apis from idea to market - .Backend services ... SWAGGER, RAML) APIS FOR DEVELOPER & ARCHITECTS Amr

  • View
    216

  • Download
    0

Embed Size (px)

Text of apis from idea to market - .Backend services ... SWAGGER, RAML) APIS FOR DEVELOPER & ARCHITECTS...

  • APIS FROM IDEA TO MARKET

    Developing & Securing APIs Best Practices

    Amr Salah - Middleware Specialist Amro.elhanbaly@gmail.com

    Linkedin

    Abstract

    This document will go deeply with list of definitions, approaches and best practices to develop and secure APIs. The document discusses the recommended development lifecycle

    with market tool as well as security best practices for APIs and the whole environment

    https://www.linkedin.com/in/amr-salah-a35376b/

  • APIS FOR DEVELOPER & ARCHITECTS

    Amr Salah - Middleware Specialist

    1

    EXECUTIVE SUMMARY

    Nowadays, APIs is the integration cornerstone technology. APIs continue to be an

    integral business strategy across industries, and it doesnt appear to be slowing

    down anytime soon, especially with the rise of IoT.

    Moreover, the systems integration pattern into large and medium organisations

    derives its value from being able to connect all systems together, transform data,

    automate end-to-end solutions to your customers and expose all your functionality

    in very secure way.

    Furthermore, APIs is very cheap technology to use, while cloud vendors provide us

    today with pay-as-you-go model, we have also serverless which is cheaper and

    charge you by request/response only.

    Additionally, its aligning with agile methodology in which incremental shippable

    releases are delivered to the customer every one to four weeks with a great

    potentials to quick growth.

    Last but not least, APIs is very easy to develop with a guarantee to deliver a flexible,

    secure, high quality, well written, well documented and professional integration

    solution if you have the right architecture in place.

    In this document, we will dive

    deeply into APIs technologies,

    approaches, architecture and

    security starting by APIs

    definition and comparison,

    APIs development best

    practices ending with securing

    the whole environment not

    only APIs.

    CONTENTS

    The ability of your business to change quickly,

    innovate easily, and meet competition wherever it

    arises is a strategic necessity today. This will allow

    you to thrive in a market which constantly

    changes, and create new customer experiences in

    new contexts using new technologies.

    Mulesoft - Microservices Best Practice

  • APIS FOR DEVELOPER & ARCHITECTS

    Amr Salah - Middleware Specialist

    2

    Executive Summary ............................................................................................................................................... 1

    APIs introduction................................................................................................................................................. 4

    RESTful APIs Lifecycle .......................................................................................................................................... 6

    APIs Design........................................................................................................................................................ 7

    What is API Design & Why? ........................................................................................................................ 7

    APIs Documentation tools ........................................................................................................................... 7

    APIs Development .......................................................................................................................................... 10

    Backend services ........................................................................................................................................ 10

    APIs Development Golden rules .............................................................................................................. 12

    APIs Interface Naming .............................................................................................................................. 13

    Development tools ..................................................................................................................................... 15

    APIs Testing ..................................................................................................................................................... 17

    APIs testing types ....................................................................................................................................... 18

    Testing phase preparation ...................................................................................................................... 20

    APIs Deployment ........................................................................................................................................... 22

    Deployment Server Types ....................................................................................................................... 22

    APIs Management .......................................................................................................................................... 23

    Security ....................................................................................................................................................... 24

    Throttling & Limiting .................................................................................................................................. 25

    Validation & Mapping (Interface Management) .................................................................................. 25

    Routing........................................................................................................................................................ 25

    Deployment & Publishing ......................................................................................................................... 25

    Logging & Monitoring ............................................................................................................................... 25

    APIs Gateways Solutions......................................................................................................................... 26

    APIs Publishing, Discovery & Consuming .................................................................................................. 28

    API Discovery & Consuming .................................................................................................................... 28

    APIs Development FAQ ...................................................................................................................................... 29

    APIs revenue models ............................................................................................................................................ 31

    API Security .......................................................................................................................................................... 32

    Authentication & Authorisation ................................................................................................................ 33

    Infrastructure hardening ........................................................................................................................... 35

    Data, Host & Network Security ................................................................................................................ 36

    DATA/Host/Network Security Tips ......................................................................................................... 44

    High Availability ....................................................................................................................................... 45

  • APIS FOR DEVELOPER & ARCHITECTS

    Amr Salah - Middleware Specialist

    3

    Logging & monitoring, .............................................................................................................................. 48

    Risk Management ..................................................................................................................................... 49

  • APIS FOR DEVELOPER & ARCHITECTS

    Amr Salah - Middleware Specialist

    4

    APIS DEVELOPMENT

    APIS INTRODUCTION

    Long time ago people started to use SOAP Webservices which enabled system

    integrations regardless backend technologies, e.g. Java systems are talking to C#.

    This was very powerful in large organisations where they have a lot of implemented

    system from different

    companies and want to

    integrate all of them together.

    SOAP webservices worked well

    and fit in all cases until we had a

    RESTful APIs which is

    HTTP/HTTPS based.

    Unlike SOAP webservices which

    is XML-based and requires a lot

    of effort to develop and use,

    RESTFul APIs are very easy to

    develop and can be consumed in a browser as (HTTP request)

    So quickly let's put SOAP vs REST comparison

    SOAP VS REST

    SOAP is XML-based, REST is JSON-based which makes REST much lighter

    (SOAP0 vs REST-1)

    SOAP only supports XML, REST is support XML & JSON (SOAP0 vs REST-2)

    SOAP is not supported by browser, REST is HTTP based so it's fully supported

    by browser (SOAP0 vs REST-3)

    REST provide great performance, usually through caching information which

    is not altered (SOAP0 vs REST-4)

    REST is usually faster and use litt