Difference between revisions of "stoney core: REST API"

From stoney cloud
Jump to: navigation, search
[unchecked revision][unchecked revision]
(Web API)
Line 14: Line 14:
 
* versioned API (either via URI or the Accept-Header)
 
* versioned API (either via URI or the Accept-Header)
 
* All function/method calls have to be fully-nonblocking. If an expensive call has to be made to a backend system, the client needs to be provided with a status URI which can be checked for the current status
 
* All function/method calls have to be fully-nonblocking. If an expensive call has to be made to a backend system, the client needs to be provided with a status URI which can be checked for the current status
* Input validation must be performed for all data
+
* Input validation must be performed for all data (validation of data happens twice: in the API and the client)
 
* Meaningful error message will be presented to the client
 
* Meaningful error message will be presented to the client
* All API functions are to be documented
+
* All API functions are to be documented using an accepted documentation standard (doxygen (preferred), phpDocumentor or Sami)
 
* The API will be based on existing, proved and tested open source modules and components, coming either from a framework are as stand alone implementations,
 
* The API will be based on existing, proved and tested open source modules and components, coming either from a framework are as stand alone implementations,
  
Line 29: Line 29:
 
* Base for [http://en.wikipedia.org/wiki/Responsive_web_design responsive] resp. [http://www.abookapart.com/products/mobile-first Mobile First] Web-Applications/-Design
 
* Base for [http://en.wikipedia.org/wiki/Responsive_web_design responsive] resp. [http://www.abookapart.com/products/mobile-first Mobile First] Web-Applications/-Design
  
 
Known issues/drawbacks:
 
* Validation of data happens twice: in the API and the client (javascript)
 
  
 
=== Yii related API modules ===
 
=== Yii related API modules ===

Revision as of 09:23, 16 October 2013

Web API

  • The Web API will be implemented as a first-class citizen
    • It provides all the available functions and data to its clients
    • Serves as a data and business logic abstraction layer
  • The web API will be implemented using HTTPS and REST principles
  • The web API uses JSON as the primary data interchange format (serialization of data structures should be abstracted)
  • Multiple authentication methods are possible
    • Web-Server assisted:
      • Basic HTTP-Auth
      • X509 Certificate based authentication
      • Kerberos
    • API key with shared secret
    • Access tokens
  • versioned API (either via URI or the Accept-Header)
  • All function/method calls have to be fully-nonblocking. If an expensive call has to be made to a backend system, the client needs to be provided with a status URI which can be checked for the current status
  • Input validation must be performed for all data (validation of data happens twice: in the API and the client)
  • Meaningful error message will be presented to the client
  • All API functions are to be documented using an accepted documentation standard (doxygen (preferred), phpDocumentor or Sami)
  • The API will be based on existing, proved and tested open source modules and components, coming either from a framework are as stand alone implementations,


Why a Web API?

  • Separation and abstraction of data and business logic
  • Support for multiple clients with the same code base
    • HTML/JS/CSS for selfcare Web GUI
    • Command line interface for easy scripting
    • Integration into third party provisioning systems for resellers
  • Automatic testing of functionality
  • Base for responsive resp. Mobile First Web-Applications/-Design


Yii related API modules