REST API s in a CA Plex context. API Design and Integration into CA Plex landscape

Similar documents
04 Webservices. Web APIs REST Coulouris. Roy Fielding, Aphrodite, chp.9. Chp 5/6

INF5750. RESTful Web Services

RESTful Services. Distributed Enabling Platform

RESTful Web Services. 20-Jan Gordon Dickens Chariot Solutions

HTTP, REST Web Services

ReST 2000 Roy Fielding W3C

Understanding RESTful APIs and documenting them with Swagger. Presented by: Tanya Perelmuter Date: 06/18/2018

PS/2 Web Services

RESTful API Design APIs your consumers will love

REST A brief introduction

WWW, REST, and Web Services

REST Easy with Infrared360

Develop Mobile Front Ends Using Mobile Application Framework A - 2

RESTful Service Composition with JOpera

Web Services Week 10

REST Services. Zaenal Akbar

Other architectures are externally built or expanded

Web API Best Practices

REST. And now for something completely different. Mike amundsen.com

REST Web Services Objektumorientált szoftvertervezés Object-oriented software design

Copyright 2014 Blue Net Corporation. All rights reserved

There is REST and then there is REST. Radovan Semančík November 2017

Lesson 14 SOA with REST (Part I)

Best Practices for Building RESTful Web services WHITE PAPER

Session 12. RESTful Services. Lecture Objectives

RESTFUL WEB SERVICES - INTERVIEW QUESTIONS

REST: I don't Think it Means What You Think it Does. Stefan

API Design Methodology. Mike Amundsen API Academy /

Introduction to RESTful Web Services. Presented by Steve Ives

JVA-563. Developing RESTful Services in Java

Twelve Patterns for Hypermedia Service Architecture

CS 498RK FALL RESTFUL APIs

Hypermedia Web API for enhanced Heterogeneous Missions Accessibility

REST API OVERVIEW. Design and of Web APIs using the REST paradigm.

INF 212 ANALYSIS OF PROG. LANGS. INTERACTIVITY. Prof. Crista Lopes

ENTERPRISE SOA CONFERENCE

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Designing RESTful Web Applications. Ben Ramsey

Writing APIs in Lumen

A Generic Adaptive Method for Corruption Mitigation in Trial Monitoring System with Restful Authorization. India)

REST over HTTP. Ambient intelligence. Fulvio Corno. Politecnico di Torino, 2015/2016

Just relax - take some 90 minutes of ReST

describe the functions of Windows Communication Foundation describe the features of the Windows Workflow Foundation solution

Web Applications. Software Engineering 2017 Alessio Gambi - Saarland University

What is REST? ; Erik Wilde ; UC Berkeley School of Information

Developing Enterprise Services for Mobile Devices using Rational Software Architect / Worklight

Roy Fielding s PHD Dissertation. Chapter s 5 & 6 (REST)

Developing RESTful Services Using JAX-RS

VS10 WCF of Many Flavors When do I use which?

Apache Wink Developer Guide. Draft Version. (This document is still under construction)

A Pragmatic Introduction to REST. Stefan Tilkov,

Restful Interfaces to Third-Party Websites with Python

Using REST for SOA Stefan Tilkov, QCon SF 2010

Integrating with ClearPass HTTP APIs

ORACLE APPLICATION EXPRESS, ORACLE REST DATA SERVICES, & WEBLOGIC 12C AUTHOR: BRAD GIBSON SENIOR SOLUTIONS ARCHITECT ADVIZEX

Mobile Computing. Logic and data sharing. REST style for web services. Operation verbs. RESTful Services

Lesson 15 SOA with REST (Part II)

Migrating traditional Java EE applications to mobile

Introduction to REST. Kenneth M. Anderson University of Colorado, Boulder CSCI 7818 Lecture 6 08/27/2008. University of Colorado 2008

Kim Dalsgaard. Co-owner of, and Software Designer at Trifork Athene Co-founder of Aarhus Ruby Brigade

Produced by. Mobile Application Development. Higher Diploma in Science in Computer Science. Eamonn de Leastar

CNIT 129S: Securing Web Applications. Ch 3: Web Application Technologies

DatabaseRESTAPI

INTERNET ENGINEERING. HTTP Protocol. Sadegh Aliakbary

COMPUTER NETWORKS AND COMMUNICATION PROTOCOLS. Web Access: HTTP Mehmet KORKMAZ

RKN 2015 Application Layer Short Summary

Life on the Web is fast and furious should we be more RESTful?

