Upgrade to Pro — share decks privately, control downloads, hide ads and more …

[DevReach 2019] Never RESTing - RESTful API Bes...

Spencer Schneidenbach
October 22, 2019
Programming
0
330

[DevReach 2019] Never RESTing - RESTful API Best Practices using ASP.NET Core Web API

Designing and building RESTful APIs isn’t easy. On its surface, it may seem simple – after all, developers are only marshaling JSON back and forth over HTTP, right? Believe it or not, that’s only a small part of the equation. There are many things to keep in mind while building the systems that act as the key to your system.

In this session, we’ll delve into several best practices to keep in mind when designing your RESTful API. Attendees will learn about authentication, versioning, controller/model design, testability, documentation and change management. This session will also explore the do’s and don’t’s of RESTful API management so that you make sure your APIs are simple, consistent, and easy-to-use.

Examples will be done using ASP.NET Core Web API and C#. However, this session will benefit anyone who is or might be working on a RESTful API.

Spencer Schneidenbach

October 22, 2019
Tweet

More Decks by Spencer Schneidenbach

See All by Spencer Schneidenbach
Exploring Serverless Options for .NET in Azure, AWS, and Beyond
schneidenbach
0
56
Evaluating the State of APIs - Comparing REST, GraphQL, gRPC
schneidenbach
1
140
.NET Microservices
schneidenbach
0
120
An Opinionated, Maintainable API Code Architecture for ASP.NET Core
schneidenbach
0
69
Designing and Implementing REST APIs for the Long Haul
schneidenbach
1
58

Other Decks in Programming

See All in Programming
PHP でアセンブリ言語のように書く技術
memory1994
PRO
1
170
Flutterを言い訳にしない!アプリの使い心地改善テクニック5選🔥
kno3a87
1
200
とにかくAWS GameDay!AWSは世界の共通言語! / Anyway, AWS GameDay! AWS is the world's lingua franca!
seike460
PRO
1
890
RubyLSPのマルチバイト文字対応
notfounds
0
120
GitHub Actionsのキャッシュと手を挙げることの大切さとそれに必要なこと
satoshi256kbyte
5
430
Hotwire or React? ~アフタートーク・本編に含めなかった話~ / Hotwire or React? after talk
harunatsujita
1
120
受け取る人から提供する人になるということ
little_rubyist
0
250
ActiveSupport::Notifications supporting instrumentation of Rails apps with OpenTelemetry
ymtdzzz
1
250
CSC509 Lecture 11
javiergs
PRO
0
180
Quine, Polyglot, 良いコード
qnighy
4
650
AI時代におけるSRE、
あるいはエンジニアの生存戦略
pyama86
6
1.2k
聞き手から登壇者へ: RubyKaigi2024 LTでの初挑戦が 教えてくれた、可能性の星
mikik0
1
130

Featured

See All Featured
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
0
99
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Code Review Best Practice
trishagee
64
17k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
The Art of Programming - Codeland 2020
erikaheidi
52
13k
Designing Experiences People Love
moore
138
23k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
StorybookのUI Testing Handbookを読んだ
zakiyama
27
5.3k
Designing for Performance
lara
604
68k
Art, The Web, and Tiny UX
lynnandtonic
297
20k

Transcript

  1. Tue, 22 Oct | 11:30 AM – 12:20 PM Beta

    Room Spencer Schneidenbach
 RESTful API Best Practices Using ASP.NET Core

  2. Slides, links, and more at rest.schneids.net @schneidenbach #NeverRest

  3. Why? @schneidenbach #NeverRest

  4. @schneidenbach #NeverRest

  5. @schneidenbach #NeverRest

  6. API Design is UX for Developers @schneidenbach #NeverRest

  7. Some common themes @schneidenbach #NeverRest

  8. @schneidenbach #NeverRest

  9. Simple != Easy @schneidenbach #NeverRest

  10. There’s No Silver Bullet @schneidenbach #NeverRest

  11. What is REST? Representational State Transfer @schneidenbach #NeverRest

  12. Uniform Interface Code on Demand (optional) Layered Stateless Cacheable Client-Server

    The Six Constraints of REST @schneidenbach #NeverRest

  13. Resource identification Uniform Interface constraint Content-Type: application/json Resource manipulation with

    representations Self-descriptive Hypermedia as the engine of application state (HATEOAS) GET /employees/1234 PUT /employees/1234 @schneidenbach #NeverRest

  14. What is a RESTful API? RESTful API == an API

    that follows REST architecture Term has been sort of co-opted REST != JSON REST != HTTP Lots of people say “REST API” when they really mean HTTP JSON API @schneidenbach #NeverRest

  15. Pragmatic REST RESTful API != Good API @schneidenbach #NeverRest

  16. Do what makes sense. Throw out the rest. Is that

    vague enough for you? @schneidenbach #NeverRest

  17. Maintain Document Implement Design API Design Process @schneidenbach #NeverRest

  18. Designing your RESTful API I HAVE ONE RULE… okay I

    actually have TWO RULES @schneidenbach #NeverRest

  19. KISS (or, Keep it Simple, Stupid) @schneidenbach #NeverRest

  20. KISS Don’t be creative. Provide what is necessary – no

    more, no less. Use a handful of HTTP status codes. @schneidenbach #NeverRest

  21. 403 Forbidden (aka you can’t do that) 401 Unauthorized (aka

    not authenticated) 404 Not Found 400 Bad Request 201 Created 200 OK Good HTTP Codes @schneidenbach #NeverRest

