REST API Design, Development & Management
4.3 (373 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
2,239 students enrolled
Wishlisted Wishlist

Please confirm that you want to add REST API Design, Development & Management to your Wishlist.

Add to Wishlist

REST API Design, Development & Management

Learn the REST API Concepts, Design best practices, Security practices, Swagger 2.0/OAI, Hands on API Management
Bestselling
4.3 (373 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
2,239 students enrolled
Created by Rajeev Sakhuja
Last updated 6/2017
English
Current price: $10 Original price: $30 Discount: 67% off
30-Day Money-Back Guarantee
Includes:
  • 7.5 hours on-demand video
  • 1 Article
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Design and Develop RESTful API by applying the best practices & REST constraints
  • Create practices for API security, versioning, lifecycle management, documentation and other important aspects
  • Write specifications in Swagger2.0/OAI specifications in YAML format
  • Create an API management strategy for your enterprise
  • Leverage some of the common API management platforms for building API proxies (APIGEE, IBM API Connect, Mulesoft Anypoint)
View Curriculum
Requirements
  • Any one modern programming language such as Java or Node JS or Go or PHP
  • Familiarity with web application architecture
  • Idea on XML or JSON formats
  • Understanding of the concept of service
Description

PS: 

  • This COURSE will NOT teach coding of REST API from scratch. Please do NOT enroll if that is your objective/Goal.
  • Please check the audio of preview lectures before purchasing as some students have complained about low volume (fix is in works)


Today Enterprises are using REST APIs for not just building mobile applications but also for:

  • Creating new channels for partnership
  • Building new revenue streams & business models
  • Promoting their brands

Just creating the API does not guarantee that the enterprise will be able to achieve the desired goals from API perspective. Adoption of API by developers depend on multiple aspects such as its utility, ease of use, performance, scalability, security. The API provider must apply best practices throughout the lifecycle of an API.

This course covers all the important aspects related to design, development and management of API. The best practices, challenges, suggestions & options discussed in this course are either:

  • Created by analyzing how the popular API providers such as Facebook, Twitter, Capital One etc are building and managing their API

Or/And

  • Taken from personal experiences of the author

This course is suited for any technologist interested in learning REST API from end to end perspective not just from the coding perspective. Though this course uses NodeJS for demonstrating the design best practices, it does not require students to have any prior experience wth NodeJS. 

To take this course the student is expected to know any one (or more) programming language; have understanding of web application architecture; to be familiar with the concept of services ; understands the data formats such as JSON or XML

Please note that this course will NOT teach how to code REST API in NodeJS.

Course is divided into 6 sections:

1. Setting the stage

Lectures in this section will provide the outline of the course, discuss a case study (ACME Travel) that will be used as an example through the course, provide a list of tools used in the course.

2. REST API Concepts

Lectures in this section will cover the foundational concepts such as the evolution of RESTful API and the 6 architectural constraints.

3. Designing the REST API

Focus in this section is on best practices for designing the REST API. The approach taken in this section is to show how some of the popular API providers (E.g., Twitter, Facebook, Twilio ...) have designed their REST API. Some of the RESTful design aspect covered in this section are:

  • Resources, CRUD implementation
  • Error Handling, HTTP status codes
  • Change management & Versioning
  • Pagination, Partial responses

To demonstrate the implementation aspects, a set of NodeJS based API is also implemented for a fictitious enterprise ACME Travels.

4. Securing the REST API

Commonly used BasicAuth standard is not the best way to implement API security. In this section student will learn the commonly adopted Authentication and Authorization schemes used for REST API

  • Tokens (Jason Web Tokens or JWT)
  • Key/Secret
  • OAuth 2.0 (Using Spotify implementation as a reference)

When an API is exposed by an enterprise to the public internet, it poses a risk to the enterprise as hackers may use the vulnerabilities in the API to launch attacks against the enterprise. There are multiple types of such Functional attacks that the API provider must consider. You will learn about the common attacks and the best practices for protecting the API.

