background preloader


Facebook Twitter

Best Practices for Designing a Pragmatic RESTful API. Build a Node API Client – Part 1: REST Principles. If you want developers to love your API, focus the bulk of your efforts on designing a beautiful one.

Build a Node API Client – Part 1: REST Principles

If you want to boost adoption of your API, consider a tool to make life easier on your users: client libraries. Specifically, Node.js client libraries. This series will cover our playbook for building a stable, useful Node.js client in detail, in three parts: What's the best way to write an API spec? There have been an explosion of API specification formats in the last few years.

What's the best way to write an API spec?

No clear winner has emerged. JSON Schema and JSON Hyperschema are JSON-based formats for describing JSON and REST (hypermedia-driven) APIs. The formats make decent sense and can be used to generate docs, validators, client libraries, UIs, and more. API Blueprint is another emerging format for API description. Writing API Documentation with Slate. So you’ve built yourself an API.

Writing API Documentation with Slate

Perhaps it’s RESTful, RESTlike or something else entirely. You’ve implemented authentication – be it using OAuth, HTTP Basic Auth or JSON Web Tokens. Rest - RESTful JSON API Documentation Generator. The 5 Functionalities Every API Must Have. When building a Web API, certain features are commonly needed for a baseline implementation.

The 5 Functionalities Every API Must Have

Sometimes these may be specific features built into the framework or they may need to be manually coded. In this post, I’ve compiled the various Node.js libraries, along with the key features, needed for API development. Regardless of API framework or language, the five functionalities outlined below are commonly an assumed part of the end product of the API service. 1. Error handling When developing APIs for the Web, the standard approach is to return any errors with a respective HTTP code. Engineering Blog. Today we’re open sourcing the toolchain Heroku uses to design, document, and consume our APIs.

Engineering Blog

We hope this shows how Heroku thinks about APIs and gives you new tools to create your own APIs. This toolkit includes our HTTP API design guide, the prmd tool for managing JSON schemas and generating API docs, and client generators for Ruby and Go. Pksunkara/alpaca. Angularjs - How to test endpoints protected by csrf in node.js/express. Protocol design - Efficient and stateless anti-forgery method - Cryptography Stack Exchange. If you don't want to store the anti-CSRF tokens on the server, for most purposes it is sufficient to simply store the token as an HTTP cookie on the client.

protocol design - Efficient and stateless anti-forgery method - Cryptography Stack Exchange

The OWASP wiki calls this technique "Double Submit Cookies". The reason this works is that, in the standard CSRF attack scenarios, the attacker cannot directly read or modify the user's cookies. Advanced CSRF and Stateless Anti-CSRF. OAuth 2.0 – The Good, The Bad & The Ugly. In a world dominated by social media, it's hard to not come across a client application which you have used to access restricted resources on some other server, for example, you might have used a web-based application (like NY Times) to share an interesting news article on your Facebook wall or tweet about it.

OAuth 2.0 – The Good, The Bad & The Ugly

Or, you might have used Quora's iPhone app that accesses your Facebook or Google+ profile and customizes the results based on your profile data, like suggesting to add/invite other users to Quora, based on your friends list. The question is, how do these applications gain access to your Facebook, Twitter or Google+ accounts and how are they able to access your confidential data? Before they can do so, they must present some form of authentication credentials and authorization grants to the resource server.

OAuth is often described as a valet key for the web. 40 useful APIs for web designers and developers. An application programming interface (API) is a set of rules and specifications that software programs can follow to communicate or ‘interface’ with each other.

40 useful APIs for web designers and developers

As developers are well aware, there are hundreds of APIs out there for doing almost anything you could imagine online. Some are better than others, and some are definitely more useful than others. Below are forty of the most useful APIs out there. Social Login Buttons Aren’t Worth It. I stumbled across a very disturbing number in our analytics earlier this year.

Social Login Buttons Aren’t Worth It

From April 12 to May 12, 2012, we had 340,591 failed login attempts. RESTful HTTP in practice. This article gives a short overview about the basics of RESTful HTTP and discusses typical issues that developers face when they design RESTful HTTP applications.

RESTful HTTP in practice

It shows how to apply the REST architecture style in practice. Be careful when going client-only (Firebase) - Robin Verton - application security and web development. Firebase, the scalable real-time backend Developing client-only applications with JavaScript and services like Firebase offer a nice way to “build apps without managing servers”. However, sometimes it’s not a bad idea to have some controlling server between your client and your data storage. Methods. Standard Methods We already discussed that resources are the fundamental concept in a RESTful API, and that each resource has its own unique URL. Methods can be executed on resources via their URL. The table below lists the standard methods that have a well-defined meaning for all resources and collections. Normally, not all resources and collections implement all methods.

There are two ways to find out which methods are accepted by a resource or collection. Use the OPTIONS method on the URL, and look at the “Allow” header that is returned. Actions Sometimes, it is required to expose an operation in the API that inherently is non RESTful. So I wrote a JSON API Framework and the Framework was the Least Interesting Part « Suggested Hacker News title: “Show HN: I’m only 37 and I wrote this over the weekend (plus the previous ~400 days)”