A developer's guide to designing, testing, and securing production-ready modern APIs with the help of practical ideas to improve your application's functionality
-------------
Key Features
------------
Build resilient software for your enterprises and customers by understanding the complete API development life cycle
Overcome the challenges of traditional API design by adapting to a new and evolving culture of modern API development
Use Spring and Spring Boot to develop future-proof scalable APIs
--------------------------
Book Description
----------------
The philosophy of API development has evolved over the years to serve the modern needs of enterprise architecture, and developers need to know how to adapt to these modern API design principles. Apps are now developed with APIs that enable ease of integration for the cloud environment and distributed systems. With this Spring book, you'll discover various kinds of production-ready API implementation using REST APIs and explore async using the reactive paradigm, gRPC, and GraphQL.
You'll learn how to design evolving REST-based APIs supported by HATEOAS and ETAGs and develop reactive, async, non-blocking APIs. After that, you'll see how to secure REST APIs using Spring Security and find out how the APIs that you develop are consumed by the app's UI. The book then takes you through the process of testing, deploying, logging, and monitoring your APIs. You'll also explore API development using gRPC and GraphQL and design modern scalable architecture with microservices. The book helps you gain practical knowledge of modern API implementation using a sample e-commerce app.
By the end of this Spring book, you'll be able to develop, test, and deploy highly scalable, maintainable, and developer-friendly APIs to help your customers to transform their business.
----------------------------------------
What you will learn
-------------------
Understand RESTful API development, its design paradigm, and its best practices
Become well versed in Spring's core components for implementing RESTful web services
Implement reactive APIs and explore async API development
Apply Spring Security for authentication using JWT and authorization of requests
Develop a React-based UI to consume APIs
Implement gRPC inter-service communication
Design GraphQL-based APIs by understanding workflows and tooling
Gain insights into how you can secure, test, monitor, and deploy your APIs
--------------------------------------
Who this book is for
--------------------
This book is for inexperienced Java programmers, comp science, or coding boot camp graduates who have knowledge of basic programming constructs, data structures, and algorithms in Java but lack the practical web development skills necessary to start working as a developer. Professionals who've recently joined a startup or a company and are tasked with creating real-world web APIs and services will also find this book helpful. This book is also a good resource for Java developers who are looking for a career move into web development to get started with the basics of web service development.
Author(s): Sourabh Sharma
Edition: 1
Publisher: Pckt
Year: 2021
Language: English
Tags: spring boot web angular react java jdk microservices restapi rest hateos graphql
Cover
Title Page
Copyright and Credits
Dedication
Contributors
Table of Contents
Preface
Section 1: RESTful Web Services
Chapter 1: RESTful Web Service Fundamentals
Technical requirements
Introducing REST APIs
REST history
REST fundamentals
Handling resources and URIs
The URI syntax
URLs
URNs
Exploring HTTP methods and status codes
POST
GET
PUT
DELETE
PATCH
HTTP status codes
Learning HATEOAS
Best practices for designing REST APIs
1. Use nouns and not verbs when naming a resource in the endpoint path
2. Use the plural form for naming the collection resource in the endpoint path
3. Use hypermedia (HATEOAS)
4. Always version your APIs
5. Nested resources
6. Secure APIs
7. Documentation
8. Status codes
9. Caching
10. Rate limit
An overview of the e-commerce app
Summary
Questions
Further reading
Chapter 2: Spring Concepts and REST APIs
Technical requirements
Introduction to Spring
The Inversion of Control pattern
The Dependency Injection pattern
The Aspect-Oriented Programming paradigm
Learning the basic concepts of the Spring Framework
IoC containers
Defining beans
Configuring beans using Java
How to code DI
Writing code for AOP
Why use Spring Boot?
Purpose of servlet dispatcher
Summary
Questions
Further reading
Chapter 3: API Specifications and Implementation
Technical requirements
Designing APIs with OAS
Understanding the basic structure of OAS
The metadata sections of OAS
The servers and tags sections of OAS
The components section of OAS
The path section of OAS
Converting OAS to Spring code
Step 1 – adding the Gradle plugin
Step 2 – defining the OpenAPI config for code generation
Step 3 – defining the OpenAPI Generator ignore file
Step 4 – defining a swaggerSources task in the Gradle build file
Step 5 – adding swaggerSources to the compileJava task dependency
Step 6 – adding the generated source code to Gradle sourceSets
Step 7 – running the build for generating, compiling, and building the code
Implementing the OAS code interfaces
Adding a Global Exception Handler
Testing
Summary
Questions
Further reading
Chapter 4: Writing Business Logic for APIs
Technical requirements
Overview of the service design
Adding a Repository component
@Repository annotation
Database and JPA configuration
The database and seed data script
Adding entities
Adding repositories
Adding a Service component
Implementing hypermedia
Enhancing the controller with a service and HATEOAS
Adding ETags to API responses
Testing the APIs
Summary
Questions
Further reading
Chapter 5: Asynchronous API Design
Technical requirements
Understanding Reactive Streams
Publisher
Subscriber
Subscription
Processor
Exploring Spring WebFlux
