At Stormpath we spent 18 months researching API design best practices. Join Les Hazlewood, Stormpath CTO and Apache Shiro Chair, as he explains how to design a secure REST API, the right way. He'll also hang out for a live Q&A session at the end.
Sign up for Stormpath: https://api.stormpath.com/register
More from Stormpath: http://www.stormpath.com/blog
Les will cover:
REST + JSON API Design
Base URL design tips
API Security
Versioning for APIs
API Resource Formatting
API Return Values and Content Negotiation
API References (Linking)
API Pagination, Parameters, & Errors
Method Overloading
Resource Expansion and Partial Responses
Error Handling
Multi-tenancy
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...Edureka!
( ELK Stack Training - https://www.edureka.co/elk-stack-trai... )
This Edureka Elasticsearch Tutorial will help you in understanding the fundamentals of Elasticsearch along with its practical usage and help you in building a strong foundation in ELK Stack. This video helps you to learn following topics:
1. What Is Elasticsearch?
2. Why Elasticsearch?
3. Elasticsearch Advantages
4. Elasticsearch Installation
5. API Conventions
6. Elasticsearch Query DSL
7. Mapping
8. Analysis
9 Modules
The document introduces the ELK stack, which consists of Elasticsearch, Logstash, Kibana, and Beats. Beats ship log and operational data to Elasticsearch. Logstash ingests, transforms, and sends data to Elasticsearch. Elasticsearch stores and indexes the data. Kibana allows users to visualize and interact with data stored in Elasticsearch. The document provides descriptions of each component and their roles. It also includes configuration examples and demonstrates how to access Elasticsearch via REST.
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0NGINX, Inc.
On-Demand Recording:
https://www.nginx.com/resources/webinars/whats-new-nginx-ingress-controller-kubernetes-version-150/
Kubernetes is the leading orchestration platform for deploying, scaling, and managing containerized applications. Infrastructure operators constantly impose new application delivery requirements as they adopt Kubernetes for production workloads. The NGINX Ingress controller is the most popular ingress load balancer for Kubernetes, providing a complete and supported solution for delivering your containerized applications to clients.
Attend this webinar to learn about the latest developments in NGINX Ingress Controller for Kubernetes Release 1.5.0.
Elasticsearch is a highly scalable open-source search and analytics engine that can be used as a distributed full-text search database. It provides fast and flexible search capabilities through its RESTful API. The document discusses installing and setting up Elasticsearch, exploring its basic concepts like documents, indexes, and shards, and implementing search functionality in Elasticsearch using Python.
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...Edureka!
( ELK Stack Training - https://www.edureka.co/elk-stack-trai... )
This Edureka tutorial on What Is ELK Stack will help you in understanding the fundamentals of Elasticsearch, Logstash, and Kibana together and help you in building a strong foundation in ELK Stack. Below are the topics covered in this ELK tutorial for beginners:
1. Need for Log Analysis
2. Problems with Log Analysis
3. What is ELK Stack?
4. Features of ELK Stack
5. Companies Using ELK Stack
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...Edureka!
( ELK Stack Training - https://www.edureka.co/elk-stack-trai... )
This Edureka Elasticsearch Tutorial will help you in understanding the fundamentals of Elasticsearch along with its practical usage and help you in building a strong foundation in ELK Stack. This video helps you to learn following topics:
1. What Is Elasticsearch?
2. Why Elasticsearch?
3. Elasticsearch Advantages
4. Elasticsearch Installation
5. API Conventions
6. Elasticsearch Query DSL
7. Mapping
8. Analysis
9 Modules
The document introduces the ELK stack, which consists of Elasticsearch, Logstash, Kibana, and Beats. Beats ship log and operational data to Elasticsearch. Logstash ingests, transforms, and sends data to Elasticsearch. Elasticsearch stores and indexes the data. Kibana allows users to visualize and interact with data stored in Elasticsearch. The document provides descriptions of each component and their roles. It also includes configuration examples and demonstrates how to access Elasticsearch via REST.
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0NGINX, Inc.
On-Demand Recording:
https://www.nginx.com/resources/webinars/whats-new-nginx-ingress-controller-kubernetes-version-150/
Kubernetes is the leading orchestration platform for deploying, scaling, and managing containerized applications. Infrastructure operators constantly impose new application delivery requirements as they adopt Kubernetes for production workloads. The NGINX Ingress controller is the most popular ingress load balancer for Kubernetes, providing a complete and supported solution for delivering your containerized applications to clients.
Attend this webinar to learn about the latest developments in NGINX Ingress Controller for Kubernetes Release 1.5.0.
Elasticsearch is a highly scalable open-source search and analytics engine that can be used as a distributed full-text search database. It provides fast and flexible search capabilities through its RESTful API. The document discusses installing and setting up Elasticsearch, exploring its basic concepts like documents, indexes, and shards, and implementing search functionality in Elasticsearch using Python.
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...Edureka!
( ELK Stack Training - https://www.edureka.co/elk-stack-trai... )
This Edureka tutorial on What Is ELK Stack will help you in understanding the fundamentals of Elasticsearch, Logstash, and Kibana together and help you in building a strong foundation in ELK Stack. Below are the topics covered in this ELK tutorial for beginners:
1. Need for Log Analysis
2. Problems with Log Analysis
3. What is ELK Stack?
4. Features of ELK Stack
5. Companies Using ELK Stack
Log Management
Log Monitoring
Log Analysis
Need for Log Analysis
Problem with Log Analysis
Some of Log Management Tool
What is ELK Stack
ELK Stack Working
Beats
Different Types of Server Logs
Example of Winlog beat, Packetbeat, Apache2 and Nginx Server log analysis
Mimikatz
Malicious File Detection using ELK
Practical Setup
Conclusion
Elasticsearch is an open-source, distributed search and analytics engine built on Apache Lucene. It allows storing, searching, and analyzing large volumes of data quickly and in near real-time. Key concepts include being schema-free, document-oriented, and distributed. Indices can be created to store different types of documents. Mapping defines how documents are indexed. Documents can be added, retrieved, updated, and deleted via RESTful APIs. Queries can be used to search for documents matching search criteria. Faceted search provides aggregated data based on search queries. Elastica provides a PHP client for interacting with Elasticsearch.
