Linked e-resources
Details
Table of Contents
Intro; Contents; About the Author; About the Technical Reviewer; Acknowledgments; Introduction; Chapter 1: APIs: What Are They?; What Is Understood as an API; What Types of APIs Exist?; Summary; Chapter 2: API Stake-holders; Product Owners; Software Architects; Security Architects; API Developers; Other Roles; Responsibilities; Summary; Chapter 3: Importance and Relevance of APIs; The Business Value of APIs; Omnipresent; Mobile First; Integration; Modernization; Automatization; Monetization; Technical Value of APIs; Business Requirements vs. Technical Requirements; Summary.
Chapter 4: API DesignGeneral Guidelines; Getting Started; Designing the First API; Going a Little Further; User Interface vs. BackEnd API Design; UI-Driven API Design; BackEnd-Driven API Design; Combining Both Types of APIs; Summary; Chapter 5: API Authentication and Authorization; Authentication vs. Authorization; Preemptive Authorizations; Just-in-Time Authorizations; OAuth; OAuth, the Details; OAuth flows (grant_types); Implicit Grant; Authorization_code Grant, Step 1; Authorization_code Grant, Step 2; Resource Owner Password Credentials (ROPC) Grant; Refresh Token Grant.
Client Credentials GrantOAuth SCOPE; OAuth Consent; OAuth and Step-Up Authentication; JWT (JSON Web Token); id_token; Creating an id_token (JWT); OpenID Connect; Why OpenID Connect?; How Does It Work?; How to Leverage OpenID Connect; Use Case 1: Take resource_owners Through an Initial Login and Consent Flow; Use Case 2: During Consecutive Authorization Flows Display the Login Screen Only If the resource_owner Has No Session and Do Not Display the Consent Screen Again; Use Case 3: Accept a id_token Issued by a Third Party as resource_owner Credentials; Validating id_token in Detail.
OpenID ProviderRelying Party; OAuth vs. OpenID Connect vs. LDAP; LDAP (Lightweight Directory Access Protocol); OAuth; OpenID Connect; Summary; Chapter 6: API Implementation Details; API Protection: Controlling Access; API Error Handling; API Caching; Security vs. Performance; API Documentation; Summary; Chapter 7: API Gateways; Why Do API Gateways Exist?; What Are API Gateways Used For?; Mocking APIs; Why Is It Important to Leverage API Gateways?; Decoupling; Separation of Concerns; Integration and Scaling; API Gateway Alternatives; Summary; Chapter 8: APIs and Microservices.
What Is the Difference Between APIs and Microservices?What to Know When Supporting a Microservice Infrastructure; Runbooks; Automating the Runbook!; How Does Docker Help?; Summary; Chapter 9: Real-Life API Examples; Google Maps; Embedded Maps; JavaScript API; Microsoft, OpenID Connect; OpenID Connect Discovery; id_token Validation; IFTTT; Authentication and Authorization; What to Remember Based on These Examples; Summary; Appendix A: Key Terms; Index.
Chapter 4: API DesignGeneral Guidelines; Getting Started; Designing the First API; Going a Little Further; User Interface vs. BackEnd API Design; UI-Driven API Design; BackEnd-Driven API Design; Combining Both Types of APIs; Summary; Chapter 5: API Authentication and Authorization; Authentication vs. Authorization; Preemptive Authorizations; Just-in-Time Authorizations; OAuth; OAuth, the Details; OAuth flows (grant_types); Implicit Grant; Authorization_code Grant, Step 1; Authorization_code Grant, Step 2; Resource Owner Password Credentials (ROPC) Grant; Refresh Token Grant.
Client Credentials GrantOAuth SCOPE; OAuth Consent; OAuth and Step-Up Authentication; JWT (JSON Web Token); id_token; Creating an id_token (JWT); OpenID Connect; Why OpenID Connect?; How Does It Work?; How to Leverage OpenID Connect; Use Case 1: Take resource_owners Through an Initial Login and Consent Flow; Use Case 2: During Consecutive Authorization Flows Display the Login Screen Only If the resource_owner Has No Session and Do Not Display the Consent Screen Again; Use Case 3: Accept a id_token Issued by a Third Party as resource_owner Credentials; Validating id_token in Detail.
OpenID ProviderRelying Party; OAuth vs. OpenID Connect vs. LDAP; LDAP (Lightweight Directory Access Protocol); OAuth; OpenID Connect; Summary; Chapter 6: API Implementation Details; API Protection: Controlling Access; API Error Handling; API Caching; Security vs. Performance; API Documentation; Summary; Chapter 7: API Gateways; Why Do API Gateways Exist?; What Are API Gateways Used For?; Mocking APIs; Why Is It Important to Leverage API Gateways?; Decoupling; Separation of Concerns; Integration and Scaling; API Gateway Alternatives; Summary; Chapter 8: APIs and Microservices.
What Is the Difference Between APIs and Microservices?What to Know When Supporting a Microservice Infrastructure; Runbooks; Automating the Runbook!; How Does Docker Help?; Summary; Chapter 9: Real-Life API Examples; Google Maps; Embedded Maps; JavaScript API; Microsoft, OpenID Connect; OpenID Connect Discovery; id_token Validation; IFTTT; Authentication and Authorization; What to Remember Based on These Examples; Summary; Appendix A: Key Terms; Index.