  22. KISS { "id": 1234, "active": true, "nameId": 345 } {

    "id": 345, "name": "Acme" } Customer API Name API GET /customers/1234 GET /names/345 @schneidenbach #NeverRest

  23. KISS That’s TWO REQUESTS per GET That’s TWO REQUESTS per

    POST What’s the point? @schneidenbach #NeverRest

  24. Don’t let your specific implementations leak if they are hard

    to use or understand. @schneidenbach #NeverRest

  25. KISS { "id": 1234, "active": true, "name": "Acme" } Customer

    API GET /customers/1234 @schneidenbach #NeverRest

  26. KISS Inactive Deleted Visible Retired @schneidenbach #NeverRest

  27. @schneidenbach #NeverRest

  28. @schneidenbach #NeverRest

  29. Second big rule – Be Consistent Be consistent with accepted

    best practices. Be consistent with yourself. @schneidenbach #NeverRest

  30. PATCH DELETE POST PUT GET Understanding verbs Remember consistency! @schneidenbach

    #NeverRest

  31. Don’t mutate data with GETs. @schneidenbach #NeverRest

  32. Resource identification Nouns vs. verbs Basically, use plural nouns @schneidenbach

    #NeverRest

  33. { "invoices": [ { ... }, { ... } ]

    } GET /customers/1234/ invoices GET /customers/1234 ?expand=invoices Within the parent object Sub-resource strategies As a separate request Using an expand parameter Be consistent, but be flexible when it makes sense @schneidenbach #NeverRest

  34. GET considerations Sorting Filtering Paging @schneidenbach #NeverRest

  35. Sorting/Filtering GET /customers?name=Spencer @schneidenbach #NeverRest

  36. Paging GET /customers? page=1 & pageSize=1000 { "pageNumber": 1, "results":

    [...], "nextPage": "/customers?page=2" } @schneidenbach #NeverRest Good paging example on my website: rest.schneids.net

  37. Do I need to sort/page/filter? Maybe! What do your consumers

    need? @schneidenbach #NeverRest

  38. Versioning Your APIs should stand a test of time @schneidenbach

    #NeverRest

  39. Versioning GET /customers Host: contoso.com Accept: application/json X-Api-Version: 1 @schneidenbach

    #NeverRest POST /customers Host: contoso.com Accept: application/json X-Api-Version: 2.0

  40. Versioning Use URL versioning @schneidenbach #NeverRest GET /v1/customers Host: contoso.com

    Accept: application/json

  41. Error reporting Errors are going to happen. How will you

    manage them? @schneidenbach #NeverRest

  42. Error reporting { "name": "Aviron Software" } @schneidenbach #NeverRest {

    "firstName": "Spencer" } Requires first and last name POST /employees 400 Bad Request Content-Type: application/json { "errorMessage": "Your request was invalid." } Requires name and state POST /vendors 400 Bad Request Content-Type: application/json "State is required."

  43. Error reporting @schneidenbach #NeverRest

  44. Error reporting Make finding and fixing errors as easy on

    your consumer as possible. @schneidenbach #NeverRest

  45. Authentication Encryption Security @schneidenbach #NeverRest

  46. Use SSL. Don’t roll your own encryption. Pick an auth

    strategy that isn’t Basic. @schneidenbach #NeverRest Security

  47. Ok, time for some code examples and practical advise @schneidenbach

    #NeverRest

  48. Typical controller @schneidenbach #NeverRest

  49. @schneidenbach #NeverRest

  50. @schneidenbach #NeverRest

  51. @schneidenbach #NeverRest

  52. Separation of concerns @schneidenbach #NeverRest Controllers should know “where,” not

    ”how.” Enter MediatR
  53. None
  54. None

  55. @schneidenbach #NeverRest

  56. Validation Validate. Validate. Validate. @schneidenbach #NeverRest Separate validation logic from

    object. Google Fluent Validation
  57. None
  58. None

  59. Controller Good Architecture Request Handler/Service Validator Enforce separation of concerns

    for maintainability and testability.

  60. Just remember to use all these things • MediatR •

    Fluent Validation • Autofac • Microsoft DI • Entity Framework • AutoMapper or…

  61. rest.schneids.net

  62. None

  63. Gotchas/Errors Formatting Schema Parameters Endpoints Documentation @schneidenbach #NeverRest

  64. Documentation A good API lives and dies by its documentation.

    (you should tweet that out) @schneidenbach #NeverRest

  65. Maintaining your API Vendor: “Hey, we’ve made some under-the-cover changes

    to our endpoint. It shouldn’t impact you, but let us know if it breaks something.” Us: ”Okay. Can you release it to test first so we can run our integration tests against the endpoint and make sure everything works?” Vendor: ”Well, actually we need it ASAP, so we’re releasing to prod in an hour.” @schneidenbach #NeverRest

  66. @schneidenbach #NeverRest

  67. Maintaining your API Fix bugs and optimize. Don’t introduce breaking

    changes like removing properties. @schneidenbach #NeverRest

  68. Thank you! Slides, resources at rest.schneids.net schneids.net @schneidenbach

  69. Session Feedback
 Your Time & Opinion is Valued
 https://www.telerik.com/devreach/day1feedback