Model Your Application Domain, Not Your JSON StructuresMarkus Lanthaler
Presentation of the paper "Model Your Application Domain, Not Your JSON Structures" at the 4th International Workshop on RESTful Design (WS-REST 2013) at the WWW2013 in Rio de Janeiro, Brazil
The document discusses infrastructure as code best practices on AWS. It provides an overview of using AWS CloudFormation to define infrastructure in code. AWS CloudFormation allows infrastructure to be provisioned in an automated and repeatable way using templates that are version controlled like code. The document outlines the key components of a CloudFormation template including parameters, mappings, resources, outputs and conditionals. It also discusses using CloudFormation to bootstrap applications on EC2 instances.
Presentation of the paper "On Using JSON-LD to Create Evolvable RESTful Services" at the 3rd International Workshop on RESTful Design (WS-REST 2012) at WWW2012 in Lyon, France
The document provides an introduction to the ELK stack, which is a collection of three open source products: Elasticsearch, Logstash, and Kibana. It describes each component, including that Elasticsearch is a search and analytics engine, Logstash is used to collect, parse, and store logs, and Kibana is used to visualize data with charts and graphs. It also provides examples of how each component works together in processing and analyzing log data.
We start with an introduction to what Apache Camel is, and how you can use Camel to make integration much easier. Allowing you to focus on your business logic, rather than low level messaging protocols, and transports. You will also hear what other features Camel provides out of the box, which can make integration much easier for you.
We look into web console tooling that allows you to get insight into your running Apache Camel applications, which has among others visual route diagrams with tracing/debugging and profiling capabilities. In addition to the web tooling we will also show you other tools in the making.
Learning Objectives:
- Learn how to make decisions about the service and share best practices and useful tips for success
- Learn about Content based routing, HTTP/2, WebSockets
- Secure your web applications using TLS termination, AWS WAF on Application Load Balancer
Authoring and Deploying Serverless Applications with AWS SAMAmazon Web Services
Serverless applications can be composed of multiple AWS resources such as AWS Lambda functions Amazon API Gateway APIs Amazon DynamoDB tables and Amazon S3 buckets. When building a serverless application what is the most straightforward way to group all your resources into one serverless application? Once you define your serverless application how quickly can you develop test and iterate on your local machine before deploying to AWS? In this session learn how to define serverless applications with the AWS Serverless Application Model (AWS SAM) and how to use the AWS SAM Local CLI tool to develop and test locally before deploying to AWS.
This document discusses the ELK stack, which consists of Elasticsearch, Logstash, and Kibana. It provides an overview of each component, including that Elasticsearch is a search and analytics engine, Logstash is a data collection engine, and Kibana is a data visualization platform. The document then discusses setting up an ELK stack to index and visualize application logs.
Shared memory and multithreading in Node.js - Timur Shemsedinov - JSFest'19Timur Shemsedinov
This document discusses shared memory and multithreading in Node.js using worker_threads, SharedArrayBuffer, and Atomics. It introduces concepts like processes, threads, and memory models. It explains the worker_threads API and how to use SharedArrayBuffer and Atomics for shared memory access across threads. Examples are provided for implementing synchronization primitives like mutexes using these APIs. Finally, links are provided to relevant documentation and repositories for further reading.
Organizations need to perform increasingly complex analysis on data — streaming analytics, ad-hoc querying, and predictive analytics — in order to get better customer insights and actionable business intelligence. Apache Spark has recently emerged as the framework of choice to address many of these challenges. In this session, we show you how to use Apache Spark on AWS to implement and scale common big data use cases such as real-time data processing, interactive data science, predictive analytics, and more. We will talk about common architectures, best practices to quickly create Spark clusters using Amazon EMR, and ways to integrate Spark with other big data services in AWS.
Learning Objectives:
• Learn why Spark is great for ad-hoc interactive analysis and real-time stream processing.
• How to deploy and tune scalable clusters running Spark on Amazon EMR.
• How to use EMR File System (EMRFS) with Spark to query data directly in Amazon S3.
• Common architectures to leverage Spark with Amazon DynamoDB, Amazon Redshift, Amazon Kinesis, and more.
Nginx is an open-source, lightweight web server that can serve static files, act as a reverse proxy, load balancer, and HTTP cache. It is fast, scalable, and improves performance and security for large websites. Some key companies that use Nginx include Google, IBM, LinkedIn, and Facebook. Nginx follows a master-slave architecture with an event-driven, asynchronous, and non-blocking model. The master process manages worker processes that handle requests in a single-threaded manner, improving concurrency.
Discuss the basics of the AWS CDK with its pros and cons. Including how the Cloud Development Kit (CDK) helped overcome the challenges faced in their previous serverless IaC solution.
Github repo for the PoC Source Code: https://github.com/dtl-open/cdkpoc
Ask the AEM Community Expert : May Session. This session will cover in depth sling concepts such as Sling Selectors, Default Sling Post Servlet, Sling Models, and the Sling API.
This document provides an overview of Spring Boot and some of its key features. It discusses the origins and modules of Spring, how Spring Boot simplifies configuration and dependency management. It then covers examples of building Spring Boot applications that connect to a SQL database, use RabbitMQ for messaging, and schedule and run asynchronous tasks.
Elasticsearch is a distributed, open source search and analytics engine that allows full-text searches of structured and unstructured data. It is built on top of Apache Lucene and uses JSON documents. Elasticsearch can index, search, and analyze big volumes of data in near real-time. It is horizontally scalable, fault tolerant, and easy to deploy and administer.
Building Beautiful REST APIs with ASP.NET CoreStormpath
Join Stormpath .NET Developer Evangelist, Nate Barbettini, to learn best practices for designing your REST API in ASP.NET Core. Nate will explain how to build HATEOS-compliant JSON APIs while supporting security best practices and even improving performance and scale.
