$30 off During Our Annual Pro Sale. View Details »

API Survival

API Survival

Very minimal slide deck, basically the diagrams to go with my FOWA tutorial

Lorna Mitchell

October 01, 2015
Tweet

More Decks by Lorna Mitchell

Other Decks in Technology

Transcript

  1. API Survival Kit Lorna Mitchell, FOWA 2015

  2. The (Vague) Plan • Meet and greet new APIs •

    Inspecting traffic and debugging APIs • Webhooks and publishing local services remotely • Tools for API publishers
  3. Today's Resources These slides and some (updating) reference material: http://lornajane.net/resources/

  4. Finding APIs Search! • Directories such as http://www.programmableweb.com/apis/directory • There's

    an apis.json search tool http://apis.io/about
  5. Documentation Look for overview documentation. What do you look for

    when you read API documentation for the first time?
  6. Tools for First Contact • curl http://curl.haxx.se/ • httpie https://github.com/jkbrzt/httpie

    (python) • Postman https://www.getpostman.com/ (Chrome app)
  7. Token-based Authentication This approach allows: • restrictable access • revokable

    tokens
  8. OAuth 2 OAuth is designed for the relationship between: •

    a User • a "Provider" who already has a relationship with the user and the user's data - e.g. Facebook • a "Consumer" whom the User would like to have access to some of their data stored with the provider - e.g. Mobile app
  9. OAuth 2 OAuth 2 (rather than the original OAuth 1)

    recognises trust Supports various ways of granting access Full spec: http://tools.ietf.org/html/rfc6749
  10. Authorization Code Grant

  11. Owner Creds Grant

  12. OAuth in Action

  13. Challenge: Meet an API Talk to an API successfully using

    a tool of your choice.
  14. Challenge: Meet an API Make an authenticated call to an

    API successfully using a tool of your choice.
  15. Tools for Inspecting Traffic Tools used in this section: •

    Charles Proxy: http://www.charlesproxy.com/ • mitmproxy: http://mitmproxy.org/ Browsers all have their own tools • Firefox has firebug http://getfirebug.com/ • Chrome and IE dev tools installed by default
  16. API Backend, Web Frontend

  17. API Backend, Web Frontend

  18. Exercise http://www.w3schools.com/ajax/ajax_example.asp <-- go here and inspect the ajax calls,

    headers and body. Repeat the call. "Try it yourself" button, lets you edit the JS if you are so minded.
  19. Sample endpoints When testing API tools you may find it

    helpful to use some of the ready-made endpoints: • http://httpbin.org/ • http://requestb.in/ • http://httpresponder.com/
  20. Webhooks

  21. Webhooks

  22. Webhooks

  23. Webhooks

  24. Webhooks

  25. Questions? (feel free to email later lorna@lornajane.net)