- 11
- 536 496
Ambient Coder
Malaysia
Приєднався 7 чер 2020
Web API - Explicit Versioning | URI vs Headers vs Request Params | SemVer | Sunset Headers
Versioning Web APIs is not a simple task. In this video I go through all the major things you need to know in order to set up Web API versioning successfully.
There are 3 ways in which you can implement versioning. You can use URI version schemes, HTTP headers to indicate version schemes or accept them in your HTTP request query parameters.
This video also shows how to use version labels with semantic versioning specification (SemVer). Finally I also go through approaches to decommission or deprecate your Web API version using sunset headers.
Previous video - Additive Change Strategy ua-cam.com/video/y6wXRMDtZd8/v-deo.html&ab_channel=AmbientCoder
References:
Jin, Brenda,Sahni, Saurabh,Shevat, Amir. Designing Web APIs: Building APIs That Developers Love
Timecodes
0:00 - Intro
0:52 - What is Explicit Versioning?
2:12 - URI Components
3:22 - HTTP Headers
4:10 - Request Params
4:50 - SemVer
6:23 - Sunset Headers
8:14 - Wrap-up
There are 3 ways in which you can implement versioning. You can use URI version schemes, HTTP headers to indicate version schemes or accept them in your HTTP request query parameters.
This video also shows how to use version labels with semantic versioning specification (SemVer). Finally I also go through approaches to decommission or deprecate your Web API version using sunset headers.
Previous video - Additive Change Strategy ua-cam.com/video/y6wXRMDtZd8/v-deo.html&ab_channel=AmbientCoder
References:
Jin, Brenda,Sahni, Saurabh,Shevat, Amir. Designing Web APIs: Building APIs That Developers Love
Timecodes
0:00 - Intro
0:52 - What is Explicit Versioning?
2:12 - URI Components
3:22 - HTTP Headers
4:10 - Request Params
4:50 - SemVer
6:23 - Sunset Headers
8:14 - Wrap-up
Переглядів: 4 221
Відео
Web API Versioning | Additive Change Strategy
Переглядів 4,9 тис.2 роки тому
Change management is crucial in building and maintaining successful Web APIs. In this video, I go through one possible approach to API versioning using a strategy called additive-change strategy. Timecodes 0:00 - Intro 0:38 - Why version APIs? 3:05 - Additive-change strategy 6:14 - Caveats 7:08 - Conclusion
Migrate a Node.js app from JavaScript to TypeScript | Tips for gradual adoption
Переглядів 15 тис.3 роки тому
Learn how to gradually migrate a Node.js application from JavaScript to TypeScript. In this video, I cover the the following: - How to set up a tsconfig.json file. - How to fix TypeScript errors when converting JS files to TS. - How to use a combination of CommonJs and ES6 modules with esModuleInterop configuration. - How to use a hybrid approach of TypeScript and JavaScript using allowJs confi...
Fast track your CAREER as a backend SOFTWARE Engineer
Переглядів 3,1 тис.3 роки тому
If you're starting off as a fresh graduate or self-taught developer, it's important that you spend time on setting a strong foundation to fast-track your software engineering career. In this video, I share 8 tips that can help you learn how to fast-track your backend software engineering career. These are based on my personal experiences which have worked wonders for me. They are applicable to ...
Web API Rate Limiting - Why it's so IMPORTANT for your APIs
Переглядів 10 тис.3 роки тому
Most folks tend to ignore adding API rate limiting policies until they've learnt things the hard way. Don't make that mistake. Understand how important rate limiting is and what considerations you need to take when designing your rate limiting policies. If you are looking for a complete guide on being a top backend API developer, check out this playlist: ua-cam.com/play/PLP_rkG1reBjrCKy2Pb1bvjJ...
Web API Pagination | Offset-based vs Cursor-based
Переглядів 47 тис.3 роки тому
Web API pagination is crucial for building scalable APIs. There are 2 different pagination standards that you can use. It's offset-based pagination and cursor-based pagination, sometimes referred to as continuation token based pagination. It's important that you understand how these standards work and pick the right one because it's not a one size fits all thing. In this video, I give you all t...
OAuth 2.0 using Auth0 | React.js and Node.js
Переглядів 68 тис.3 роки тому
Learn how to implement the OAuth 2.0 Authorization Code Flow by using Auth0. This complete tutorial covers everything from setting up Auth0, getting users to login and grant consent, exchanging authorization codes for access tokens, verifying JWT tokens and checking for permissions. This video covers everything you need to know about implementing OAuth using react.js and node.js. Link to full e...
Web API Security | Basic Auth, OAuth, OpenID Connect, Scopes & Refresh Tokens
Переглядів 62 тис.3 роки тому
There is a lot that goes into securing a Web API. In this video, I discuss why the industry decided to move on from Basic Authentication and OAuth 2.0 took over as the new standard of securing Web APIs. This video also covers how OpenID Connect works together with OAuth to solve both Authentication and Authorization. Scopes and deciding how to use scopes in OAuth is tricky, I also cover some ti...
Webhooks vs Websockets vs HTTP Streaming - Which Event-Driven API to use?