Topics Covered:
What is REST and HATEOS?
How to think about RESTful APIs
How to model hypermedia in C#
Building JSON APIs in ASP.NET Core
The Ultimate Guide to Mobile API SecurityStormpath
Join Stormpath Developer Evangelist Edward Jiang to learn more about the common ways developers authenticate users in their mobile apps, what to watch out for when building your backend API and mobile apps, and how to integrate a secure user datastore to manage your users and authentication.
Log Management
Log Monitoring
Log Analysis
Need for Log Analysis
Problem with Log Analysis
Some of Log Management Tool
What is ELK Stack
ELK Stack Working
Beats
Different Types of Server Logs
Example of Winlog beat, Packetbeat, Apache2 and Nginx Server log analysis
Mimikatz
Malicious File Detection using ELK
Practical Setup
Conclusion
Elasticsearch is an open-source, distributed search and analytics engine built on Apache Lucene. It allows storing, searching, and analyzing large volumes of data quickly and in near real-time. Key concepts include being schema-free, document-oriented, and distributed. Indices can be created to store different types of documents. Mapping defines how documents are indexed. Documents can be added, retrieved, updated, and deleted via RESTful APIs. Queries can be used to search for documents matching search criteria. Faceted search provides aggregated data based on search queries. Elastica provides a PHP client for interacting with Elasticsearch.
Model Your Application Domain, Not Your JSON StructuresMarkus Lanthaler
Presentation of the paper "Model Your Application Domain, Not Your JSON Structures" at the 4th International Workshop on RESTful Design (WS-REST 2013) at the WWW2013 in Rio de Janeiro, Brazil
The document discusses infrastructure as code best practices on AWS. It provides an overview of using AWS CloudFormation to define infrastructure in code. AWS CloudFormation allows infrastructure to be provisioned in an automated and repeatable way using templates that are version controlled like code. The document outlines the key components of a CloudFormation template including parameters, mappings, resources, outputs and conditionals. It also discusses using CloudFormation to bootstrap applications on EC2 instances.
Presentation of the paper "On Using JSON-LD to Create Evolvable RESTful Services" at the 3rd International Workshop on RESTful Design (WS-REST 2012) at WWW2012 in Lyon, France
The document provides an introduction to the ELK stack, which is a collection of three open source products: Elasticsearch, Logstash, and Kibana. It describes each component, including that Elasticsearch is a search and analytics engine, Logstash is used to collect, parse, and store logs, and Kibana is used to visualize data with charts and graphs. It also provides examples of how each component works together in processing and analyzing log data.
We start with an introduction to what Apache Camel is, and how you can use Camel to make integration much easier. Allowing you to focus on your business logic, rather than low level messaging protocols, and transports. You will also hear what other features Camel provides out of the box, which can make integration much easier for you.
We look into web console tooling that allows you to get insight into your running Apache Camel applications, which has among others visual route diagrams with tracing/debugging and profiling capabilities. In addition to the web tooling we will also show you other tools in the making.
Learning Objectives:
- Learn how to make decisions about the service and share best practices and useful tips for success
- Learn about Content based routing, HTTP/2, WebSockets
- Secure your web applications using TLS termination, AWS WAF on Application Load Balancer
Authoring and Deploying Serverless Applications with AWS SAMAmazon Web Services
Serverless applications can be composed of multiple AWS resources such as AWS Lambda functions Amazon API Gateway APIs Amazon DynamoDB tables and Amazon S3 buckets. When building a serverless application what is the most straightforward way to group all your resources into one serverless application? Once you define your serverless application how quickly can you develop test and iterate on your local machine before deploying to AWS? In this session learn how to define serverless applications with the AWS Serverless Application Model (AWS SAM) and how to use the AWS SAM Local CLI tool to develop and test locally before deploying to AWS.
This document discusses the ELK stack, which consists of Elasticsearch, Logstash, and Kibana. It provides an overview of each component, including that Elasticsearch is a search and analytics engine, Logstash is a data collection engine, and Kibana is a data visualization platform. The document then discusses setting up an ELK stack to index and visualize application logs.
Shared memory and multithreading in Node.js - Timur Shemsedinov - JSFest'19Timur Shemsedinov
This document discusses shared memory and multithreading in Node.js using worker_threads, SharedArrayBuffer, and Atomics. It introduces concepts like processes, threads, and memory models. It explains the worker_threads API and how to use SharedArrayBuffer and Atomics for shared memory access across threads. Examples are provided for implementing synchronization primitives like mutexes using these APIs. Finally, links are provided to relevant documentation and repositories for further reading.
Organizations need to perform increasingly complex analysis on data — streaming analytics, ad-hoc querying, and predictive analytics — in order to get better customer insights and actionable business intelligence. Apache Spark has recently emerged as the framework of choice to address many of these challenges. In this session, we show you how to use Apache Spark on AWS to implement and scale common big data use cases such as real-time data processing, interactive data science, predictive analytics, and more. We will talk about common architectures, best practices to quickly create Spark clusters using Amazon EMR, and ways to integrate Spark with other big data services in AWS.
Learning Objectives:
• Learn why Spark is great for ad-hoc interactive analysis and real-time stream processing.
• How to deploy and tune scalable clusters running Spark on Amazon EMR.
• How to use EMR File System (EMRFS) with Spark to query data directly in Amazon S3.
• Common architectures to leverage Spark with Amazon DynamoDB, Amazon Redshift, Amazon Kinesis, and more.
Nginx is an open-source, lightweight web server that can serve static files, act as a reverse proxy, load balancer, and HTTP cache. It is fast, scalable, and improves performance and security for large websites. Some key companies that use Nginx include Google, IBM, LinkedIn, and Facebook. Nginx follows a master-slave architecture with an event-driven, asynchronous, and non-blocking model. The master process manages worker processes that handle requests in a single-threaded manner, improving concurrency.
