Bøger af Matthias Biehl

Signup and login with a Google, Yahoo, or Microsoft account can be found in more and more web and mobile apps. One login used by many, freeing the end-user from the burden of managing many accounts and passwords. Signup and login to a new app become so smooth and convenient, that end-users are much more likely to try a new app. For us developers of web and mobile apps, these signup and login features are attractive, too: we do not need to manage user credentials, and we get a higher conversion rate resulting in more new customers. In effect, this means cutting costs and increasing the number of new customers for our apps.So how does this feature "Signup and login with Google, Yahoo, or Microsoft" work? It is realized with OpenID Connect, a standardized protocol for sharing end-user data in a secure and controlled manner. Exploring how OpenID Connect works, so we as developers can enjoy its benefits is the subject of this book. This book explains the overall concept of OpenID Connect, so we understand who the actors are, which endpoints and tokens are involved and how these elements interact in so-called flows. These flows tend to get confusing, so we visualize these flows as sequence diagrams, and show how to choose the flow that is appropriate for a given scenario. Using examples, we explore how the tokens are constructed, signed and encrypted with JWT, JWS, and JWE. This is not a programming book, don't expect implementations with a specific programming language or library. Instead, we focus on understanding OpenID Connect on a conceptual level, so we can design and architect apps that work with OpenID Connect. And OpenID Connect is the standard behind creating smooth login and signup experiences, increasing the customer signup rate, and creating highly converting apps.

Want to build APIs like Facebook? Since Facebook's framework for building APIs, GraphQL, has become publicly available, this ambition seems to be within reach for many companies. And that is great. But first, let's learn what GraphQL really is and - maybe even more importantly - let's figure out how to apply GraphQL to build APIs that consumers love. In this book, we take a hands-on approach to learning GraphQL. We first explore the concepts of the two GraphQL languages using examples. Then we start writing some code for our first GraphQL API. We develop this API step by step, from creating a schema and resolving queries, over mocking data and connecting data sources all the way to developing mutations and setting up event subscriptions.Are your API consumers important to you? This book shows you how to apply a consumer-oriented design process for GraphQL APIs, so you can deliver what your consumers really want: an API that solves their problems and offers a great developer experience.Do you want to enable the API consumers so they can build great apps? This book explains the GraphQL query language, which allows the API consumers to retrieve data, write data and get notified when data changes. More importantly, you let them decide, which data they really need from the API.Do you want to make your API easy and intuitive to use? This book shows you how to use the GraphQL schema language to define a type system for your API, which serves as a reference documentation and helps your API consumers write queries that are syntactically correct.Do you want to profit from what has worked for others? This book provides a collection of best practices for GraphQL that have worked for other companies, e.g. regarding pagination, authentication and caching.GraphQL and REST are competing philosophies for building APIs. It is not in the scope of this book to compare or discuss the two approaches. The focus of this book is on a hands-on approach for learning GraphQL.

Got RESTful APIs? Great. API consumers love them. But today, such RESTful APIs are not enough for the evolving expectations of API consumers. Their apps need to be responsive, event-based and react to changes in near real-time. This results in a new set of requirements for the APIs, which power the apps. APIs now need to provide concepts such as events, notifications, triggers, and subscriptions. These concepts are not natively supported by the REST architectural style. The good thing: we can engineer RESTful APIs that support events with a webhook infrastructure. The bad thing: it requires some heavy lifting. The webhook infrastructure needs to be developer-friendly, easy to use, reliable, secure and highly available. With the best practices and design templates provided in this book, we want to help you extend your API portfolio with a modern webhook infrastructure. So you can offer both APIs and events that developers love to use.

Looking for the big picture of building APIs? This book is for you! Building APIs that consumers love should certainly be the goal of any API initiative. However, it is easier said than done. It requires getting the architecture for your APIs right. This book equips you with both foundations and best practices for API architecture. This book is for you if you want to understand the big picture of API design and development, you want to define an API architecture, establish a platform for APIs or simply want to build APIs your consumers love. This book is NOT for you, if you are looking for a step-by step guide for building APIs, focusing on every detail of the correct application of REST principles. In this case I recommend the book "API Design" of the API-University Series. What is API architecture? Architecture spans the bigger picture of APIs and can be seen from several perspectives: API architecture may refer to the architecture of the complete solution consisting not only of the API itself, but also of an API client such as a mobile app and several other components. API solution architecture explains the components and their relations within the software solution.API architecture may refer to the technical architecture of the API platform. When building, running and exposing not only one, but several APIs, it becomes clear that certain building blocks of the API, runtime functionality and management functionality for the API need to be used over and over again. An API platform provides an infrastructure for developing, running and managing APIs.API architecture may refer to the architecture of the API portfolio. The API portfolio contains all APIs of the enterprise and needs to be managed like a product. API portfolio architecture analyzes the functionality of the API and organizes, manages and reuses the APIs.API architecture may refer to the design decisions for a particular API proxy. To document the design decisions, API description languages are used. We explain the use of API description languages (RAML and Swagger) on many examples.This book covers all of the above perspectives on API architecture. However, to become useful, the architecture needs to be put into practice. This is why this book covers an API methodology for design and development. An API methodology provides practical guidelines for putting API architecture into practice. It explains how to develop an API architecture into an API that consumers love. A lot of the information on APIs is available on the web. Most of it is published by vendors of API products. I am always a bit suspicious of technical information pushed by product vendors. This book is different. In this book, a product-independent view on API architecture is presented. The API-University Series is a modular series of books on API-related topics. Each book focuses on a particular API topic, so you can select the topics within APIs, which are relevant for you.

