REST API Design, Development & Management
- 7 hours on-demand video
- 1 article
- Full lifetime access
- Access on mobile and TV
- Certificate of Completion
Get your team access to 4,000+ top Udemy courses anytime, anywhere.Try Udemy for Business
- Design and Develop RESTful API by applying the best practices & REST constraints
- Create practices for API security, versioning, lifecycle management, documentation and other important aspects
- Write specifications in Swagger2.0/OAI specifications in YAML format
- Create an API management strategy for your enterprise
- Leverage some of the common API management platforms for building API proxies (APIGEE, IBM API Connect, Mulesoft Anypoint)
- Any one modern programming language such as Java or Node JS or Go or PHP
- Familiarity with web application architecture
- Idea on XML or JSON formats
- Understanding of the concept of service
This COURSE will NOT teach coding of REST API from scratch. Please do NOT enroll if that is your objective/Goal.
Please check the audio of preview lectures before purchasing as some students have complained about low volume (fix is in works)
Some students have complained about Low Volume in the past - please take a preview before enrolling
Today Enterprises are using REST APIs for not just building mobile applications but also for:
Creating new channels for partnership
Building new revenue streams & business models
Promoting their brands
Just creating the API does not guarantee that the enterprise will be able to achieve the desired goals from API perspective. Adoption of API by developers depend on multiple aspects such as its utility, ease of use, performance, scalability, security. The API provider must apply best practices throughout the lifecycle of an API.
This course covers all the important aspects related to design, development and management of API. The best practices, challenges, suggestions & options discussed in this course are either:
Created by analyzing how the popular API providers such as Facebook, Twitter, Capital One etc are building and managing their API
Taken from personal experiences of the author
This course is suited for any technologist interested in learning REST API from end to end perspective not just from the coding perspective. Though this course uses NodeJS for demonstrating the design best practices, it does not require students to have any prior experience wth NodeJS.
To take this course the student is expected to know any one (or more) programming language; have understanding of web application architecture; to be familiar with the concept of services ; understands the data formats such as JSON or XML
Please note that this course will NOT teach how to code REST API in NodeJS.
Course is divided into 6 sections:
1. Setting the stage
Lectures in this section will provide the outline of the course, discuss a case study (ACME Travel) that will be used as an example through the course, provide a list of tools used in the course.
2. REST API Concepts
Lectures in this section will cover the foundational concepts such as the evolution of RESTful API and the 6 architectural constraints.
3. Designing the REST API
Focus in this section is on best practices for designing the REST API. The approach taken in this section is to show how some of the popular API providers (E.g., Twitter, Facebook, Twilio ...) have designed their REST API. Some of the RESTful design aspect covered in this section are:
Resources, CRUD implementation
Error Handling, HTTP status codes
Change management & Versioning
Pagination, Partial responses
To demonstrate the implementation aspects, a set of NodeJS based API is also implemented for a fictitious enterprise ACME Travels.
4. Securing the REST API
Commonly used BasicAuth standard is not the best way to implement API security. In this section student will learn the commonly adopted Authentication and Authorization schemes used for REST API
Tokens (Jason Web Tokens or JWT)
OAuth 2.0 (Using Spotify implementation as a reference)
When an API is exposed by an enterprise to the public internet, it poses a risk to the enterprise as hackers may use the vulnerabilities in the API to launch attacks against the enterprise. There are multiple types of such Functional attacks that the API provider must consider. You will learn about the common attacks and the best practices for protecting the API.
5. Swagger 2.0 / Open API Initiative specifications
This section will begin with the description of Collaborative specifications development process & benefits of adopting contract first approach. Students will learn
Swagger 2.0 specification standard
How to create REST API specifications in YAML format
Tools options for Swagger specs editing
Benefits of Swagger 2.0
Demonstration of how specifications are leveraged by common platforms such as Apigee, Mulesoft & IBM API Connect
As part of the lectures, a complete specification will be created for ACME Vacations. At the end of this section student will be able to write Swagger/OAI specifications for their own API.
6. API Management
API management is the process of publishing, documenting and overseeing application programming interfaces (APIs) in a secure, scalable environment. Lectures in this section cover the details of the following activities that an API provider carry out within the scope of API management.
Monetization (API Economy)
APIgee, IBM API Connect & Mulesoft platforms will be used for demonstrating the various API management aspects discussed in the lectures. Students are encouraged to try out these platforms on their own to get a good feel of what API management platforms bring to table. The three platforms offer a free trial version that can be used for testing.
- Technologists interested in learning where, when and how RESTful services should be used in application
- Developers of web, mobile, IoT applications looking to build RESTful services on the backend
- Solution architects interested in learning how they can leverage "API Management Platforms" such as Apigee/Mulesoft/IBM API Connect
- IT Leads aspiring to become architects
- This course will NOT teach the student how to code Node JS. Use of NodeJS is to demonstrate the implementation of concepts discussed in the lectures.
- This course is NOT for students looking to learn just the coding of REST API
ACME Travels is a fictitious company that is going through a crisis as they did not keep up to speed with the technology. Their CTO has a vision to create an API driven organization.
This quick lecture describes the ACME case study that will be used in discussions of various concepts discussed in this course. All APIs created in the course are for ACME travels.
In this course multiple tools will be used. This quick lecture describes the tools that will be used in this course. Students are not expected to have any prior experience with any of the tools discussed
Student will learn about the "Statelessness" constraint.
Describes how to implement the API CRUD operations. Covers the use of HTTP verbs, status codes and how to implement the support for multiple data formats.
Students will learn about common changes required for API after they have been released. Also included is a discussion on practices for handling API changes.
- Breaking change & how to handle it
- Non-breaking change
API implementations can use the HTTP header Cache-Control to take advantage of the HTTP protocol built in support for caching. In this lecture students will learn the various directives (instructions) they can use for building API with cache support.
This lecture demonstrates the use of the HTTP caching header from the Node JS API.
Its common for many popular API providers (Facebook, LinkedIn, Pinterest...) to support partial response in their APIs. In this lecture student will learn the benefits of supporting partial responses and they will see a demo of building API with support for partial responses (ACME Hotels API)
Student will learn:
- What are tokens?
- Jason Web Token (JWT) standard
- Securing Node REST API with JWT
Student will learn the concepts of OAuth2.0.
In this lecture, student will also learn how Spotify (Streaming music) has implemented the OAuth2 for their public API.
Student will learn how to create Paths/Operations in the Swagger/OAI specifications. Walkthrough of the developer documentation generated from the specifications.
In this lecture student will learn about the
- Activities that fall under the scope of API management
- Common API management infrastructure setup (Agent & Proxy model)
In this lecture student will learn about the practices for managing the API "Lifecycle" that has 5 stages.
How API developer productivity is enhanced by way of adoption of the API management platforms.
Demonstration of specification import process on the "Mulesoft" and "IBM API Connect" platform
Generate the API proxy on "Apigee" platform using the vacation specification generated in previous section. Apply policies to control the behavior of the API.
Student will learn about the essential features of the API developer portal. At the end of the lecture will be in a position to decide whether to build or buy a portal for their API.
At end of the lecture student will see how easily an off the shelf developer portal (Mulesoft) can easily be customized.
Students will learn about the good practice that states "Treat your API like a product if you would like to sell it like a product".
Also the student will understand the
- concept of monetization
- various monetization models
- technology considerations from the realization perspective