Discuss the basics of the AWS CDK with its pros and cons. Including how the Cloud Development Kit (CDK) helped overcome the challenges faced in their previous serverless IaC solution.
Github repo for the PoC Source Code: https://github.com/dtl-open/cdkpoc
Ask the AEM Community Expert : May Session. This session will cover in depth sling concepts such as Sling Selectors, Default Sling Post Servlet, Sling Models, and the Sling API.
This document provides an overview of Spring Boot and some of its key features. It discusses the origins and modules of Spring, how Spring Boot simplifies configuration and dependency management. It then covers examples of building Spring Boot applications that connect to a SQL database, use RabbitMQ for messaging, and schedule and run asynchronous tasks.
Elasticsearch is a distributed, open source search and analytics engine that allows full-text searches of structured and unstructured data. It is built on top of Apache Lucene and uses JSON documents. Elasticsearch can index, search, and analyze big volumes of data in near real-time. It is horizontally scalable, fault tolerant, and easy to deploy and administer.
Building Beautiful REST APIs with ASP.NET CoreStormpath
Join Stormpath .NET Developer Evangelist, Nate Barbettini, to learn best practices for designing your REST API in ASP.NET Core. Nate will explain how to build HATEOS-compliant JSON APIs while supporting security best practices and even improving performance and scale.
Topics Covered:
What is REST and HATEOS?
How to think about RESTful APIs
How to model hypermedia in C#
Building JSON APIs in ASP.NET Core
The Ultimate Guide to Mobile API SecurityStormpath
Join Stormpath Developer Evangelist Edward Jiang to learn more about the common ways developers authenticate users in their mobile apps, what to watch out for when building your backend API and mobile apps, and how to integrate a secure user datastore to manage your users and authentication.
Les Hazlewood, Stormpath co-founder and CTO and the Apache Shiro PMC Chair demonstrates how to design a beautiful REST + JSON API. Includes the principles of RESTful design, how REST differs from XML, tips for increasing adoption of your API, and security concerns.
Presentation video: https://www.youtube.com/watch?v=5WXYw4J4QOU
More info: http://www.stormpath.com/blog/designing-rest-json-apis
Further reading: http://www.stormpath.com/blog
Sign up for Stormpath: https://api.stormpath.com/register
Stormpath is a user management and authentication service for developers. By offloading user management and authentication to Stormpath, developers can bring applications to market faster, reduce development costs, and protect their users. Easy and secure, the flexible cloud service can manage millions of users with a scalable pricing model.
Build A Killer Client For Your REST+JSON APIStormpath
REST+JSON APIs are great - but you still need to communicate with them from your code. Wouldn't you prefer to interact with clean and intuitive Java objects instead of messing with HTTP requests, HTTP status codes and JSON parsing? Wouldn't you prefer to work with type-safe objects specific to your API?
In this presentation, Les Hazlewood - Stormpath CTO and Apache Shiro PMC Chair - will share all of the golden nuggets learned while designing, implementing and supporting multiple clients purpose-built for a real-world REST+JSON API.
Further reading: http://www.stormpath.com/blog
Stormpath is a user management and authentication service for developers. By offloading user management and authentication to Stormpath, developers can bring applications to market faster, reduce development costs, and protect their users. Easy and secure, the flexible cloud service can manage millions of users with a scalable pricing model.
Building Beautiful REST APIs in ASP.NET CoreStormpath
Core 1.0 is the latest iteration of ASP.NET. What’s changed? Everything! Nate Barbettini, .NET Developer Evangelist at Stormpath, does a deep dive on how to build RESTful APIs the right way on top of ASP.NET Web API.
Stormpath .NET Developer Evangelist, Nate Barbettini, presents Token Authentication with ASP.NET Core. Nate will explain how Token Authentication can be used to secure web applications built with ASP.NET Core, REST APIs, and 'unsafe' clients while supporting security best practices and even improving performance and scale.
Join Stormpath Head of Product, Tom Abbott, to demo our new custom data search feature, answering any questions along the way. The demo will cover how to store, update, and retrieve the contents of custom data objects. This is a great way for current users to ramp up on this powerful, and much-anticipated feature.
Topics Covered:
- Storing and updating custom data
- What you can store
- Retrieving custom data
- Custom data search queries
Slides from Micah Silverman's, Stormpath Developer Evangelist, webinar on using JWTs to protect against CSRF as well as to secure communications between microservices. Micah shows how JWTs can be used to secure web applications built with Java and protect from 'unsafe' clients.
Instant Security & Scalable User Management with Spring BootStormpath
The document discusses the challenges of implementing user management and authentication in applications. It shows how traditional approaches require developers to implement many aspects of user management including the data store, user models, pages for signup and login, and integration with social providers and single sign-on. Stormpath is presented as a solution that handles these challenges by taking over user management and allowing applications to authenticate users without implementing any of these aspects themselves. The document includes a demonstration of Stormpath's capabilities.
In this presentation, Java Developer Evangelist Micah Silverman will show you how to “Write Once, Run Any Tenant”. With a single application and some configuration in Stormpath’s Admin Console, your application will be able to support multiple Organizations of users.
This is great for SaaS applications who need to securely partition their Customer organizations; each Organization will have no knowledge of or access to the others.
By the end of this webinar, you’ll be on your way to a fully functioning Spring Boot app with Multi-Tenancy backed by Stormpath.
Topics Covered:
Stormpath Customer Identity Management
Why Build a Multi-Tenant Application?
