Abao
Accept-Charset header
Accept header
Access token
AccuWeather APIs
Activity logging
Amazon APIs
Amazon S3
Amazon Web Services
Analytics services
API adoption patterns
business partner integration
external digital consumers
internal application integration
IoT
mobile
API analytics
activity logging
advanced analytics
business value reports
importance
metrics
reports
service-level monitoring
stakeholders
user auditing
API Blueprint
document structure
vs. Swagger and RAML
tools
API catalog
API contract
definition
API deployment patterns
cloud deployment
advantages
disadvantages
on-premise deployment model
API Designer
API developer portal
vs. API gateway
in API Lifecycle
API product owner
API team
app developers
features
importance
publishing and sharing
support
federated developer community
invitations
social forums
API documentation
API facade pattern
callback
composition
HATEOS principles
two-phase transaction
API fuzzing
API gateway
vs. API developer portal
caching
interface translation
format translation
protocol translation
service and data mapping
security
authentication
authorization
data privacy
DoS protection
identity mediation
key and certificate management
threat detection
service orchestration
service routing
connection pooling
load balancing
service dispatching
URL mapping
testing
traffic management
consumption quota
spike arrest
traffic prioritization
usage throttling
API governance
adoption phase
aim
API proposal
build and validate phase
general availability phase
policy-driven approach
technical requirements gathering
API interface
API key
API lifecycle management
change notification
creation
issue management
publication
version management
API management patterns
API composition pattern
API facade pattern
caching
logging and monitoring
routing
session management
synchronous to asynchronous mediation
throttling
two-phase conversion pattern
two-phase transaction management
API management platform
API gateway
See also((API gateway))
businesses values
capabilities
developer portals
lifecycle management
API message logging pattern
API monetization
API package
API product
billing documents
digital assets
fee-based model
free model
to increase revenue
customer channels
customer retention
distribution channels
upsell premium and value-added services
indirect model
rate plan
reports
revenue-sharing model
API Notebook
API patterns
adoption patterns
See also((API adoption patterns))
deployment patterns
See also((API deployment patterns))
management patterns
pragmatic RESTful API interface
security
API performance testing
See alsoLoad testing
baseline testing
metrics
soak testing
stress testing
API product owner
API Provider
API registry
API security
authentication
authentication and authorization
API keys
mutual authentication
OAuth
See also((OAuth))
username and password
X.509 certificate
authorization
considerations
cross-site scripting (XSS)
cyber threats
bot attacks
cross-site resource forgery
cross-site scripting (XSS)
injection threats
insecure direct object reference
sensitive data exposure
DDoS attacks
demands
denial-of-service (DOS) attacks
eavesdropping
logging and auditing
man-in-the-middle attacks
monitoring APIs
OpenID Connect
PCI compliance requirements
Quota policy
recommendations
schema validation policies
scripting attacks
SDLC process
session attack
Spike Arrest policy
SSL/TLS encryption
testing
API fuzzing
authentication and authorization
malformed payload injection
malicious content injection
threat model
API team
API testing
API documentation
API gateway
API interface specifications
API security
See also((API security, testing))
challenges
importance of
performance testing
See also((Load testing))
tools
must-have features
nice-to-have features
API value chain
API Workbench
app developers
app ID
app key
Application programming interface (API)
See alsoWeb APIs
business models
hotel room booking
AT&T APIs
Audiences, API documentation
Auditing
Authentication
Authorization
Authorization header
Baseline testing
B2B partner integration
Billing
BlazeMeter
Blogs and forums
Bot attacks
Cache-Control general header
Caching
client ID
Client-server constraint
Cloud computing
Cloud deployment
advantages
capital and operational expenditure reduction
management over heads
regulatory compliance
reliability and availability
scalability and agility
time to market
disadvantages
control over data
network latency
Code-on-demand constraint
Communication
Content-based routing
Content-Type header
Cross-Site Resource Forgery (CSRF or XSRF)
Cross-site scripting (XSS)
Custom Search APIs
Cyber threats
bot attacks
cross-site resource forgery
injection threats
script injection attacks
XML and JSON bombs
insecure direct object reference
sensitive data exposure
XSS
Data privacy
DDoS attacks
DELETE verb
Denial-of-service (DoS) attacks
Developer portals
access credentials
API catalog and documentation
API documentation
community management
monetization
Documentation
API Blueprint
app developers or API consumers
audiences
bottom-up approach
endpoint
error codes
frameworks
header parameters
HTTP response codes
importance
message payload