5. Swagger 2.0 / Open API Initiative specifications

This section will begin with the description of Collaborative specifications development process & benefits of adopting contract first approach. Students will learn

  • Swagger 2.0 specification standard 
  • How to create REST API specifications in YAML format
  • Tools options for Swagger specs editing
  • Benefits of Swagger 2.0
  • Demonstration of how specifications are leveraged by common platforms such as Apigee, Mulesoft & IBM API Connect

As part of the lectures, a complete specification will be created for ACME Vacations. At the end of this section student will be able to write Swagger/OAI specifications for their own API.

6. API Management

API management  is the process of publishing, documenting and overseeing application programming interfaces (APIs) in a secure, scalable environment. Lectures in this section cover the details of the following activities that an API provider carry out within the scope of API management.

  • Lifecycle management
  • Developer productivity
  • Developer portal
  • Security
  • Traffic management
  • Analytics
  • Productization
  • Monetization (API Economy)

APIgee, IBM API ConnectMulesoft platforms will be used for demonstrating the various API management aspects discussed in the lectures. Students are encouraged to try out these platforms on their own to get a good feel of what API management platforms bring to table. The three platforms offer a free trial version that can be used for testing.

Who is the target audience?
  • Technologists interested in learning where, when and how RESTful services should be used in application
  • Developers of web, mobile, IoT applications looking to build RESTful services on the backend
  • Solution architects interested in learning how they can leverage "API Management Platforms" such as Apigee/Mulesoft/IBM API Connect
  • IT Leads aspiring to become architects
  • This course will NOT teach the student how to code Node JS. Use of NodeJS is to demonstrate the implementation of concepts discussed in the lectures.
  • This course is NOT for students looking to learn just the coding of REST API
Curriculum For This Course
49 Lectures
07:19:18
+
Setting the stage
5 Lectures 19:36

Provides link for summary decks download.

Preview 00:04

ACME Travels is a fictitious company that is going through a crisis as they did not keep up to speed with the technology. Their CTO has a vision to create an API driven organization.

This quick lecture describes the ACME case study that will be used in discussions of various concepts discussed in this course. All APIs created in the course are for ACME travels.

Preview 04:20

In this course multiple tools will be used. This quick lecture describes the tools that will be used in this course. Students are not expected to have any prior experience with any of the tools discussed

Preview 01:52

In this lecture students will learn about the free MongoDB sandbox environment offered by http://mlab.com

Samples in this course will use the MongoDB instance on mlab.com

Crash course on MongoLabs
01:30
+
Evolution of RESTful services
4 Lectures 35:28

Walkthrough of a scenario to explain what an API is.

Preview 08:10

Students will learn about the 

  • Issues with using XML/RPC for mobile applications
  • History of RESTful API
  • How so many organizations are leveraging REST API 
Evolution of REST/JSON API
07:25

Students will learn the core concepts of RESTful API. At end of the lecture they would understand the following terms:

  • Representational state
  • Resources
  • State transfer

Also covers the demonstration of a publicly available REST API from Walmart.

Introduction to RESTful API
10:53

Checks students understanding of general concepts of API

API 101
10 questions

Students will learn about the three types of APIs.

Preview 09:00
+
REST API Architectural Constraints
8 Lectures 43:17

Just using the JSON+HTTP does not automatically make the API RESTful. In this student will get a overview of the REST constraints described by Roy Fielding in his dissertation paper.

Introduction to REST Architecture Constraints
04:35

Student will learn about the benefit of following the "Client-Server" constraint which is considered the foundation for the RESTful API.

REST API Architectural Constraint - Client Server
03:56

Student will learn about the constraint#2 Uniform Interface + the 4 guiding principles that are part of the Uniform Interface constraint.

REST API Architectural Constraint - Uniform Interface
06:50

Student will learn about the "Statelessness" constraint. 

Preview 02:51

In this lecture student will learn 

  • about the HTTP Caching headers
  • how the HTTP Cache-Control can be used to achieve better performance
  • how the caching strategy counterbalances the "performance" hit due to "statelessness"
REST API Architectural Constraint - Caching
07:49

Student how "Layered System" architecture enables a incremental evolutionary approach.

REST API Architectural Constraint - Layered System
03:35

This lecture describes the (optional) REST constraint referred to as the "Code on Demand"

REST API Architectural Constraint - Code On Demand
02:50

At the end of this lecture the Student will be able to evaluate the maturity level of an organization from the perspective of adoption of RESTful architecture & practices. 