Quickstart on setting up Multi-Tenancy in your Spring Boot application including:
Configuring Authentication using Subdomains
Setting up Organizations, Directories, and Accounts
Enabling the Stormpath Application for Authentication and Authorization
Configuring ID Site for pre-built Authentication workflows
Tying it all together with only one instance of your Spring Boot application running
Technical Q&A
Multi-Tenancy with Subdomains + Spring Boot: https://stormpath.com/blog/idsite-multi-tenancy/
Multi-Tenancy Code Example: https://github.com/stormpath/stormpath-java-idsite-multi-tenant-example
Stormpath Java SDK: https://github.com/stormpath/stormpath-sdk-java
All The Stormpath Java Integrations: http://docs.stormpath.com/java/
Build a REST API for your Mobile Apps using Node.jsStormpath
Join Stormpath Developer Evangelist, Edward Jiang, to learn how to build your first REST API using Node.js, and connect it to an iOS or Android app. He’ll cover everything you need to know to about building an API and take you through an example with live code samples.
REST API Security: OAuth 2.0, JWTs, and More!Stormpath
Les Hazlewood, Stormpath CTO, already showed you how to build a Beautiful REST+JSON API, but how do you secure your API? At Stormpath, we spent 18 months researching best practices. Join Les as he explains how to secure your REST API, the right way. We'll also host a live Q&A session at the end.
Storing User Files with Express, Stormpath, and Amazon S3Stormpath
Join Stormpath Developer Evangelist, Randall Degges, to learn how to store user files using Amazon S3. He’ll cover everything you need to know to properly handle user files in your web applications.
Randall will cover:
- What is the problem we're trying to solve?
- How files are typically stored
- What you need to know about Amazon S3
- How to build a basic Express application with user authentication
- How to securely store files in S3 using express-stormpath-s3
- Q/A Session
Stormpath Java Developer Evangelist, Micah Silverman, takes a deep dive into using JWTs to protect microservices from CSRF and more. Micah will explain how JWTs can be used to secure web applications built with Java, OAuth2 and JWTs, and 'unsafe' clients, while supporting security best practices and even improving application performance and scale.
Mobile Authentication for iOS Applications - Stormpath 101Stormpath
Want to build user authentication into your iOS apps quickly and securely?
In this presentation, iOS Developer Evangelist Edward Jiang will go over OAuth, best practices, and how to easily integrating Facebook, Google, and email logins into your app using Stormpath's iOS SDK!
Topics Covered:
- Stormpath Customer Identity Management
- What does authentication mean?
- Common methods of mobile authentication
- OAuth Token Authentication
- Building Login & Registration with Stormpath
- Making authenticated network requests
- Add Facebook / Google login with one line of code
- Technical Q&A
Sign up for Stormpath: https://api.stormpath.com/register
More from Stormpath: https://stormpath.com/blog
Join Stormpath Java Developer Evangelist Micah Silverman for a technical overview of the common pain points with Java authentication. We'll cover how to solve them with Stormpath in a Spring Boot application, and demonstrate how to quickly add a complete user management system to your Spring Boot app. By the end of this webinar, you’ll be on your way to a fully functioning Spring Boot app backed by Stormpath.
Topics Covered:
Authentication Pain Points in Java Stormpath, Spring Boot, and Your Architecture
Demo:
Auth in Spring Boot, with these features:
A complete user registration and login system
Pre-built login screens
Password reset workflows
Group-based authorization
Advanced user features: API authentication, Single Sign-On, social login, and more Technical Q&A
Stormpath 101: Spring Boot + Spring SecurityStormpath
In this presentation, Java Developer Evangelist Micah Silverman will go over common pain points with Java authentication and how to solve them using Stormpath, Spring Boot, and Spring Security!
Join Stormpath Java Developer Evangelist, Matt Raible, to learn how to build apps using Angular. You will learn about the tools you need to setup a project, how to run/debug your app, and how to deploy it to the cloud. You’ll also learn about new concepts in Angular 2+.
Join Stormpath Developer Evangelist, Robert Damphousse, to dive deep into browser security. Robert will explain how Session IDs, Man in the Middle (MITM), Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF) attacks work, and how to use cookies to support security best practices.
Topics Covered:
- Security concerns for modern web apps
- Cookies, the right way
- MITM, XSS, and CSRF attacks
- Session ID problems
- Examples in an Angular app
We already showed you how to build a Beautiful REST+JSON API(http://www.slideshare.net/stormpath/rest-jsonapis), but how do you secure your API? At Stormpath we spent 18 months researching best practices, implementing them in the Stormpath API, and figuring out what works. Here’s our playbook on how to secure a REST API.
This document provides an overview of designing beautiful REST+JSON APIs. It discusses REST fundamentals like resources, methods, media types, and hypermedia as the engine of application state (HATEOAS). It covers best practices for API design like base URLs, versioning, resource formats, linking, pagination, and more. The goal is to help API providers design APIs that are easy for developers to consume while also being scalable and secure.
"ElasticSearch in action" by Thijs Feryn.
ElasticSearch is a really powerful search engine, NoSQL database & analytics engine. It is fast, it scales and it's a child of the Cloud/BigData generation. This talk will show you how to get things done using ElasticSearch. The focus is on doing actual work, creating actual queries and achieving actual results. Topics that will be covered: - Filters and queries - Cluster, shard and index management - Data mapping - Analyzers and tokenizers - Aggregations - ElasticSearch as part of the ELK stack - Integration in your code.
The document discusses best practices for crafting evolvable API responses. It advocates taking back control of representations by thinking of responses as messages rather than objects. This allows APIs to build payloads with just enough data to solve the problem and survive changes over time. The document explores using attribute groups, links, and established formats like HAL and JSON-LD to build representations that are minimal yet provide essential context.
The web has changed! Users spend more time on mobile than on desktops and they expect to have an amazing user experience on both platforms. APIs are the heart of the new web as the central point of access data, encapsulating logic and providing the same data and same features for desktops and mobiles.
In this talk, I will show you how in only 45 minutes we can create full REST API, with documentation and admin application build with React.
Semantic Metastandards will Unlock IoT InteroperabilityDavid Janes
Presentation at InterIoT, Rome, 2015-10-26. How to use web standard technologies such as URIs, JSON, JSON-LD, Linked Data, and REST to create Interoperability amongst different protocol stacks.