Переглядів 166 тис.3 роки тому
As a backend engineer, it's crucial that you understand which event-driven API is best for your use case. This video goes through the 3 most commonly used API standards which are Webhooks, Websockets and HTTP Streaming. Timecodes 0:00 - Intro 0:38 - Recap on Request-Response APIs 2:22 - Webhooks 5:12 - Websockets 7:51 - HTTP Streaming 10:08 - Conclusion
REST vs RPC vs GraphQL API - How do I pick the right API paradigm?
Переглядів 147 тис.3 роки тому
This video briefly explains the most common request-response API paradigms, which are REST APIs, RPC APIs and GraphQL APIs, and how you can determine which is the most suitable for your next project. Timecodes 0:00 - Intro to Request-Response APIs 1:44 - REST APIs 8:22 - RPC APIs 11:02 - GraphQL APIs
Google Cloud Firestore in 10 mins (Node.js)
Переглядів 10 тис.4 роки тому
A quick introduction to Google Cloud Firestore, which rivals NoSQL cloud databases such as Azure Table Storage and Amazon DynamoDB. The video guides you through the basic data model of Firestore and how you can structure your data using collections and subcollections (Hierarchical Data). There is a walkthrough of creating a Cloud Firestore resource on GCP and setting up authentication for Node....
It seems to me that layering rpc and graphql on top of rest is very possible? In theory one could build an api based on all the standards and gain all the benefits. Certainly more work to do but i see graphql and rest as easy enough to combine programmatically
素晴らしいシリーズをありがとうございます。こんなシリーズは珍しく、ほとんどのものはコーディングに偏りがちで、理論的な部分があまり触れられていないことが多いので、とても貴重です。
Thank you for this. Cheers from norway!
Very well explained and in a concise manner. Thanks 🙏
When did http become event driven?
Amazing overview
For cursor based - Records need to be added sequentially to DB only if we'd like to have consistent results
The best explanation on the Internet about Auth0. Thank you!!
Thanks for this video!
Is this the final episode in this series?
Great video, thanks!
🤨
Hello I really love and appreciate the effort you've put into creating this gem and making it free for us all to learn from.. thank you so much!! 🙌🏼> I do have some concerns and questions i'd so glad if I got answers to 1. why do we have a different server for API authorisation (is this for decoupling purposes) or wouldn’t this be just some sort more "unnecessary" round trips increasing the clients' latency... 2. you had talked about adding a refresh token login.. i believe this would be on the API authorisation server, in which if so, the client will keep sending an expired code for subsequent request and the API authorisation server would keep making round trips to get refreshtoken for each request as there is no way to notify the client that the authorisation code is expired. I may be wrong in my analogy as to why I would need clarifications. so wouldn’t if have been better to have the authorization function and guard function as middlewares on the actual API or would this defeat the any security issue (I would want to understand the reason for this two servers). again instead of implementing a refresh token is there no way the client can get a new code without going through the rigorous process of signing in again and then have the first authorization function fail with 401 if already expired such that the client can get a new one. I really understand the concept of wanting to not have the client have access to either the token or refresh_token, cus in one implementation I had I wasn’t using an authorisation code but rather the token is being sent by the client and if expirated, the client would send a request for a refresh token using the httpOnly refresh_token cookie set to get a new token. so really would love the idea of not sending the token from the client but then..., there just seem to be that slight issue of a possible expired authorization code being sent should we decide to implement a possibility to allow the client stay on for a while - (say in the case of a blog site). i would really hope I get a reply and that my thought process is not out of place. 😓
Love you.
Man, I just came across your channel and its very sad that you stopped for a year now. The way you explaining things is spot on.
really appreciate this. this fit what i am searching for
Great vide, can we not have a hybrid approach where both are used consistently? Users wan to jump to the last page just to see the last updated content, so off set pagination is useful here, however from there they might wanna go back to previous pages one by one which they can do by cursor based pagination. This might be too complex and unnecessary but would be amazing.
Thank you very much. Saved me a lot of hassle.
How to check in forntend user is authenticated or not?
This playlist is very useful with clear explanation. Thank you a lot. Looking forward for more.
Your videos are amazing! Keep up your work! ❤
Amazing series!
Amazing channel, keep up your great work! 😊
Why not SSE
Thanks!
Very helpful. Gold worth information at one place. Thanks for sharing.. really appreciate
You are a great teacher.
Thank you
Video glosses over the critical distinction: while the offset is a relative number from the start of all records, the cursor is a direct memory/storage pointer to the exact record where we left off, which is always faster. (The video mentions "pointer" only in passing.)
But if we index the table on the column we order by, it should not take more than logN to reach the offset right? N being the number of records in the table.
🎶 music is weird.
Thank you for the excellent video. But why use PUT for a search instead of using GET?
Very useful, thank you!
this is so great and informative. thanks mate.
This was quite helpful. Loved the way you explain complicated concepts in an easy manner. Thank you!
what is dist?
how is access token validated at api level?
Are you still active? Just wanted to let you know that your contents are appreciated.
I really appreciate your approach to teaching. Thank you!
the high hats of the rap music in the background are very distracting
Thank you so much for this video! So much value!
where is soap?
clear all my doubts. thanks for this excellent explanation ❤
6:05 I think mean, "You don't want to use _verbs_ ..." not "nouns"
thanks for the video, but a little hard to hear.
great video but music is distracting
excellent
Channel with great resources :)
Thank you.
7:45 is not true
He adds "not in a RESTful manner, anyway" so that should make his statement true.
From 7:13 Is not true. You can select particular field from entity not downloading whole entity.