OAuth 2 in Action teaches you the practical use and deployment of this HTTP-based protocol from the perspectives of a client, authorization server, and resource server. You'll learn how to confidently and securely build and deploy OAuth on both the client and server sides. Foreword by Ian more » Glazer.
Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.
About the Technology
Think of OAuth 2 as the web version of a valet key. It is an HTTP-based security protocol that allows users of a service to enable applications to use that service on their behalf without handing over full control. And OAuth is used everywhere, from Facebook and Google, to startups and cloud services.
About the Book
OAuth 2 in Action teaches you practical use and deployment of OAuth 2 from the perspectives of a client, an authorization server, and a resource server. You'll begin with an overview of OAuth and its components and interactions. Next, you'll get hands-on and build an OAuth client, an authorization server, and a protected resource. Then you'll dig into tokens, dynamic client registration, and more advanced topics. By the end, you'll be able to confidently and securely build and deploy OAuth on both the client and server sides.
* Covers OAuth 2 protocol and design
* Authorization with OAuth 2
* OpenID Connect and User-Managed Access
* Implementation risks
* JOSE, introspection, revocation, and registration
* Protecting and accessing REST APIs
About the Reader
Readers need basic programming skills and knowledge of HTTP and JSON.
About the Author
Justin Richer is a systems architect and software engineer. Antonio Sanso is a security software engineer and a security researcher. Both authors contribute to open standards and open source.
Table of Contents
1. Part 1 - First steps
2. What is OAuth 2.0 and why should you care?
3. The OAuth dance
4. Part 2 - Building an OAuth 2 environment
5. Building a simple OAuth client
6. Building a simple OAuth protected resource
7. Building a simple OAuth authorization server
8. OAuth 2.0 in the real world
9. Part 3 - OAuth 2 implementation and vulnerabilities
10. Common client vulnerabilities
11. Common protected resources vulnerabilities
12. Common authorization server vulnerabilities
13. Common OAuth token vulnerabilities
14. Part 4 - Taking OAuth further
15. OAuth tokens
16. Dynamic client registration
17. User authentication with OAuth 2.0
18. Protocols and profiles using OAuth 2.0
19. Beyond bearer tokens
20. Summary and conclusions « less
Create web services that are lightweight, maintainable, scalable, and secure using the best tools and techniques designed for Python
About This Book
Develop RESTful Web Services using the most popular frameworks in Python Configure and fine-tune your APIs using the best tools and techniques available This practical guide will help you to implement complete REST-based APIs from scratch
Who This Book Is For
This book is for more » web developers who have working knowledge of Python and would like to build amazing web services by taking advantage of the various frameworks of Python. You should have some knowledge of RESTful APIs.
What You Will Learn
* Develop complex RESTful APIs from scratch with Python combined with and without data sources
* Choose the most appropriate (micro) framework based on the specific requirements of a RESTful API / web service
* Debug, test, and profile RESTful APIs with each of the frameworks
* Develop a complex RESTful API that interacts with a PostgreSQL database
* Add authentication and permissions to a RESTful API built in each of the frameworks
* Map URL patterns to request handlers and check how the API works
* Profile an existing API and refactor it to take advantage of asynchronous code
Python is the language of choice for millions of developers worldwide, due to its gentle learning curve as well as its vast applications in day-to-day programming. It serves the purpose of building great web services in the RESTful architecture. This book will show you the best tools you can use to build your own web services. Learn how to develop RESTful APIs using the popular Python frameworks and all the necessary stacks with Python, Django, Flask, and Tornado, combined with related libraries and tools. We will dive deep into each of these frameworks to build various web services, and will provide use cases and best practices on when to use a particular framework to get the best results. We will show you « less
A Practical, Case-Study Approach
Build straightforward and maintainable APIs to create services that are usable and maintainable. Although this book focuses on distributed services, it also emphasizes how the core principles apply even to pure OOD and OOP constructs.
