Post on 10-May-2015
CONSUMING REST IN .NETBy Aaron Stannard
http://www.aaronstannard.com/
@Aaronontheweb
Microsoft - Startup Developer Evangelist
Table of Contents• REST 101
• Background of REST• Consuming RESTful APIs• RESTful Principles
• Security• Transport Security• Authentication• Authorization• Anti-Patterns
• REST in .NET• RestSharp• Hammock REST
REST is Everywhere
REST
•Representational•State•Transfer
REST at a Glance
•REST is not a standard•It's an architecture
Consuming RESTful APIs
REST Clients Network REST Endpoint
web method call(HTTP verb + URI)
serialized entity(MIME type)
somethingAWESOME
RESTful Principles
•Identifiable Resources•Manipulation of Resources•Self-Descriptive Messages•Hypermedia is the Engine
RESTful APIs
http:// api.twitter.com/v2/statuses/home_ timeline.json?arg1={...}
Authority
http:// api.twitter.com/
Version
v2/
Method
statuses/home_ timeline.json
Parameters
?arg1={...}
RESTful Resources• Authentication Resources
• Auth Tokens, Username / Password pairs
• Data Resources• Personal Data, Public Data, GeoData, etc...
• Service Resources• API Keys, Endpoints, etc...
Manipulation of Resources
RESTful Web Service HTTP methods
GET PUT POST DELETE
Collection URI , such ashttp:// example.com/resources/
List URIs ofcollection
Replace currentcollection with
another
Add new itemto existingcollection
Delete entirecollection
Element URI , such ashttp:// example.com/resources/142
List givenelement incollection
Update theexisting elementor create it if itdoes not exist.
Treat elementas though it's acollection andadd a newmember.
Delete element
Unapologetically stolen from Wikipedia: http:// en.wikipedia.org/wiki/REST#RESTful_web_services
Self-Descriptive Messages<photos page="2" pages="89" perpage="10" total="881">
<photo id="2636" owner="47058503995@N01"secret="a123456" server="2" title="test_04"ispublic="1" isfriend="0" isfamily="0" />
<photo id="2635" owner="47058503995@N01"secret="b123456" server="2" title="test_03"ispublic="0" isfriend="1" isfamily="1" />
<photo id="2633" owner="47058503995@N01"secret="c123456" server="2" title="test_01"ispublic="1" isfriend="0" isfamily="0" />
<photo id="2610" owner="12037949754@N01"secret="d123456" server="2" title="00_tall"ispublic="1" isfriend="0" isfamily="0" />
</photos>
Security!!
Security in RESTful APIs• Transport Security
• SSL
• Message Security• Encryption (Optional)
• Authentication• Tokens• Signing Messages
• Authorization• Controlled by Service
Authentication FlavorsFlavors of Authentication in REST
No-Auth Basic AuthToken-based
AuthPayola-Auth
ANARCHY!(Public Data)
Store andTransmit
Username +Password
RetrieveToken fromService in
Lieu ofUsername +
Password(OAuth)
API Key only,but app
author getsbilled per use.
Authentication ExamplesExamples of Authentication in REST
No-Auth Basic AuthToken-based
AuthPayola-Auth
Twitter Search,YouTube Search,
SlideShareSearch
SlideShare,del.icio.us (old)
Facebook,Twitter, Flickr,
YouTube
Bing Maps,SimpleGeo
Spot the Anti-Pattern
OAuth 1.0
USER CLIENT SERVICE
User initiatesclient
Client requestsRequest Token from
Service
Service grantsrequest token
Client directs user toservice login page
User providesservice with login
credentials
Service verifieswhether or not theclient's credentials
are valid
Service directs userback to clientresource URI
Client requestsaccess token from
service
Service grantsaccess token
Client and User cannow access protectedresources on Service
(VICTORY!!!)
OAuth 2.0
USER CLIENT SERVICE
User initiatesclient
Client directs user toservice login page
User providesservice with login
credentials
Service verifieswhether or not theclient's credentials
are valid
Service redirects Userto Client URI with
exchange code in querystring parameters
Client initiatesrequest to swap
exchange token foraccess token
Service grantsexchange token
Client and User cannow access protectedresources on Service
(VICTORY!!!)
Consuming REST in .NET• RestSharp
• http://restsharp.org
• Hammock REST• http://hammock.codeplex.com/
Using Wrapper Libaries• Automate Some Tasks
• Deserializing responses into objects• Managing request life-cycles
• Simplify others• OAuth Workflow• Handling service errors
CODE