The (Vague) Plan • Meet and greet new APIs • Inspecting traffic and debugging APIs • Webhooks and publishing local services remotely • Tools for API publishers
OAuth 2 OAuth is designed for the relationship between: • a User • a "Provider" who already has a relationship with the user and the user's data - e.g. Facebook • a "Consumer" whom the User would like to have access to some of their data stored with the provider - e.g. Mobile app
OAuth 2 OAuth 2 (rather than the original OAuth 1) recognises trust Supports various ways of granting access Full spec: http://tools.ietf.org/html/rfc6749
Tools for Inspecting Traffic Tools used in this section: • Charles Proxy: http://www.charlesproxy.com/ • mitmproxy: http://mitmproxy.org/ Browsers all have their own tools • Firefox has firebug http://getfirebug.com/ • Chrome and IE dev tools installed by default
Exercise http://www.w3schools.com/ajax/ajax_example.asp <-- go here and inspect the ajax calls, headers and body. Repeat the call. "Try it yourself" button, lets you edit the JS if you are so minded.
Sample endpoints When testing API tools you may find it helpful to use some of the ready-made endpoints: • http://httpbin.org/ • http://requestb.in/ • http://httpresponder.com/
lornajane
oracle4engineer
hirosatogamo
opelab
daikimori
charity
moriyuya
sansantech
ewolff
kazumax55
soracom
defaultcf
finengine
mthomps
zakiyama
revolveconf
panda_program
deanohume
jcasabona
pedronauck
shlominoach
lauravandoore
morganepeng
mojombo
eileencodes