The document discusses the new JSON REST API for WordPress, which provides a modern REST API for WordPress sites using JSON instead of the outdated XML-RPC format. It allows users to create, read, update and delete WordPress content like posts, pages, users and media through HTTP requests. The API can be accessed through plugins or by making requests directly to the /wp-json/ endpoints. It also supports features like authentication, pagination and filtering to build powerful applications that interact with WordPress content and data.
Taylor Lovett presented on the new JSON REST API for WordPress. The API uses JSON and REST principles to provide an intuitive and easy to use interface for WordPress content. It allows users to create, read, update and delete WordPress content like posts, pages, users and media through HTTP requests. The API is extensible and developers can build custom routes and endpoints. It provides a powerful way to interact with WordPress programmatically and will soon be integrated into the WordPress core.
The document summarizes updates to Alfresco's public API, including improvements to OAuth keys that allow longer refresh times, new favorites and site membership request APIs, and examples of calling the APIs. It also outlines the roadmap to merge the APIs into the next Alfresco release and add new API types and versions.
Pragmatic REST: recent trends in API designMarsh Gardiner
As presented by @mpnally and @earth2marsh at I Love APIs 2015. Slides covered API design trends, with particular attention paid to hypermedia and versioning. Note the distinction between service-oriented and data-oriented approaches on slide #5.
This document discusses Curiosity, a data exploration tool that provides a single access point for querying data. It allows for simple querying of data through Elasticsearch, discovery of data models, templating of results and aggregations. Curiosity offers extensibility through modules and export of data to CSV. It is compared to Kibana, noting that Curiosity offers temporal dashboards and multi-query capabilities. The document promotes Curiosity and provides a link to its GitHub page for demonstration.
Curiosity, outil de recherche open source par PagesJaunesPagesJaunes
Curiosity, outil de recherche et visualisation de données, créé en open source par PagesJaunes et présenté au meetup Elasticsearch le 13 novembre 2014.
Example-driven Web API Specification DiscoveryJavier Canovas
Slides of my presentation at European Conference on Modelling Foundations and Applications (ECMFA'17). To be presented during the session on Thursday 16:00-17:30
IOTDB, Semantics and the Internet of ThingsDavid Janes
- IOTDB proposes a semantic model for representing IoT devices using bands of JSON-like dictionaries referenced by URIs to describe a thing's input state, output state, model, and metadata.
- Key concepts include using semantic terms from published vocabularies, composing things from atomic attributes defined in a model, and manipulating bands using RESTful operations on URIs.
- The approach aims to enable interoperability across IoT standards and platforms in a simple and expandable way based on web technologies like URIs, REST, and JSON.
JSON-LD is a set of W3C standards track specifications for representing Linked Data in JSON. It is fully compatible with the RDF data model, but allows developers to work with data entirely within JSON.
More information on JSON-LD can be found at http://json-ld.org/
FIFA fails, Guy Kawasaki and real estate in SF - find out about all three by ...Elżbieta Bednarek
How to use Object Path, the agile query languge, to effectively extract relevant data from JSON documents of complex or even unknown structure. How to quickly build a web app using the insights you discover with ObjectPath.
This document discusses adding semantic structure to real-time social data from Twitter through Twitter Annotations. It describes how Annotations can be mapped to existing Semantic Web vocabularies and linked to datasets to enable real-time semantic search over social and linked data. A system called TwitLogic is presented that captures Twitter data, converts it to RDF, and publishes it as linked streams to allow for continuous querying and integration with the live Semantic Web.
This document provides an overview of Elasticsearch, including what it is, how it works, and how to perform basic operations like indexing, updating, and searching documents. It explains that Elasticsearch allows for advanced search across large amounts of data by making documents searchable and scaling easily. It also demonstrates how to index, update, search for, and retrieve documents through RESTful API calls. Faceted search, aggregations, and cluster architecture are also summarized.
Secure API Services in Node with Basic Auth and OAuth2Stormpath
In this presentation, Lead Developer Evangelist Randall Degges will go over how API authentication works via HTTP Basic Auth and OAuth2 (Client Credentials), and will show you how to secure an Express.js API service with both of them using Stormpath!
Securing Web Applications with Token AuthenticationStormpath
In this presentation, Java Developer Evangelist Micah Silverman demystifies HTTP Authentication and explains how the Next Big Thing - Token Authentication - can be used to secure web applications on the JVM, REST APIs, and 'unsafe' clients while supporting security best practices and even improving your application's performance and scale.
Topics Covered:
Security Concerns for Modern Web Apps
Cross-Site Scripting Prevention
Working with 'Untrusted Clients'
Securing API endpoints
Cookies
Man in the Middle (MitM) Attacks
Cross-Site Request Forgery
Session ID Problems
Token Authentication
JWTs
Working with the JJWT library
End-to-end example with Spring Boot
Token Authentication for Java ApplicationsStormpath
Everyone building a web application that supports user login is concerned with security. How do you securely authenticate users and keep their identity secure? With the huge growth in Single Page Applications (SPAs), JavaScript and mobile applications, how do you keep users safe even though these are 'unsafe' client environments?
This presentation will demystify HTTP Authentication and explain how the Next Big Thing - Token Authentication - can be used to secure web applications on the JVM, REST APIs, and 'unsafe' clients while supporting security best practices and even improving your application's performance and scale.
Single Page Apps bring a unique set of concerns to authentication and user management. Robert Damphousse, lead Javascript engineer at Stormpath, will show you how to use Stormpath to secure an Angular.js app with any backend: Java, Node, PHP, .NET and more!
Robert will deep dive into Angular.js authentication best practices and an extended technical example. Join us!
Topics Covered:
- Authentication in Single Page Apps (SPA)
- Using JWTs instead of Session IDs
- Secure Cookie storage
- Cross-Origin Resource Sharing
- Where does Stormpath fit in your architecture?
