We Keep Coding

How to design web service API? Methods? Tools? Outputs? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I am new to web application design. It seems contemporary web applications usually take this form:
Front-end leverage various JS frameworks to built the UI.
Then front-end invoke back-end web services with JS to exchange XML or JSON data and update the UI accordingly.
Back-end is separated into tiers and expose Web service APIs to whatever external.
Web service APIs also exist for the communication among the back-end tiers.
So the web service APIs should be the critical part to design.
How do we design it? To be specific:
What data/materials are needed to start the design with?
What tools can we use? (I heard about some tools to convert XML into classes.)
And what does the final output of the design look like?
ADD 1
To be specific, suppose there's requirements like this:
Customer should be able to upload and delete certain files from the
file repository.
Customer must be authenticated before modifying the files on file repository.
How can I convert it into detailed API spec, and then concrete class definition?
A related link: http://piwik.org/blog/2008/01/how-to-design-an-api-best-practises-concepts-technical-aspects/
ADD 2 - Regarding RESTful
After reading some books, I came to this:
RESTful architecture is just one of the many ways to integrate
applications. It leverages Web standards in the hope of making the
integration simple and natural. Resources are identified by URLs,
manipulated with HTTP methods, and transferred in certain serialization
form at the convenience of the integrated parties.

To create a Web API (i.e. RESTful service), you need to follow REST principles. I think that this link could give you some hints about the design of RESTful services / Web API: http://restlet.com/blog/2015/03/16/designing-a-web-api/.
To be short, RESTful services should leverage HTTP methods they are designed for:
method GET: return the state of a resource
method POST: perform an action on the resource (creation of an element in a resource list, ...). Be careful not to use an action name within URLs (something like /elements/some-action-name) because it's not RESTful.
method PUT: update the complete state of a resource
method PATCH: update partially the state of a resource
method DELETE: delete a resource
You need also to be aware that they can apply at different levels, so methods won't do the same things:
a list resource (for example, path /elements)
an element resource (for example, path /elements/{elementid})
Other important things you must consider are:
To use status codes to tell the client if the request is sucessful (2xx family), fails because of the client (4xx family) or of the server (5xx family)
To leverage HTTP headers. For example, the header Content-Type for the type of content used (application/json for JSON for example) and Accept for content negotiation if needed...
Otherwise there are some formats like Swagger and RAML you can leverage to craft your Web API. A tool like Restlet Studio could a good help to create the structure of your REST service online, get the corresponding Swagger and RAML contents, and even generate server skeletons or client SDKs. You can notice that this tool only follows REST principles...
Regarding security, you need to leverage the Authorization header. There are several strategies:
Basic one. The username / password are encoded with Base64 and sent in the header.
Token-based one. You could have a look at this link for more details: https://templth.wordpress.com/2015/01/05/implementing-authentication-with-tokens-for-restful-applications/
OAuth2. See this link: http://www.bubblecode.net/en/2013/03/10/understanding-oauth2/.
Regarding file upload, you can leverage multipart contents. See this link: http://restlet.com/blog/2015/10/27/implementing-file-upload-with-restlet-framework/. We use the Restlet framework but you might pick up some generic hints...
Hope it helps you,
Thierry

In my opinion the concept of a Rest-full API is a little blurry, I would advise you to take a look at this article http://martinfowler.com/articles/richardsonMaturityModel.html
Not many public rest-full api's actually achive the discussed level 3. The general idea it to model your api around the "resources" your application deals in and respect the proper http verbs.
As for tools I kinda like https://apiary.io/ it helps you build an API and can provide mock responses as well

