Le Guide API ReST | Marmicode
  • Le Guide API ReST par Marmicode
  • API ReST
    • L'Ecosystème Moderne
    • Le Besoin
    • Re.S.T. : REpresentational State Transfer
    • Les 5 règles et ½ de l’API ReST
    • Le Modèle de Maturité de Richardson
    • H.A.T.E.O.A.S. & Resource Linking
    • Avis Subjectif sur H.A.T.E.O.A.S. et le Semantic Web
    • ReST over HTTP
    • HTTP & CRUD
    • ReSTful donc Stateless
    • Pragmatisme, Idéologie et ReSTafarians
  • Conventions & Bonnes Pratiques
    • Nommage
    • Base URL
    • Media Type
    • Versioning
    • Propriété “id”
    • Polymorphisme
    • Datetime
    • Ressource d'Association
    • Pourquoi Appliquer ces Bonnes Pratiques
    • Zalando ReSTful API Guidelines
  • Les Outils
    • Swagger
    • OpenAPI Visual Editors
    • IDE Plugins
    • Postman
    • Insomnia
    • Fake & Sandbox
    • JSON Generator
    • Pact
  • Sécurité des APIs ReST
    • OWASP Top 10
    • Authentification et Session Management
    • Autorisation et Gestion des Permissions
    • Validation, Canonicalization, Escaping & Sanitization
    • Cookies are EVIL
    • C.O.R.S.
    • C.S.R.F.
    • C.S.R.F. & Media Type
    • C.S.R.F. Mitigation
    • C.S.R.F. & "Resource Linking"
    • J.O.S.E.
      • J.W.K.
      • J.W.S.
      • J.W.E.
    • J.W.T.
      • Description et Fonctionnement de JWT
      • Usages et Avantages
      • Utilisation de JWT pour l’Authentification
      • JWT, Authentification, Sessions et Risques Sécurité
      • Recommandations JWT
    • OAuth 2
      • OAuth 2 Roles
      • OAuth 2 Abstract Flow
      • OAuth 2 Authorization Code Flow
      • OAuth 2 Implicit Flow
      • OAuth 2 Resource Owner Password Credentials Flow
      • OAuth 2 Client Credentials
      • OAuth 2 Registration
      • OAuth 2 Risques & Recommandations
      • OAuth 2 Substitution Attack
    • OpenID Connect
      • Terminologie
      • Quoi de Neuf ?
      • OpenID Connect Flows
      • Que Faire ?
  • Autres Spécifications
    • JSON API
    • H.A.L.
    • JSON LD
    • Les Autres Initiatives
    • So What?
  • Quelques Liens & Ressources
  • Stay Tuned
    • 📝Blog
    • 🐦Twitter
    • 📬Newsletter
Propulsé par GitBook
Sur cette page
  • Training Repository
  • Websheep
  • ReST API Checklist
  • Autres ressources
  • OWASP API Security Top 10
  • Slides et vidéos du meetup sur la sécurité des APIs ReST
  • Blog Posts & Videos
  • Microservice Prerequisites by Martin Fowler
  • Mastering Chaos - A Netflix Guide to Microservices
  • From Monolith to Microservices at Zalando
  • ReST vs. GraphQL vs. gRPC Decision Tree
  • ReST APIs Must Be Hypertext-Driven by Roy T. Fielding
  • Best Practices in API Governance
  • Code First vs Design First
  • ReST API & SDKs
  • OAS 3.0 Most Significant Changes
  • API Versioning Has No Right Way
  • Stripe API Versioning
  • The Difference Between API Gateways and Service Mesh
  • How RSA works
  • Problem Details for HTTP APIs RFC7807

Quelques Liens & Ressources

PrécédentSo What?

Dernière mise à jour il y a 4 ans

Training Repository

https://github.com/wishtack-training/wt-training-rest-api

Websheep

https://github.com/marmicode/websheep

ReST API Checklist

https://rest-api-checklist.marmicode.io/projects

Autres ressources

OWASP API Security Top 10

https://github.com/OWASP/API-Security/blob/master/2019/en/dist/owasp-api-security-top-10.pdf

Slides et vidéos du meetup sur la sécurité des APIs ReST

https://blog.wishtack.com/2017/07/28/slides-et-video-des-talks-au-meetup-lyonjs-47/

Blog Posts & Videos

Microservice Prerequisites by Martin Fowler

https://martinfowler.com/bliki/MicroservicePrerequisites.html

Mastering Chaos - A Netflix Guide to Microservices

https://www.youtube.com/watch?v=CZ3wIuvmHeM

From Monolith to Microservices at Zalando

https://www.youtube.com/watch?v=gEeHZwjwehs

ReST vs. GraphQL vs. gRPC Decision Tree

https://phil.tech/2018/picking-an-api-paradigm-implementation/

ReST APIs Must Be Hypertext-Driven by Roy T. Fielding

https://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven

Best Practices in API Governance

https://swagger.io/resources/articles/best-practices-in-api-governance/

Code First vs Design First

https://swagger.io/blog/api-design/design-first-or-code-first-api-development/

ReST API & SDKs

https://www.docusign.com/blog/if-your-rest-api-is-fine-can-you-get-away-without-having-an-sdk/

OAS 3.0 Most Significant Changes

https://blog.restcase.com/6-most-significant-changes-in-oas-3-0/

API Versioning Has No Right Way

https://blog.apisyouwonthate.com/api-versioning-has-no-right-way-f3c75457c0b7

Stripe API Versioning

https://stripe.com/blog/api-versioning

The Difference Between API Gateways and Service Mesh

https://konghq.com/blog/the-difference-between-api-gateways-and-service-mesh/

How RSA works

https://en.wikipedia.org/wiki/RSA_(cryptosystem)

Problem Details for HTTP APIs RFC7807

https://tools.ietf.org/html/rfc7807

API Versioning Has No "Right Way"
GitHub - wishtack-training/wt-training-rest-api: Wishtack's ReST API Training https://guide-api-rest.wishtack.io/GitHub
https://rest-api-checklist.marmicode.io
Logo
bliki: MicroservicePrerequisitesmartinfowler.com
Logo
GitHub - marmicode/websheep: 🐑 Websheep is an app based on a willingly vulnerable ReSTful APIs.GitHub
Slides et vidéo des Talks au Meetup LyonJS #47Wishtack
API-Security/owasp-api-security-top-10.pdf at master · OWASP/API-SecurityGitHub
https://swagger.io/resources/articles/best-practices-in-api-governance/swagger.io
REST APIs must be hypertext-drivenUntangled
Picking the right API ParadigmPhil Sturgeon
Logo
https://swagger.io/blog/api-design/design-first-or-code-first-api-development/swagger.io
6 Most Significant Changes in OAS 3.0REST API and Beyond
Logo
Developers | DocuSign
APIs as infrastructure: future-proofing Stripe with versioningstripe
Logo
RSA (cryptosystem)Wikipedia
Logo
RFC 7807 - Problem Details for HTTP APIs
Service Mesh vs. API Gateways: What's The Difference?KongHQ
Logo
Logo
Logo
Logo
Logo
Logo
Logo
Logo
Logo