Post on 13-Jan-2017
Using Charles Proxyto understand REST
(c) anatoliy.odukha@globallogic.com
The Fundamentals
Web debugging proxy
REST
JSON
What is Charles Proxy ???
It is Web Debugging Proxy
Helps analyse trafic
Captures HTTP and HTTPS traffic
Implements man-in-the-middle HTTPS interception using self-signed certificates
Useful features for bandwidth throttling, mapping local or remote url
Works on MacOS, Linux and Windows
Free version allow 30 minutes sessions
–REpresentational State Transfer
“REST”
REST
It is not specification
It is ARCHITECTURE STYLE that:
client-server
statelessness
HTTP Verbs
POST
GET
PUT
DELETE
PATCH
C.R.U.D. Operations
Create -> POST
Read -> GET
Update -> PUT*
Delete -> DELETE
* PUT is also used for creating
HTTP Codes
1xx Informational
2xx Success
3xx Redirection
4xx Client Error
5xx Server Error
API Design: BAD
/getUser
/getAllUsers
/findUser
/findUserAccounts
/deleteUser
/changeUserPassword
Resources are Plural Nouns. Do not use Verbs!
API Design
Collection
/users
Entities
/users/adam
/users/13246
API Design
verb\ resource POST GET PUT DELETE
/users New User List Users ? delete everybody
/users/adam ? show Adam update/create Adam Delete Adam
API Design: resources chain
/users/adam/accounts
API Versioning
Just integer /v1/users/…
Decimal point /v1.0/users/…
Date /2015-11-11/…
In query string …?v=1
In http header
–JavaScript Object Notation
“JSON”
Object
Value
Array
Number
Syntax diagrams (or railroad diagrams) are a way to represent a context-free grammar.
{ "city":{"id":1851632,"name":"Shuzenji", "coord":{"lon":138.933334,"lat":34.966671}, "country":"JP", "cod":"200", "message":0.0045, "cnt":38, "list":[{ "dt":1406106000, "main":{ "temp":298.77, "temp_min":298.77, "temp_max":298.774, "pressure":1005.93, "sea_level":1018.18, "grnd_level":1005.93, "humidity":87 "temp_kf":0.26}, "weather":[{"id":804,"main":"Clouds","description":"overcast clouds","icon":"04d"}], "clouds":{"all":88}, "wind":{"speed":5.71,"deg":229.501}, "sys":{"pod":"d"}, "dt_txt":"2014-07-23 09:00:00” }] }
json sample from openweathermap.org
Header
Content-Type: application/json
Charles Proxy–Install and Configure
Install
download from official site http://www.charlesproxy.com/
http://www.charlesproxy.com/download/
For Linux use APT or tar.gz from download page
follow the instructions from site http://www.charlesproxy.com/documentation/installation/
latest MacOs version use embedded JRE
Run and check Settings at Proxy->Proxy Settings…
Configure SSL Proxy
For versions below 3.10 follow instructions from Legacy SSL page on official site http://www.charlesproxy.com/documentation/additional/legacy-ssl-proxying
New versions do not use common certificate
Just go to Help->SSL Proxying and select corresponding option
for iOS/Android it is “Install Charles Root Certificate on Mobile Device or Remote Browser”. And follow instructions
Configure SSL Proxy
Configure Android phone to use proxy
Open Settings->WiFi
Long press on target access point
Select Modify Network
In Access Point settings check Advanced Options
Enter IP address and port (8888 by default)
On your laptop allow connection from remote device
Configure Android phone to use proxy
Open in mobile browser link http://charlesproxy.com/getssl
Enter name and tap OK button
It is all you have to do on Android side
Enable and configure target: Menu Proxy->SSL Proxying Settings
–show must go on
Real world demo