A Brief Introduction to REST

RESTful Web Services Part 1

STARCOUNTER. Technical Overview

WSRP Web Services for Remote Portlets

Inland Revenue. Build Pack. Identity and Access Services. Date: 04/09/2017 Version: 1.5 IN CONFIDENCE

Scalable applications with HTTP

Session 8. Reading and Reference. en.wikipedia.org/wiki/list_of_http_headers. en.wikipedia.org/wiki/http_status_codes

BEAAquaLogic. Service Bus. JPD Transport User Guide

Please note: This is a working document and is subject to change. Please check back periodically to ensure you have the latest version of this spec.

A Framework For Transitioning Enterprise Web Services From XML-RPC to REST

LUCITY REST API INTRODUCTION AND CORE CONCEPTS

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Computer Networks. Wenzhong Li. Nanjing University

D, E I, J, K, L O, P, Q

Developing Applications for the Java EE 7 Platform 9-2

2 Apache Wink Building Blocks

Webspeed. I am back. Enhanced WebSpeed

Aim behind client server architecture Characteristics of client and server Types of architectures

We are ready to serve Latest Testing Trends, Are you ready to learn? New Batch Details

DEVELOPING WEB AZURE AND WEB SERVICES MICROSOFT WINDOWS AZURE

Introduction and Overview

Data Avenue REST API. Ákos Hajnal, Zoltán Farkas November, 2015

Creating RESTful web services with Spring Boot

API Design & Management

Cloud-Native Applications. Copyright 2017 Pivotal Software, Inc. All rights Reserved. Version 1.0

WAP Push Message Version 16-August-1999

DDD & REST. Domain-Driven APIs for the web. Oliver Gierke. / olivergierke

JSR 311: JAX-RS: The Java API for RESTful Web Services

Understanding REST: ROCA & HATEOAS

70-487: Developing Windows Azure and Web Services

Distribution and web services

Niraj Bhatt Technical Architect Session Code:

RESTful -Webservices

Transcription:

REST API s in a CA Plex context API Design and Integration into CA Plex landscape

Speaker Software Architect and Consultant at CM First AG, Switzerland since 2008 having 30+ years of experience with the CA Plex / 2E product lines in different roles: developer, supporter, pre-sales, distributor, project manager, teacher, mentor, architect and consultant. lorenz.alder@cmfirstgroup.com

Section 1 - API Design

API Design challenges Simple to use (spread) Self explaining / in-band out-of-band Support major platforms / devices / tooling Authentication / Authorisation / Encryption Versioning Documentation Appropriate architectural style Human / Machine Error reporting / Re-tries

API Design challenges Long running processes (asynch) Monitor Events / Webhooks (events) Data replication / offline clients Billing services Server Monitoring, Notification, Stats Scaleability / Caching / Performance Transactions, Web transactions

API consumers Consumers are out of your control They will do the unexpected They will not follow the application domain protocol Make sure the API server is robust!

Simple to consume Design from a consumer perspective Provide API Access Libraries in Java,.Net, Javascript, if necessary

API Self explaining / explorable Provide as much information as possible in-band Provide links to documentation in-band (switchable for Dev/Prod)

API documentation Domain Application Protocol State transitions Media types Link relations Headers Status Codes

API Consumer Platform support Create Libraries for Platforms Example : AWS S3

API device support Let consumer decide about the page size of collections Use the concept of «Resource expansion» to minimize data transfer for mobiles

API Security, Authentication, Authorisation Use TLS / HTTPs Basic Auth (80% case) Oauth 2.0 OpenId Difficult to change later on

API Versioning Use version in the URL (provide a «latest» version ) Myapi.ex.com/latest/customer/123 Myapi.ex.com/v11/customer/123 Use Version in HTTP Headers

Humans vs. Machine If possible use one API for both human and machine web using different Representations of Resources Most operations on Business Systems are the the same for machines and humans

Transaction Client PUT or POST complete Transaction Example: Shopping Basket Send whole order with one request Example: Payment Send Payer and Receiver with same request

Transactions Service Boundary Server Transaction Boundary Consumer App Resource Domain Model Database

Web Transactions Currently no standards Can be implemented using classic two phase commit paradigm. Transaction modeled as a Resource Transaction Coordinator is a REST service

Section 2 - API style RPC / REST

API Styles Tunneling (SOAP/RPC) URI style (REST based) Hypermedia style (RESTful) Event driven style

RPC/SOAP vs REST RPC is about functions REST is about resources RPC is about many interfaces REST is about a uniform interface

Design Options triangle Data types Operations Service Instances

Uniform REST interface Interface Resource { Resource(URI u); Response options(); Response get(); Response post(request r); Response put(request r); Response delete(); Response patch(request r); }