method
RAML
See also((RESTful API Markup Language (RAML))
sample HTTP calls
SLAs
Swagger
See also((Swagger))
title
top-down approach
tutorials and walk-throughs
URL parameters
Eavesdropping
eBay API
Elastic Compute Cloud platform
ETag (entity tag) response header
Facebook APIs
Federated developer community
Filtering
Filtering criteria
Flickr APIs
Foursquare APIs
Freemium model
Free model
GET verb
Google APIs
Google Maps APIs
Handle requests
HEAD method
Host request header
HTTP error response codes
HTTP headers
Accept-Charset header
Accept header
Authorization header
Cache-Control general header
Content-Type header
ETag (entity tag) response header
Host request header
Location response header
naming conventions
types
HTTP status code
HTTP verbs
RESTful web services
DELETE verb
GET verb
HEAD method
idempotent and safe methods
OPTIONS verb
PATCH method
POST verb
PUT method
PUT vs. POST
Richardson Maturity Model
Hypermedia as the Engine of Application State (HATEOAS)
Idempotent HTTP method
Injection threats
script injection attacks
script injections
SQL statement injection
XML and JSON bombs
Insecure direct object reference
Instagram APIs
Internal APIs
Internal application integration
Internet of Things (IoT)
Invitations, developer portal
JMeter
JSON format representation
Layered system
Load balancing
Loader.io
Load testing
preparation
tools
LoadUI
Location response header
Logging
Malformed/unexpected message injection attacks
Man-in-the-middle attacks
Message payload
Mobile apps
Monetization
Monitoring APIs
analytics
management patterns
security
Naming conventions
OAuth
API gateway
authorization server
client
grant types
authorization code
client credentials
implicit grant type
resource owner password credentials
protocol
resource owner
resource server
scope names
tokens
On-premise deployment model
OpenAPI specification
OpenID Connect
authentication flows
authorization code flow
See also((OpenID connect authorization code flow))
hybrid flow
implicit flow
end user
identity provider integration
ID tokens
interaction between parties
relying party (RP)
OpenID connect authorization code flow
authorization endpoint
token endpoint
userinfo endpoint
OPTIONS verb
Pagination
Partner APIs
PATCH method
PCI compliance specifications
POST verb
Private APIs
security and access control
Public APIs
app developers
security risks
success
PUT method
vs. POST
Query parameters
Quota policy
RAML API specification
data type
methods
resources and subresources
resource types and traits
response
security scheme information
security schemes
Rate plan
Refresh token
Regulatory compliance requirement
Relying party (RP)
Representational State Transfer (REST)
caching
client-server constraint
code-on-demand constraint
HTTP headers
Accept-Charset header
Accept header
Authorization header
Cache-Control general header
Content-Type header
ETag (entity tag) response header
Host request header
Location response header
naming conventions
types
HTTP status code
categories
error codes
success codes
HTTP verbs
DELETE verb
GET verb
HEAD method
idempotent and safe methods
OPTIONS verb
PATCH method
POST verb
PUT method
PUT vs. POST
layered system principle
query-string parameters
filtering
offset and limit
pagination
resource identifier design, URIs
best practices
modelling resources and subresources
naming conventions
resource naming conventions
URI design
URI format
resource representation design
Richardson Maturity Model
HTTP verbs
hypermedia controls
resources
Swamp of POX
statelessness
uniform interface
HATEOAS
resource identification
resource manipulation
self-descriptive messages
versioning
Resource type
RESTful API Markup Language (RAML)
Abao
API Designer
API Notebook
API Workbench
code generation tools
JAX-RS
for .NET
RAML 0.8 and RAML 1.0
Restlet Studio
specification
structure
structure
vs. Swagger and API Blueprint
tools
RESTful web services
See alsoRepresentational State Transfer (REST)
Restlet Studio
Richardson Maturity Model
HTTP verbs
hypermedia controls
resources
Swamp of POX
Roy Thomas Fielding’s dissertation
Safe HTTP method
SalesForce
Scripting attacks
Script injection attacks
script injections
SQL statement injection
Search APIs
Sensitive data exposure
Service-level agreement (SLA)
Service orchestration
Service-oriented architecture (SOA)
Session attack
SMAC (social, mobile, analytics, and cloud) technologies
Soak testing
SOAP (Simple Object Access Protocol) messages
Social forums
Spike Arrest policy
SSL/TLS encryption
Streaming APIs
Stress testing
Swagger
bottom-up approach
file structure
frameworks
goals
vs. RAML and API Blueprint
tools
top-down approach
Swagger Codegen
Swagger Editor
Swagger-UI
Traits
Twitter APIs
Uniform Resource Identifier (URI)
components
naming conventions
Uniform Resource Locators (URLs)
versioning
Uniform Resource Name (URN)
URL mapping
URL parameters
User auditing
Vegeta
Versioning
demands
handle requests
host name
HTTP header
lifecycle management
principles
query parameters
vs. software versioning
URLs
Web APIs
definition
evolution
vs. SOA
vs. web services
vs. web sites
Web sites
Wrk
Yelp APIs
YouTube API
34.231.180.210