API Survival - Speaker Deck

Slide 1

Slide 1 text

API Survival Kit Lorna Mitchell, FOWA 2015

Slide 2

Slide 2 text

The (Vague) Plan • Meet and greet new APIs • Inspecting traffic and debugging APIs • Webhooks and publishing local services remotely • Tools for API publishers

Slide 3

Slide 3 text

Today's Resources These slides and some (updating) reference material: http://lornajane.net/resources/

Slide 4

Slide 4 text

Finding APIs Search! • Directories such as http://www.programmableweb.com/apis/directory • There's an apis.json search tool http://apis.io/about

Slide 5

Slide 5 text

Documentation Look for overview documentation. What do you look for when you read API documentation for the first time?

Slide 6

Slide 6 text

Tools for First Contact • curl http://curl.haxx.se/ • httpie https://github.com/jkbrzt/httpie (python) • Postman https://www.getpostman.com/ (Chrome app)

Slide 7

Slide 7 text

Token-based Authentication This approach allows: • restrictable access • revokable tokens

Slide 8

Slide 8 text

OAuth 2 OAuth is designed for the relationship between: • a User • a "Provider" who already has a relationship with the user and the user's data - e.g. Facebook • a "Consumer" whom the User would like to have access to some of their data stored with the provider - e.g. Mobile app

Slide 9

Slide 9 text

OAuth 2 OAuth 2 (rather than the original OAuth 1) recognises trust Supports various ways of granting access Full spec: http://tools.ietf.org/html/rfc6749

Slide 10

Slide 10 text

Authorization Code Grant

Slide 11

Slide 11 text

Owner Creds Grant

Slide 12

Slide 12 text

OAuth in Action

Slide 13

Slide 13 text

Challenge: Meet an API Talk to an API successfully using a tool of your choice.

Slide 14

Slide 14 text

Challenge: Meet an API Make an authenticated call to an API successfully using a tool of your choice.

Slide 15

Slide 15 text

Tools for Inspecting Traffic Tools used in this section: • Charles Proxy: http://www.charlesproxy.com/ • mitmproxy: http://mitmproxy.org/ Browsers all have their own tools • Firefox has firebug http://getfirebug.com/ • Chrome and IE dev tools installed by default

Slide 16

Slide 16 text

API Backend, Web Frontend

Slide 17

Slide 17 text

API Backend, Web Frontend

Slide 18

Slide 18 text

Exercise http://www.w3schools.com/ajax/ajax_example.asp <-- go here and inspect the ajax calls, headers and body. Repeat the call. "Try it yourself" button, lets you edit the JS if you are so minded.

Slide 19

Slide 19 text

Sample endpoints When testing API tools you may find it helpful to use some of the ready-made endpoints: • http://httpbin.org/ • http://requestb.in/ • http://httpresponder.com/