Reactive APIs
Reactive Core
Understanding DispatcherHandler
Controllers
Functional endpoints
Implementing Reactive APIs for our e-commerce app
Changing OpenAPI Codegen for Reactive APIs
Adding Reactive dependencies in build.xml
Handling exceptions
Adding hypermedia links to an API response
Defining an entity
Adding repositories
Adding services
Adding controller implementations
Adding H2 Console to an application
Adding application configuration
Testing Reactive APIs
Summary
Questions
Further reading
Section 2: Security, UI, Testing, and Deployment
Chapter 6: Security (Authorization and Authentication)
Technical requirements
Implementing authentication using Spring Security and JWT
Learning how to authenticate using filters
Adding the required Gradle dependencies
Authentication using OAuth 2.0 Resource Server
Exploring the fundamentals of JWT
Securing REST APIs with JWT
Learning new API definitions
Modifying the API specification
Storing the refresh token using a database table
Implementing the JWT manager
Implementing new APIs
Implementing the REST controllers
Configuring web-based security
Configuring CORS and CSRF
Understanding authorization
Role and authority
Testing security
Summary
Questions
Further reading
Chapter 7: Designing a User Interface
Technical requirements
Learning React fundamentals
Creating a React app
Exploring basic structures and files
Understanding the package.json file
Understanding how React works
Exploring React components and other features
Exploring JSX
Exploring a component's state
Styling components using Tailwind
Configuration to remove unused styles in production
Including Tailwind in React
Designing e-commerce app components
Consuming APIs using Fetch
Writing the product API client
Coding the Product Listing page
Implementing authentication
Creating a custom useToken hook
Writing the Login component
Writing the custom cart context
Writing the Cart component
Writing the Order component
Writing the root (App) component
Running the application
Summary
Questions
Further reading
Chapter 8: Testing APIs
Technical requirements
Testing APIs and code manually
Testing automation
Unit testing
Code coverage
Integration testing
Summary
Questions
Further reading
Chapter 9: Deployment of Web Services
Technical requirements
Exploring the fundamentals of containerization
Building a Docker image
Exploring Docker
Configuring code to build an image
Adding Actuator
Configuring the Spring Boot plugin task
Configuring the Docker registry
Executing a Gradle task to build an image
Deploying an application in Kubernetes
Summary
Questions
Further reading
Section 3: gRPC, Logging, and Monitoring
Chapter 10: gRPC Fundamentals
Technical requirements
Introduction and gRPC architecture
REST versus gRPC
Can I call the gRPC server from web browsers and mobile apps?
gRPC architecture overview
Protocol Buffer
Understanding service definitions
Exploring the RPC life cycle
The life cycle of unary RPC
The life cycle of server-streaming RPC
The life cycle of client-streaming RPC
The life cycle of bidirectional streaming RPC
Events that impact the life cycle
Understanding the gRPC server and gRPC stub
Handling errors
Error status codes
Summary
Questions
Further reading
Chapter 11: gRPC-based API Development and Testing
Technical requirements
Writing an API interface
Setting up the project
Writing the payment gateway functionalities
Developing the gRPC server
Implementation of the gRPC base classes
Implementation of the gRPC server
Testing the gRPC server
Handling errors
Developing the gRPC client
Implementing the gRPC client
Testing the gRPC client
Learning microservice concepts
Design differences in monolithic and microservice-based systems
Summary
Questions
Further reading
Chapter 12: Logging and Tracing
Technical requirements
Introducing logging and tracing
Understanding the ELK stack
Installing the ELK stack
Implementing logging and tracing
Changing the gRPC server code
Changing the gRPC client code
Testing the logging and tracing changes
Distributed tracing with Zipkin
Executing Zipkin
Summary
Questions
Further reading
Section 4: GraphQL
Chapter 13: GraphQL Fundamentals
Technical requirements
Introducing GraphQL
Brief history of GraphQL
Comparing GraphQL with REST
Learning about the fundamentals of GraphQL
Exploring the Query type
Exploring the Mutation type
Exploring the Subscription type
Designing a GraphQL schema
Understanding scalar types
Understanding fragments
Understanding interfaces
Understanding Union types
Understanding input types
Tools that help with designing a schema
Testing GraphQL queries and mutations
Solving the N+1 problem
Understanding the N+1 problem
Solution for the N+1 problem
Summary
Questions
Further reading
Chapter 14: GraphQL API Development and Testing
Technical requirements
Workflow and tooling for GraphQL
Implementation of the GraphQL server
Creating the gRPC server project
Adding the GraphQL DGS dependencies
Adding the GraphQL schema
Adding custom scalar types
Implementing GraphQL queries
Implementing GraphQL mutations
Implementing GraphQL subscriptions
Instrumenting the GraphQL API
Documenting APIs
Test automation
Testing GraphQL queries
Testing GraphQL mutations
Testing GraphQL subscriptions
Summary
Questions
Further reading
Assessments
Chapter 1 – RESTful Web Services Fundamentals
Chapter 2 – Spring Concepts and REST APIs
Chapter 3 – API Specifications and Implementation
Chapter 4 – Writing Business Logic for APIs
Chapter 5 – Asynchronous API Design
Chapter 6 – Security (Authorization and Authentication)
Chapter 7 – Designing the User Interface
Chapter 8 – Testing APIs
Chapter 9 – Deployment of Web Services
Chapter 10 – gRPC Fundamentals
Chapter 11 – gRPC-Based API Development and Testing
Chapter 12 – Logging and Tracing
Chapter 13 – GraphQL Fundamentals
Chapter 14 – GraphQL API Development and Testing
Why subscribe?
About Packt
Other Books You May Enjoy
Index