At Stormpath we spent 18 months researching API design best practices. Join Les Hazlewood, Stormpath CTO and Apache Shiro Chair, as he explains how to design a secure REST API, the right way. He'll also hang out for a live Q&A session at the end.
Sign up for Stormpath: https://api.stormpath.com/register
More from Stormpath: http://www.stormpath.com/blog
Les will cover:
REST + JSON API Design
Base URL design tips
API Security
Versioning for APIs
API Resource Formatting
API Return Values and Content Negotiation
API References (Linking)
API Pagination, Parameters, & Errors
Method Overloading
Resource Expansion and Partial Responses
Error Handling
Multi-tenancy
A comprehensive walkthrough of how to manage infrastructure-as-code using Terraform. This presentation includes an introduction to Terraform, a discussion of how to manage Terraform state, how to use Terraform modules, an overview of best practices (e.g. isolation, versioning, loops, if-statements), and a list of gotchas to look out for.
For a written and more in-depth version of this presentation, check out the "Comprehensive Guide to Terraform" blog post series: https://blog.gruntwork.io/a-comprehensive-guide-to-terraform-b3d32832baca
The document discusses the evolution of hypermedia APIs and their use of JSON-LD and Hydra to define operations on resources. It shows examples of representing an event and its attendees as JSON-LD documents with Hydra definitions for POST operations to add attendees. The document concludes by thanking attendees and providing contact information for questions.
This talk introduces Spring's REST stack - Spring MVC, Spring HATEOAS, Spring Data REST, Spring Security OAuth and Spring Social - while refining an API to move higher up the Richardson maturity model
Common issues with Apache Kafka® Producerconfluent
Badai Aqrandista, Confluent, Senior Technical Support Engineer
This session will be about a common issue in the Kafka Producer: producer batch expiry. We will be discussing the Kafka Producer internals, its common causes, such as a slow network or small batching, and how to overcome them. We will also be sharing some examples along the way!
https://www.meetup.com/apache-kafka-sydney/events/279651982/
Asynchronous API in Java8, how to use CompletableFutureJosé Paumard
Slides of my talk as Devoxx 2015. How to set up asynchronous data processing pipelines using the CompletionStage / CompletableFuture API, including how to control threads and how to handle exceptions.
This session will give attendees an overview of the new testing features in Spring 3.1 as well the new Spring MVC test support. Sam Brannen will demonstrate how to use the Spring TestContext Framework to write integration tests for Java-based Spring configuration using @Configuration classes. He'll then compare and contrast this approach with XML-based configuration and follow up with a discussion of the new testing support for bean definition profiles. Next, Rossen Stoyanchev will show attendees how testing server-side code with annotated controllers and client-side code with the RestTemplate just got a whole lot easier with the new Spring MVC test support. Come to this session to see these new Spring testing features in action and learn how you can get involved in the Spring MVC Test Support project.
How We Optimize Spark SQL Jobs With parallel and sync IODatabricks
Although NVMe has been more and more popular these years, a large amount of HDD are still widely used in super-large scale big data clusters. In a EB-level data platform, IO(including decompression and decode) cost contributes a large proportion of Spark jobs’ cost. In another word, IO operation is worth optimizing.
In ByteDancen, we do a series of IO optimization to improve performance, including parallel read and asynchronized shuffle. Firstly we implement file level parallel read to improve performance when there are a lot of small files. Secondly, we design row group level parallel read to accelerate queries for big-file scenario. Thirdly, implement asynchronized spill to improve job peformance. Besides, we design parquet column family, which will split a table into a few column families and different column family will be in different Parquets files. Different column family can be read in parallel, so the read performance is much higher than the existing approach. In our practice, the end to end performance is improved by 5% to 30%
In this talk, I will illustrate how we implement these features and how they accelerate Apache Spark jobs.
Jilles van Gurp presents on the ELK stack and how it is used at Linko to analyze logs from applications servers, Nginx, and Collectd. The ELK stack consists of Elasticsearch for storage and search, Logstash for processing and transporting logs, and Kibana for visualization. At Linko, Logstash collects logs and sends them to Elasticsearch for storage and search. Logs are filtered and parsed by Logstash using grok patterns before being sent to Elasticsearch. Kibana dashboards then allow users to explore and analyze logs in real-time from Elasticsearch. While the ELK stack is powerful, there are some operational gotchas to watch out for like node restarts impacting availability and field data caching
A comprehensive walkthrough of how to manage infrastructure-as-code using Terraform. This presentation includes an introduction to Terraform, a discussion of how to manage Terraform state, how to use Terraform modules, an overview of best practices (e.g. isolation, versioning, loops, if-statements), and a list of gotchas to look out for.
For a written and more in-depth version of this presentation, check out the "Comprehensive Guide to Terraform" blog post series: https://blog.gruntwork.io/a-comprehensive-guide-to-terraform-b3d32832baca
The document discusses the evolution of hypermedia APIs and their use of JSON-LD and Hydra to define operations on resources. It shows examples of representing an event and its attendees as JSON-LD documents with Hydra definitions for POST operations to add attendees. The document concludes by thanking attendees and providing contact information for questions.
This talk introduces Spring's REST stack - Spring MVC, Spring HATEOAS, Spring Data REST, Spring Security OAuth and Spring Social - while refining an API to move higher up the Richardson maturity model
Common issues with Apache Kafka® Producerconfluent
Badai Aqrandista, Confluent, Senior Technical Support Engineer
This session will be about a common issue in the Kafka Producer: producer batch expiry. We will be discussing the Kafka Producer internals, its common causes, such as a slow network or small batching, and how to overcome them. We will also be sharing some examples along the way!
https://www.meetup.com/apache-kafka-sydney/events/279651982/
Asynchronous API in Java8, how to use CompletableFutureJosé Paumard
Slides of my talk as Devoxx 2015. How to set up asynchronous data processing pipelines using the CompletionStage / CompletableFuture API, including how to control threads and how to handle exceptions.
This session will give attendees an overview of the new testing features in Spring 3.1 as well the new Spring MVC test support. Sam Brannen will demonstrate how to use the Spring TestContext Framework to write integration tests for Java-based Spring configuration using @Configuration classes. He'll then compare and contrast this approach with XML-based configuration and follow up with a discussion of the new testing support for bean definition profiles. Next, Rossen Stoyanchev will show attendees how testing server-side code with annotated controllers and client-side code with the RestTemplate just got a whole lot easier with the new Spring MVC test support. Come to this session to see these new Spring testing features in action and learn how you can get involved in the Spring MVC Test Support project.
How We Optimize Spark SQL Jobs With parallel and sync IODatabricks
Although NVMe has been more and more popular these years, a large amount of HDD are still widely used in super-large scale big data clusters. In a EB-level data platform, IO(including decompression and decode) cost contributes a large proportion of Spark jobs’ cost. In another word, IO operation is worth optimizing.