The overall context of Creating Maintainable APIs is to classify more » the topics into four main areas: classes and interfaces, HTTP REST APIs, messaging APIs, and message payloads (XML, JSON and JSON API as well as Apache Avro).
What You Will Learn:
* Use object-oriented design constructs and their APIs
* Create and manage HTTP REST APIs
* Create and manage maintainable messaging APIs, including the use of Apache Kafka as a principal messaging hub
* Handle message payloads via JSON
Who This Book Is For:This book is for any level software engineers and very experienced programmers. « less
Designing web APIs that developers will love
A Web API is a platform with a web-style interface developers can use to implement functionality. Well-designed APIs feel like a natural extension of the application, rather than just a new interface into the backend database. Designing Web APIs based on use cases allows an organization to more » develop irresistible APIs, which developers can consume easily and which support the business values of that organization.
About the Technology
It takes a village to deliver an irresistible web API. Business stakeholders look for an API that works side-by-side with the main product to enhance the experience for customers. Project managers require easy integration with other products or ways for customers to interact with your system. And, developers need APIs to consistently interoperate with external systems. The trick is getting the whole village together. This book shows you how.
About the Book
Irresistible APIspresents a process to create APIs that succeed for all members of the team. In it, you'll learn how to capture an application's core business value and extend it with an API that will delight the developers who use it. Thinking about APIs from the business point of view, while also considering the end-user experience, encourages you to explore both sides of the design process and learn some successful biz-to-dev communication patterns. Along the way, you'll start to view your APIs as part of your product's core value instead of just an add-on.
* Design-driven development
* Developing meaningful use cases
* API guiding principles
* How to recognize successful APIs
About the Reader
Written for all members of an API design team, regardless of technical level.
About the Author
Kirsten Hunter is an API evangelist who helps developers and business stakeholders understand, design, and deliver amazing APIs.
Table of Contents
1. UNDERSTANDING WEB APIs
2. What makes an API irresistible?
3. Working with web APIs
4. API First
5. Web services explained
6. DESIGNING WEB APIs
7. Guiding principles for API design
8. Defining the value for your API
9. Creating your schema model
10. Design-driven development
11. Empowering your developers « less
Writing PHP Microservices, REST and Web Service APIs
Learn to write test-driven microservices, REST APIs, and web service APIs with PHP using the Lumen micro-framework, from the now popular Laravel family. This book shows you how testing APIs can help you write bullet-proof web application services and microservices.
In the Lumen Programming Guide you more » will learn how to use Lumen―a micro-framework by Laravel―to write bullet-proof APIs. Lumen helps you write productive, maintainable APIs using modern application design. You will learn how to write fully-tested APIs and understand essential Lumen concepts used to build a solid foundation for writing API projects.
What You Will Learn * Maintain your API's database structure through built-in database migrations
* Write tests with factory data in a test database
* Respond with consistent data output in JSON
* Deal with PHP exceptions by using JSON responses
* Create, read, update, and delete REST resources
* Represent model associations in API responses
* Build a solid foundation for writing tests with PHPUnit and Mockery
* Validate data
Who This Book Is For
PHP developers with no Laravel experience. Only a basic understanding of HTTP and writing PHP applications is needed to get started. « less
Build robust and scalable software from the start
Learn what a microservices architecture is, its advantages, and why you should consider using one when starting a new application. The book describes how taking a microservices approach from the start helps avoid the complexity and expense of moving to a service-oriented approach after applications reach more » a critical code base size or traffic load.
Microservices from Day One discusses many of the decisions you face when adopting a service-oriented approach and defines a set of rules to follow for easily adopting microservices. The book provides simple guidelines and tips for dividing a problem domain into services. It also describes best practices for documenting and generating APIs and client libraries, testing applications with service dependencies, optimizing services for client performance, and much more. Throughout the book, you will follow the development of a sample project to see how to apply the best practices described.
