Lectures Log - A.Y. 2025/2026

Total lectures: 8, total lecture hours: 16 (66%) - First lecture: 2026-02-27, Last lecture: 2026-04-24

Lecture 1: Introduction to (RESTful) web services

2026-02-27, 11:30 (2 hours)
Slides WS-Rest

  • (1-1)
    Course presentation
  • (1-2)
    Why (web) services are an effective way to develop software
  • (1-3)
    The distributed (web) services story: from RPC to RESTful
  • (1-4)
    Course topics: RESTful web services
  • (1-5)
    Example RESTful services as an extension to standard web applications
  • (1-6)
    Example RESTful services as a base for client-side applications like SPA (Angular, React, etc.)
  • (1-7)
    Example RESTful services as a base for mobile apps
  • (1-8)
    Course topics: RESTful web services design
  • (1-9)
    Course topics: RESTful web services implementation (Java, PHP)
  • (1-10)
    Course topics: RESTful clients implementation (Java, PHP, Javascript)
  • (1-11)
    Web services and Web 2.0
  • (1-12)
    What web services really are?
  • (1-13)
    What is the role of web services in web 2.0?
  • (1-14)
    Example Analysis of some services published by the Public Administration on the web
  • (1-15)
    Example An example of real web services: Amazon
  • (1-16)
    Example Making the Public Administration services real web services
  • (1-17)
    RESTful web services: when to use them, and what alternatives exist

Lecture 2: RESTful services semantics 1

2026-03-06, 11:30 (2 hours)
Slides Restful

  • (2-1)
    Basic features of a RESTful service: protocols, formats, methods
  • (2-2)
    Semantics of a RESTful web service: what kind of application it is best suited for?
  • (2-3)
    RESTful services URL structure
  • (2-4)
    Mapping resources to URLs: the basic collection-item structure
  • (2-5)
    Example Mapping relational structures to RESTful URLs
  • (2-6)
    CRUD RESTful operations: the GET method
    link https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/GET
  • (2-7)
    Example GET on collections: SELECT
  • (2-8)
    Example GET on collections with a query string: SELECT * WHERE
  • (2-9)
    Encoding of data returned by a GET and the Accept/Content-Type headers
  • (2-10)
    The return value of GET on collections: records or keys list?
  • (2-11)
    Example GET on item: SELECT * WHERE id = ...
  • (2-12)
    Example GET on attributes: SELECT a WHERE id = ...
  • (2-13)
  • (2-14)
    CRUD RESTful operations: the PUT method
    link https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/PUT
  • (2-15)
    Example PUT on item: global UPDATE of a specific record
  • (2-16)
    The payload of the PUT method and the Content-Type header
  • (2-17)
    PUT: HTTP return status
  • (2-18)
    CRUD RESTful operations: the PATCH method
    link https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/PATCH
  • (2-19)
    Example PATCH on item: partial UPDATE of a specific record
  • (2-20)
    Extension of PUT semantics in environments not supporting the PATCH

Lecture 3: RESTful services semantics 2

2026-03-13, 11:30 (2 hours)
Slides Restful

Lecture 4: RESTful services security

2026-03-20, 11:30 (2 hours)
Slides Restful Security

  • (4-1)
    The role of security in the design of RESTful APIs
  • (4-2)
    RESTful API security techniques: Mutual TLS
  • (4-3)
    RESTful API security techniques: HTTP Basic Authentication
  • (4-4)
    RESTful API security techniques: Token-Based Authentication
  • (4-5)
    The role of access tokens in API security
    link https://datatracker.ietf.org/doc/html/rfc7519
  • (4-6)
    How to exchange the access token: from base methods (query string, path) to Bearer Authorization
  • (4-7)
    Generating access tokens: authentication schemes
  • (4-8)
    Managing the expiration and refreshing access tokens
  • (4-9)
    Example How to implement the login/logout technique in a RESTful service
  • (4-10)
    RESTful API security techniques: API Keys
  • (4-11)
    OAuth: an advanced token-based authentication system for services
    link https://datatracker.ietf.org/doc/html/rfc6749
    link https://datatracker.ietf.org/doc/html/rfc6750
    link https://oauth.net/2
  • (4-12)
    The benefits of OAuth: no stored credentials and scoped authorization codes
  • (4-13)
    Actors and roles in OAuth 2
  • (4-14)
    Tokens and codes used by OAuth 2
  • (4-15)
    The OAuth 2 authorization flow
  • (4-16)
  • (4-17)
    Example The catalog case study
    material REST_Specs

