RM
Uploaded byRoan Brasil Monteiro
PDF, PPTX389 views

Creating an api from design to security.

This document outlines a presentation on creating APIs from design to security. It discusses 10 key topics: 1) API design, 2) REST principles, 3) documentation, 4) versioning, 5) domain-driven design, 6) clean architecture, 7) databases, 8) CQRS pattern, 9) pagination, and 10) security. For each topic, it provides an overview and highlights important considerations like API contracts, REST maturity levels, Swagger/OpenAPI documentation, versioning techniques, bounded contexts, layered architectures, SQL vs NoSQL databases, CQRS responsibilities, and authentication/authorization standards.

Software
Related topics:
API Design Insights

Embed presentation

Download as PDF, PPTX
Otavio Santana @otaviojava Creating an API: From Design to Security Roan Brasil @roanbrasil
Otavio Santana @otaviojava DevRel Engineer + Java Champion + JCP-EC-EG-EGL + Apache Committer + Eclipse Committer + Eclipse Project Leader + Book and blog writer Speaker
Roan Brasil @roanbrasil Senior Engineer + JCP-Member + Open Source Contributor + Book and blog writer + Teacher Speaker
10 commandments 1. API Design 2. Glory of Rest 3. Documentation 4. Versioning 5. DDD 6. Clean Architecture 7. Database 8. CQRS 9. Pagination 10. Security
Ⅰ Api Design ● API ● Contract First ● Contract Last
ⅠⅠ Glory of Rest ● Richardson Maturity Model ○ Model of Restful Maturity ○ Integration Problems
ⅠⅠ Glory of Rest ● Level 0 ○ HTTP - transport system for remote interactions ● Level 1 ○ Individual Resources ● Level 2 ○ POST ○ GET ○ DELETE ○ PATCH / PUT ● Level 3 ○ HATEOAS (Hypertext As The Engine Of Application State)
Ⅲ Documentation ● Swagger ● Language Documentation ● Open-API
ⅠⅤ Versioning 1. URL a. http://yourapi.domain.com/api/v1/doSomething 2. Query Parameters a. http://yourapi.domain.com/api/doSomething?version=1 3. Custom Headers a. Accept-version: v1 4. Content Negotiation a. Accept: application/vnd.domain.v1+json b. Accept: application/vnd.domain+json;version=1.0
Ⅴ DDD ● Ubiquitous Language ● Domain ● Subdomain ● Bounded Context
ⅤⅠ Clean Architecture ● SOLID ● Layers ○ Presentation Layer ■ Controller ○ Application Layer ■ Service Orchestrating ○ Domain Layer ■ DTO/POJO ■ Entities ■ Services ○ Infrastructure Layer ■ Repositories ■ Config
Ⅶ Database ● NoSQL vs SQL ● Encapsulation ● CAP
ⅦⅠ CQRS ● Command Query Responsibility Segregation ○ Greg Young's 2010 essay ○ Write - Command ○ Read - Query
Ⅸ Pagination ● Performance ● HATEOAS
Ⅹ Security ● Basic Authentication ● OAuth 2.0 ○ JWT - JSON Web Tokens (RFC 7519) ■ JWS - JSON Web Signature (RFC 7515) ■ JWE - JSON Web Encryption (RFC 7516) Site: https://jwt.io/
Q&A Thank you

More Related Content

PDF
HTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIs
byRoan Brasil Monteiro
 
PDF
Jumping in Jakarta Open Source Project Everything nobody tells you
byRoan Brasil Monteiro
 
PDF
Improving your code design using Java
byRoan Brasil Monteiro
 
PDF
Pavimentando el camino con Jakarta EE 9 y Apache TomEE
byCésar Hernández
 
PDF
Building Command Line Tools with Golang
byTakaaki Mizuno
 
PDF
如何透過 Golang 與 Heroku 來一鍵部署 臉書機器人與 Line Bot
byEvan Lin
 
PDF
Paving the road with Jakarta EE and Apache TomEE - JCON 2021
byCésar Hernández
 
