Lectures Log - A.Y. 2024/2025
Lecture 1: Introduction to (RESTful) web services
2025-02-28, 11:30 (2 hours)
Slides WS-Rest
- (1-1)Course presentation
- (1-2)Why (web) services are an effective way to develop software
- (1-3)The distributed (web) services story: from RPC to RESTful
- (1-4)Course topics: RESTful web services
- (1-5)Example RESTful services as an extension to standard web applications
- (1-6)Example RESTful services as a base for client-side applications like SPA (Angular, React, etc.)
- (1-7)Example RESTful services as a base for mobile apps
- (1-8)Course topics: RESTful web services design
- (1-9)Course topics: RESTful web services implementation (Java, PHP)
- (1-10)Course topics: RESTful clients implementation (Java, PHP, Javascript)
- (1-11)Web services and Web 2.0
- (1-12)What web services really are?
- (1-13)What is the role of web services in web 2.0?
- (1-14)Example Analysis of some services published by the Public Administration on the web
- (1-15)Example An example of real web services: Amazon
- (1-16)Example Making the Public Administration services real web services
- (1-17)RESTful web services: when to use them, and what alternatives exist
Lecture 2: RESTful services semantics 1
2025-03-07, 11:30 (2 hours)
Slides Restful
- (2-1)Basic features of a RESTful service: protocols, formats, methods
- (2-2)Semantics of a RESTful web service: what kind of application it is best suited for?
- (2-3)RESTful services URL structure
- (2-4)Mapping resources to URLs: the basic collection-item structure
- (2-5)Example Mapping relational structures to RESTful URLs
- (2-6)CRUD RESTful operations: the GET method
link https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/GET - (2-7)Example GET on collections: SELECT
- (2-8)Example GET on collections with a query string: SELECT * WHERE
- (2-9)Encoding of data returned by a GET and the Accept/Content-Type headers
- (2-10)The return value of GET on collections: records or keys list?
- (2-11)Example GET on collections: use of the query string to create a LIMIT clause
- (2-12)
Lecture 3: RESTful services semantics 2
2025-03-14, 11:30 (2 hours)
Slides Restful
- (3-1)Example GET on item: SELECT * WHERE id = ...
- (3-2)Example GET on attributes: SELECT a WHERE id = ...
- (3-3)
- (3-4)CRUD RESTful operations: the PUT method
link https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/PUT - (3-5)Example PUT on item: global UPDATE of a specific record
- (3-6)The payload of the PUT method and the Content-Type header
- (3-7)Example PUT on attributes: UPDATE of individual attributes in a specific record
- (3-8)Example PUT on collections: replacement of an entire collection
- (3-9)PUT: HTTP return status
- (3-10)CRUD RESTful operations: the PATCH method
link https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/PATCH - (3-11)Example PATCH on item: partial UPDATE of a specific record
- (3-12)Extension of PUT semantics in environments not supporting the PATCH
- (3-13)CRUD RESTful operations: the POST method
link https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/POST - (3-14)Example POST on collections: INSERT of a new record
- (3-15)The payload of the POST method and the Content-Type header
- (3-16)POST: HTTP return status and values
- (3-17)CRUD RESTful operations: the DELETE method
link https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/DELETE - (3-18)Example DELETE on item: DELETE of a specific record
- (3-19)Example DELETE on collections: emptying a table
- (3-20)DELETE: HTTP return status
- (3-21)Other HTTP methods: HEAD, OPTIONS
link https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/HEAD
link https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS - (3-22)Example HEAD on resource: metadata check
- (3-23)Example HEAD used to control resource caching
- (3-24)Example OPTIONS on a resource: allowed methods check
- (3-25)The same-origin-policy issue for services
link https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy - (3-26)How to grant access to RESTful services from outside (their domain): CORS
link https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS - (3-27)OPTIONS and CORS: the resource preflight
link https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request - (3-28)RESTful RMI-type operations
- (3-29)How to specify an object (context) and a method to be invoked thorugh an URL
- (3-30)Example The POST method used to make an RMI
- (3-31)Encoding the parameters and the return value of a method invoked via POST
- (3-32)Payload and result for the POST method: Accept and Content-Type header
- (3-33)POST for RMI: HTTP return status
- (3-34)Example RESTful RMI-type operations: GET for read methods (derived attributes)
- (3-35)Example The POST method as an alternative to GET on collections to define complex filters
Lecture 4: RESTful services security
2025-03-21, 11:30 (2 hours)
- (4-1)Security in RESTful APIs
- (4-2)
- (4-3)How to exchange the access token: from base methods (query string, path) to Bearer Authorization
- (4-4)Managing the expiration and refreshing access tokens
- (4-5)Generating access tokens: authentication schemes
- (4-6)Example How to implement the login/logout technique in a RESTful service
- (4-7)OAuth: an advanced authentication system for services
link https://datatracker.ietf.org/doc/html/rfc6749
link https://datatracker.ietf.org/doc/html/rfc6750
link https://oauth.net/2 - (4-8)The OAuth 2 authorization flow
- (4-9)The benefits of OAuth: no stored credentials and scoped authorization codes
- (4-10)Example OAuth in the real world
link https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow - (4-11)
Lecture 5: RESTful services: a case study
2025-03-28, 11:30 (2 hours)
- (5-1)
- (5-2)
- (5-3)Defining the JSON structures required by a service (or inherit them from the code!)
- (5-4)Identifying the collection-item pattern within the API
- (5-5)Defining an URL structure consistent with the API
- (5-6)Outside the pattern: when violating the standard RESTful semantic helps us to be more efficient
- (5-7)Mapping methods and payloads on URLs
- (5-8)Managing binaries correctly and effectively
- (5-9)
- (5-10)Introduction to JSON Schema
Lecture 6: JSON Schema
2025-04-04, 11:30 (2 hours)
Slides JSONSchema
- (6-1)
- (6-2)JSON Schema: meaning of the empty schema and "modeling by restrictions" technique
- (6-3)JSON Schema: data types
- (6-4)JSON Schema: string type and constraints
- (6-5)JSON Schema: numeric types and constraints
- (6-6)JSON Schema: object type and property specification
- (6-7)JSON Schema: object type constraints
- (6-8)JSON Schema: array type and constraints
- (6-9)JSON Schema: enumerations
- (6-10)JSON Schema: schema composition (allOf, anyOf, oneOf, not)
- (6-11)JSON Schema: schema references and modularization ($ref property)
- (6-12)Example The event data structure defined with JSON Schema
material Event_Object.json
material Event_Object_Schema.json - (6-13)
- (6-14)Relationships between YAML and JSON
- (6-15)YAML syntax: scalars, objects and arrays
Lecture 7: OpenAPI /1
2025-04-11, 11:30 (2 hours)
Slides OpenAPI
- (7-1)Introduction to OpenAPI 3
- (7-2)OpenAPI online tools and specification
link https://www.openapis.org/
link https://swagger.io/tools/open-source/ - (7-3)OpenAPI: basic structure
- (7-4)Example Using the Swagger editor to create an OpenAPI specification
link https://editor-next.swagger.io/ - (7-5)OpenAPI: info object
- (7-6)OpenAPI: tags object
- (7-7)OpenAPI: externalDocs object
- (7-8)OpenAPI: servers
- (7-9)OpenAPI: specification factorization and components object
- (7-10)OpenAPI: schema components
- (7-11)OpenAPI: parameter components
- (7-12)Example The events RESTful service specification with OpenAPI 3: base structure, schemas and parameters