Lecture 5: RESTful services: a case study

2026-03-27, 11:30 (2 hours)

  • (5-1)
    Example The catalog case study
    material REST_Specs
  • (5-2)
    Introduction to the JSON format
    link https://www.json.org
  • (5-3)
    Defining the JSON structures required by a service (or inherit them from the code!)
  • (5-4)
    Identifying the collection-item pattern within the API
  • (5-5)
    Defining an URL structure consistent with the API
  • (5-6)
    Outside the pattern: when violating the standard RESTful semantic helps us to be more efficient
  • (5-7)
    Mapping methods and payloads on URLs
  • (5-8)
    Managing binaries correctly and effectively
  • (5-9)
    Example The catalog case study RESTful API
    material REST_Specs_RESTful

Lecture 6: JSON Schema

2026-04-10, 11:30 (2 hours)
Slides JSONSchema

  • (6-1)
    JSON Schema: basic structure and annotations
    link https://json-schema.org/specification.html
  • (6-2)
    JSON Schema: meaning of the empty schema and "modeling by restrictions" technique
  • (6-3)
    JSON Schema: data types
  • (6-4)
    JSON Schema: string type and constraints
  • (6-5)
    JSON Schema: numeric types and constraints
  • (6-6)
    JSON Schema: object type and property specification
  • (6-7)
    JSON Schema: object type constraints
  • (6-8)
    JSON Schema: array type and constraints
  • (6-9)
    JSON Schema: enumerations
  • (6-10)
    JSON Schema: schema composition (allOf, anyOf, oneOf, not)
  • (6-11)
    JSON Schema: schema references and modularization ($ref property)
  • (6-12)
    Example The catalog data structure defined with JSON Schema
    material Catalogo_Object.json
    material Catalogo_Object_Schema.json
  • (6-13)
    The YAML (meta) language
    link https://yaml.org/spec
  • (6-14)
    Relationships between YAML and JSON
  • (6-15)
    YAML syntax: scalars, objects and arrays

Lecture 7: OpenAPI /1

2026-04-17, 11:30 (2 hours)
Slides OpenAPI

  • (7-1)
    Introduction to OpenAPI 3
  • (7-2)
    OpenAPI online tools and specification
    link https://www.openapis.org/
    link https://swagger.io/tools/open-source/
  • (7-3)
    OpenAPI: basic structure
  • (7-4)
    Example Using the Swagger editor to create an OpenAPI specification
    link https://editor.swagger.io/
  • (7-5)
    OpenAPI: info object
  • (7-6)
    OpenAPI: tags object
  • (7-7)
    OpenAPI: externalDocs object
  • (7-8)
    OpenAPI: servers
  • (7-9)
    OpenAPI: specification factorization and components object
  • (7-10)
    OpenAPI: schema components
  • (7-11)
    OpenAPI: parameter components
  • (7-12)
    OpenAPI: response components
  • (7-13)
    Example The catalog RESTful service specification with OpenAPI 3: base structure, schemas, parameters and responses
  • (7-14)
    Presentation of the final project specifications

Lecture 8: OpenAPI /2

2026-04-24, 11:30 (2 hours)
Slides OpenAPI

  • (8-1)
    OpenAPI: requestBody components
  • (8-2)
    OpenAPI: securityScheme components
  • (8-3)
    OpenAPI: endpoints: basic structure of the paths object
  • (8-4)
    OpenAPI: parametric URLs in the paths object
  • (8-5)
    OpenAPI: endpoint parameters (parameters)
  • (8-6)
    Path-level and method-level parameters
  • (8-7)
    OpenAPI: response status and corresponding content (responses)
  • (8-8)
    OpenAPI: request content (requestBody)
  • (8-9)
    OpenAPI: security requirements of an endpoint (security)
  • (8-10)
    Example The catalog RESTful service specification with OpenAPI 3
    material Catalogo_OpenAPI.yaml
  • (8-11)
    Developing a RESTful service with JAX-RS
    link https://eclipse-ee4j.github.io/jersey/