In ByteDancen, we do a series of IO optimization to improve performance, including parallel read and asynchronized shuffle. Firstly we implement file level parallel read to improve performance when there are a lot of small files. Secondly, we design row group level parallel read to accelerate queries for big-file scenario. Thirdly, implement asynchronized spill to improve job peformance. Besides, we design parquet column family, which will split a table into a few column families and different column family will be in different Parquets files. Different column family can be read in parallel, so the read performance is much higher than the existing approach. In our practice, the end to end performance is improved by 5% to 30%
In this talk, I will illustrate how we implement these features and how they accelerate Apache Spark jobs.
Jilles van Gurp presents on the ELK stack and how it is used at Linko to analyze logs from applications servers, Nginx, and Collectd. The ELK stack consists of Elasticsearch for storage and search, Logstash for processing and transporting logs, and Kibana for visualization. At Linko, Logstash collects logs and sends them to Elasticsearch for storage and search. Logs are filtered and parsed by Logstash using grok patterns before being sent to Elasticsearch. Kibana dashboards then allow users to explore and analyze logs in real-time from Elasticsearch. While the ELK stack is powerful, there are some operational gotchas to watch out for like node restarts impacting availability and field data caching
Microservices with Java, Spring Boot and Spring CloudEberhard Wolff
Spring Boot makes creating small Java application easy - and also facilitates operations and deployment. But for Microservices need more: Because Microservices are a distributed systems issues like Service Discovery or Load Balancing must be solved. Spring Cloud adds those capabilities to Spring Boot using e.g. the Netflix stack. This talks covers Spring Boot and Spring Cloud and shows how these technologies can be used to create a complete Microservices environment.
Degrading Performance? You Might be Suffering From the Small Files SyndromeDatabricks
Small file sizes can degrade performance in Spark and Hive queries. This is because each small file requires overhead to open, read, and process. The problem is common with event streaming data and IoT sensors that produce many small files. To detect the issue, check for data skew across partitions and Spark job writers processing many small files. Mitigation techniques include file hierarchy designs, repartitioning, Delta Lake optimizations, and Databricks Auto Optimize to merge small files.
Talk given for the #phpbenelux user group, March 27th in Gent (BE), with the goal of convincing developers that are used to build php/mysql apps to broaden their horizon when adding search to their site. Be sure to also have a look at the notes for the slides; they explain some of the screenshots, etc.
An accompanying blog post about this subject can be found at http://www.jurriaanpersyn.com/archives/2013/11/18/introduction-to-elasticsearch/
Spring boot is a great and relatively a new project from Spring.io. The presentation discusses about basics of spring boot to advance topics. Sample demo apps are available here : https://github.com/bhagwat/spring-boot-samples
GitHub Actions is a great addition to the GitHub toolchain, but what can you use them for beyond building the code in your GitHub repository?
In this session Morten Christensen (https://twitter.com/sitereactor), dive into what a GitHub Action actually is and how it can be used through examples and demos.
We will have a look at workflows related to Continuous Integration / Continuous Deployment and open source projects - and finally we will look at how you can extend your workflows with your own Actions.
By the end of this session you should have a good idea of how you can utilize GitHub Actions and Workflows to automate anything and everything related to your GitHub repository. So expect to see a lot of YAML :)
Presented by Nikola Vasilev on SkopjeTechMeetup 7.
Representational state transfer (REST) can be thought of as the language of the Internet. Now with cloud usage on the rise, REST is a logical choice for building APIs that allow end users to connect and interact with cloud services. This talk will deliver more insight into the challenges on building and maintaining good and clean RESTful APIs.
Materialized Column: An Efficient Way to Optimize Queries on Nested ColumnsDatabricks
In data warehouse area, it is common to use one or more columns in complex type, such as map, and put many subfields into it. It may impact the query performance dramatically because: 1) It is a waste of IO. The whole column (in map), which may contain tens of subfields, need to be read. And Spark will traverse the whole map and get the value of the target key. 2) Vectorized read can not be exploit when nested type column is read. 3) Filter pushdown can not be utilized when nested columns is read. Over the last year, we have added a series of optimizations in Apache Spark to solve the above problems for Parquet.
Kafka Streams State Stores Being Persistentconfluent
This document discusses Kafka Streams state stores. It provides examples of using different types of windowing (tumbling, hopping, sliding, session) with state stores. It also covers configuring state store logging, caching, and retention policies. The document demonstrates how to define windowed state stores in Kafka Streams applications and discusses concepts like grace periods.
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Hello Cloud
Sai Linnthu is a founding partner at HelloCloud.io and discusses service meshes and Istio. Istio provides a framework-agnostic approach for managing communication policies and observability across cloud-native microservices. While Istio addresses many challenges of microservices, its complexity makes it difficult to use and manage across multiple clouds without additional capabilities like centralized metrics, access logging and lifecycle management.
The document summarizes a presentation given by Alex Borysov and Mykyta Protsenko comparing gRPC and REST. It provides an overview of gRPC, describing it as a high performance RPC framework. It then discusses some issues with REST including heterogeneous data formats and service discovery. Examples are given of implementing a sample aggregator service using both REST and gRPC to illustrate their differences.
Data Warehouses in Kubernetes Visualized: the ClickHouse Kubernetes Operator UIAltinity Ltd
Graham Mainwaring and Robert Hodges summarize management of ClickHouse on Kubernetes using the ClickHouse Kubernetes Operator and introduce a new UI for it. Presented at the 15 Dec '22 SF Bay Area ClickHouse Meetup.
ELK (Elasticsearch, Logstash, Kibana) is an open source toolset for centralized logging, where Logstash collects, parses, and filters logs, Elasticsearch stores and indexes logs for search, and Kibana visualizes logs. Logstash processes logs through an input, filter, output pipeline using plugins. It can interpret various log formats and event types. Elasticsearch allows real-time search and scaling through replication/sharding. Kibana provides browser-based dashboards and visualization of Elasticsearch query results.
Spring Boot is a framework for creating stand-alone, production-grade Spring based Applications that can be "just run". It provides starters for auto-configuration of common Spring and third-party libraries providing features like Thymeleaf, Spring Data JPA, Spring Security, and testing. It aims to remove boilerplate configuration and promote "convention over configuration" for quick development. The document then covers how to run a basic Spring Boot application, use Rest Controllers, Spring Data JPA, Spring Security, and testing. It also discusses deploying the application on a web server and customizing through properties files.
This document describes how to use the ELK (Elasticsearch, Logstash, Kibana) stack to centrally manage and analyze logs from multiple servers and applications. It discusses setting up Logstash to ship logs from files and servers to Redis, then having a separate Logstash process read from Redis and index the logs to Elasticsearch. Kibana is then used to visualize and analyze the logs indexed in Elasticsearch. The document provides configuration examples for Logstash to parse different log file types like Apache access/error logs and syslog.
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...Edureka!
