Upload
wso2
View
1.252
Download
2
Tags:
Embed Size (px)
Citation preview
Exploring REST Purity and Pragmatism
Samisa Abeysinghe Vice President Engineering
REST
• General idea
– It is simple
– Widely used
– “cool” & state of the art
– And ideal for SOA & the enterprise
True?
Yes
Simple Cool
Popular Used
REST is…
From Theory to Practice
• Can simplicity meet complexity?
• Can REST be used in enterprise?
REST for Enterprise
Standards
HTTP & Media types
Interfaces
Programming languages
Services & APIs
REST Service
RESTful APIs
Simple, quick & Web Oriented
Governance
Lifecycle management
Versioning & configurations
Committees & Conformance
Security
HTTP vs HTTPS
Authentication
Non-Repudiation
Business Models
Billing & metering
Tiers & Throttling
Pay for use
Standards
HTTP & Media types
Interfaces
Programming languages
Services & APIs
REST Service
RESTful APIs
Simple, quick & Web Oriented
Governance
Lifecycle management
Versioning & configurations
Committees & Conformance
Security
HTTP vs HTTPS
Authentication
Non-Repudiation
Business Models
Billing & metering
Tiers & Throttling
Pay for use
REST Principles
Resources
Names
URI, XRI
(http://acme.com/ customers)
Verbs
CRUD and more
(PUT, GET,POST,DELETE … HEAD, OPTIONS) Representations
HTML, XML or Binary
(text/html, text/xml, image/png)
Standards
HTTP & Media types
Interfaces
Programming languages
Services & APIs
REST Service
RESTful APIs
Simple, quick & Web Oriented
Governance
Lifecycle management
Versioning & configurations
Committees & Conformance
Security
HTTP vs HTTPS
Authentication
Non-Repudiation
Business Models
Billing & metering
Tiers & Throttling
Pay for use
Services vs APIs
• Services are what you develop
• APIs are what you expose
– “The interface”
– How can you consume the service?
RESTful APIs
• REST (REpresentational State Transfer)
– An architectural style based on transferring representations of resources from a server to a client
• RESTful Web services
– Web services built on the REST principles
– Also called a RESTful Web API
– http://en.wikipedia.org/wiki/Representational_state_transfer#RESTful_web_services
The Interface Matters
• It is not the implementation that matter
• But the interface
– And got to be managed and maintained systematically
Standards
HTTP & Media types
Interfaces
Programming languages
Services & APIs
REST Service
RESTful APIs
Simple, quick & Web Oriented
Governance
Lifecycle management
Versioning & configurations
Committees & Conformance
Security
HTTP vs HTTPS
Authentication
Non-Repudiation
Business Models
Billing & metering
Tiers & Throttling
Pay for use
Manage Life-Cycles
Service API
Tools for Life-Cycle Management
Tools for Life-Cycle Management
Standards
HTTP & Media types
Interfaces
Programming languages
Services & APIs
REST Service
RESTful APIs
Simple, quick & Web Oriented
Governance
Lifecycle management
Versioning & configurations
Committees & Conformance
Security
HTTP vs HTTPS
Authentication
Non-Repudiation
Business Models
Billing & metering
Tiers & Throttling
Pay for use
Securing RESTful Services
Confidentiality
HTTPS
Integrity
HTTPS
Authentication
HTTP Basic/Digest Auth., Mutual Auth., OAuth
Non Repudiation
2-legged OAuth
Security
Security Using OAuth
http://pathberiya.blogspot.com/2011/02/2-legged-oauth-to-secure-restful.html
Access Tokens
Used when applications are calling each other
Application Key Used when an
end user is using an application
User Key
Application/User Key Generation Sequence
Standards
HTTP & Media types
Interfaces
Programming languages
Services & APIs
REST Service
RESTful APIs
Simple, quick & Web Oriented
Governance
Lifecycle management
Versioning & configurations
Committees & Conformance
Security
HTTP vs HTTPS
Authentication
Non-Repudiation
Business Models
Billing & metering
Tiers & Throttling
Pay for use
Business Models
Business Requirements
Tiers
Platinum
Gold
Silver
Metering
Usage metering
Capacity metering
Status tracking
Throttling
Tier limits enforcement
SLA & policy enforcement
Prioritization
Billing
Pay for use
Budget
Estimates
Monitoring
Trends
Continuous improvement
Capacity planning
Monitoring Tools
Insights & Continuous Improvement
Standards
HTTP & Media types
Interfaces
Programming languages
Services & APIs
REST Service
RESTful APIs
Simple, quick & Web Oriented
Governance
Lifecycle management
Versioning & configurations
Committees & Conformance
Security
HTTP vs HTTPS
Authentication
Non-Repudiation
Business Models
Billing & metering
Tiers & Throttling
Pay for use
Closing Remarks
• REST is simple, cool, popular and used
• Need to look beyond coolness to use REST for real
• Think of REST as a way to expose APIs
• Pay attention to good governance
• Make informed security architecture decisions
• Focus on monitoring, analysis and insights based continuous improvements
Resources
• http://wso2.com/products/api-manager/
• http://wso2.com/products/governance-registry/
• http://wso2.com/products/business-activity-monitor/
• http://sanjiva.weerawarana.org/2012/08/api-management-missing-link-for-soa.html
• http://sumedha.blogspot.com/search/label/API
WSO2 Engagement Model
• QuickStart
• Development Support
• Development Services
• Production Support
• http://wso2.com/support
Thank you! [email protected]