What You Will Learn:
* Apply guidelines and best practices for developing projects that use microservices
* Define a practical microservices architecture at the beginning of a project that allows for fast development
* Define and build APIs based on real-world best practices
* Build services that easily scale by using tools available in most programming languages
* Test applications in a distributed environment
Who This Book is For:
Software engineers and web developers who have heard about microservices, and want to either move the project/applications they work on to a service-oriented environment, or want to start a new project knowing that building services helps with ease of scaling and maintainability. The book is a reference for developers who have a desire to build software in smaller, more focused and manageable chunks, but do not know how to get started. « less
APIs for the Modern Web
Whether you’re sharing data between two internal systems or building an API so that users can access their data, this practical guide has everything you need to build APIs with PHP. Author Lorna Jane Mitchell provides lots of hands-on code samples, real-world examples, and advice based on her extensive more » experience to guide you through the process—from the underlying theory to methods for making your service robust.
You’ll learn how to use this language to work with JSON, XML, and other web service technologies. This updated second edition includes new tools and features that reflect PHP updates and changes on the Web.
* Explore HTTP, from the request/response cycle to its verbs, headers, and cookies
* Work with and publish webhooks—user-defined HTTP callbacks
* Determine whether JSON or XML is the best data format for your application
* Get advice for working with RPC, SOAP, and RESTful services
* Use several tools and techniques for debugging HTTP web services
* Choose the service that works best for your application, and learn how to make it robust
* Document your API—and learn how to design it to handle errors « less
Enabling Reuse Through Hypermedia
Web-based REST and Hypermedia services are becoming more common every day, but very few client libraries take advantage of these powerful API features—mostly because the techniques and patterns needed to create successful hypermedia clients have been ignored. Yet, when done right, hypermedia-based client more » applications exhibit more stability and flexibility than typical one-off custom client code.
This practical book takes you on a journey from custom bespoke implementations to powerful general-purpose client applications and, along the way, shows how you can harness many of the basic principles that underpin the Web. Throughout the book, you'll find practical, approachable examples and dialogs, as well as clear guidance on how to understand this increasingly important conversation. « less
Everyone and their dog wants an API, so you should probably learn how to build them
Make applications cross-communicate using Apache Thrift!
***** About This Book *****
* Leverage Apache Thrift to enable applications written in different programming languages (Java, C++, Python, PHP, Ruby, and so on) to cross-communicate.
* Learn to make your services ready for real-world applications by using stepwise examples and modifying code from more » Industry giants.
* Be a crackerjack at solving Apache Thrift-related issues.
***** Who This Book Is For *****
If you have some experience of developing applications in one or more languages supported by Apache Thrift (C++, Java, PHP, Python, Ruby, and others) and want to broaden your knowledge and skills in building cross-platform, scalable applications, then this book is for you.
***** What You Will Learn *****
* Understand the need for cross-language services and the basics of Apache Thrift.
* Learn how Apache Thrift works and what problems it solves.
* Determine when to use Apache Thrift instead of other methods (REST API), and when not to use it.
* Create and run an example application using Apache Thrift.
* Use Apache Thrift in your applications written in different languages supported by Apache Thrift (PHP, Python, Ruby, Java, and C++).
* Handle exceptions and deal with errors.
* Modify code in different languages.
* Use Apache Thrift in the production environments of big applications.
***** In Detail *****
This book will help you set aside the basics of service-oriented systems through your first Apache Thrift-powered app. Then, progressing to more complex examples, it will provide you with tips for running large-scale applications in production environments.
You will learn how to assess when Apache Thrift is the best tool to be used. To start with, you will run a simple example application, learning the framework's structure along the way; you will quickly advance to more complex systems that will help you solve various real-life problems.
Moreover, you will be able to add a communication layer to every application written in one of the popular programming languages, with support for various data types and error handling. Further, you will learn how pre-eminent companies use Apache Thrift in their popular applications.
This book is a great starting point if you want to use one of the best tools available to develop cross-language applications in service-oriented architectures.
***** Style and approach *****
A stepwise guide to learning Apache Thrift, with ready-to-run examples explained comprehensively. Advanced topics supply the inspiration for further work. « less