( ELK Stack Training - https://www.edureka.co/elk-stack-trai... )
This Edureka Elasticsearch Tutorial will help you in understanding the fundamentals of Elasticsearch along with its practical usage and help you in building a strong foundation in ELK Stack. This video helps you to learn following topics:
1. What Is Elasticsearch?
2. Why Elasticsearch?
3. Elasticsearch Advantages
4. Elasticsearch Installation
5. API Conventions
6. Elasticsearch Query DSL
7. Mapping
8. Analysis
9 Modules
Building Beautiful REST APIs with ASP.NET CoreStormpath
Join Stormpath .NET Developer Evangelist, Nate Barbettini, to learn best practices for designing your REST API in ASP.NET Core. Nate will explain how to build HATEOS-compliant JSON APIs while supporting security best practices and even improving performance and scale.
Topics Covered:
What is REST and HATEOS?
How to think about RESTful APIs
How to model hypermedia in C#
Building JSON APIs in ASP.NET Core
The Ultimate Guide to Mobile API SecurityStormpath
Join Stormpath Developer Evangelist Edward Jiang to learn more about the common ways developers authenticate users in their mobile apps, what to watch out for when building your backend API and mobile apps, and how to integrate a secure user datastore to manage your users and authentication.
Microservices with Java, Spring Boot and Spring CloudEberhard Wolff
Spring Boot makes creating small Java application easy - and also facilitates operations and deployment. But for Microservices need more: Because Microservices are a distributed systems issues like Service Discovery or Load Balancing must be solved. Spring Cloud adds those capabilities to Spring Boot using e.g. the Netflix stack. This talks covers Spring Boot and Spring Cloud and shows how these technologies can be used to create a complete Microservices environment.
Degrading Performance? You Might be Suffering From the Small Files SyndromeDatabricks
Small file sizes can degrade performance in Spark and Hive queries. This is because each small file requires overhead to open, read, and process. The problem is common with event streaming data and IoT sensors that produce many small files. To detect the issue, check for data skew across partitions and Spark job writers processing many small files. Mitigation techniques include file hierarchy designs, repartitioning, Delta Lake optimizations, and Databricks Auto Optimize to merge small files.
Talk given for the #phpbenelux user group, March 27th in Gent (BE), with the goal of convincing developers that are used to build php/mysql apps to broaden their horizon when adding search to their site. Be sure to also have a look at the notes for the slides; they explain some of the screenshots, etc.
An accompanying blog post about this subject can be found at http://www.jurriaanpersyn.com/archives/2013/11/18/introduction-to-elasticsearch/
Spring boot is a great and relatively a new project from Spring.io. The presentation discusses about basics of spring boot to advance topics. Sample demo apps are available here : https://github.com/bhagwat/spring-boot-samples
GitHub Actions is a great addition to the GitHub toolchain, but what can you use them for beyond building the code in your GitHub repository?
In this session Morten Christensen (https://twitter.com/sitereactor), dive into what a GitHub Action actually is and how it can be used through examples and demos.
We will have a look at workflows related to Continuous Integration / Continuous Deployment and open source projects - and finally we will look at how you can extend your workflows with your own Actions.
By the end of this session you should have a good idea of how you can utilize GitHub Actions and Workflows to automate anything and everything related to your GitHub repository. So expect to see a lot of YAML :)
Presented by Nikola Vasilev on SkopjeTechMeetup 7.
Representational state transfer (REST) can be thought of as the language of the Internet. Now with cloud usage on the rise, REST is a logical choice for building APIs that allow end users to connect and interact with cloud services. This talk will deliver more insight into the challenges on building and maintaining good and clean RESTful APIs.
Materialized Column: An Efficient Way to Optimize Queries on Nested ColumnsDatabricks
In data warehouse area, it is common to use one or more columns in complex type, such as map, and put many subfields into it. It may impact the query performance dramatically because: 1) It is a waste of IO. The whole column (in map), which may contain tens of subfields, need to be read. And Spark will traverse the whole map and get the value of the target key. 2) Vectorized read can not be exploit when nested type column is read. 3) Filter pushdown can not be utilized when nested columns is read. Over the last year, we have added a series of optimizations in Apache Spark to solve the above problems for Parquet.
Kafka Streams State Stores Being Persistentconfluent
This document discusses Kafka Streams state stores. It provides examples of using different types of windowing (tumbling, hopping, sliding, session) with state stores. It also covers configuring state store logging, caching, and retention policies. The document demonstrates how to define windowed state stores in Kafka Streams applications and discusses concepts like grace periods.
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Hello Cloud
Sai Linnthu is a founding partner at HelloCloud.io and discusses service meshes and Istio. Istio provides a framework-agnostic approach for managing communication policies and observability across cloud-native microservices. While Istio addresses many challenges of microservices, its complexity makes it difficult to use and manage across multiple clouds without additional capabilities like centralized metrics, access logging and lifecycle management.
The document summarizes a presentation given by Alex Borysov and Mykyta Protsenko comparing gRPC and REST. It provides an overview of gRPC, describing it as a high performance RPC framework. It then discusses some issues with REST including heterogeneous data formats and service discovery. Examples are given of implementing a sample aggregator service using both REST and gRPC to illustrate their differences.
Data Warehouses in Kubernetes Visualized: the ClickHouse Kubernetes Operator UIAltinity Ltd
Graham Mainwaring and Robert Hodges summarize management of ClickHouse on Kubernetes using the ClickHouse Kubernetes Operator and introduce a new UI for it. Presented at the 15 Dec '22 SF Bay Area ClickHouse Meetup.
ELK (Elasticsearch, Logstash, Kibana) is an open source toolset for centralized logging, where Logstash collects, parses, and filters logs, Elasticsearch stores and indexes logs for search, and Kibana visualizes logs. Logstash processes logs through an input, filter, output pipeline using plugins. It can interpret various log formats and event types. Elasticsearch allows real-time search and scaling through replication/sharding. Kibana provides browser-based dashboards and visualization of Elasticsearch query results.
Spring Boot is a framework for creating stand-alone, production-grade Spring based Applications that can be "just run". It provides starters for auto-configuration of common Spring and third-party libraries providing features like Thymeleaf, Spring Data JPA, Spring Security, and testing. It aims to remove boilerplate configuration and promote "convention over configuration" for quick development. The document then covers how to run a basic Spring Boot application, use Rest Controllers, Spring Data JPA, Spring Security, and testing. It also discusses deploying the application on a web server and customizing through properties files.
This document describes how to use the ELK (Elasticsearch, Logstash, Kibana) stack to centrally manage and analyze logs from multiple servers and applications. It discusses setting up Logstash to ship logs from files and servers to Redis, then having a separate Logstash process read from Redis and index the logs to Elasticsearch. Kibana is then used to visualize and analyze the logs indexed in Elasticsearch. The document provides configuration examples for Logstash to parse different log file types like Apache access/error logs and syslog.
Elasticsearch Tutorial | Getting Started with Elasticsearch | ELK Stack Train...Edureka!
( ELK Stack Training - https://www.edureka.co/elk-stack-trai... )
This Edureka Elasticsearch Tutorial will help you in understanding the fundamentals of Elasticsearch along with its practical usage and help you in building a strong foundation in ELK Stack. This video helps you to learn following topics:
1. What Is Elasticsearch?
2. Why Elasticsearch?
3. Elasticsearch Advantages
4. Elasticsearch Installation
5. API Conventions
6. Elasticsearch Query DSL
7. Mapping
8. Analysis
9 Modules
Building Beautiful REST APIs with ASP.NET CoreStormpath
Join Stormpath .NET Developer Evangelist, Nate Barbettini, to learn best practices for designing your REST API in ASP.NET Core. Nate will explain how to build HATEOS-compliant JSON APIs while supporting security best practices and even improving performance and scale.
