Hi Jo, Here i have attached updated apim.yaml file with my suggestions. Lets merge that to latest code.
Thanks,
sanjeewa.
On Wed, Apr 1, 2015 at 1:55 PM, Sanjeewa Malalgoda <sanje...@wso2.com>
wrote:
> Hi All,
>
> Here are my suggestions on this implementation.
> When we design rest API for API Management functionality we need to focus
> bit on publisher/ store aspects as well. Or we may need to have control at
> some point based on the logged in user.
> Here is one example:
>
> /apis
> GET /apis
> API provider should be mandatory field when it comes to publisher context.
> API consumer should be mandatory field when it comes to store context.
> Or we should be able to retrieve current user by using JWT comes with
> request or from access token. Still need to if request comes to store or
> publisher context.
>
> And based on current user permissions we may need enable, disable API
> add/modification via post, put, delete.
>
> Also for tiers we may have
>
> /tiers
>
> post
> /tiers/{tierName}/update-permission
>
> Request body
> {
> "rolePermission": {
> "access": "",
> "roles": ""
> }
> }
>
>
> Also for apis/{apiId} PUT need to have response with 409 Conflict as well.
> Normally when we update resource with some information it cannot be
> accessed due to some reason. So IMO having 409 as well would be helpful(in
> addition to 412)
>
> It would be ideal /apis/{apiId}/change-lifecycle success response returns
> 200 status code as we normally use 201 to indicate that new resource
> created.
> In this particular case we do update for existing resource state.
>
> We may include additional response code to /apis/{apiId}/documents GET
> because we may have 2 situations.
> 01. API does not exists(We can consider 412 for response code)
> 02. API exists but documents not available(we can consider 404 as
> requested resource is document).
>
> And same should apply to /apis/{apiId}/documents/{documentId} GET as well.
>
> And we need to finalize about security model for this rest API. For that
> we may consider few options.
>
> 01. Oath2 secured API.
> 02. Basic auth secured rest API.
> 03. Other security mechanisms.
>
> My personal opinion is this rest API should be independent from security
> protocol.
> And our rest API should not rely on any security related information when
> in process request.
> If we need to verify user is having permission to do some task then we
> should not do it in rest API level(api subscriber should not allow to
> update API).
>
>
> Thanks,
> sanjeewa.
>
> On Tue, Mar 31, 2015 at 11:07 PM, Joseph Fonseka <jos...@wso2.com> wrote:
>
>> Hi Frank
>>
>> Yes 2pm is fine for me, my skype is "jpfonseka". Will ask "Sanjeewa
>> Malalgoda" to join as well he was working on the ground work for the
>> implementation.
>>
>> Thanks & Regards
>> Jo
>>
>>
>>
>> On Tue, Mar 31, 2015 at 5:03 PM, Frank Leymann <fr...@wso2.com> wrote:
>>
>>> Hi Jo,
>>>
>>> is it possible for you to have a call tomorrow, Wednesday, 4/1, 2pm
>>> Colombo time (i.e. 10:30am Germany, daylight-savings-time). I thing a
>>> 30...60 minutes will be suffice. Main purpose would be how to proceed :-)
>>>
>>> I find Skype more reliable than Hangouts. Would you mind about a Skype
>>> call? My SkypeID is frank.leymann
>>>
>>> Talk to you then!
>>>
>>>
>>> Best regards,
>>> Frank
>>>
>>> 2015-03-30 13:03 GMT+02:00 Joseph Fonseka <jos...@wso2.com>:
>>>
>>>> Hi Frank
>>>>
>>>> Thanks for the feedback. And it is nice to see how we can control
>>>> cashing and concurrency with the additional headers. We will update the
>>>> remaining APIs with the same concepts.
>>>>
>>>> Please let us know a convenient time for a call to discuss on it
>>>> further.
>>>>
>>>> Also we will try to document these design decisions and concepts to
>>>> benefit APIs created in the future.
>>>>
>>>> BTW. The changes were pushed to the repo.
>>>>
>>>> Thanks
>>>> Jo
>>>>
>>>>
>>>> [1] http://hevayo.github.io/restful-apim/
>>>>
>>>> On Sat, Mar 28, 2015 at 12:47 AM, Frank Leymann <fr...@wso2.com> wrote:
>>>>
>>>>> Hi Jo,
>>>>>
>>>>> again, thanks for your work: we'll get a nice RESTful API :-) In the
>>>>> Richardson maturity model we'll get to level 2 (not level 3 because we are
>>>>> leaving out HATEOS - which is something that is not used often today in
>>>>> practice anyhow).
>>>>>
>>>>> I exported the YAML of the API, put it into a Word document and used
>>>>> the "change tracking" feature to comment/modify across the document -
>>>>> please find the document attached. (Frank Input - API Manager API -
>>>>> 2015-03-27.docx)
>>>>>
>>>>> All the changes I made to YAML itself is in the separate swagger YAML
>>>>> file I attached too. I used the swagger 2.0 tool to create this YAML, and
>>>>> the tool shows no syntax errors... So you may import it into your tool
>>>>> without problems. (FL Input API Manager API - 2015-03-27.yaml)
>>>>>
>>>>> I worked on the apis of the /apis and /apis/{apiID} resources. Before
>>>>> I continue, I suggest that we have a discussion (i.e. a call) to discuss
>>>>> the changes/suggestions I made. We need to agree whether this fits into
>>>>> the
>>>>> plan for implementing in the next release.
>>>>>
>>>>> Looking forward....
>>>>>
>>>>>
>>>>>
>>>>> Best regards,
>>>>> Frank
>>>>>
>>>>> 2015-03-26 4:52 GMT+01:00 Joseph Fonseka <jos...@wso2.com>:
>>>>>
>>>>>> Hi Frank
>>>>>>
>>>>>> What are the headers we should include ?