Can you give me some clarification about the REST architecture? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am studying for a developer certification and I have some doubt related to the general concept of REST and REST Web Services.
From what I can understand REST is more related to software\network architecture style consisting of guidelines and best practices for creating scalable web services respect to a specific technology (differently from SOAP that is a specific implemented network protocol).
The first doubt is: "is REST related only to web services implementation or can be related also to other purposes? If it could be related to other purposes what are?
So from what I can understand using this REST style the messagges are send and receive directly using the HTTP protocol without using an intermediate protocol as SOAP.
I know that REST is statless (does not maintain information about previous states) so if I use the REST style I can't use the Http Session or coockies to mantain informations about what happens before. If it is true, why? what is the benefit of a statles managment? What is the difference with SOAP? Is SOAP statefull? (it seems to me not but I can say wrong things).
Using REST style the resources are modelled as noun, for example:
http://mybank.com/banking/accounts/123456789
And then I can perform a limited set of operations on these resources, operations described by: GET, PUT, POST, DELETE
Reading on the course documentation it say that these operations are the default operation in case of the architecture works over Http protocol. So are these operations the only operations that I can perform or can be used others? Can you explain me this thing?
Maybe I have a big gap in the Http protocol knowledge, I only know that Http protocol only supports the POST and GET operations. So what exatly are these PUT and DELETE operations? Are Http protocol specific operations as GET and POST? What is the difference between PUT and POST? and why REST architecture use PUT instead POST?
Tnx

REST describes guidelines and best practices to design an efficient architecture for the Web.
Can I suggest you to read these two posts? I think that they could help to answer deeply your questions about resources, operations, representations...
https://templth.wordpress.com/2014/12/15/designing-a-web-api/ - Designing a Web API (i.e. RESTful Web services)
https://templth.wordpress.com/2015/01/05/implementing-authentication-with-tokens-for-restful-applications/ - How to handle security for RESTful Web services
Yes, normally RESTful applications are stateless. This means that you should keep states on the server-side. In the case of security, you need to authenticate users at each request. That said, since Cookies are part of HTTP, you could leverage them within your application.
Hope it helps,
Thierry

Tool comparable to SoapUI for creating GUIs for functional testing of RESTful web services, without all the WSDL/schema nonsense

Apologies if this has already been covered in another question - there are a lot of questions (many with answers) about functionally testing REST services but this question is specifically geared towards allowing laypeople to create simple GUI interfaces to those services by mapping GUI controls to service inputs/outputs.
Is there a tool out there, open-source, free, or commercial, that allows laypeople to create simple forms to functionally test REST services that are similar to SoapUI's forms for SOAP services? I realize there would not be WSDL involved, so the user would still need to do some work to get an endpoint set up to test.
Alternatively, are there any libraries available for Web API 2 that generate this sort of interface from the method signatures and routes?
I am looking for the easiest way to allow a tester to start functionally testing a web service, ideally with a little more GUI-ness than is provided by, say, Postman.

Swagger is a simple yet powerful representation of your RESTful API. With the largest ecosystem of API tooling on the planet, thousands of developers are supporting Swagger in almost every modern programming language and deployment environment. With a Swagger-enabled API, you get interactive documentation, client SDK generation and discoverability.
http://swagger.io/

Web service software architecture [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I have a database which I consider to be my application and a website acting as a user interface for that application. It is now time to add more user interfaces to my application (phone apps etc).
Keeping this in mind, I have come up with a web service architecture to feed data to all my user interfaces. I would like to sanity check this with the brains on stack overflow. Btw - this is all Azure hosted.
Database, as is.
Core web service - this handles all important methods and invokes the main processes on the DB. For example, registration. This will also automatically queue emails to be sent, etc.
Web Services for each UI (website, phone app) - these are specific methods for the UI data calls - e.g. GetDataForRegistrationPage - specific to the website and not needed for the app. The app would have different requirements.
So far I think this is reasonable though I'm interested in your opinions. I would like a bit of help with the next bit: how they communicate.
I would like the Core web service to be a WCF Service that can ONLY be accessed on named pipe endpoints - ensuring that only the client web services can communicate with them (I can guarantee they are on the same machine).
I would like the Client Web Services to bind to their applications by TCP or http. The website will be on a separate machine but on the same network and so is a good contender for TCP. The apps will of course be on clients and would be best as http I believe.
I am worried that I've introduced too many steps with this design. Using registration as an example, the user would register using the website page which goes to the web server which would invoke the registration method on the website web service, which would invoke the registration method on the core web service, which would invoke registration on the database.
Thank you for your thoughts!
(I posted the below as answer but got told off. If we really want to be anal about this then I guess no one should have posted anything as answer as there is no real answer - I was asking for opinions, but anyway...)
Just in case it is of any interest to others having similar design questions. I have decided to get rid of the core service idea and just use a class library shared between each client service.
Pros: Easier to develop, one less complication (setting up named pipes seems impossible to me) and one less process to get involved (even if it is on the same machine).
Cons: Each service now HAS to be on Azure, otherwise it cannot access the Azure storage facilities. I will be using the queue to schedule emails. With the first approach I could have potentially hosted one service on a completely separate platform.
Feel free to comment with any ideas or observations. Thank you for the input, Ramiramilu and Markus.