Topics Covered:
What is REST and HATEOS?
How to think about RESTful APIs
How to model hypermedia in C#
Building JSON APIs in ASP.NET Core
The Ultimate Guide to Mobile API SecurityStormpath
Join Stormpath Developer Evangelist Edward Jiang to learn more about the common ways developers authenticate users in their mobile apps, what to watch out for when building your backend API and mobile apps, and how to integrate a secure user datastore to manage your users and authentication.
Les Hazlewood, Stormpath co-founder and CTO and the Apache Shiro PMC Chair demonstrates how to design a beautiful REST + JSON API. Includes the principles of RESTful design, how REST differs from XML, tips for increasing adoption of your API, and security concerns.
Presentation video: https://www.youtube.com/watch?v=5WXYw4J4QOU
More info: http://www.stormpath.com/blog/designing-rest-json-apis
Further reading: http://www.stormpath.com/blog
Sign up for Stormpath: https://api.stormpath.com/register
Stormpath is a user management and authentication service for developers. By offloading user management and authentication to Stormpath, developers can bring applications to market faster, reduce development costs, and protect their users. Easy and secure, the flexible cloud service can manage millions of users with a scalable pricing model.
Build A Killer Client For Your REST+JSON APIStormpath
REST+JSON APIs are great - but you still need to communicate with them from your code. Wouldn't you prefer to interact with clean and intuitive Java objects instead of messing with HTTP requests, HTTP status codes and JSON parsing? Wouldn't you prefer to work with type-safe objects specific to your API?
In this presentation, Les Hazlewood - Stormpath CTO and Apache Shiro PMC Chair - will share all of the golden nuggets learned while designing, implementing and supporting multiple clients purpose-built for a real-world REST+JSON API.
Further reading: http://www.stormpath.com/blog
Stormpath is a user management and authentication service for developers. By offloading user management and authentication to Stormpath, developers can bring applications to market faster, reduce development costs, and protect their users. Easy and secure, the flexible cloud service can manage millions of users with a scalable pricing model.
Building Beautiful REST APIs in ASP.NET CoreStormpath
Core 1.0 is the latest iteration of ASP.NET. What’s changed? Everything! Nate Barbettini, .NET Developer Evangelist at Stormpath, does a deep dive on how to build RESTful APIs the right way on top of ASP.NET Web API.
Stormpath .NET Developer Evangelist, Nate Barbettini, presents Token Authentication with ASP.NET Core. Nate will explain how Token Authentication can be used to secure web applications built with ASP.NET Core, REST APIs, and 'unsafe' clients while supporting security best practices and even improving performance and scale.
Join Stormpath Head of Product, Tom Abbott, to demo our new custom data search feature, answering any questions along the way. The demo will cover how to store, update, and retrieve the contents of custom data objects. This is a great way for current users to ramp up on this powerful, and much-anticipated feature.
Topics Covered:
- Storing and updating custom data
- What you can store
- Retrieving custom data
- Custom data search queries
Slides from Micah Silverman's, Stormpath Developer Evangelist, webinar on using JWTs to protect against CSRF as well as to secure communications between microservices. Micah shows how JWTs can be used to secure web applications built with Java and protect from 'unsafe' clients.
Instant Security & Scalable User Management with Spring BootStormpath
The document discusses the challenges of implementing user management and authentication in applications. It shows how traditional approaches require developers to implement many aspects of user management including the data store, user models, pages for signup and login, and integration with social providers and single sign-on. Stormpath is presented as a solution that handles these challenges by taking over user management and allowing applications to authenticate users without implementing any of these aspects themselves. The document includes a demonstration of Stormpath's capabilities.
In this presentation, Java Developer Evangelist Micah Silverman will show you how to “Write Once, Run Any Tenant”. With a single application and some configuration in Stormpath’s Admin Console, your application will be able to support multiple Organizations of users.
This is great for SaaS applications who need to securely partition their Customer organizations; each Organization will have no knowledge of or access to the others.
By the end of this webinar, you’ll be on your way to a fully functioning Spring Boot app with Multi-Tenancy backed by Stormpath.
Topics Covered:
Stormpath Customer Identity Management
Why Build a Multi-Tenant Application?
Quickstart on setting up Multi-Tenancy in your Spring Boot application including:
Configuring Authentication using Subdomains
Setting up Organizations, Directories, and Accounts
Enabling the Stormpath Application for Authentication and Authorization
Configuring ID Site for pre-built Authentication workflows
Tying it all together with only one instance of your Spring Boot application running
Technical Q&A
Multi-Tenancy with Subdomains + Spring Boot: https://stormpath.com/blog/idsite-multi-tenancy/
Multi-Tenancy Code Example: https://github.com/stormpath/stormpath-java-idsite-multi-tenant-example
Stormpath Java SDK: https://github.com/stormpath/stormpath-sdk-java
All The Stormpath Java Integrations: http://docs.stormpath.com/java/
Build a REST API for your Mobile Apps using Node.jsStormpath
Join Stormpath Developer Evangelist, Edward Jiang, to learn how to build your first REST API using Node.js, and connect it to an iOS or Android app. He’ll cover everything you need to know to about building an API and take you through an example with live code samples.
REST API Security: OAuth 2.0, JWTs, and More!Stormpath
Les Hazlewood, Stormpath CTO, already showed you how to build a Beautiful REST+JSON API, but how do you secure your API? At Stormpath, we spent 18 months researching best practices. Join Les as he explains how to secure your REST API, the right way. We'll also host a live Q&A session at the end.
Storing User Files with Express, Stormpath, and Amazon S3Stormpath
Join Stormpath Developer Evangelist, Randall Degges, to learn how to store user files using Amazon S3. He’ll cover everything you need to know to properly handle user files in your web applications.
Randall will cover:
- What is the problem we're trying to solve?
- How files are typically stored
- What you need to know about Amazon S3
- How to build a basic Express application with user authentication
- How to securely store files in S3 using express-stormpath-s3
- Q/A Session
Stormpath Java Developer Evangelist, Micah Silverman, takes a deep dive into using JWTs to protect microservices from CSRF and more. Micah will explain how JWTs can be used to secure web applications built with Java, OAuth2 and JWTs, and 'unsafe' clients, while supporting security best practices and even improving application performance and scale.
Mobile Authentication for iOS Applications - Stormpath 101Stormpath
Want to build user authentication into your iOS apps quickly and securely?
In this presentation, iOS Developer Evangelist Edward Jiang will go over OAuth, best practices, and how to easily integrating Facebook, Google, and email logins into your app using Stormpath's iOS SDK!
Topics Covered:
- Stormpath Customer Identity Management
- What does authentication mean?