>>>>>>
>>>>>> 1. For the access token header we can define it globally in the
>>>>>> security definition [1]
>>>>>> <https://github.com/swagger-api/swagger-spec/blob/master/versions/2.0.md#securityDefinitionsObject>
>>>>>> 2. Content-type headers are covered by the consumes and produces
>>>>>> attributes [2]
>>>>>> <https://github.com/hevayo/restful-apim/blob/master/apim.yaml#L18-L19>
>>>>>> 3. For post methods we have an option of sending "Link" header with a
>>>>>> URL to newly created resource rather than returning newly created
>>>>>> resource
>>>>>> JSON.
>>>>>>
>>>>>> Thanks
>>>>>> Jo
>>>>>>
>>>>>> [1]
>>>>>> https://github.com/swagger-api/swagger-spec/blob/master/versions/2.0.md#securityDefinitionsObject
>>>>>>
>>>>>> [2]
>>>>>> https://github.com/hevayo/restful-apim/blob/master/apim.yaml#L18-L19
>>>>>>
>>>>>> On Wed, Mar 25, 2015 at 3:51 PM, Frank Leymann <fr...@wso2.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Jo,
>>>>>>>
>>>>>>> nice piece of work!
>>>>>>>
>>>>>>> What is still needed is a description of the header fields for both,
>>>>>>> the requests and APIs.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Best regards,
>>>>>>> Frank
>>>>>>>
>>>>>>> 2015-03-24 17:34 GMT+01:00 Joseph Fonseka <jos...@wso2.com>:
>>>>>>>
>>>>>>>> Hi All
>>>>>>>>
>>>>>>>> We are planing to implement a RESTFul API to expose the API Manager
>>>>>>>> functionality. This will be a replacement to the currently provided
>>>>>>>> Store
>>>>>>>> and Publisher APIs [1]
>>>>>>>> <https://docs.wso2.com/display/AM180/Publisher+APIs> & [2]
>>>>>>>> <https://docs.wso2.com/display/AM180/Store+APIs>.
>>>>>>>>
>>>>>>>> Main Motivation.
>>>>>>>> 1. The current APIs are not RESTful and they do not cover all the
>>>>>>>> functionality.
>>>>>>>> 2. To make it easy to integrate and automate API manager
>>>>>>>> functionality with 3rd party systems.
>>>>>>>> 3. To provide better security with Oauth.
>>>>>>>> 4. To provide better versioning and documentation with the API.
>>>>>>>>
>>>>>>>> As a start we have written a draft version of the API definition
>>>>>>>> which you can find here [3] <http://hevayo.github.io/restful-apim/>
>>>>>>>> .
>>>>>>>>
>>>>>>>> Following is a rough implementation plan.
>>>>>>>> 1. Work on the API Definition, get feed back from users and
>>>>>>>> finalize.
>>>>>>>> 2. Implementation. ( Architecture , Jax-RS ?)
>>>>>>>> 3. Adding Security. ( O-auth, scopes ? )
>>>>>>>> 4. Testing.
>>>>>>>> 5. Documentation.
>>>>>>>>
>>>>>>>> API definition was written with Swagger 2 once completed we can use
>>>>>>>> it to generate server stubs, client stubs and documentation.
>>>>>>>>
>>>>>>>> Please share your thoughts.
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>> Jo
>>>>>>>>
>>>>>>>> [1] https://docs.wso2.com/display/AM180/Publisher+APIs
>>>>>>>> [2] https://docs.wso2.com/display/AM180/Store+APIs
>>>>>>>> [3] http://hevayo.github.io/restful-apim/
>>>>>>>>
>>>>>>>> --
>>>>>>>> *Joseph Fonseka*
>>>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>>> lean.enterprise.middleware
>>>>>>>>
>>>>>>>> mobile: +94 772 512 430
>>>>>>>> skype: jpfonseka
>>>>>>>>
>>>>>>>> * <http://lk.linkedin.com/in/rumeshbandara>*
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> --
>>>>>> *Joseph Fonseka*
>>>>>> WSO2 Inc.; http://wso2.com
>>>>>> lean.enterprise.middleware
>>>>>>
>>>>>> mobile: +94 772 512 430
>>>>>> skype: jpfonseka
>>>>>>
>>>>>> * <http://lk.linkedin.com/in/rumeshbandara>*
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> --
>>>> *Joseph Fonseka*
>>>> WSO2 Inc.; http://wso2.com
>>>> lean.enterprise.middleware
>>>>
>>>> mobile: +94 772 512 430
>>>> skype: jpfonseka
>>>>
>>>> * <http://lk.linkedin.com/in/rumeshbandara>*
>>>>
>>>>
>>>
>>
>>
>> --
>>
>> --
>> *Joseph Fonseka*
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> mobile: +94 772 512 430
>> skype: jpfonseka
>>
>> * <http://lk.linkedin.com/in/rumeshbandara>*
>>
>>
>
>
> --
>
> *Sanjeewa Malalgoda*
> WSO2 Inc.
> Mobile : +94713068779
>
> <http://sanjeewamalalgoda.blogspot.com/>blog
> :http://sanjeewamalalgoda.blogspot.com/
> <http://sanjeewamalalgoda.blogspot.com/>
>
>
>
--
*Sanjeewa Malalgoda*
WSO2 Inc.
Mobile : +94713068779
<http://sanjeewamalalgoda.blogspot.com/>blog
:http://sanjeewamalalgoda.blogspot.com/
<http://sanjeewamalalgoda.blogspot.com/>
apim.yaml
Description: application/yaml
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