PDF
Dependency management in golang
byRamit Surana
 
HTTP / 1, HTTP / 2 and HTTP / 3: Past, present and the future of APIs
byRoan Brasil Monteiro
 
Jumping in Jakarta Open Source Project Everything nobody tells you
byRoan Brasil Monteiro
 
Improving your code design using Java
byRoan Brasil Monteiro
 
Pavimentando el camino con Jakarta EE 9 y Apache TomEE
byCésar Hernández
 
Building Command Line Tools with Golang
byTakaaki Mizuno
 
如何透過 Golang 與 Heroku 來一鍵部署 臉書機器人與 Line Bot
byEvan Lin
 
Paving the road with Jakarta EE and Apache TomEE - JCON 2021
byCésar Hernández
 
Dependency management in golang
byRamit Surana
 

What's hot

PDF
[INNOVATUBE] Tech Talk #3: Golang - Takaaki Mizuno
byNexus FrontierTech
 
PPTX
Intro to Git & GitHub
byGoogle Developer Students Club NIT Silchar
 
PDF
Migrating python.org to buildbot 9 and python 3
byCraig Rodrigues
 
PPTX
Git & Github
byAman Lalpuria
 
PDF
Golang online course
bybestonlinecoursescoupon
 
PDF
Git workflows (Basics)
byRoman Kuba
 
PDF
COSCUP 2016: Project 52 每週一個小專案來學習 Golang
byEvan Lin
 
PDF
It is easy contributing to open source - JCON 2020
byCésar Hernández
 
PDF
Як РНР розробник пише код на Kotlin
byphpfriendsclub
 
PPTX
Optimizing and Profiling Golang Rest Api
byIman Syahputra Situmorang
 
PDF
Dev + DevOps для PHP розробника
byphpfriendsclub
 
PPTX
Developing Cross Platform Applications with Golang
byErhan Yakut
 
PPTX
Golang
byMichael Blake
 
PDF
Pavimentando el Camino con Jakarta EE 9 y Apache TomEE 9.0.0
byCésar Hernández
 
PDF
GoLang Introduction
bySpandana Govindgari
 
PDF
Continuous Delivery in OSS using Shipkit.org
byMarcinStachniuk
 
PPTX
Write microservice in golang
byBo-Yi Wu
 
PDF
Project52
byEvan Lin
 
PDF
Do You Git Your Code? Follow Simplified Gitflow Branching Model to Improve Pr...
byGeshan Manandhar
 
PDF
Paving the way with Jakarta EE and Apache TomEE - itkonekt 2020
byCésar Hernández
 
[INNOVATUBE] Tech Talk #3: Golang - Takaaki Mizuno
byNexus FrontierTech
 
Intro to Git & GitHub
byGoogle Developer Students Club NIT Silchar
 
Migrating python.org to buildbot 9 and python 3
byCraig Rodrigues
 
Git & Github
byAman Lalpuria
 
Golang online course
bybestonlinecoursescoupon
 
Git workflows (Basics)
byRoman Kuba
 
COSCUP 2016: Project 52 每週一個小專案來學習 Golang
byEvan Lin
 
It is easy contributing to open source - JCON 2020
byCésar Hernández
 
Як РНР розробник пише код на Kotlin
byphpfriendsclub
 
Optimizing and Profiling Golang Rest Api
byIman Syahputra Situmorang
 
Dev + DevOps для PHP розробника
byphpfriendsclub
 
Developing Cross Platform Applications with Golang
byErhan Yakut
 
Golang
byMichael Blake
 
Pavimentando el Camino con Jakarta EE 9 y Apache TomEE 9.0.0
byCésar Hernández
 
GoLang Introduction
bySpandana Govindgari
 
Continuous Delivery in OSS using Shipkit.org
byMarcinStachniuk
 
Write microservice in golang
byBo-Yi Wu
 
Project52
byEvan Lin
 
Do You Git Your Code? Follow Simplified Gitflow Branching Model to Improve Pr...
byGeshan Manandhar
 
Paving the way with Jakarta EE and Apache TomEE - itkonekt 2020
byCésar Hernández
 

Similar to Creating an api from design to security.