- Common methods of mobile authentication
- OAuth Token Authentication
- Building Login & Registration with Stormpath
- Making authenticated network requests
- Add Facebook / Google login with one line of code
- Technical Q&A
Sign up for Stormpath: https://api.stormpath.com/register
More from Stormpath: https://stormpath.com/blog
Join Stormpath Java Developer Evangelist Micah Silverman for a technical overview of the common pain points with Java authentication. We'll cover how to solve them with Stormpath in a Spring Boot application, and demonstrate how to quickly add a complete user management system to your Spring Boot app. By the end of this webinar, you’ll be on your way to a fully functioning Spring Boot app backed by Stormpath.
Topics Covered:
Authentication Pain Points in Java Stormpath, Spring Boot, and Your Architecture
Demo:
Auth in Spring Boot, with these features:
A complete user registration and login system
Pre-built login screens
Password reset workflows
Group-based authorization
Advanced user features: API authentication, Single Sign-On, social login, and more Technical Q&A
Stormpath 101: Spring Boot + Spring SecurityStormpath
In this presentation, Java Developer Evangelist Micah Silverman will go over common pain points with Java authentication and how to solve them using Stormpath, Spring Boot, and Spring Security!
Join Stormpath Java Developer Evangelist, Matt Raible, to learn how to build apps using Angular. You will learn about the tools you need to setup a project, how to run/debug your app, and how to deploy it to the cloud. You’ll also learn about new concepts in Angular 2+.
Join Stormpath Developer Evangelist, Robert Damphousse, to dive deep into browser security. Robert will explain how Session IDs, Man in the Middle (MITM), Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF) attacks work, and how to use cookies to support security best practices.
Topics Covered:
- Security concerns for modern web apps
- Cookies, the right way
- MITM, XSS, and CSRF attacks
- Session ID problems
- Examples in an Angular app
We already showed you how to build a Beautiful REST+JSON API(http://www.slideshare.net/stormpath/rest-jsonapis), but how do you secure your API? At Stormpath we spent 18 months researching best practices, implementing them in the Stormpath API, and figuring out what works. Here’s our playbook on how to secure a REST API.
This document provides an overview of designing beautiful REST+JSON APIs. It discusses REST fundamentals like resources, methods, media types, and hypermedia as the engine of application state (HATEOAS). It covers best practices for API design like base URLs, versioning, resource formats, linking, pagination, and more. The goal is to help API providers design APIs that are easy for developers to consume while also being scalable and secure.
"ElasticSearch in action" by Thijs Feryn.
ElasticSearch is a really powerful search engine, NoSQL database & analytics engine. It is fast, it scales and it's a child of the Cloud/BigData generation. This talk will show you how to get things done using ElasticSearch. The focus is on doing actual work, creating actual queries and achieving actual results. Topics that will be covered: - Filters and queries - Cluster, shard and index management - Data mapping - Analyzers and tokenizers - Aggregations - ElasticSearch as part of the ELK stack - Integration in your code.
The document discusses best practices for crafting evolvable API responses. It advocates taking back control of representations by thinking of responses as messages rather than objects. This allows APIs to build payloads with just enough data to solve the problem and survive changes over time. The document explores using attribute groups, links, and established formats like HAL and JSON-LD to build representations that are minimal yet provide essential context.
The web has changed! Users spend more time on mobile than on desktops and they expect to have an amazing user experience on both platforms. APIs are the heart of the new web as the central point of access data, encapsulating logic and providing the same data and same features for desktops and mobiles.
In this talk, I will show you how in only 45 minutes we can create full REST API, with documentation and admin application build with React.
Semantic Metastandards will Unlock IoT InteroperabilityDavid Janes
Presentation at InterIoT, Rome, 2015-10-26. How to use web standard technologies such as URIs, JSON, JSON-LD, Linked Data, and REST to create Interoperability amongst different protocol stacks.
The document discusses the new JSON REST API for WordPress, which provides a modern REST API for WordPress sites using JSON instead of the outdated XML-RPC format. It allows users to create, read, update and delete WordPress content like posts, pages, users and media through HTTP requests. The API can be accessed through plugins or by making requests directly to the /wp-json/ endpoints. It also supports features like authentication, pagination and filtering to build powerful applications that interact with WordPress content and data.
Presentation of the paper "On Using JSON-LD to Create Evolvable RESTful Services" at the 3rd International Workshop on RESTful Design (WS-REST 2012) at WWW2012 in Lyon, France
Taylor Lovett presented on the new JSON REST API for WordPress. The API uses JSON and REST principles to provide an intuitive and easy to use interface for WordPress content. It allows users to create, read, update and delete WordPress content like posts, pages, users and media through HTTP requests. The API is extensible and developers can build custom routes and endpoints. It provides a powerful way to interact with WordPress programmatically and will soon be integrated into the WordPress core.
The document summarizes updates to Alfresco's public API, including improvements to OAuth keys that allow longer refresh times, new favorites and site membership request APIs, and examples of calling the APIs. It also outlines the roadmap to merge the APIs into the next Alfresco release and add new API types and versions.
Pragmatic REST: recent trends in API designMarsh Gardiner
As presented by @mpnally and @earth2marsh at I Love APIs 2015. Slides covered API design trends, with particular attention paid to hypermedia and versioning. Note the distinction between service-oriented and data-oriented approaches on slide #5.
This document discusses Curiosity, a data exploration tool that provides a single access point for querying data. It allows for simple querying of data through Elasticsearch, discovery of data models, templating of results and aggregations. Curiosity offers extensibility through modules and export of data to CSV. It is compared to Kibana, noting that Curiosity offers temporal dashboards and multi-query capabilities. The document promotes Curiosity and provides a link to its GitHub page for demonstration.
Curiosity, outil de recherche open source par PagesJaunesPagesJaunes
Curiosity, outil de recherche et visualisation de données, créé en open source par PagesJaunes et présenté au meetup Elasticsearch le 13 novembre 2014.
Example-driven Web API Specification DiscoveryJavier Canovas
Slides of my presentation at European Conference on Modelling Foundations and Applications (ECMFA'17). To be presented during the session on Thursday 16:00-17:30
IOTDB, Semantics and the Internet of ThingsDavid Janes
- IOTDB proposes a semantic model for representing IoT devices using bands of JSON-like dictionaries referenced by URIs to describe a thing's input state, output state, model, and metadata.
- Key concepts include using semantic terms from published vocabularies, composing things from atomic attributes defined in a model, and manipulating bands using RESTful operations on URIs.
- The approach aims to enable interoperability across IoT standards and platforms in a simple and expandable way based on web technologies like URIs, REST, and JSON.
JSON-LD is a set of W3C standards track specifications for representing Linked Data in JSON. It is fully compatible with the RDF data model, but allows developers to work with data entirely within JSON.
More information on JSON-LD can be found at http://json-ld.org/
FIFA fails, Guy Kawasaki and real estate in SF - find out about all three by ...Elżbieta Bednarek
How to use Object Path, the agile query languge, to effectively extract relevant data from JSON documents of complex or even unknown structure. How to quickly build a web app using the insights you discover with ObjectPath.