RPC remote procedure call (WS*-Stack) Well established, Tooling available for major platforms WS Reliable Messaging WS Atomic Transactions WS Security Hides the remote aspect of operation (latency)

RPC remote procedure call (WS*-Stack) Leads to tight coupling to domain in many cases (tools) No notion of resource No hypertext No caching

RESTful according to Roy Fielding Level 3 of Richardson s Maturity Model qualifies for the attribute RESTful Many services are called RESTful but do not adhere to all the constraints There is a lot of work on standards (RFC s) to be done

REST Richardson Maturity Model

REST principles Unique identification of resources Standard methods Representations Hypermedia Stateless communication HTTP is application protocol

Resources Primary Resources Business Concepts (Customer, Address, Order, Account, Idea, Employee) Sub resources (x «contains» y ) Other Resources Query, Transaction, Concepts

Representations of Resources Resources may have many representations UI client might get HTML representation Machine might get XML or JSON

Resources Impedance mismatch Not every Entity is a resource in the API Representation of a resource may have data from many Entities (aggregation) Representations may contain only a subset of the attributes of an entity (projection)

URI s for resources Resource Collections www.ex.com/customers www.ex.com/customers/12345/orders Resources www.ex.com/customers/12345 www.ex.com/customers/12345/orders/89

URI naming rules Use nouns not verbs Use plural www.api.ex.com/customers/1234/orders Use singular only for singletons www.api.ex.com/configuration

URI templates www.api.ex.com/customers/{id}/orders www.api.ex.com/customers/{id}/orders/{id } Instruction on how to build an URI Should not be necessary if HATEOAS is implemented

Query parameters in URI s https://airline.server.test/ticketing_api/{flig ht_id}/{passenger_id}?option=vegetarian& option=wheelchair URL Limit 8092 bytes

Collections / Queries Use Query Parameters if simple Use concept of Query as Resource first POST to create a query (/products/queries) then you GET the query (/products/queries/1) Never use HTTP body in GET

Collections Pages / Pagination Provide a page-size parameter Provide the total page count in the response Use links for navigation (first, prev, next) Api.ex.com/customers/pages/3

Representations Media Types text/html application/json application/xml Your own type: application/vnd.xxxx+json Links to IANA MIME types http://www.iana.org/assignments/mediatypes/media-types.xhtml

Media types contd. ATOM ASF syndication format ATOM PUB publishing protocol ODATA Collection+JSON HAL Hypermedia Application Language SIREN RDF Resource description framework

Selecting Media type Depends on the requirements Choose formats based on JSON or XML Plan for Hypermedia controls Type should allow for a link to a Profile Choose formats that have some pervasiveness, tool support etc.

HTTP Verbs GET PUT POST DELETE PATCH OPTIONS HEAD TRACE

HTTP verbs safe methods GET, HEAD, OPTIONS No changes on the server

HTTP verbs - Idempotence Idem = same /potence = power operation that will produce the same results if executed once or multiple times GET, HEAD, OPTIONS, PUT, DELETE must have idempotent results POST is not idempotent

Overriding HTTP Method Some proxies support only POST and GET methods. To support a RESTful API with these limitations, the API needs a way to override the HTTP method. Use the custom HTTP Header X-HTTP- Method-Override to override the POST Method.

Error handling Do not just send 500 with a stacktrace Provide meaningful payload { "errors": [ { "usermessage": "Sorry, the requested resource does not exist", "internalmessage": "No customer found in the database", "code": 12349, "more info": "http://smx.cmfirstgroup.com/test/api/v1/errors/12349" } ] }

HTTP status codes Organized in groups 1xx Informational 2xx Successful 3xx Redirection 4xx Client Error 5xx Server Error

HTTP Headers Authorization: Bearer 939399399399393 X-HTTP-Method-Override: DELETE Accept: audio/*; Location: http://api.ex.com/customer/123 X-Callback: <http://ex.com/callback>; method="post" See: RFC 2616

REST API Stateless server There is no concept of a session in REST State must be kept on the client All information needed to perform a request on the server must be passed along with the request (Headers, representation) Resource Status (ordered, shipped etc) is kept on the server

Resource caching The advantage of adding cache constraints is that they have the potential to partially or completely eliminate some interactions, improving efficiency, scalability, and user-perceived performance by reducing the average latency of a series of interactions. Roy Fielding

Caching improve speed, because we want to deliver fast content to our consumer fault tolerance, because we want our service to deliver content also when it encounters internal failures scalability, because the WWW scales to bilions of consumers through hypermedia documents and we just want to do the same thing reduce server load, because we don t want our servers to compute without the need of it

