoices": [ { ... }, { ... } ]

    } GET /customers/1234/ invoices GET /customers/1234 ?expand=invoices Within the parent object Sub-resource strategies As a separate request Using an expand parameter Be consistent, but be flexible when it makes sense @schneidenbach #NeverRest

  34. GET considerations Sorting Filtering Paging @schneidenbach #NeverRest

  35. Sorting/Filtering GET /customers?name=Spencer @schneidenbach #NeverRest

  36. Paging GET /customers? page=1 & pageSize=1000 { "pageNumber": 1, "results":

    [...], "nextPage": "/customers?page=2" } @schneidenbach #NeverRest Good paging example on my website: rest.schneids.net

  37. Do I need to sort/page/filter? Maybe! What do your consumers

    need? @schneidenbach #NeverRest

  38. Versioning Your APIs should stand a test of time @schneidenbach

    #NeverRest

  39. Versioning GET /customers Host: contoso.com Accept: application/json X-Api-Version: 1 @schneidenbach

    #NeverRest POST /customers Host: contoso.com Accept: application/json X-Api-Version: 2.0

  40. Versioning Use URL versioning @schneidenbach #NeverRest GET /v1/customers Host: contoso.com

    Accept: application/json

  41. Error reporting Errors are going to happen. How will you

    manage them? @schneidenbach #NeverRest

  42. Error reporting { "name": "Aviron Software" } @schneidenbach #NeverRest {

    "firstName": "Spencer" } Requires first and last name POST /employees 400 Bad Request Content-Type: application/json { "errorMessage": "Your request was invalid." } Requires name and state POST /vendors 400 Bad Request Content-Type: application/json "State is required."

  43. Error reporting @schneidenbach #NeverRest

  44. Error reporting Make finding and fixing errors as easy on

    your consumer as possible. @schneidenbach #NeverRest

  45. Authentication Encryption Security @schneidenbach #NeverRest

  46. Use SSL. Don’t roll your own encryption. Pick an auth

    strategy that isn’t Basic. @schneidenbach #NeverRest Security

  47. Ok, time for some code examples and practical advise @schneidenbach

    #NeverRest

  48. Typical controller @schneidenbach #NeverRest

  49. @schneidenbach #NeverRest

  50. @schneidenbach #NeverRest

  51. @schneidenbach #NeverRest

  52. Separation of concerns @schneidenbach #NeverRest Controllers should know “where,” not

    ”how.” Enter MediatR
  53. None
  54. None

  55. @schneidenbach #NeverRest

  56. Validation Validate. Validate. Validate. @schneidenbach #NeverRest Separate validation logic from

    object. Google Fluent Validation
  57. None
  58. None

  59. Controller Good Architecture Request Handler/Service Validator Enforce separation of concerns

    for maintainability and testability.

  60. Just remember to use all these things • MediatR •

    Fluent Validation • Autofac • Microsoft DI • Entity Framework • AutoMapper or…

  61. rest.schneids.net

  62. None

  63. Gotchas/Errors Formatting Schema Parameters Endpoints Documentation @schneidenbach #NeverRest

  64. Documentation A good API lives and dies by its documentation.

    (you should tweet that out) @schneidenbach #NeverRest

  65. Maintaining your API Vendor: “Hey, we’ve made some under-the-cover changes

    to our endpoint. It shouldn’t impact you, but let us know if it breaks something.” Us: ”Okay. Can you release it to test first so we can run our integration tests against the endpoint and make sure everything works?” Vendor: ”Well, actually we need it ASAP, so we’re releasing to prod in an hour.” @schneidenbach #NeverRest

  66. @schneidenbach #NeverRest

  67. Maintaining your API Fix bugs and optimize. Don’t introduce breaking

    changes like removing properties. @schneidenbach #NeverRest

  68. Thank you! Slides, resources at rest.schneids.net schneids.net @schneidenbach

  69. Session Feedback
 Your Time & Opinion is Valued
 https://www.telerik.com/devreach/day1feedback