PDF
5 Pillars of Building Enterprise0grade APIs
byWSO2
 
PDF
"API Design: From User Need to Finished Spec" by Andrew Jordan, ex-Product @T...
byTheFamily
 
PPTX
Building a REST API for Longevity
byMuleSoft
 
PDF
Designing Usable APIs featuring Forrester Research, Inc.
byCA API Management
 
PPTX
API-first development
byVasco Veloso
 
PDF
RESTful Java With JAX RS 1st Edition Bill Burke
byjolokmertah
 
PPT
Six Steps to Build Successful APIs
byWSO2
 
PPT
Six Steps To Build A Successful API
byChris Haddad
 
PDF
building-rest-api-with-spring-boot-in28minutes-presentation.pdf
byHarshitRaj774201
 
PDF
Creating a RESTful api without losing too much sleep
byMike Anderson
 
PDF
Chris Mathias Presents Advanced API Design Considerations at LA CTO Forum
byChris Mathias
 
PDF
Api design best practice
byRed Hat
 
PDF
22 REST & JSON API Design #burningkeyboards
byDenis Ristic
 
PDF
REST API Recommendations
byJeelani Shaik
 
PPTX
How to deal with REST API Evolution
byMiredot
 
PDF
REST APIs
byArthur De Magalhaes
 
PDF
RESTful Java With JAX RS 1st Edition Bill Burke
byrohismhmob88
 
DOCX
Fundamental Essentials for API Design
byMichael James Cyrus
 
DOCX
Fundamental essentials for api design
byMichael James Cyrus
 
DOCX
Fundamental essentials for api design
byMichael James Cyrus
 
5 Pillars of Building Enterprise0grade APIs
byWSO2
 
"API Design: From User Need to Finished Spec" by Andrew Jordan, ex-Product @T...
byTheFamily
 
Building a REST API for Longevity
byMuleSoft
 
Designing Usable APIs featuring Forrester Research, Inc.
byCA API Management
 
API-first development
byVasco Veloso
 
RESTful Java With JAX RS 1st Edition Bill Burke
byjolokmertah
 
Six Steps to Build Successful APIs
byWSO2
 
Six Steps To Build A Successful API
byChris Haddad
 
building-rest-api-with-spring-boot-in28minutes-presentation.pdf
byHarshitRaj774201
 
Creating a RESTful api without losing too much sleep
byMike Anderson
 
Chris Mathias Presents Advanced API Design Considerations at LA CTO Forum
byChris Mathias
 
Api design best practice
byRed Hat
 
22 REST & JSON API Design #burningkeyboards
byDenis Ristic
 
REST API Recommendations
byJeelani Shaik
 
How to deal with REST API Evolution
byMiredot
 
REST APIs
byArthur De Magalhaes
 
RESTful Java With JAX RS 1st Edition Bill Burke
byrohismhmob88
 
Fundamental Essentials for API Design
byMichael James Cyrus
 
Fundamental essentials for api design
byMichael James Cyrus
 
Fundamental essentials for api design
byMichael James Cyrus
 

Recently uploaded

PDF
DSD-INT 2025 3D Modeling of Shallow Water Dynamics Using Delft3D FM - Martins
byDeltares
 
PDF
DSD-INT 2025 Delft3D FM Suite 2026.01 2D3D - New features + Improvements - Sp...
byDeltares
 
PDF
Smarter Testing Safer Systems Balancing AI and Oversight in Regulated Environ...
byApplitools
 
PPTX
Future of Software Testing: AI-Powered Open Source Testing Tools
bySophie Lane
 