Richardson Maturity Model for REST API
10:51

Test student's knowledge of REST architectural constraints.

REST API Architectural Constraints
10 questions
+
Desigining REST API
13 Lectures 02:28:12

Student will learn about:

  • the API value chain
  • "common sense" design principles :)
API Value Chain
03:39

Student will learn about:

  • Conventions used for "Base URL"
  • resource naming for REST API. Examples of how Facebook/Walmart ... are naming their resources
Practices for Resource Names, Actions & Associations
11:10

Describes how to implement the API CRUD operations. Covers the use of HTTP verbs, status codes and how to implement the support for multiple data formats.

Preview 16:59

In this lecture students will learn how to create a simple API in Node. At the end of the lecture students are expected to be able to extend the vacations API to add more operations.

Walkthrough: Creating a Vacations API in Node JS
12:59

Students will how to implement error handling in REST API

REST API Error Handling Practices
11:21

This quiz will test the student's understanding of how to implement basic operations & error handling for REST API.

Implement REST API
12 questions

Walk through of the code for demonstrating the error handling for REST API

Code available at https://www.github.com/acloudfan

Walkthrough: Implementation of error handling for POST API
10:42

Test student's knowledge of designing the error handling for their API

REST API Error Handling
10 questions

Students will learn about common changes required for API after they have been released. Also included is a discussion on practices for handling API changes. 

  • Breaking  change & how to handle it
  • Non-breaking change
Preview 10:49

Student will learn the  common version strategies for the REST API. Also understand the API lifeservice from version perspective.

Versioning the API
09:13

Students will learn 

  • the benefits of Caching
  • practices around what to cache and the design decisions
API Caching (1 of 2) Concepts & Design decisions
09:28

Student will lear how to use the HTTP cache control directive

API Caching (2 of 2) Cache Control Directive
22:29

API implementations can use the HTTP header Cache-Control to take advantage of the HTTP protocol built in support for caching. In this lecture students will learn the various directives (instructions) they can use for building API with cache support. 

This lecture demonstrates the use of the HTTP caching header from the Node JS API.

Demo - API Caching using Cache-Control Directives
05:04

Checks students knowledge of general concepts of caching and Cache-Control directives.

API Caching
5 questions

Its common for many popular API providers (Facebook, LinkedIn, Pinterest...) to support partial response in their APIs. In this lecture student will learn the benefits of supporting partial responses and they will see a demo of building API with support for partial responses (ACME Hotels API)

Building support for Partial Responses
12:32

In this lecture students will learn common ways in which Pagination support may be implemented in an API. At the end of this lecture they would learn how to build pagination in  a MongoDB/Node application using the limit/skip functions

Building support for Pagination
11:47

Checks students understanding of how to design API with support for partial responses and pagination

Building support for Partial Responses & Pagination
5 questions
+
REST API Security
6 Lectures 01:14:36

Student will learn about security aspects related to  API:

  • Authentication
  • Authorization
  • Functional attacks
REST API Security - Introduction
06:17

Basic authentication is the simplest form of authentication that may be applied to the API. Student will learns concepts and then understand how to code Basic Auth in Node JS code.

Securing API with Basic Authentication
10:03

Tests the student on their understanding of Basic authentication

API Basic Authentication
8 questions

Student will learn:

  • What are tokens?
  • Jason Web Token (JWT) standard
  • Securing Node REST API with JWT
Preview 15:45

Checks student's understanding of Token based authentication and JWT

API Token based Authentication & JWT
11 questions

The API Key/Secret is the most common way the API providers protect the API. In this lecture student will learn about:

  • implementation of the key/secret
  • practices for the implementation of the key/secret
  • technical considerations for implementing key/secret base auth
Securing API with API Key & Secret
09:15

Tests students understanding of concept of client key & secret 

API Keys and Secret
5 questions

Student will learn the concepts of OAuth2.0. 

In this lecture, student will also learn how Spotify (Streaming music) has implemented the OAuth2 for their public API.

