Quelques Liens & Ressources

Training Repository
​https://github.com/wishtack-training/wt-training-rest-api​
wishtack-training/wt-training-rest-api
Wishtack's ReST API Training https://guide-api-rest.wishtack.io/ - wishtack-training/wt-training-rest-api
github.com
Websheep
​https://github.com/marmicode/websheep​
marmicode/websheep
🐑 Websheep is an app based on a willingly vulnerable ReSTful APIs. - marmicode/websheep
github.com
ReST API Checklist
​https://rest-api-checklist.marmicode.io/projects​
https://rest-api-checklist.marmicode.io
rest-api-checklist.marmicode.io
​
Autres ressources
OWASP API Security Top 10
​https://github.com/OWASP/API-Security/blob/master/2019/en/dist/owasp-api-security-top-10.pdf​
OWASP/API-Security
OWASP API Security Project. Contribute to OWASP/API-Security development by creating an account on GitHub.
github.com
Slides et vidéos du meetup sur la sécurité des APIs ReST
​https://blog.wishtack.com/2017/07/28/slides-et-video-des-talks-au-meetup-lyonjs-47/​
Slides et vidéo des Talks au Meetup LyonJS #47
Slides et vidéos des talks au Meetup LyonJS #47  
blog.wishtack.com
Blog Posts & Videos
Microservice Prerequisites by Martin Fowler
​https://martinfowler.com/bliki/MicroservicePrerequisites.html​
bliki: MicroservicePrerequisites
There are certain things you need to get sorted out before you can put your first microservices system into production: monitoring, provisioning, and a devops culture.
martinfowler.com
Mastering Chaos - A Netflix Guide to Microservices
​https://www.youtube.com/watch?v=CZ3wIuvmHeM​
​
From Monolith to Microservices at Zalando
​https://www.youtube.com/watch?v=gEeHZwjwehs​
ReST vs. GraphQL vs. gRPC Decision Tree
​https://phil.tech/2018/picking-an-api-paradigm-implementation/​
Picking the right API Paradigm
A while back I wrote an article called Understanding RPC, REST and GraphQL which outlined the “what” in how these various approaches differ…
phil.tech
​
ReST APIs Must Be Hypertext-Driven by Roy T. Fielding
​https://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven​
REST APIs must be hypertext-driven
roy.gbiv.com
Best Practices in API Governance
​https://swagger.io/resources/articles/best-practices-in-api-governance/​
Best Practices in API Governance
This article highlights why API governance is important and covers a few API governance best practices.
swagger.io
Code First vs Design First
​https://swagger.io/blog/api-design/design-first-or-code-first-api-development/​
Design First or Code First: What’s the Best Approach to API Development?
<!-- img removed -->With the popularity of API description formats like Swagger (OpenAPI) and API Blueprint, serious thought has been given on the best approach to building APIs based on historical usage and best practices. API description formats act as a contract that end users can utilize to u...
swagger.io
ReST API & SDKs
​https://www.docusign.com/blog/if-your-rest-api-is-fine-can-you-get-away-without-having-an-sdk/​
If Your REST API Is Fine, Can You Get Away Without Having An SDK? | DocuSign Blog
There is an interesting debate between whether, as a platform company, you should provide just the API or build more SDKs.  A number of technology experts say that if you have a clean REST API,...Read More
www.docusign.com
OAS 3.0 Most Significant Changes
​https://blog.restcase.com/6-most-significant-changes-in-oas-3-0/​
6 Most Significant Changes in OAS 3.0
The OpenAPI Spec, formerly known as Swagger has announced the release of Open API Specification 3.0. This is a very important milestone, but it is also the first major release since the specification was entered into the Linux Foundation. The OpenAPI Specification (OAS) is supported by various industry heavyweights
blog.restcase.com
API Versioning Has No Right Way
​https://blog.apisyouwonthate.com/api-versioning-has-no-right-way-f3c75457c0b7​
API Versioning Has No "Right Way"
But there are a few objectively terrible ways to handle it.
blog.apisyouwonthate.com
Stripe API Versioning
​https://stripe.com/blog/api-versioning​
APIs as infrastructure: future-proofing Stripe with versioning
stripe.com
The Difference Between API Gateways and Service Mesh
​https://konghq.com/blog/the-difference-between-api-gateways-and-service-mesh/​
The Difference Between API Gateways and Service Mesh - KongHQ
Why API Management and Service Mesh are Complementary Patterns for Different Use Cases
konghq.com
How RSA works
​https://en.wikipedia.org/wiki/RSA_(cryptosystem)​
RSA (cryptosystem) - Wikipedia
en.wikipedia.org
Problem Details for HTTP APIs RFC7807
​https://tools.ietf.org/html/rfc7807​
rfc7807
Problem Details for HTTP APIs (RFC )
tools.ietf.org
​
So What?
Dernière mise à jour 2 months ago