Going REST/NoXML: Embedding Jetty with Spring and JAX-RS using Apache CXF:
Wednesday, January 30, 2013
Thursday, January 24, 2013
Streaming APIs: JSON vs XML and REST is King
Streaming APIs: JSON vs XML and REST is King:
Streaming APIs are becoming more popular because of the low latency they provide. What are the common protocols and data formats of these APIs? To find out I did a simple search on APIhub, the largest repository I found for streaming APIs. Here were the results of the 104 APIs that came up… (I cut out a few of the very low-count protocols and data formats):
Web Services Are Dead -- Long Live REST
Tuesday, January 22, 2013
Why HATEOAS is not the witch to burn
Why HATEOAS is not the witch to burn:
But HATEOAS is a model that allows you to allocate to the server some of the responsibilities of your API's use cases: which are the next steps, where they are executed, whether to skip any, or to perform further redirections. HATEOAS isn't a reminescence of WS-* as much as slapping the REST label over remote procedure calls is a reminescence of RMI and CORBA (too many acronyms today!)
Tuesday, January 15, 2013
How NOT to Design Your API.
Writing REST services with JAX-RS and Spring
Writing REST services with JAX-RS and Spring:
A framework for quickly writing and deploying REST services in java. Using JAX-RS, Spring Data, Spring Integration, Hibernate.
RESTful SAML?
RESTful SAML?:
Existing brokered authentication standards such as SAML Web Browser SSO or OpenID accommodate RESTful web services for browser driven use cases. However, what about RESTful service composition patterns where identities need to be propagated across nested service invocations, or any RESTful Web service client that is not browser based for that matter? How should brokered authentication for such RESTful service calls be handled?
Monday, January 14, 2013
Securing RESTful Web Services with OAuth 2.0
Securing RESTful Web Services with OAuth 2.0:
One of the questions we get asked the most by developers and architects is: when and why would I use OAuth2? The answer, as often with such questions, is "it depends", but there are some features of OAuth2 that make it compelling in some situations, especially in systems composed of many lightweight web services, which becoming a very common architectural pattern.
How to Protect Your APIs with OAuth
How to Protect Your APIs with OAuth:
We tackle an increasingly important question in the world of APIs: Presume that you would like to create a remote API (which perhaps exposes some API is protected in such a way that: A) Only clients that you trust can access them; B) Those clients can access your API through the explicit authorization of their end-users; and C) The end-users can be authenticated with a central entity, *withouth* having to share their credentials with your API’s clients.
Subscribe to:
Posts (Atom)