Cache types Local Cache Proxy Cache Reverse Proxy Webserver

Cache Strategies Expiration Model Max-Age / Expires Header Validation Model Conditional GET: If-Modified-Since Conditional GET: If-None-Match: ETAG Model depends on business requirements

Invalidating Cache PUT,POST,DELETE requests will invalidate the caches that are under your control. Remember you cannot control intermediate caches in request path DB changes not driven by the API will probably need to invalidate cache entries

HATEOAS Hypermedia as the Engine of Application State Provide Links and Verbs for state transitions

HATEOAS HTTP as Application Protocol Application domain protocol Describe possible next actions on resources using links. Link relation URI HTTP verb to use Expected Media type

HATEOAS single entry point GET ordermgr.ex.com { "links": { "all" : "http://ordermgr.ex.com/orders", "processing" : "http://ordermgr.ex.com/orders?state=processing", "shipped" : "http://ordermgr.ex.com/orders?state=shipped", "cancellations: "http://ordermgr.ex.com/cancellations", "reports" : "http://ordermgr.ex.com/reports" } }

HATEOAS single entry point GET ordermgr.ex.com { "links": { "all" : "http://ordermgr.ex.com/orders", "processing" : "http://ordermgr.ex.com/orders?state=processing", "shipped" : "http://shipmentmgr.ex.com/orders", "cancellations: "http://ordermgr.ex.com/cancellations", "reports" : "http://ordermgr.ex.com/reports" } }

HATEOAS Benefits Decoupling of client and server Changes to resource distribution are simple (client just follows URI s) Server controllable application flow

Hypertext Request Handler Hypertext Response Data representation Possible next operations as links

IANA Link relation values Self Next-archive Prev-archive First Last Payment http://www.iana.org/assignments/linkrelations/link-relations.xhtml

Securing REST TLS / HTTPs Do not clutter URI s with auth information Use HTTP Headers

Securing REST Basic HTTP (only over TLS) 80 % case Oauth 2.0 OpenId

Section 3 - CA Plex and RESTful API s

RESTful API and CA Plex No support for RESTful API generator Should we generate? Probably not. CA Gateway and ASO to make use of existing or new SOAP WCF services for CRUD is an option Third party solutions / no announcments yet

CA Plex Restful API Resources vs. Entities Impedance mismatch Not every Entity is a resource in the API Representation of a resource may have data from many Entities (aggregation) Representations may contain only a subset of the attributes of an entity (projection)

CA Plex Restful API Links vs. DB Relations We should not expose implementation details Some Relations will be modeled as links others will be modeled as sub-resources or embedded resources in the API

CA Plex Restful API Plex architecture based on RPC style Major effort needed to support REST style New Plex Object Types (Resource, Representation). Exchange dynamic Messages/Documents instead of fixed function parameters, HTTP support for Plex Runtime

CA Plex third party web solutions Websydian Transact XML CM Webclient Plex XML All of these can adopt REST style.

WCF SOAP API and CA Plex Create function layer for WCF Services Do not call domain functions directly Use separate fields on parameter interfaces for service functions, cast from domain fields WCF SOAP method generation based on Plex Function input/output parms MOV s and arrays still fixed size.

RESTful API and CA Plex App Server / Business Logic Web Server / Load Balancer/ Cache /Gateway REST API using Framework (.NET, Java) Logic Plex generated Code DB

Write API Services in Java/.Net.NET WCF Restful Services Java JAX-RS Use PlexRuntime to call domain functions Direct Object to XML or JSON mapping should be avoided Resource Handlers, State Machines Decouple API model and Domain model

CA Plex and App Services Orchestrator CA ASO CA Plex CA API Gateway IIS WCF App Server / Business Logic ASO gener ated code from WSDL Plex generate d Code Plex generated Code DB

Application Logic Logic should be on the server CRUD only API will lead to «fat clients» Validation / code duplication Status Transitions

Datamodel supporting REST Use GUIDS on Tables Add a mapping table to the picture GUID Tablename Key Values

Key mapping table

URI composition from ent and keys Mandate, Customer, Order, Orderline, Shipmentline Api.ex.com/mandates/{key}/customers/{ke y}/orders/{key}/orderlines/{key}/shipmentli nes/{key} Api.ex.com/shipmentlines/{key}

Questions?

Recommended REST reads RESTful Web API (Leonard Richardson, Mike Amundsen, Sam Ruby) ENG REST in Practice (Jim Webber,Savas Parastatidis,Ian Robinson) ENG REST und HTTP (Stefan Tilkov, Martin eigenbrodt, Silvia Schreier) GER

Thank you! lorenz.alder@cmfirstgroup.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback