Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012

•

4 likes•1,095 views

WSO2

Exploring REST Purity and
Pragmatism

Samisa Abeysinghe
Vice President Engineering

REST
• General idea
– It is simple
– Widely used
– “cool” & state of the art
– And ideal for SOA & the enterprise

True?

Yes

Simple Cool

REST is…

Popular Used

From Theory to Practice
• Can simplicity meet complexity?

• Can REST be used in enterprise?

REST for Enterprise

Services & Business
Standards Governance Security
APIs Models

HTTP & Media Lifecycle Billing &
REST Service HTTP vs HTTPS
types management metering

Versioning & Tiers &
Interfaces RESTful APIs Authentication
configurations Throttling

Programming Simple, quick & Committees & Non-
Pay for use
languages Web Oriented Conformance Repudiation

Services & Business
Standards Governance Security
APIs Models

HTTP & Media Lifecycle Billing &
REST Service HTTP vs HTTPS
types management metering

Versioning & Tiers &
Interfaces RESTful APIs Authentication
configurations Throttling

Programming Simple, quick & Committees & Non-
Pay for use
languages Web Oriented Conformance Repudiation

REST Principles
Verbs

CRUD and more
(PUT, GET,POST,DELETE
Names … HEAD, OPTIONS) Representations

URI, XRI HTML, XML or Binary
(http://acme.com/ (text/html, text/xml,
customers) image/png)

Resources

Services vs APIs
• Services are what you develop
• APIs are what you expose
– “The interface”
– How can you consume the service?

RESTful APIs
• REST (REpresentational State Transfer)
– An architectural style based on transferring
representations of resources from a server to a
client
• RESTful Web services
– Web services built on the REST principles
– Also called a RESTful Web API
– http://en.wikipedia.org/wiki/Representational_sta
te_transfer#RESTful_web_services

The Interface Matters
• It is not the implementation that matter
• But the interface
– And got to be managed and maintained
systematically

Securing RESTful Services

Confidentiality Integrity
HTTPS HTTPS

Security

Authentication
Non Repudiation
HTTP Basic/Digest Auth.,
2-legged OAuth
Mutual Auth., OAuth

Security Using OAuth

http://pathberiya.blogspot.com/2011/02/2-legged-oauth-to-secure-restful.html

Access Tokens

Application
User Key
Key Used when Used when an
applications are end user is
calling each using an
other application

Application/User Key Generation Sequence

Business Requirements

Tiers Metering Throttling Billing Monitoring

Usage Tier limits
Platinum Pay for use Trends
metering enforcement

Capacity SLA & policy Continuous
Gold Budget
metering enforcement improvement

Status Capacity
Silver Prioritization Estimates
tracking planning

Closing Remarks
• REST is simple, cool, popular and used
• Need to look beyond coolness to use REST for
real
• Think of REST as a way to expose APIs
• Pay attention to good governance
• Make informed security architecture decisions
• Focus on monitoring, analysis and insights
based continuous improvements

Resources
• http://wso2.com/products/api-manager/
• http://wso2.com/products/governance-registry/
• http://wso2.com/products/business-activity-monitor/
• http://sanjiva.weerawarana.org/2012/08/api-management-
missing-link-for-soa.html
• http://sumedha.blogspot.com/search/label/API

WSO2 Engagement Model
• QuickStart
• Development Support
• Development Services
• Production Support
• http://wso2.com/support

What's hot

SOA & ESB Presentation

erichleipold

Paying for PaaS

WSO2

ESB and SOA

WSO2

Using a private cloud to automate and govern enterprise development

WSO2

Implementing SOA with Portal, an IBM Impact 2010 Presentation

guestbc8b80

Enterprise Soa Concept

Terry Cho

Delivering the Promise of SOA - Enterprise Integration Made Easy

WSO2

Growing Adoption of Open Source in Enterprises

WSO2

Soa Overview

Terry Cho

How the WSO2 ESB outperforms other major open source esb vendors

WSO2

To view recording of this webinar please use below URL: http://wso2.com/library/webinars/2016/03/quarterly-wso2-platform-update-webinar-q1-2016/ Catch up with WSO2 VP of Solutions Architecture, Asanka Abeysinghe, on what’s new and what’s coming up in the WSO2 Platform, at our quarterly update webinar for Q1 2016. See how new products such as WSO2 Microservices Framework for Java (WSO2 MSF4J) and forthcoming WSO2 gateway technology are supporting the evolution of enterprise IT platforms, along with progress updates on the next-generation WSO2 Enterprise Service Bus (WSO2 ESB). This session will be highly valuable to CxOs, Enterprise Architects or anyone interested in the WSO2 platform to quickly learn about new developments and focus areas the product teams are working on.

Quarterly WSO2 Platform Update Webinar - Q1 2016

WSO2

Soa

subhaprasad79

Introduction to Enterprise Service Bus

Mahmoud Ezzat

Keynote-Service Orientation – Why is it good for your business

WSO2

ESB Overview

Bahaa Farouk

Service Oriented Architecture

Prabhat gangwar

Differentiating between web APIs, SOA, & integration…and why it matters

Kim Clark

Concept of SOA

Sylvain Witmeyer

What's hot (18)

SOA & ESB Presentation

Paying for PaaS

ESB and SOA

Using a private cloud to automate and govern enterprise development

Implementing SOA with Portal, an IBM Impact 2010 Presentation

Enterprise Soa Concept

Delivering the Promise of SOA - Enterprise Integration Made Easy

Growing Adoption of Open Source in Enterprises

Soa Overview

How the WSO2 ESB outperforms other major open source esb vendors

Quarterly WSO2 Platform Update Webinar - Q1 2016

Soa

Introduction to Enterprise Service Bus

Keynote-Service Orientation – Why is it good for your business

ESB Overview

Service Oriented Architecture

Differentiating between web APIs, SOA, & integration…and why it matters

Concept of SOA

Similar to Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012

Melbourne API Management Seminar

CA API Management

Enterprise Access Control Patterns for Rest and Web APIs

CA API Management

Enterprise Access Control Patterns for REST and Web APIs Gluecon 2011, Franco...

CA API Management

More Coverage, Better Diagnostics

SmartBear

CIS14: Early Peek at PingFederate Administrative REST API

CloudIDSummit

Ss Wrap Up Session 13 Aug

WSO2

SOA Summer School: Best of SOA Summer School – Encore Session

WSO2

REST API Design & Development

TechEd Preconference

Api design part 1

Windows Azure架构探析

apiGrove

Find here the slides of the presentation on Sentinet, given by Massimo Crippa (Codit) on the BTUG Event of 13th of October 2015. Sentinet has recently introduced the support for the OAuth and OpenID Connect protocols. In this presentation you will see the supported authentication flows, how to secure a regular BizTalk SOAP and REST service with OAuth 2.0 and how to call an OAuth-protected API from BizTalk with no coding or any changes in the existing application.

Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)

Codit

Basic of API

RishanKP1

Soa role in telco industry

Pavan K

Cloudforce Essentials 2012 - Understanding Force.com in 60 Minutes or Less

Salesforce_APAC

Once upon a time… integration was all about ESB’s, EAI and B2B. Today, many companies wish to integrate beyond firewalls, and typically with SaaS. Hence the uprise of API based integration, using lightweight protocols. The evolution is a fact; so now what is the current state of the Azure Integration Platform? Glenn dives into its architecture and explains Logic Apps and the Enterprise Integration Pack. Learn to create basic IFTTT (If This Then That) scenarios, or why not: think bigger and create enterprise-level, hybrid integration scenarios using Logic Apps and on premises LOB apps. 'How does it work', 'How is it Made' and 'How does it all fit together’? Just a couple of questions you will find the answer to.

Azure IPaaS: #IntegrationEvolved (Glenn Colpaert @ Codit's BizTalk 2016 Launch)

Codit

Sql Server 2012 Reporting-Services is Now a SharePoint Service Application

InnoTech

A Business Process Management (BPM) engine is an automated consumer of services. How is this type of consumer different from other consumers such as user interfaces? What additional characteristics does the service need to provide to be fit for use by an automated business process. This lecture builds on the very successful Impact 2008 lecture "Exposing Services People Want to Consume" and examines how the key characteristics of the service consumer affect the requirements of the service provider. This approach is based on of hundreds of implementation years and is taught internally in IBM to our consultants.

Impact 2011 2667 - Developing effective services for use in critical business...

Brian Petrini

Oracle SOA Suite Overview - Integration in a Service-Oriented World

OracleContractors

Similar to Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012 (20)

Melbourne API Management Seminar

Enterprise Access Control Patterns for Rest and Web APIs

Enterprise Access Control Patterns for REST and Web APIs Gluecon 2011, Franco...