- End-to-end example with Angular.js + Express.js
- Password-based registration and login
- How to secure your API endpoints
- Implement User Authorization
- Design for a frictionless User Experience
Building Secure User Interfaces With JWTs (JSON Web Tokens)Stormpath
With new tools like Angular.js and Node.js, it is easier than ever to build User Interfaces and Single-Page Applications (SPAs) backed by APIs.
But how to do it securely? Web browsers are woefully insecure, and hand-rolled APIs are risky.
In this presentation, Robert Damphousse, lead front-end developer at Stormpath, covers web browser security issues, technical best practices and how you can mitigate potential risks. Enjoy!
Topics Covered:
1. Security Concerns for Modern Web Apps
2. Cookies, The Right Way
3. Session ID Problems
4. Token Authentication to the rescue!
5. Angular Examples
Companion slides for Stormpath CTO and Co-Founder Les REST API Security Webinar. This presentation covers all the RESTful best practices learned building the Stormpath APIs. This webinar is full of best practices learned building the Stormpath API and supporting authentication for thousands of projects. Topics Include:
- HTTP Authentication
- Choosing a Security Protocol
- Generating & Managing API Keys
- Authorization & Scopes
- Token Authentication with JSON Web Tokens (JWTs)
- Much more...
Stormpath is a User Management API that reduces development time with instant-on, scalable user infrastructure. Stormpath's intuitive API and expert support make it easy for developers to authenticate, manage and secure users and roles in any application.
Companion slides for Stormpath CTO and Co-Founder Les Hazlewood's Elegant REST Design Webinar. This presentation covers all the RESTful best practices learned building the Stormpath APIs. Whether you’re writing your first API, or just need to figure out that last piece of the puzzle, this is a great opportunity to learn more.
Stormpath is a User Management API that reduces development time with instant-on, scalable user infrastructure. Stormpath's intuitive API and expert support make it easy for developers to authenticate, manage and secure users and roles in any application.
Build a Node.js Client for Your REST+JSON APIStormpath
In this presentation, Les Hazlewood - Stormpath CTO and Apache Shiro PMC Chair - will share all of the golden nuggets learned while designing, implementing and supporting a Node.js Client purpose-built for a real-world REST+JSON API.
Further reading: http://www.stormpath.com/blog
Stormpath is a user management and authentication service for developers. By offloading user management and authentication to Stormpath, developers can bring applications to market faster, reduce development costs, and protect their users. Easy and secure, the flexible cloud service can manage millions of users with a scalable pricing model.
Last year, Stormpath made the big shift from Scrum to Kanban. While we love Agile principles, the Scrum process wasn’t working for us. Kanban made our team more efficient, happier, and increased our focus on quality software. More importantly, it has become a core part of our company culture, and is now used by non-technical teams like Marketing and HR.
Kanban software development focuses on continuous delivery and drives high efficiency by limiting how much work can be done at once. Invented by Toyota and modified by David J. Anderson for software development, Kanban can have a huge impact on modern teams delivering cloud software in continuous environments.
This document discusses best practices for designing RESTful APIs using JAX-RS. It covers fundamental REST concepts like resources, HTTP methods, media types, hypermedia and HATEOAS. It provides guidelines for API design elements like base URLs, versioning, response formats, linking, pagination, errors and security. It emphasizes building stateless, cacheable APIs that follow conventions to be intuitive and easy to use for clients. The document concludes by inviting the reader to code along with an example JAX-RS TODO application.
Austere Systems Company Portfolio (ASPL).pdfsupport433113
Austere Systems Pvt. Ltd. is a leading IT services provider specializing in a wide range of technology solutions. We help businesses leverage the power of IT to achieve their strategic goals and gain a competitive edge.
Our Expertise:
IT Staff Augmentation: We provide skilled and experienced IT professionals across various domains like SAP, Java, .Net, PHP and PowerBi.
Application Development: Our team builds robust mobile, Web and desktop applications to meet your specific business needs.
Product Re-engineering & Maintenance: We breathe new life into existing software and ensure its smooth operation.
Infrastructure Management: We take care of your IT infrastructure, including servers, networks, and security.
Support Services: Our L1/L2 support centers offer prompt and reliable assistance for your IT issues.
Digital Marketing & SEO: We help you reach your target audience and boost your online presence.
Why Choose Austere Systems?
Skilled & Experienced Professionals: Our team possesses in-depth knowledge and expertise in various technologies.
Focus on Client Satisfaction: We prioritize building strong relationships and exceeding client expectations.
Innovative Solutions: We deliver cutting-edge solutions tailored to your unique business challenges.
Cost-Effective Services: We offer competitive rates and ensure value for your investment.
Thinking about freelancing? It's not just about coding solo and avoiding coworkers. Join me as I share insights from my 15-year freelance journey, covering everything from managing invoices to client communication styles. This session blends ColdFusion-specific tips with general freelance and consulting advice, with time for audience Q&A.
LIVE DEMO: CCX for CSPs, a drop-in DBaaS solutionSeveralnines
This webinar aims to equip Cloud Service Providers (CSPs) with the knowledge and tools to differentiate themselves from hyperscalers by offering a Database-as-a-Service (DBaaS) solution. The session will introduce and demonstrate CCX, a drop-in, premium DBaaS designed for rapid adoption.
Learn more about CCX for CSPs here: https://bit.ly/3VabiDr
European Standard S1000D, an Unnecessary Expense to OEM.pptxDigital Teacher
This discusses the costly implementation of the S1000D standard for technical documentation in the Indian defense sector, claiming that it does not increase interoperability. It calls for a return to the more cost-effective JSG 0852 standard, with shipbuilding companies handling IETM conversion to better serve military demands and maintain paperwork from diverse OEMs.
2. @lhazlewood @goStormpath
.com
• User Management API for Developers
• Password security
• Authentication and Authorization
• LDAP/AD/Social/SAML/OAuth support
• Instant-on, scalable, and highly available
• Free for developers
29. @lhazlewood @goStormpath
POST as Create
On a parent resource
POST /applications
{
“name”: “Best App Ever”
}
Response:
201 Created
Location: https://api.stormpath.com/applications/a1b2c3
30. @lhazlewood @goStormpath
POST as Update
On instance resource
POST /applications/a1b2c3
{
“name”: “Best App Ever. Srsly.”