This document discusses adding semantic structure to real-time social data from Twitter through Twitter Annotations. It describes how Annotations can be mapped to existing Semantic Web vocabularies and linked to datasets to enable real-time semantic search over social and linked data. A system called TwitLogic is presented that captures Twitter data, converts it to RDF, and publishes it as linked streams to allow for continuous querying and integration with the live Semantic Web.
Secure API Services in Node with Basic Auth and OAuth2Stormpath
In this presentation, Lead Developer Evangelist Randall Degges will go over how API authentication works via HTTP Basic Auth and OAuth2 (Client Credentials), and will show you how to secure an Express.js API service with both of them using Stormpath!
Securing Web Applications with Token AuthenticationStormpath
In this presentation, Java Developer Evangelist Micah Silverman demystifies HTTP Authentication and explains how the Next Big Thing - Token Authentication - can be used to secure web applications on the JVM, REST APIs, and 'unsafe' clients while supporting security best practices and even improving your application's performance and scale.
Topics Covered:
Security Concerns for Modern Web Apps
Cross-Site Scripting Prevention
Working with 'Untrusted Clients'
Securing API endpoints
Cookies
Man in the Middle (MitM) Attacks
Cross-Site Request Forgery
Session ID Problems
Token Authentication
JWTs
Working with the JJWT library
End-to-end example with Spring Boot
Token Authentication for Java ApplicationsStormpath
Everyone building a web application that supports user login is concerned with security. How do you securely authenticate users and keep their identity secure? With the huge growth in Single Page Applications (SPAs), JavaScript and mobile applications, how do you keep users safe even though these are 'unsafe' client environments?
This presentation will demystify HTTP Authentication and explain how the Next Big Thing - Token Authentication - can be used to secure web applications on the JVM, REST APIs, and 'unsafe' clients while supporting security best practices and even improving your application's performance and scale.
Single Page Apps bring a unique set of concerns to authentication and user management. Robert Damphousse, lead Javascript engineer at Stormpath, will show you how to use Stormpath to secure an Angular.js app with any backend: Java, Node, PHP, .NET and more!
Robert will deep dive into Angular.js authentication best practices and an extended technical example. Join us!
Topics Covered:
- Authentication in Single Page Apps (SPA)
- Using JWTs instead of Session IDs
- Secure Cookie storage
- Cross-Origin Resource Sharing
- Where does Stormpath fit in your architecture?
- End-to-end example with Angular.js + Express.js
- Password-based registration and login
- How to secure your API endpoints
- Implement User Authorization
- Design for a frictionless User Experience
Building Secure User Interfaces With JWTs (JSON Web Tokens)Stormpath
With new tools like Angular.js and Node.js, it is easier than ever to build User Interfaces and Single-Page Applications (SPAs) backed by APIs.
But how to do it securely? Web browsers are woefully insecure, and hand-rolled APIs are risky.
In this presentation, Robert Damphousse, lead front-end developer at Stormpath, covers web browser security issues, technical best practices and how you can mitigate potential risks. Enjoy!
Topics Covered:
1. Security Concerns for Modern Web Apps
2. Cookies, The Right Way
3. Session ID Problems
4. Token Authentication to the rescue!
5. Angular Examples
Companion slides for Stormpath CTO and Co-Founder Les REST API Security Webinar. This presentation covers all the RESTful best practices learned building the Stormpath APIs. This webinar is full of best practices learned building the Stormpath API and supporting authentication for thousands of projects. Topics Include:
- HTTP Authentication
- Choosing a Security Protocol
- Generating & Managing API Keys
- Authorization & Scopes
- Token Authentication with JSON Web Tokens (JWTs)
- Much more...
Stormpath is a User Management API that reduces development time with instant-on, scalable user infrastructure. Stormpath's intuitive API and expert support make it easy for developers to authenticate, manage and secure users and roles in any application.
Companion slides for Stormpath CTO and Co-Founder Les Hazlewood's Elegant REST Design Webinar. This presentation covers all the RESTful best practices learned building the Stormpath APIs. Whether you’re writing your first API, or just need to figure out that last piece of the puzzle, this is a great opportunity to learn more.
Stormpath is a User Management API that reduces development time with instant-on, scalable user infrastructure. Stormpath's intuitive API and expert support make it easy for developers to authenticate, manage and secure users and roles in any application.
Build a Node.js Client for Your REST+JSON APIStormpath
In this presentation, Les Hazlewood - Stormpath CTO and Apache Shiro PMC Chair - will share all of the golden nuggets learned while designing, implementing and supporting a Node.js Client purpose-built for a real-world REST+JSON API.
Further reading: http://www.stormpath.com/blog
Stormpath is a user management and authentication service for developers. By offloading user management and authentication to Stormpath, developers can bring applications to market faster, reduce development costs, and protect their users. Easy and secure, the flexible cloud service can manage millions of users with a scalable pricing model.
Last year, Stormpath made the big shift from Scrum to Kanban. While we love Agile principles, the Scrum process wasn’t working for us. Kanban made our team more efficient, happier, and increased our focus on quality software. More importantly, it has become a core part of our company culture, and is now used by non-technical teams like Marketing and HR.
Kanban software development focuses on continuous delivery and drives high efficiency by limiting how much work can be done at once. Invented by Toyota and modified by David J. Anderson for software development, Kanban can have a huge impact on modern teams delivering cloud software in continuous environments.
This document discusses best practices for designing RESTful APIs using JAX-RS. It covers fundamental REST concepts like resources, HTTP methods, media types, hypermedia and HATEOAS. It provides guidelines for API design elements like base URLs, versioning, response formats, linking, pagination, errors and security. It emphasizes building stateless, cacheable APIs that follow conventions to be intuitive and easy to use for clients. The document concludes by inviting the reader to code along with an example JAX-RS TODO application.
Building on his 2021 ITB presentation, "Monitoring Solutions for CF and Lucee," Charlie now focuses on practical demonstrations of these tools. Discover key observations and metrics for troubleshooting, tuning, and receiving alerts. Gain insights into the evolution of these tools since the last talk, drawn from Charlie's extensive experience assisting users with server, container, and CommandBox environments.
Content templates, CBFS, Redirects, and Coldbox 7, oh my! ContentBox 6 is the game-changing new release for the ContentBox CMS platform. In this session, we'll discuss all of the new goodness added in the release, as well as show the many ways in which your single or multi-site ContentBox instance just became more powerful and flexible.
In this session, we discussed the critical need for comprehensive backups across all aspects of our industry—from code and databases to webservers, file servers, and network configurations. Emphasizing the importance of proactive measures, attendees were urged to ensure their backup systems were tested through restoration processes. The session underscored the risk of discovering backup issues only during crises, highlighting the necessity of verifying backup integrity through restoration tests.
Introductory Things Related to ERP Systems.pptxKanhasoft
Explore ERP systems' core components, implementation strategies, and the impact of cloud vs. on-premise solutions. Learn about crucial aspects like security, integration with other systems, and future trends shaping ERP technology. Perfect for professionals seeking to enhance business efficiency and strategic decision-making with ERP solutions.
