Post on 14-Apr-2017
PayM8 Tech EdAPI Integration Considerations
Why this session?
• Go through Web API as a integration technology
• Get face to face feedback and initiate dialog on integration• What would you as integrators like to see in our API’s• Discuss best practices and integration strategies
• Get our hands dirty with integration with lab session were we will try out REST Services and play Rock Paper Scissors against each other.
Integration Strategy
Integration TechnologiesSecurity
Versioning
Automatic Documentation
Structure
Error Handling
Tools
Integration Technologies
Web Services
Web API
Sockets / SFTP / Message Queues
Google Trends
SOAP vs. REST
Advantages
Disadvantages
• More out of the box protocol support (TCP, HTTP, etc.)
• Security and Authorization is part of the protocol
• Fully contractible using WSDL
• Open Web / OCP Friendly• Simple in design• Easily return multiple formats (XML,
JSON, etc.)
• Need to build in Security• Out of the box support for HTTP
only
• Uses more bandwidth for meta data than REST over JSON
• More complex from scripting languages
REST Resources
Resource
POST GET PUT DELETE PATCH
Single api/dogs/{dog} api/dogs/{id} api/dogs/{id}Body {dog}
api/dogs/{id} api/dogs/{id}Body {dog}
List api/dogsBody [{dog},{dog}]
api/dogs api/dogsBody [{dog},{dog}]
api/dogs api/dogsBody [{dog},{dog}]
Hide complexity behind ? with optional parameters:
GET api/v01/dogs?name={name}&breed={breed}
• Expose Resources not Services (E.g. Noun not verb)• Pluralized names in Lower Camel Case• Resources exposed in CRUD for single and list
Integration ToolsPostman
SOAPUI
Automatic Documentation
Web API Help Page
Swagger
Versioning
HeaderURL
ParameterCustom Header / Accept Header Not suggested
http://domain/api/sample/dogs
http://domain/api/v01/dogs
http://domain/api/v02/dogsBackwards compatible last 2x versions
Error Handling
• Standard Response Object• Using specific applicable HTTP result codes• Tokenized Error Handling
Code Description
200 OK / Success
400 Bad Request
401 Un Authorized
404 Not Found
405 *(REST) Method Not Allowed
500 Internal Server Error
Security
OAuthBasic Auth
Digest AuthOpen standard for authorization
Commonly used against Google/Facebook Username Password (Base64 encoded)Username Password (Nonce Hashed)
2048 TLS thawte encryption
*For non public integration Services/API’s IP whitelisting will be considered
Q & A
Pre Lab BriefingPayM8 Developer Team (Ask us question, flag us if you have any problems or feel free to just talk about tech)
• Get connected against Wireless (AlwaysOn – And register) *Limited to 100mb• Group into teams (4-6 people) and choose a Team Name• Get development environment right (.NET, PHP, Java) or ask for VM
• Get the Rock Paper Source Code (https://github.com/lost441/RockPapaer)• Get the right consumer running (.NET, PHP or JAVA)
Kempen Marius David Mpho Lindile Ewald
Rock Paper Scissors Briefing
1. Every team should have a working API consumer (.NET, PHP or JAVA)
2. By default the consumer will play random hand, this need to be changed to do the following• Call game history (rounds) – Use this to seed you play hand logic• Remove random hand play and implement a custom algorithm to
choose a hand to play
3. Play against each other in elimination rounds to find the best team