Your approach seems to provide a good separation of concerns. Depending on the size of your project, it might be a bit too much. If you are looking for a way to simplify your architecture, here are my thoughts:
Client WebServices
I'd propose to analyze how big the differences of the Client WebServices really are or whether it is possible to set up a common service for all clients. Even if you were able to move a lot of shared code to the Core WebService, you'd have to implementent very similar interfaces over and over again. Of course this implies that there won't be a specific WebService that is tailored to the needs of a specific client. If you build on WCF, you can also offer services with different bindings so that e.g. the WebSite accesses the service using a NetTcpBinding whereas another client communicates with the same service over a SOAP interface (WebHttpBinding or WSHttpBinding whichever fits your needs). This would be much more efficient because you'd not have to implement common building blocks like authentication and authorization for each Client WebService.
Also you might want to have a look at ASP.NET WebAPI and consider building a REST API that should be accessible from all devices - though it is as efficient as a TCP binding. You could also host your Web API in the WebSite project so that you can use it both from other client and for AJAX requests. As your WebSite is accessible from the internet anyway, this is also a good approach from an infrastructure point of view.
Core WebService
You could substitute a class library for the Core WebService. The Client WebService(s) can integrate this much easier without having to deal with additional complexity, e.g. for authenticating at the Core WebService.
As you want to host the Core WebService on the same machine anyway, I'd only build a service if there is a strong reason for it. I can't come up with one now.
Conclusion
If your requirements are only to add some clients with a limited set of capabilities, I'd suggest to add a Web API to your WebSite project and access it from the other clients. See this link for more information.

Tool for testing RESTful Web services [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
I am trying to evaluate the right tool to test RESTful Web services and eventually automate the same for our project.
Wondering, what are the specifications I need to look for such test, when i compare various tools on internet.
Definitely, one of the requirements would be an Open source tool.
I have looked on few tools, such as SOAPUI,RestClient,TestMaker, RestAssured. Wanted to know the pros and cons of them. Also, any ideas or pointers on how to go about it would be of great help.

if you want to test from browsers,
use
POSTMAN -> Chrome
Rest Client -> Firefox
If you need an online tool or require automated API testing,
use
Runscope

If you're looking for aa HTTP client (GUI) to test requests, I'd mention:
Paw, a native HTTP client on Mac that supports most of the popular authentication schemes, has full encryption and obfuscation of your server credentials and dynamic values a special feature that lets you sent back a field from a previous request (e.g. an auth token) or compute the hash of another part of the request. Also generates cURL or client code. (disclaimer: I'm the founder of Paw)
Postman, a Chrome app and a web wrapper for Mac that lets you send requests to servers. Generates cURL and client code. Cross-platform (web app). Has a cloud service for sharing of collections.
Insomnia, a Chrome app but with a really nice interface (a design I like). It feels like the author cares about UI and design. The feature set isn't as complete as Paw or Postman though.
HDC Client, Chrome app, quite old but Restlet acquired them and it seems like it's more active on the development. As test features like Postman.
Advanced REST Client, a Chrome app, similar to previous ones. Seems still quite popular but isn't very updated.
RESTed, a native Mac app, a very small feature set, just lets you test one request at a time. I mention this because I like the native feel (alike Paw) and I think it's a good alternative for those who just want something simple.
Also, you may consider this command line tool:
HTTPie: For a command line too, I personally love it. It's beautifully made, and easy to learn. Clearly not as handy as a GUI, but really worth a try.
I'd also recommend you to read through this list of tools I've made a few months ago: Tools that will help you develop a RESTful API

If you need complex parametrized soap and rest webservices testing and test automation, you definetly should try soapui. It is open source (https://github.com/SmartBear/soapui), free in base edition tool with great documentation. In addition to webservices tests it provide scripting, load testing tool, ide support, web services mocking, running tests from GUI or console and much more.