Le Guide API ReST | Marmicode
  • Le Guide API ReST par Marmicode
  • API ReST
    • L'Ecosystème Moderne
    • Le Besoin
    • Re.S.T. : REpresentational State Transfer
    • Les 5 règles et ½ de l’API ReST
    • Le Modèle de Maturité de Richardson
    • H.A.T.E.O.A.S. & Resource Linking
    • Avis Subjectif sur H.A.T.E.O.A.S. et le Semantic Web
    • ReST over HTTP
    • HTTP & CRUD
    • ReSTful donc Stateless
    • Pragmatisme, Idéologie et ReSTafarians
  • Conventions & Bonnes Pratiques
    • Nommage
    • Base URL
    • Media Type
    • Versioning
    • Propriété “id”
    • Polymorphisme
    • Datetime
    • Ressource d'Association
    • Pourquoi Appliquer ces Bonnes Pratiques
    • Zalando ReSTful API Guidelines
  • Les Outils
    • Swagger
    • OpenAPI Visual Editors
    • IDE Plugins
    • Postman
    • Insomnia
    • Fake & Sandbox
    • JSON Generator
    • Pact
  • Sécurité des APIs ReST
    • OWASP Top 10
    • Authentification et Session Management
    • Autorisation et Gestion des Permissions
    • Validation, Canonicalization, Escaping & Sanitization
    • Cookies are EVIL
    • C.O.R.S.
    • C.S.R.F.
    • C.S.R.F. & Media Type
    • C.S.R.F. Mitigation
    • C.S.R.F. & "Resource Linking"
    • J.O.S.E.
      • J.W.K.
      • J.W.S.
      • J.W.E.
    • J.W.T.
      • Description et Fonctionnement de JWT
      • Usages et Avantages
      • Utilisation de JWT pour l’Authentification
      • JWT, Authentification, Sessions et Risques Sécurité
      • Recommandations JWT
    • OAuth 2
      • OAuth 2 Roles
      • OAuth 2 Abstract Flow
      • OAuth 2 Authorization Code Flow
      • OAuth 2 Implicit Flow
      • OAuth 2 Resource Owner Password Credentials Flow
      • OAuth 2 Client Credentials
      • OAuth 2 Registration
      • OAuth 2 Risques & Recommandations
      • OAuth 2 Substitution Attack
    • OpenID Connect
      • Terminologie
      • Quoi de Neuf ?
      • OpenID Connect Flows
      • Que Faire ?
  • Autres Spécifications
    • JSON API
    • H.A.L.
    • JSON LD
    • Les Autres Initiatives
    • So What?
  • Quelques Liens & Ressources
  • Stay Tuned
    • 📝Blog
    • 🐦Twitter
    • 📬Newsletter
Propulsé par GitBook
Sur cette page
  • Training Repository
  • Websheep
  • ReST API Checklist
  • Autres ressources
  • OWASP API Security Top 10
  • Slides et vidéos du meetup sur la sécurité des APIs ReST
  • Blog Posts & Videos
  • Microservice Prerequisites by Martin Fowler
  • Mastering Chaos - A Netflix Guide to Microservices
  • From Monolith to Microservices at Zalando
  • ReST vs. GraphQL vs. gRPC Decision Tree
  • ReST APIs Must Be Hypertext-Driven by Roy T. Fielding
  • Best Practices in API Governance
  • Code First vs Design First
  • ReST API & SDKs
  • OAS 3.0 Most Significant Changes
  • API Versioning Has No Right Way
  • Stripe API Versioning
  • The Difference Between API Gateways and Service Mesh
  • How RSA works
  • Problem Details for HTTP APIs RFC7807

Quelques Liens & Ressources

PrécédentSo What?

Dernière mise à jour il y a 4 ans

Training Repository

Websheep

ReST API Checklist

Autres ressources

OWASP API Security Top 10

Slides et vidéos du meetup sur la sécurité des APIs ReST

Blog Posts & Videos

Microservice Prerequisites by Martin Fowler

Mastering Chaos - A Netflix Guide to Microservices

From Monolith to Microservices at Zalando

ReST vs. GraphQL vs. gRPC Decision Tree

ReST APIs Must Be Hypertext-Driven by Roy T. Fielding

Best Practices in API Governance

Code First vs Design First

ReST API & SDKs

OAS 3.0 Most Significant Changes

API Versioning Has No Right Way

Stripe API Versioning

The Difference Between API Gateways and Service Mesh

How RSA works

Problem Details for HTTP APIs RFC7807

https://github.com/marmicode/websheep
https://rest-api-checklist.marmicode.io/projects
https://github.com/OWASP/API-Security/blob/master/2019/en/dist/owasp-api-security-top-10.pdf
https://blog.wishtack.com/2017/07/28/slides-et-video-des-talks-au-meetup-lyonjs-47/
https://martinfowler.com/bliki/MicroservicePrerequisites.html
https://www.youtube.com/watch?v=CZ3wIuvmHeM
https://www.youtube.com/watch?v=gEeHZwjwehs
https://phil.tech/2018/picking-an-api-paradigm-implementation/
https://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven
https://swagger.io/resources/articles/best-practices-in-api-governance/
https://swagger.io/blog/api-design/design-first-or-code-first-api-development/
https://www.docusign.com/blog/if-your-rest-api-is-fine-can-you-get-away-without-having-an-sdk/
https://blog.restcase.com/6-most-significant-changes-in-oas-3-0/
https://blog.apisyouwonthate.com/api-versioning-has-no-right-way-f3c75457c0b7
https://stripe.com/blog/api-versioning
https://konghq.com/blog/the-difference-between-api-gateways-and-service-mesh/
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
https://tools.ietf.org/html/rfc7807
https://github.com/wishtack-training/wt-training-rest-api
LogoGitHub - wishtack-training/wt-training-rest-api: Wishtack's ReST API Training https://guide-api-rest.wishtack.io/GitHub
LogoGitHub - marmicode/websheep: 🐑 Websheep is an app based on a willingly vulnerable ReSTful APIs.GitHub
Logohttps://rest-api-checklist.marmicode.io
LogoAPI-Security/owasp-api-security-top-10.pdf at master · OWASP/API-SecurityGitHub
LogoSlides et vidéo des Talks au Meetup LyonJS #47Wishtack
Logobliki: MicroservicePrerequisitesmartinfowler.com
LogoPicking the right API ParadigmPhil Sturgeon
LogoREST APIs must be hypertext-drivenUntangled
https://swagger.io/resources/articles/best-practices-in-api-governance/swagger.io
https://swagger.io/blog/api-design/design-first-or-code-first-api-development/swagger.io
LogoDevelopers | DocuSign
Logo6 Most Significant Changes in OAS 3.0REST API and Beyond
LogoAPI Versioning Has No "Right Way"
LogoAPIs as infrastructure: future-proofing Stripe with versioningstripe
LogoService Mesh vs. API Gateways: What's The Difference?KongHQ
LogoRSA (cryptosystem)Wikipedia
LogoRFC 7807 - Problem Details for HTTP APIs