Preview 19:27

Tests student's understanding of concepts of API authorization and OAuth 2.0

API Authorization OAuth2.0
10 questions

Hackers are always looking for threats/vulnerabilities in publicly available API. Student will learn abut common types of attack. In the lecture the student will also see a demonstration of a "SQLInjection" attack.

API Security - Functional Attack
13:49
+
REST API Specifications using Swagger 2.0 / OAI
5 Lectures 37:47

In this lecture student will learn:

  • contract first approach
  • collaborative specifications development process
  • different REST API specifications standard
  • introduction to Swagger/OAI standard
Requirements Analysis Process & Intro to REST Specifications
05:58

Checks student's knowledge of basic concepts of REST API specifications

REST API Specifications
5 questions

In this lecture student will get an overview of he Swagger/OAI + YAML specifications. Also discuss the various editor options for Swagger/OIA

Swagger/OAI Specifications Walkthrough
05:38

Tests the student on their knowledge of Swagger

Introduction to Swagger/OAI specifications
5 questions

Students will learn:

  • structure of the Swagger/OAI specs document
  • about the tools for Swagger/OAI document editing
  • to create the Swagger/OAI specifications in YAML format
Swagger/OAI Specifications, Part 1 of 3
08:32

Checks student's understanding of the specifications format

Structure & Elements of Swagger/OAI specifications
5 questions

Student will learn how to define the following in Swagger/OAI specs:

  • Request/response schema
  • Security definitions
  • Parameters
Swagger/OAI Specifications, Part 2 of 3
09:34

Structure & Elements of Swagger/OAI specifications (2/3)
6 questions

Student will learn how to create Paths/Operations in the Swagger/OAI specifications. Walkthrough of the developer documentation generated from the specifications.

Preview 08:05

Checks student's understanding of the Paths/Resources

Structure & Elements of Swagger/OAI specifications (3/3)
5 questions
+
API Management
7 Lectures 01:15:13

In this lecture student will learn about the 

  • Activities that fall under the scope of API management
  • Common API management infrastructure setup (Agent & Proxy model)
Preview 03:48

In this lecture student will learn about the practices for managing the API "Lifecycle" that has 5 stages. 

How API developer productivity is enhanced by way of adoption of the API management platforms.

Demonstration of specification import process on the "Mulesoft" and "IBM API Connect" platform

Generate the API proxy on "Apigee" platform using the vacation specification generated in previous section. Apply policies to control the behavior of the API.

API Lifecycle & Developer Productivity
13:42

Student will learn about the essential features of the API developer portal. At the end of the lecture will be in a position to decide whether to build or buy a portal for their API.

At end of the lecture student will see how easily an off the shelf developer portal (Mulesoft) can easily be customized.

Preview 15:46

Students will learn about:

  • security best practices
  • the need for the minimal security (key) for the API
  • how API management based solution can be used for key authentication (demo on Apigee)
API Security Management
11:25

Student will learn 

  • why an API provider MUST carry out traffic management
  • about types of traffic management policies (Quota, Spike arrest, Rate limiting)

    Lecture also includes demo of the traffic policies in action on Apigee platform.



API Traffic Management
13:09

API Analytics is an important aspect of API management. There are multiple types of analytics collected on the API platform. Student will learn abut the common analytics collected on API platforms and how it can be leveraged by the developers.

API Analytics
07:24

Students will learn about the good practice that states "Treat your API like a product if you would like to sell it like a product". 

Also the student will understand the

  • concept of monetization
  • various monetization models
  • technology considerations from the realization perspective
Preview 09:59
+
Good Bye & All the Best
1 Lecture 05:09
Good bye
05:09
About the Instructor
Rajeev Sakhuja
4.5 Average rating
1,013 Reviews
5,214 Students
3 Courses
IT Consultant, IBM Cloud Champion 2017

I am a hands-on Information Technology consultant experienced in large scale applications development, infrastructure management & Strategy development in Fortune 500 companies. Have over 20 years of experience in IT industry. Passionate technologist who likes to learn and teach new technologies. Currently assisting large companies in building cloud strategy and practices.

Proud to announce that recently IBM has recognized me as the "IBM Cloud Champion for 2016-2017". Thanks to all the students for their continuous support and encouragement.