You are previewing RESTful Java Patterns and Best Practices.
O'Reilly logo
RESTful Java Patterns and Best Practices

Book Description

Learn best practices to efficiently build scalable, reliable, and maintainable high performance RESTful services

In Detail

The convergence of social networking, cloud computing, and the era of mobile applications has created a generation of emerging technologies that allow different networked devices to communicate with each other over the Internet with REST. REST has the benefits of being stateless; easing scalability, visibility, and reliability; and being platform and language agnostic.

This book is a practical, hands-on guide that provides you with clear and pragmatic information to take advantage of the real power of RESTful services and gives you a good foundation for using them in your applications. By comparing APIs from platforms such as Facebook, Twitter, GitHub, and PayPal, the book teaches a range of exciting capabilities with RESTful services and explores the infinite possibilities by using the diverse building blocks and tips covered in various chapters.

By the end of the book, you will be able to successfully use the concepts explained to design and implement applications based on best practices for RESTful services.

What You Will Learn

  • Discover how to build RESTful web services using the JAX-RS 2.0 API
  • Understand advanced topics related to OAuth and security with respect to RESTful services
  • Learn about caching techniques, validation, rate-limiting, asynchronous operations, and other best practices to improve application responsiveness
  • Review best practices for pagination, documentation, and the testing of RESTful services
  • Understand HATEOAS as well as the micro services architecture when building applications using RESTful services
  • Learn about the future of REST and evolving standards, and cover case studies on how different enterprises use them
  • Compare and contrast other technologies such as WebHooks, WebSockets, and Server-Sent Events for delivering real-time data to clients
  • Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