}
Response:
200 OK
42. @lhazlewood @goStormpath
HREF
• Distributed Hypermedia is paramount!
• Every accessible Resource has a canonical unique
URL
• Replaces IDs (IDs exist, but are opaque).
• Critical for linking
49. @lhazlewood @goStormpath
Ion meta href
GET /accounts/x7y8z9
200 OK
{
“meta”: { “href”: “https://api.stormpath.com/accounts/x7y8z9” },
“givenName”: “Tony”,
“surname”: “Stark”,
…
}
50. @lhazlewood @goStormpath
Ion link
GET /accounts/x7y8z9
200 OK
{
“meta”: { ... },
“givenName”: “Tony”,
“surname”: “Stark”,
…,
“directory”: {
“meta”:{ “href”: https://api.stormpath.com/directories/g4h5i6” }
}
}
51. @lhazlewood @goStormpath
Ion link (collection)
GET /accounts/x7y8z9
200 OK
{
“meta”: { ... },
“givenName”: “Tony”,
“surname”: “Stark”,
…,
“groups”: {
“meta”: {
“href”: “https://api.stormpath.com/accounts/x7y8z9/groups”, “rel”: [“collection”]
}
}
}
52. @lhazlewood @goStormpath
What about HAL?
• Linking focus
• Forces links to be separate from context/content
– (when was the last time you had to put all of your anchors at
the bottom of an html paragraph? Right... never.)
• In contrast to HAL, Ion is much more like HTML – it’s all in
one convenient spec.
• Ion transliteration to/from HTML is far easier (by design)
63. @lhazlewood @goStormpath
What about Schemas / json-schema ?
Not needed. REST != RDBMS
(are schemas necessary for browsers/HTML?)
Forms do the same thing and are more flexible/powerful
Remember Fielding’s REST Rule about Dynamic Typing
71. @lhazlewood @goStormpath
Header
• Accept header
• Header values comma delimited
• q param determines precedence, defaults to 1, then
conventionally by list order
GET /applications/a1b2c3
Accept: application/json, text/plain;q=0.8
74. @lhazlewood @goStormpath
camelCase
‘JS’ in ‘JSON’ = JavaScript
myArray.forEach
Not myArray.for_each
account.givenName
Not account.given_name
Underscores for property/function names are unconventional
for JS. Stay consistent.
76. @lhazlewood @goStormpath
Dates & Times
There’s already a standard. Use it: ISO 8601
“createdAt”: “2013-07-10T18:02:24.343Z”
Use UTC!
This is represented in Ion as a field types of date, time,
datetime, etc.
77. @lhazlewood @goStormpath
createdAt / updatedAt
Most people will want this at some point
{
…,
“createdAt”: “2013-07-10T18:02:24.343Z”,
“updatedAt”: “2014-09-29T07:02:48.761Z”
}
Use UTC!
82. @lhazlewood @goStormpath
Ensure Collection Resources support query params:
• Offset + Limit vs Cursor
…/applications?offset=50&limit=25
• Don’t require the user to query for these – provide OOTB links
91. @lhazlewood @goStormpath
Search cont’d
• Range queries via Ion min and max field members
“all accounts created between September 1st and the 15th”
Form fields example:
{“name”: “createdAtBegin”, “min”: “2014-01-01”,”max=“2014-12-31”}
{“name”: “createdAtEnd”, “min”: “2014-01-01”,”max=“2014-12-31”}
Ion TBD: range type:
.../accounts?createdAt=[2014-09-01,2014-09-15]
94. @lhazlewood @goStormpath
Group to Account
• A group can have many accounts
• An account can be in many groups
• Each mapping is a resource:
GroupMembership
102. @lhazlewood @goStormpath
• Each batch is represented as a resource
• Batches are likely to be a collection
• Batches are likely to have a status
• Downside: problematic regarding HTTP caching
109. @lhazlewood @goStormpath
• As descriptive as possible
• As much information as possible
• Developers are your customers
110. @lhazlewood @goStormpath
POST /directories
409 Conflict
{
“status”: 409,
“code”: 40924,
“property”: “name”,
“message”: “A Directory named ‘Avengers’ already exists.”,
“developerMessage”: “A directory named ‘Avengers’ already
exists. If you have a stale local cache, please expire it
now.”,
“moreInfo”: “https://www.stormpath.com/docs/api/errors/40924”
}
112. @lhazlewood @goStormpath
Avoid sessions when possible
Authenticate every request if necessary
Stateless
Authorize based on resource content, NOT URL!
Use Existing Protocol:
Oauth 1.0a, Oauth2, Basic over SSL only
Custom Authentication Scheme:
Only if you provide client code / SDK
Only if you really, really know what you’re doing
Use API Keys and/or JWTs instead of Username/Passwords
113. @lhazlewood @goStormpath
401 vs 403
• 401 “Unauthorized” really means Unauthenticated
“You need valid credentials for me to respond to this request”
• 403 “Forbidden” really means Unauthorized
“Sorry, you’re not allowed!”
114. @lhazlewood @goStormpath
HTTP Authentication Schemes
• Server response to issue challenge:
WWW-Authenticate: <scheme name>
realm=“Application Name”
• Client request to submit credentials:
Authorization: <scheme name> <data>
117. @lhazlewood @goStormpath
• IDs should be opaque
• Should be globally unique
• Avoid sequential numbers (contention, fusking)
• Good candidates: UUIDs, ‘Url64’
126. @lhazlewood @goStormpath
.com
• Free for developers
• Eliminate months of development
• Automatic security best practices
• Single Sign On
• Social/OAuth/SAML/Multi-factor/etc
• API Authentication & Key Management
• Token Authentication for SPAs / Mobile
• Authorization & Multi-tenancy for your apps
Libraries and integrations:
https://docs.stormpath.com