More Coverage, Better Diagnostics

CIS14: Early Peek at PingFederate Administrative REST API

Ss Wrap Up Session 13 Aug

SOA Summer School: Best of SOA Summer School – Encore Session

REST API Design & Development

TechEd Preconference

Api design part 1

Windows Azure架构探析

apiGrove

Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)

Basic of API

Soa role in telco industry

Cloudforce Essentials 2012 - Understanding Force.com in 60 Minutes or Less

Azure IPaaS: #IntegrationEvolved (Glenn Colpaert @ Codit's BizTalk 2016 Launch)

Sql Server 2012 Reporting-Services is Now a SharePoint Service Application

Impact 2011 2667 - Developing effective services for use in critical business...

Oracle SOA Suite Overview - Integration in a Service-Oriented World

More from WSO2

Driving Innovation: Scania's API Revolution with WSO2

WSO2

At its core, the challenge of managing Human Resources data is an integration challenge: estimates range from 2-3 HR systems in use at a typical SMB, up to a few dozen systems implemented amongst enterprise HR departments, and these systems seldom integrate seamlessly between themselves. Providing a multi-tenant, cloud-native solution to integrate these hundreds of HR-related systems, normalize their disparate data models and then render that consolidated information for stakeholder decision making has been a substantial undertaking, but one significantly eased by leveraging Ballerina. In this session, we’ll cover: The overall software architecture for VHR’s Cloud Data Platform Critical decision points leading to adoption of Ballerina for the CDP Ballerina’s role in multiple evolutionary steps to the current architecture Roadmap for the CDP architecture and plans for Ballerina WSO2’s partnership in bringing continual success for the CD

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform

WSO2

The integration landscape is changing rapidly with the introduction of technologies like GraphQL, gRPC, stream processing, iPaaS, and platformless. However, not all existing applications and industries can keep up with these new technologies. Certain industries, like manufacturing, logistics, and finance, still rely on well-established EDI-based message formats. Some applications use XML or CSV with file-based communications, while others have strict on premises deployment requirements. This talk focuses on how Ballerina's built-in integration capabilities can bridge the gap between "old" and "new" technologies, modernizing enterprise applications without disrupting business operations.

Modernizing Legacy Systems Using Ballerina

WSO2

WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...

WSO2

WSO2CON 2024 Slides - Unlocking Value with AI

WSO2

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

WSO2

Quantum Leap in Next-Generation Computing

WSO2

WSO2CON 2024 - Elevating the Integration Game to the Cloud

WSO2

WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation

WSO2

WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source

WSO2

WSO2CON 2024 Slides - Open Source to SaaS

WSO2

WSO2CON 2024 - Does Open Source Still Matter?

WSO2

WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...

WSO2

WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications

WSO2

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...

WSO2

WSO2CON 2024 - Software Engineering for Digital Businesses

WSO2

WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...

WSO2

WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation

WSO2

WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!

WSO2

WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...

WSO2

More from WSO2 (20)

Driving Innovation: Scania's API Revolution with WSO2

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform

Modernizing Legacy Systems Using Ballerina

WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...

WSO2CON 2024 Slides - Unlocking Value with AI

Platformless Horizons for Digital Adaptability

Quantum Leap in Next-Generation Computing

WSO2CON 2024 - Elevating the Integration Game to the Cloud

WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation

WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source

WSO2CON 2024 Slides - Open Source to SaaS

WSO2CON 2024 - Does Open Source Still Matter?

WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...

WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...

WSO2CON 2024 - Software Engineering for Digital Businesses

WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...

WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation

WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!

WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...

Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012

1. Exploring REST Purity and Pragmatism Samisa Abeysinghe Vice President Engineering

2. REST • General idea – It is simple – Widely used – “cool” & state of the art – And ideal for SOA & the enterprise True?

