Implement application programming interface (API) usability, security, availability, reliability, and scalability to extend your company's market and potentially generate revenue. Businesses know they need to extend their markets into the digital world, and expose internal data to the Internet. This book shows how stakeholders within an organization can make it a successful journey.
Stakeholder needs are not identical and departments experience difficulties discussing requirements with each other due to their different fundamental understanding of the process. The goal of this book is to introduce a common language for all business groups-developers, security experts, architects, product managers-around APIs and provide an overview of all aspects that need to be considered when exposing internal data.
Most of the content in this book is based on feedback from real-world enterprise customer questions, challenges, and business scenarios. Practical guidance is provided on the business value of APIs, the general requirements to know, and how to undertake an audience-based implementation. You will learn how to protect access to data, as well as API error handling, documentation, management, integration, and more.
What You'll Learn
- Know the types of APIs and their business and technical requirements
- The main benefits of APIs, including business value, loose coupling, and frequent updates
- Protect access to APIs through role-based access, attribute-based access, and rate limiting
- Distinguish between OAuth and OpenID Connect, and know how they both work
- Manage API error handling, including what should and should not be handled
- Understand the distinction between runtime, dynamic data, and static data
- Leverage external APIs as part of your own APIs
Who This Book Is For
API developers, API security experts, software architects, product owners, and business owners
Sascha Preibisch has been involved in enterprise-grade software development since 2005. He worked as a consultant in Switzerland where he helped customers expose SOAP-based web services in a secure way. Today, as software architect for CA Technologies in Vancouver, Canada, he works with customers who expose RESTful services. He advises customers in the usage of OAuth, OpenID Connect, mobile API security, and SSO between mobile and desktop applications. Sascha regularly attends the Internet Identity Workshop (IIW) in Mountain View,California, USA, which is the birth place of OAuth 2.0 and OpenID Connect. He is a member of the OpenID Foundation. He maintains a blog on all aspects of API development, and he wrote a short book about a software framework (Application Development with XML, Eclipse RCP, and Web Services). Sascha holds a patent on a secure mobile app registration protocol.