This book offers an introduction to API security with OAuth 2.0 and OpenID Connect. In less than 80 pages you will gain an overview of the capabilities of OAuth. You will learn the core concepts of OAuth. You will get to know all four OAuth flows that are used in cloud solutions and mobile apps.If you have tried to read the official OAuth specification, you may get the impression that OAuth is complex. This book explains OAuth in simple terms. The different OAuth flows are visualized graphically using sequence diagrams. The diagrams allow you to see the big picture of the various OAuth interactions. This high-level overview is complemented with rich set of example requests and responses and an explanation of the technical details.In the book the challenges and benefits of OAuth are presented, followed by an explanation of the technical concepts of OAuth. The technical concepts include the actors, endpoints, tokens and the four OAuth flows. Each flow is described in detail, including the use cases for each flow. Extensions of OAuth are presented, such as OpenID Connect and the SAML2 Bearer Profile. Who should read this book? You do not have the time to read long books?This book provides an overview, the core concepts, without getting lost in the small-small details. This book provides all the necessary information to get started with OAuth in less than 80 pages. You believe OAuth is complicated? OAuth may seem complex with flows and redirects going back and forth. This book will give you clarity by introducing the seemingly complicated material by many illustrations. These illustrations clearly show all the involved interaction parties and the messages they exchange. You want to learn the OAuth concepts efficiently? This book uses many illustrations and sequence diagrams. A good diagram says more than 1000 words. You want to learn the difference between OAuth and OpenID Connect? You wonder when the two concepts are used, what they have in common and what is different between them. This book will help you answer this question. You want to use OAuth in your mobile app?If you want to access resources that are protected by OAuth, you need to get a token first, before you can access the resource. For this, you need to understand the OAuth flows and the dependencies between the steps of the flows. You want to use OAuth to protect your APIs? OAuth is perfectly suited to protect your APIs. You can learn which OAuth endpoints need to be provided and which checks need to be made within the protected APIs.

This book gets you a running start with serverless GraphQL APIs on Amazon's AWS AppSync. GraphQL is now a viable option for modern API design. And since Facebook, Yelp, and Shopify have built successful APIs with GraphQL, many companies consider following in the technological footsteps of these tech giants. Using GraphQL is great, but by itself, it is only half the rent: It requires the manual installation and maintenance of software infrastructure components.AppSync is a cloud-based platform for GraphQL APIs. It is serverless, so you waste no time setting up infrastructure. It scales up and down dynamically depending on the load. It supports your app developers with an SDK for synchronization and offline support. You pay only what you use, so no upfront investment is needed and it may save your organizations thousands of dollars in IT costs.Whether you are new to GraphQL, or you are an experienced GraphQL developer, this book will provide you with the knowledge needed to get started with AWS AppSync. After quickly covering the GraphQL foundations, you will dive into the practice of developing APIs with AWS AppSync with in-depth walkthroughs, screenshots, and code samples. The book guides you through the step-by-step process of creating a GraphQL schema, developing GraphQL APIs, connecting data sources, developing resolvers with AppSync templates, securing your API, offering real-time data, developing offline support and synchronization for your apps and much more.

Looking for Best Practices for RESTful APIs?This book is for you! Why? Because this book is packed with practical experience on what works best for RESTful API Design. You want to design APIs like a Pro? Use API description languages to both design APIs and develop APIs efficiently. The book introduces the two most common API description languages RAML, OpenAPI, and Swagger. Your company cares about its customers? Learn API product management with a customer-centric design and development approach for APIs. Learn how to manage APIs as a product and how to follow an API-first approach. Build APIs your customers love! You want to manage the complete API lifecycle? An API development methodology is proposed to guide you through the lifecycle: API inception, API design, API development, API publication, API evolution, and maintenance. You want to build APIs right? This book shows best practices for REST design, such as the correct use of resources, URIs, representations, content types, data formats, parameters, HTTP status codes, and HTTP methods. Your APIs connect to legacy systems? The book shows best practices for connecting APIs to existing backend systems. Your APIs connect to a mesh of microservices? The book shows the principles for designing APIs for scalable, autonomous microservices. You expect lots of traffic on your API? The book shows you how to achieve high performance, availability and maintainability. You want to build APIs that last for decades? We study API versioning, API evolution, backward- and forward-compatibility and show API design patterns for versioning. The API-University Series is a modular series of books on API-related topics. Each book focuses on a particular API topic, so you can select the topics within APIs, which are relevant for you.