Join me for an insightful journey into task scheduling within the ColdBox framework. In this session, we explored how to effortlessly create and manage scheduled tasks directly in your code, enhancing control and efficiency in applications and modules. Attendees experienced a user-friendly dashboard for seamless task management and monitoring. Whether you're experienced with ColdBox or new to it, this session provided practical knowledge and tips to streamline your development workflow.
Building Scaleable Serverless Event-Driven Computing with AWS Lambda powered ...Ortus Solutions, Corp
Explore how to build scalable, serverless event-driven applications using AWS Lambda powered by BoxLang. This session dives into leveraging Lambda's capabilities to handle event-driven computing efficiently. Whether new to serverless architecture or looking to enhance your skills, join us to learn practical insights and techniques for optimizing application performance and scalability.
Discover BoxLang in our introductory workshop, where participants explored its innovative platform and learned to harness its power for efficient web development. Whether new to BoxLang or deepening their skills, attendees gained practical insights and hands-on experience. The workshop showcased how BoxLang streamlines development workflows and unlocks new possibilities in web application creation.
ERP software interfaces and computerizes different corporate exercises. The system proficiently eliminates manual following, which wipes out human blunders. ERP system liberates crucial time and assets by digitizing redundant managerial undertakings. Know more information here: https://medium.com/@nyggsautomation/why-does-your-business-need-to-implement-erp-software-and-what-are-its-essential-modules-f7bba45be731
Navigating the New Era of Adaptive PPM with OnePlan - Webinar 27Jun24.pdfOnePlan Solutions
The landscape of Project Portfolio Management (PPM) is undergoing a significant transformation, driven by the need for more adaptive, responsive approaches to managing projects and portfolios in a rapidly changing business environment. This evolution calls for tools and methodologies that can support dynamic decision-making, flexible resource allocation, and real-time strategic alignment.
Join us as we delve into how OnePlan emerges as a pivotal solution in this new era. Discover how OnePlan empowers organizations to navigate complexity and embrace change effectively, ensuring project success and strategic alignment. Learn how OnePlan enhances the capabilities of the tools your organization has already invested in, breaking down data silos and providing a unified view of project information.
CommandBox was highlighted as a powerful web hosting solution, perfect for developers and businesses alike. Featuring a built-in server and command-line interface, CommandBox simplified web application management. Developers could deploy multiple application instances simultaneously, optimizing development workflows. CommandBox's efficient deployment processes ensured reliable web hosting, seamlessly integrating into existing workflows for scalability and feature enhancements.
Seamless PostgreSQL to Snowflake Data Transfer in 8 Simple StepsEstuary Flow
Unlock the full potential of your data by effortlessly migrating from PostgreSQL to Snowflake, the leading cloud data warehouse. This comprehensive guide presents an easy-to-follow 8-step process using Estuary Flow, an open-source data operations platform designed to simplify data pipelines.
Discover how to seamlessly transfer your PostgreSQL data to Snowflake, leveraging Estuary Flow's intuitive interface and powerful real-time replication capabilities. Harness the power of both platforms to create a robust data ecosystem that drives business intelligence, analytics, and data-driven decision-making.
Key Takeaways:
1. Effortless Migration: Learn how to migrate your PostgreSQL data to Snowflake in 8 simple steps, even with limited technical expertise.
2. Real-Time Insights: Achieve near-instantaneous data syncing for up-to-the-minute analytics and reporting.
3. Cost-Effective Solution: Lower your total cost of ownership (TCO) with Estuary Flow's efficient and scalable architecture.
4. Seamless Integration: Combine the strengths of PostgreSQL's transactional power with Snowflake's cloud-native scalability and data warehousing features.
Don't miss out on this opportunity to unlock the full potential of your data. Read & Download this comprehensive guide now and embark on a seamless data journey from PostgreSQL to Snowflake with Estuary Flow!
Try it Free: https://dashboard.estuary.dev/register
Austere Systems Company Portfolio (ASPL).pdfsupport433113
Austere Systems Pvt. Ltd. is a leading IT services provider specializing in a wide range of technology solutions. We help businesses leverage the power of IT to achieve their strategic goals and gain a competitive edge.
Our Expertise:
IT Staff Augmentation: We provide skilled and experienced IT professionals across various domains like SAP, Java, .Net, PHP and PowerBi.
Application Development: Our team builds robust mobile, Web and desktop applications to meet your specific business needs.
Product Re-engineering & Maintenance: We breathe new life into existing software and ensure its smooth operation.
Infrastructure Management: We take care of your IT infrastructure, including servers, networks, and security.
Support Services: Our L1/L2 support centers offer prompt and reliable assistance for your IT issues.
Digital Marketing & SEO: We help you reach your target audience and boost your online presence.
Why Choose Austere Systems?
Skilled & Experienced Professionals: Our team possesses in-depth knowledge and expertise in various technologies.
Focus on Client Satisfaction: We prioritize building strong relationships and exceeding client expectations.
Innovative Solutions: We deliver cutting-edge solutions tailored to your unique business challenges.
Cost-Effective Services: We offer competitive rates and ensure value for your investment.
A captivating AI chatbot PowerPoint presentation is made with a striking backdrop in order to attract a wider audience. Select this template featuring several AI chatbot visuals to boost audience engagement and spontaneity. With the aid of this multi-colored template, you may make a compelling presentation and get extra bonuses. To easily elucidate your ideas, choose a typeface with vibrant colors. You can include your data regarding utilizing the chatbot methodology to the remaining half of the template.
Almost every application has tasks or jobs that are better suited to the background, and cbqmakes it easier and traceable to manage those jobs. cbq can scale from simple background tasks to a database to any message queue provider. Come learn how to get started with background tasks in your application.
UI-UX Design - Definition and Importance of UI-UX.pptxMitchell Marsh
UI-UX design encompasses the creation and refinement of user interfaces (UI) and user experiences (UX) to enhance user satisfaction and interaction. It focuses on the aesthetics, functionality, and accessibility of digital products, ensuring they are intuitive, engaging, and efficient. UI design emphasizes visual elements like layout, colors, and typography, while UX design prioritizes the overall feel, usability, and flow of the product. Together, they create seamless and enjoyable experiences for users, driving better engagement and satisfaction.
In this session, we explored how the cbfs module empowers developers to abstract and manage file systems seamlessly across their lifecycle. From local development to S3 deployment and customized media providers requiring authentication, cbfs offers flexible solutions. We discussed how cbfs simplifies file handling with enhanced workflow efficiency compared to native methods, along with practical tips to accelerate complex file operations in your projects.
This is why a security assessment is valuable for your organization.
It is important for organizations to continue investing in a well-secured Microsoft environment.
The better the security, the better data is protected and the smaller the chance of data leaks and cyber-attacks.
In addition, it contributes to maintaining a good reputation and leads to a more efficient working environment.
A SECA is an excellent way for companies to gain more insight into the security of their Microsoft environment.
What is a SECA?
