Gain insights into designing robust APIs, explore essential tools for design, documentation, testing, and deployment. Delve into ALPS, OpenAPI, Postman, and Heroku for comprehensive API development.

Design and Build Great Web API's by The Pragmatic Programmer-01.png

webapis.tar.gz

Testing APIs

Testing API Exercise

Building API Exercise

Building API Exercise Solution

Securing API Exercise

Securing API Exercise Solution

MockAPI

Account Mock API

Company service Mock API

Challenge-1 Mock API Solution

Postman Mock API

At the start of this course, you’ll be introduced to a handful of important practices and principles for designing and building APIs that are robust, reliable, and resilient. You’ll also acquire skills in a wide range of developer tools, including tools for design, documentation, building, testing, security, and deployment. 

You'll learn the best practices for modeling an APIs lifecycle using Donald Norman’s action lifecycle. Then, you’ll learn how to use the sequence diagram for designing APIs and describing them using ALPS. For sketching an API, you will learn about Gehry's sketches. You will also cover OpenAPI and SwaggerHub for API mocking. Moreover, the usage of DARRT and NodeJS will be covered for building APIs. You'll finish with learning how to use the Postman for testing APIs and then deploy them using Heroku.

By the end of this course, you will have an in-depth understanding of how to make fully functional efficient APIs from its inception to its deployment.

Design and Build Great Web APIs

# Exercise

For this exercise, you’ll define an M2M identity in Auth0 for your `credit-check` service and then update your code to support access control using OAuth and JWTs. Along the way, you’ll use the security bash scripts to request a valid JWT and then use it to make secured requests of your updated `credit-check` service.

# Defining the API in Auth0 and collecting access control parameters

1. First, sign into the Auth0 website and define or create a new API called `bigco-credit-check`. Then collect the five important access control parameters (name, client ID, client secret, domain, and identifier) and update your copy of the `auth0.txt` file in your `security` folder.
2. Next, use the `auth0-token.sh` script to request a valid JWT access token for use in HTTP calls to your API. Copy the token value in the response into the `curl-auth.txt` file.
3. Finally, use the http://jwt.io website to validate the access token you were issued by the `auth0-token.sh` script.

# Updating the `credit-check-secure` Node.js project

1. First, update the project’s package collection by adding the proper OAuth packages using npm.
2. Next, open the `index.js` file in the `credit-check-secure` project folder in the terminal below and update that file to reference the `api-auth.js` code file from the `/darrt/lib` folder. Add the security middleware into the Node/Express pipeline by adding the following lines to your `index.js` file:
```xml
//*********************************************** // start of auth support
var secure = require('./darrt/lib/api-auth.js'); app.use(secure.jwtCheck);
// end of auth support
//***********************************************
```
3. Next, open the `/darrt/lib/api-auth.js` file and update the `auth` object values to match the access control parameters you pulled from the Auth0 website in the previous step.


# Testing your API security
Now you can try accessing your API to validate your security changes. 
1. First, try using a simple cURL `http://localhost:8181/` call (without a security token) to confirm that your API call gets an HTTP `401` status code response.

> **Note:** Don’t forget to run `npm run dev` in the `usercode/onboarding-api/credit-check-secure` folder in the second terminal by clicking the "**`+`**" sign.

2. Now use the `curl-auth.sh` utility (with the access token from the previous step and other appropriate configuration settings) to make the same call. This time you should get the root response as expected, without any errors.


You now have a fully secured API service using OAuth and JWT.




Practice defining an API in Auth0 and collect access control parameters by updating our Credit-Check service.


Challenge: Securing APIs

Practice defining an API in Auth0 and collect access control parameters by updating our Credit-Check service.

Introduction

Understanding HTTP, REST, and APIs

Modeling APIs

Designing APIs

Describing APIs

Sketching APIs

Prototyping APIs

Building APIs

Testing APIs

Securing APIs

Deploying APIs

Modifying APIs

Some Parting Thoughts

Appendixes

Challenge: Securing APIs

Exercise