RESTful API

RESTful APIs are application programming interfaces (API) that adhere to architectural style of REST architectural pattern and it is used to HTTP requests to GET, PUT, POST and DELETE data.



RESTful API has the following features:

Those are the guiding constraints which define a RESTful system.
  1. Client–server - The client handles the front end the server handles the backend and can both be replaced independently of each other.
  2. Stateless - No client data is stored on the server between requests and session state is stored on the client.
  3. Cacheable - Clients can cache response (just like browsers caching static elements of a web page) to improve performance.
  4. Uniform Interface - The key to the decoupling client from server is having a uniform interface that allows independent evolution of the application without having the application’s services, or models and actions, tightly coupled to the API layer itself.
  5. Layered System - REST APIs have different layers of their architecture working together to build a hierarchy that helps create a more scalable and modular application.
  6. Code on Demand - Code on Demand allows for code or applets to be transmitted via the API for use within the application.

Benefits you can achieve by building a RESTFul system:

  • Scalability - With layered, n-tier system, it's really easy to scale up RESTful system, with load balancers, caching, than a typical, session oriented, stateful system.
  • Heterogenous Interoperability - The RESTful system does not depend upon the type of the client in any way. RESTful API can be consumed by ANY type of client, for example, a web app, a smartphone application, or an embedded device, or any other server environment. This means it can be easily plugged with ANYthing else!
  • Independent Evolution of Client and Server - Client and server applications can be developed INDEPENDENTLY, that means, the evolution or changes in one does not affect implementation of the other. This is a huge win especially for distributed teams.
  • Empowered Clients - Empowers the client and gives it intelligence and more responsibility than traditional stateful clients.


In this blog post I am going to show how to create a resource server API. 
GitHub Link for sample api: https://github.com/nimeshikaranasinghe/RESTful-API

In this example, I have created authorization server and resource server both in a single API. There is an endpoint that you can call in order to retrieve the resources.
This is written using node.js.

app.js



 OAuth grant type - client_credentials
This has to be mentioned in the request body when you try to get the access token from authorization server.

Port - 4000. 
You can give any port number here.

Two endpoints
  • "/oauth/token" - get the access token 
  • "/profile" - to get resources
Resources - name ("sajith")
This is hardcoded. This comes as a JSON object.

model.js











Here I have created a user first (username = test, password = test) and all the functions that handle requests from client are written in this file.

Run


Run this resource server using node.js.
To make all get and post requests to the resource server we use RESTclient Mozilla Firefox Add on.

First make a POST request to get the access token from the authorization server.
For that we have to send the authorization key in the header.

Authorization : Bearer XXXXXXXXXXXXXXX
And also we have to mention the content type in the header.
Content-Type : application/x-www-form-urlencoded

Then we have to mention these 3 parameters in the body.
username=test
password=test
grant_type=client_credentials

The URL should be the endpoint that gives us the access token.
http://localhost:4000/oauth/token



When we send this we get the response which has access token in it. This access token also have an expiration time.

Then we have to make a GET request to retrieve the resources we need.





Now the URL is different because we have to call a different endpoint to get these resources which is "http://localhost:4000/profile".

We do not have to mention anything in the body.
In the request header we should send the access token we got in the previous step.

Authization: Bearer XXXXXXXXXXXXXXX

Make sure that the access token is not expired. Otherwise it gives an error message saying that it has expired.

When you sent this request you get a response that contains the resources we specified in the code.
{"name":"nimeshika","id":"set"} 



Comments

  1. UnknownDecember 22, 2021 at 10:49 PM

    The Vidmate app is a three-in-one utility for playing, downloading, and converting videos. It works with hundreds of streaming websites to provide access to a massive content library for free viewing.

    Easy access to HD videos
    Vidmate is an app that enables free and quick content downloads from video streaming sites all over the Internet.
    Vidmate is primarily a video downloader that offers easy-to-use tools for browsing and downloading media. It covers streaming sites such as Vevo and YouTube, as well as social media.

    The UI is quite straightforward. It shows you supported websites for you to choose and find and download the content you want with a single click.

    download vidmate apk
    Techisq free app download
    free mobile app download
    9app software
    Vidmate latest version
    leaked movies download
    latest version vidmate
    free video vidmate

    Job apps work from home jobs

    ReplyDelete

Post a Comment

Popular posts from this blog

Introduction to Encryption

Image
What is Encryption? Encryption is like sending secret messages between parties; if someone tries to pry without the proper keys, they won't be able to understand the message. In other words, it is the process of locking up information using cryptography (Cryptography is both the practice and the study of hiding information.) Definition:  ‘ The Process of converting plain text into cipher text, something that appears to be random and meaningless ’ is called as the encryption. Process of converting cipher text back into original text is called as decryption . Terminology Original message is called as plain text/clear text.   Encrypted message is called as cipher text/encrypted text.  A Key which is a secret like a password which is used to encrypt and decrypt information.  Ciphers are the specific algorithms which are used to encrypt and decrypt data. A cipher is series of well-defined steps that can be followed as a procedure to encrypt and decrypt m
Read more

Cross-Site Request Forgery protection in web applications via Double Submit Cookies Patterns

Image
Double submission of cookies is another well-known method to block CSRF. Similar to using unique tokens, random tokens are assigned to both a cookie and a request parameter. In double-submitted cookie pattern, two cookies (for the session and for the CSRF token) are stored in the browser. This pattern is also called as Stateless CSRF Defense since the server site does not have to save this value in any way, thus avoiding server side state. In our previous method, we stored CSRF token values on the server side (text file). But here we don't do it. When a user authenticates to a site, the site should generate a (cryptographically strong) pseudorandom value and set it as a cookie on the user's machine separate from the session id. The site then requires that every transaction request include this random value as a hidden form value (or other request parameter). A cross origin attacker cannot read any data sent from the server or modify cookie values, per the same-origin
Read more

How to do a Phishing attack on Facebook?

Image
This is a Step by step tutorial to make an undetectable Facebook phishing site. Step 1: Download page source Go to https://www.facebook.com Right click on the blank area -> Click Save As When dialog box appears select ‘Webpage, complete’ as Save as type -> Click Save Step 2: Edit “Facebook - Log In or Sign Up.html” file and rename it. Open ‘Facebook - Log In or Sign Up.html’ file with notepad or Dreamweaver. Remove all the ajax codes. (You can download HTML file which removed all ajax codes form here https://github.com/nimeshikaranasinghe/Facebook-Phisihing.git   ) Search for login action (Press Ctrl + F -> type ‘ action= ’ -> Click Find Next) Replace the highlighted part (as in the following screenshot) with getDetails.php Save the file as index.html Step 3: Create getDetails.php Open a notepad. Type the following code <?php             $username = $_POS
Read more