    Table of Contents

    1. RESTful Java Patterns and Best Practices
      1. Table of Contents
      2. RESTful Java Patterns and Best Practices
      3. Credits
      4. About the Author
      5. Acknowledgments
      6. About the Reviewers
      7. www.PacktPub.com
        1. Support files, eBooks, discount offers, and more
          1. Why subscribe?
          2. Free access for Packt account holders
      8. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Downloading the example code
          2. Errata
          3. Piracy
          4. Questions
      9. 1. REST – Where It Begins
        1. Introduction to REST
          1. REST and statelessness
        2. The Richardson Maturity Model
          1. Level 0 – Remote Procedure Invocation
          2. Level 1 – REST resources
          3. Level 2 – more HTTP verbs
          4. Level 3 – HATEOAS
        3. Safety and idempotence
          1. Safe methods
          2. Idempotent methods
        4. Design principles for building RESTful services
          1. Identifying the resource URIs
          2. Identifying the methods supported by the resource
            1. HTTP verbs and REST
              1. GET
              2. POST
              3. PUT
              4. DELETE
              5. HEAD
            2. PUT versus POST
          3. Identifying the different representations of the resource
          4. Implementing the APIs
            1. The Java API for RESTful Services (JAX-RS)
          5. Deploying the RESTful services
          6. Test the RESTful services
            1. The Client API with JAX-RS 2.0
            2. Accessing RESTful resources
              1. cURL
              2. Postman
              3. Other tools
                1. Advanced REST Client
                2. JSONLint
        5. Best practices when designing resources
        6. Recommended reading
        7. Summary
      10. 2. Resource Design
        1. REST response patterns
        2. Content negotiation
          1. Content negotiation using HTTP headers
          2. Content negotiation based on URL patterns
        3. Entity providers and different representations
          1. StreamingOutput
          2. ChunkedOutput
          3. Jersey and JSON support
            1. POJO-based JSON binding support
            2. JAXB-based JSON binding support
            3. Low-level JSON parsing and processing support
        4. API versioning
          1. Version in the URI approach
          2. Version as part of the request query parameter
          3. Specifying the version in the Accept header
        5. Response codes and REST patterns
        6. Recommended reading
        7. Summary
      11. 3. Security and Traceability
        1. Logging REST APIs
          1. Best practices for the logging REST API
            1. Including a detailed consistent pattern across service logs
            2. Obfuscating sensitive data
            3. Identifying the caller or the initiator as part of the logs
            4. Do not log payloads by default
            5. Identifying meta-information related to the request
            6. Tying the logging system with a monitoring system
        2. Validating RESTful services
          1. Validation exception handling and response codes
        3. Error handling with RESTful services
        4. Authentication and authorization
          1. What is authentication?
            1. SAML
          2. What is authorization?
            1. OAuth
          3. Differences between OAuth 2.0 and OAuth 1.0
            1. An authorization grant
          4. Refresh tokens versus access tokens
            1. Jersey and OAuth 2.0
          5. Best practices for OAuth in the REST API
            1. Limiting the lifetime for an access token
            2. Support providing refresh tokens in the authorization server
            3. Using SSL and encryption
          6. OpenID Connect
        5. REST architecture components
        6. Recommended reading
        7. Summary
      12. 4. Designing for Performance
        1. Caching principles
          1. Caching details
          2. Types of caching headers
            1. Strong caching headers
            2. Weak caching headers
            3. Expires and Cache-Control – max-age
          3. The Cache-Control header and directives
            1. Last-Modified and ETag
          4. The Cache-Control header and the REST API
          5. ETags
              1. How ETags work
            1. The ETag header and the REST API
            2. Types of ETags
          6. The Facebook REST API and ETags
            1. RESTEasy and caching
        2. Asynchronous and long-running jobs in REST
          1. Asynchronous request and response processing
        3. Asynchronous resources best practices
          1. Sending a 202 Accepted message
          2. Setting expiration for objects in the queue
          3. Using message queues to handle tasks asynchronously
        4. HTTP PATCH and partial updates
        5. JSON Patch
        6. Recommended reading
        7. Summary
      13. 5. Advanced Design Principles
        1. Rate-limiting patterns
          1. The project's layout
          2. A detailed look at the rate-limiting sample
          3. Best practices to avoid reaching the rate limits
            1. Caching
            2. Not making calls in loops
            3. Logging requests
            4. Avoiding polling
            5. Supporting the streaming API
        2. Response pagination
          1. Types of pagination
            1. Offset-based pagination
            2. Time-based pagination
            3. Cursor-based pagination
              1. Twitter and cursor-based pagination
          2. The project's layout
        3. Internationalization and localization
        4. Miscellaneous topics
          1. HATEOAS
          2. The PayPal REST API and HATEOAS
          3. REST and extensibility
          4. Additional topics for the REST API
          5. Testing RESTful services
            1. Documenting RESTful services
        5. Recommended reading
        6. Summary
      14. 6. Emerging Standards and the Future of REST
        1. Real-time APIs
        2. Polling
          1. The PuSH model – PubSubHubbub
          2. The streaming model
            1. Server-sent events
              1. Associating an ID with an event
              2. Retrying in case of connection failures
              3. Associating event names with events
            2. Server-sent events and JavaScript
            3. Server-sent events and Jersey
        3. WebHooks
          1. WebSockets
        4. Additional real-time API supporters
          1. XMPP
          2. BOSH over XMPP
        5. Comparisons between WebHooks, WebSockets, and server-sent events
        6. REST and Micro Services
          1. Simplicity
          2. Isolation of problems
          3. Scale up and scale down
          4. Clear separation of capabilities
          5. Language independence
        7. Recommended reading
        8. Summary
      15. A. Appendix
        1. Overview of the REST API from GitHub
          1. Getting details from GitHub
          2. Verbs and resource actions
          3. Versioning
          4. Error handling
          5. Rate limiting
        2. Overview of the Facebook Graph API
          1. Verbs and resource actions
          2. Versioning
          3. Error handling
          4. Rate limiting
        3. Overview of the Twitter API
          1. Verbs and resource actions
          2. Versioning
          3. Error handling
        4. Recommended reading
        5. Summary
      16. Index