A SECA, or security assessment, is an evaluation of the security of your Microsoft environment. During a security assessment, a SECA expert examines your current digital environment to detect possible risks. The purpose of a SECA is to improve the security of your IT infrastructure and reduce the chance of cyber-attacks and other problems.
What are the benefits of a security assessment for organizations?
A security assessment is very valuable if you want to optimally secure your Microsoft environment, to minimize the risk of annoying security leaks and problems. But that's not the only plus. A SECA offers many advantages for commercial and also government organizations, making it certainly worth considering.
A security assessment from Q-Advise.
Are you looking for a SECA expert? Then the experts at Q-Advise would be happy to discuss a collaboration. Thanks to our extensive experience and expertise and partner channel, we can help you get started. We are happy to help you make your Microsoft environment as secure as possible.
You can send the team an email…info@q-advise.com
2. @lhazlewood @goStormpath
.com
• User Management API for Developers
• Password security
• Authentication and Authorization
• LDAP/AD/Social/SAML/OAuth support
• Instant-on, scalable, and highly available
• Free for developers
29. @lhazlewood @goStormpath
POST as Create
On a parent resource
POST /applications
{
“name”: “Best App Ever”
}
Response:
201 Created
Location: https://api.stormpath.com/applications/a1b2c3
30. @lhazlewood @goStormpath
POST as Update
On instance resource
POST /applications/a1b2c3
{
“name”: “Best App Ever. Srsly.”
}
Response:
200 OK
42. @lhazlewood @goStormpath
HREF
• Distributed Hypermedia is paramount!
• Every accessible Resource has a canonical unique
URL
• Replaces IDs (IDs exist, but are opaque).
• Critical for linking
49. @lhazlewood @goStormpath
Ion meta href
GET /accounts/x7y8z9
200 OK
{
“meta”: { “href”: “https://api.stormpath.com/accounts/x7y8z9” },
“givenName”: “Tony”,
“surname”: “Stark”,
…
}
50. @lhazlewood @goStormpath
Ion link
GET /accounts/x7y8z9
200 OK
{
“meta”: { ... },
“givenName”: “Tony”,
“surname”: “Stark”,
…,
“directory”: {
“meta”:{ “href”: https://api.stormpath.com/directories/g4h5i6” }
}
}
51. @lhazlewood @goStormpath
Ion link (collection)
GET /accounts/x7y8z9
200 OK
{
“meta”: { ... },
“givenName”: “Tony”,
“surname”: “Stark”,
…,
“groups”: {
“meta”: {
“href”: “https://api.stormpath.com/accounts/x7y8z9/groups”, “rel”: [“collection”]
}
}
}
52. @lhazlewood @goStormpath
What about HAL?
• Linking focus
• Forces links to be separate from context/content
– (when was the last time you had to put all of your anchors at
the bottom of an html paragraph? Right... never.)
• In contrast to HAL, Ion is much more like HTML – it’s all in
one convenient spec.
• Ion transliteration to/from HTML is far easier (by design)
63. @lhazlewood @goStormpath
What about Schemas / json-schema ?
Not needed. REST != RDBMS
(are schemas necessary for browsers/HTML?)
Forms do the same thing and are more flexible/powerful
Remember Fielding’s REST Rule about Dynamic Typing
71. @lhazlewood @goStormpath
Header
• Accept header
• Header values comma delimited
• q param determines precedence, defaults to 1, then
conventionally by list order
GET /applications/a1b2c3
Accept: application/json, text/plain;q=0.8
74. @lhazlewood @goStormpath
camelCase
‘JS’ in ‘JSON’ = JavaScript
myArray.forEach
Not myArray.for_each
account.givenName
Not account.given_name
Underscores for property/function names are unconventional
for JS. Stay consistent.
76. @lhazlewood @goStormpath
Dates & Times
There’s already a standard. Use it: ISO 8601
“createdAt”: “2013-07-10T18:02:24.343Z”
Use UTC!
This is represented in Ion as a field types of date, time,
datetime, etc.
77. @lhazlewood @goStormpath
createdAt / updatedAt
Most people will want this at some point
{
…,
“createdAt”: “2013-07-10T18:02:24.343Z”,
“updatedAt”: “2014-09-29T07:02:48.761Z”
}
Use UTC!
82. @lhazlewood @goStormpath
Ensure Collection Resources support query params:
• Offset + Limit vs Cursor
…/applications?offset=50&limit=25
• Don’t require the user to query for these – provide OOTB links
91. @lhazlewood @goStormpath
Search cont’d
• Range queries via Ion min and max field members
“all accounts created between September 1st and the 15th”
Form fields example:
{“name”: “createdAtBegin”, “min”: “2014-01-01”,”max=“2014-12-31”}
{“name”: “createdAtEnd”, “min”: “2014-01-01”,”max=“2014-12-31”}
Ion TBD: range type:
.../accounts?createdAt=[2014-09-01,2014-09-15]
94. @lhazlewood @goStormpath
Group to Account
• A group can have many accounts
• An account can be in many groups
• Each mapping is a resource:
GroupMembership
102. @lhazlewood @goStormpath
• Each batch is represented as a resource
• Batches are likely to be a collection
• Batches are likely to have a status
• Downside: problematic regarding HTTP caching
109. @lhazlewood @goStormpath
• As descriptive as possible
• As much information as possible
• Developers are your customers
110. @lhazlewood @goStormpath
POST /directories
409 Conflict
{
“status”: 409,
“code”: 40924,
“property”: “name”,
“message”: “A Directory named ‘Avengers’ already exists.”,
“developerMessage”: “A directory named ‘Avengers’ already
exists. If you have a stale local cache, please expire it
now.”,
“moreInfo”: “https://www.stormpath.com/docs/api/errors/40924”
}
112. @lhazlewood @goStormpath
Avoid sessions when possible
Authenticate every request if necessary
Stateless
Authorize based on resource content, NOT URL!
Use Existing Protocol:
Oauth 1.0a, Oauth2, Basic over SSL only
Custom Authentication Scheme:
Only if you provide client code / SDK
Only if you really, really know what you’re doing
Use API Keys and/or JWTs instead of Username/Passwords
113. @lhazlewood @goStormpath
401 vs 403
• 401 “Unauthorized” really means Unauthenticated
“You need valid credentials for me to respond to this request”
• 403 “Forbidden” really means Unauthorized
“Sorry, you’re not allowed!”
114. @lhazlewood @goStormpath
HTTP Authentication Schemes
• Server response to issue challenge:
WWW-Authenticate: <scheme name>
realm=“Application Name”
• Client request to submit credentials:
Authorization: <scheme name> <data>
117. @lhazlewood @goStormpath
• IDs should be opaque
• Should be globally unique
• Avoid sequential numbers (contention, fusking)
• Good candidates: UUIDs, ‘Url64’
126. @lhazlewood @goStormpath
.com
• Free for developers
• Eliminate months of development
• Automatic security best practices
• Single Sign On
• Social/OAuth/SAML/Multi-factor/etc
• API Authentication & Key Management
• Token Authentication for SPAs / Mobile
• Authorization & Multi-tenancy for your apps
Libraries and integrations:
https://docs.stormpath.com