PDF
CCM_External_Sales_Commissions_Standard_Configuration_2022-3.pdf
byJayLJ
 
PDF
ECFT Case Study: Digital Pilot Transportation System
byMobility Infotech
 
PDF
DSD-INT 2025 Quantifying Flood Mitigation Strategies Under Sea Level Rise - H...
byDeltares
 
PDF
Data Integration with Salesforce Bootcamp
byDele Amefo
 
PDF
SCORM Cloud: The 5 categories of content distribution
byRustici Software
 
PDF
IAAM Meetup #7 chez Onepoint - Construire un Rag-as-a-service en production. ...
byiaaixmarseille
 
PDF
DSD-INT 2025 Thermal and chemical plumes of sea cooling water from PEM platfo...
byDeltares
 
PDF
DSD-INT 2025 Coupling SFINCS to a flood risk model to evaluate the effects of...
byDeltares
 
PDF
DSD-INT 2025 UK Coastal Flooding Incident Guide - Dam
byDeltares
 
PDF
DSD-INT 2025 Century-Scale Impacts of Sediment-Based Coastal Restoration unde...
byDeltares
 
PPTX
Moving Cloud 360:- Busy Software Provider In Delhi NCR
byMoving Cloud
 
PDF
Custom MGA Software Development: Better Apporach
byOpenkoda
 
PDF
Microservices Architecture Benefits For Mobile Development.pdf
bydavidjohansen1597
 
PDF
SWEBOK: the software engineering body of knowledge (SC25 Workshop Research So...
byHironori Washizaki
 
PDF
DSD-INT 2025 Modernizing Hydrodynamics in Large Flood Forecasting System - Mi...
byDeltares
 
PPTX
Building AI agents in Java - Devoxx Belgium 2025
byJulien Dubois
 
DSD-INT 2025 3D Modeling of Shallow Water Dynamics Using Delft3D FM - Martins
byDeltares
 
DSD-INT 2025 Delft3D FM Suite 2026.01 2D3D - New features + Improvements - Sp...
byDeltares
 
Smarter Testing Safer Systems Balancing AI and Oversight in Regulated Environ...
byApplitools
 
Future of Software Testing: AI-Powered Open Source Testing Tools
bySophie Lane
 
CCM_External_Sales_Commissions_Standard_Configuration_2022-3.pdf
byJayLJ
 
ECFT Case Study: Digital Pilot Transportation System
byMobility Infotech
 
DSD-INT 2025 Quantifying Flood Mitigation Strategies Under Sea Level Rise - H...
byDeltares
 
Data Integration with Salesforce Bootcamp
byDele Amefo
 
SCORM Cloud: The 5 categories of content distribution
byRustici Software
 
IAAM Meetup #7 chez Onepoint - Construire un Rag-as-a-service en production. ...
byiaaixmarseille
 
DSD-INT 2025 Thermal and chemical plumes of sea cooling water from PEM platfo...
byDeltares
 
DSD-INT 2025 Coupling SFINCS to a flood risk model to evaluate the effects of...
byDeltares
 
DSD-INT 2025 UK Coastal Flooding Incident Guide - Dam
byDeltares
 
DSD-INT 2025 Century-Scale Impacts of Sediment-Based Coastal Restoration unde...
byDeltares
 
Moving Cloud 360:- Busy Software Provider In Delhi NCR
byMoving Cloud
 
Custom MGA Software Development: Better Apporach
byOpenkoda
 
Microservices Architecture Benefits For Mobile Development.pdf
bydavidjohansen1597
 
SWEBOK: the software engineering body of knowledge (SC25 Workshop Research So...
byHironori Washizaki
 
DSD-INT 2025 Modernizing Hydrodynamics in Large Flood Forecasting System - Mi...
byDeltares
 
Building AI agents in Java - Devoxx Belgium 2025
byJulien Dubois
 

Creating an api from design to security.