3. Yes Simple Cool REST is… Popular Used

4. From Theory to Practice • Can simplicity meet complexity? • Can REST be used in enterprise?

5. REST for Enterprise Services & Business Standards Governance Security APIs Models HTTP & Media Lifecycle Billing & REST Service HTTP vs HTTPS types management metering Versioning & Tiers & Interfaces RESTful APIs Authentication configurations Throttling Programming Simple, quick & Committees & Non- Pay for use languages Web Oriented Conformance Repudiation

6. Services & Business Standards Governance Security APIs Models HTTP & Media Lifecycle Billing & REST Service HTTP vs HTTPS types management metering Versioning & Tiers & Interfaces RESTful APIs Authentication configurations Throttling Programming Simple, quick & Committees & Non- Pay for use languages Web Oriented Conformance Repudiation

7. REST Principles Verbs CRUD and more (PUT, GET,POST,DELETE Names … HEAD, OPTIONS) Representations URI, XRI HTML, XML or Binary (http://acme.com/ (text/html, text/xml, customers) image/png) Resources

8. Services & Business Standards Governance Security APIs Models HTTP & Media Lifecycle Billing & REST Service HTTP vs HTTPS types management metering Versioning & Tiers & Interfaces RESTful APIs Authentication configurations Throttling Programming Simple, quick & Committees & Non- Pay for use languages Web Oriented Conformance Repudiation

9. Services vs APIs • Services are what you develop • APIs are what you expose – “The interface” – How can you consume the service?

10. RESTful APIs • REST (REpresentational State Transfer) – An architectural style based on transferring representations of resources from a server to a client • RESTful Web services – Web services built on the REST principles – Also called a RESTful Web API – http://en.wikipedia.org/wiki/Representational_sta te_transfer#RESTful_web_services

11. The Interface Matters • It is not the implementation that matter • But the interface – And got to be managed and maintained systematically

12. Services & Business Standards Governance Security APIs Models HTTP & Media Lifecycle Billing & REST Service HTTP vs HTTPS types management metering Versioning & Tiers & Interfaces RESTful APIs Authentication configurations Throttling Programming Simple, quick & Committees & Non- Pay for use languages Web Oriented Conformance Repudiation

13. Manage Life-Cycles Service API

14. Tools for Life-Cycle Management

15. Tools for Life-Cycle Management

16. Services & Business Standards Governance Security APIs Models HTTP & Media Lifecycle Billing & REST Service HTTP vs HTTPS types management metering Versioning & Tiers & Interfaces RESTful APIs Authentication configurations Throttling Programming Simple, quick & Committees & Non- Pay for use languages Web Oriented Conformance Repudiation

17. Securing RESTful Services Confidentiality Integrity HTTPS HTTPS Security Authentication Non Repudiation HTTP Basic/Digest Auth., 2-legged OAuth Mutual Auth., OAuth

18. Security Using OAuth http://pathberiya.blogspot.com/2011/02/2-legged-oauth-to-secure-restful.html

19. Access Tokens Application User Key Key Used when Used when an applications are end user is calling each using an other application

20. Application/User Key Generation Sequence

21. Services & Business Standards Governance Security APIs Models HTTP & Media Lifecycle Billing & REST Service HTTP vs HTTPS types management metering Versioning & Tiers & Interfaces RESTful APIs Authentication configurations Throttling Programming Simple, quick & Committees & Non- Pay for use languages Web Oriented Conformance Repudiation

22. Business Models

23. Business Requirements Tiers Metering Throttling Billing Monitoring Usage Tier limits Platinum Pay for use Trends metering enforcement Capacity SLA & policy Continuous Gold Budget metering enforcement improvement Status Capacity Silver Prioritization Estimates tracking planning

24. Monitoring Tools

25. Insights & Continuous Improvement

26. Services & Business Standards Governance Security APIs Models HTTP & Media Lifecycle Billing & REST Service HTTP vs HTTPS types management metering Versioning & Tiers & Interfaces RESTful APIs Authentication configurations Throttling Programming Simple, quick & Committees & Non- Pay for use languages Web Oriented Conformance Repudiation

27. Closing Remarks • REST is simple, cool, popular and used • Need to look beyond coolness to use REST for real • Think of REST as a way to expose APIs • Pay attention to good governance • Make informed security architecture decisions • Focus on monitoring, analysis and insights based continuous improvements

28. Resources • http://wso2.com/products/api-manager/ • http://wso2.com/products/governance-registry/ • http://wso2.com/products/business-activity-monitor/ • http://sanjiva.weerawarana.org/2012/08/api-management- missing-link-for-soa.html • http://sumedha.blogspot.com/search/label/API

29. WSO2 Engagement Model • QuickStart • Development Support • Development Services • Production Support • http://wso2.com/support

30. Thank you! bizdev@wso2.com

Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012

Recommended

Recommended

More Related Content

What's hot

What's hot (18)

Similar to Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012

Similar to Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012 (20)

More from WSO2

More from WSO2 (20)

Exploring REST Purity and Pragmatism - Tuesday, November 6, 2012