Book Image

Modern API Development with Spring and Spring Boot

By : Sourabh Sharma
Book Image

Modern API Development with Spring and Spring Boot

By: Sourabh Sharma

Overview of this book

The philosophy of API development has evolved over the years to serve the modern needs of enterprise architecture, and developers need to know how to adapt to these modern API design principles. Apps are now developed with APIs that enable ease of integration for the cloud environment and distributed systems. With this Spring book, you'll discover various kinds of production-ready API implementation using REST APIs and explore async using the reactive paradigm, gRPC, and GraphQL. You'll learn how to design evolving REST-based APIs supported by HATEOAS and ETAGs and develop reactive, async, non-blocking APIs. After that, you'll see how to secure REST APIs using Spring Security and find out how the APIs that you develop are consumed by the app's UI. The book then takes you through the process of testing, deploying, logging, and monitoring your APIs. You'll also explore API development using gRPC and GraphQL and design modern scalable architecture with microservices. The book helps you gain practical knowledge of modern API implementation using a sample e-commerce app. By the end of this Spring book, you'll be able to develop, test, and deploy highly scalable, maintainable, and developer-friendly APIs to help your customers to transform their business.

Related Content you might be interested in

Current Title:

Small book image
Modern API Development with Spring and Spring Boot
Sourabh Sharma
Jun, 2021 | 582 pages
Small book image
Mastering Microservices with Java.
Sourabh Sharma
Feb, 2019 | 446 pages
Small book image
Mastering Microservices with Java 9
Sourabh Sharma
Dec, 2017 | 316 pages
Small book image
Full Stack Development with Spring Boot and React
Juha Hinkula
Apr, 2022 | 378 pages
Table of Contents (21 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1: RESTful Web Services
Section 1: RESTful Web Services
Free Chapter
2
Chapter 1: RESTful Web Service Fundamentals
Chapter 1: RESTful Web Service Fundamentals
Technical requirements
Introducing REST APIs
Handling resources and URIs
Exploring HTTP methods and status codes
Learning HATEOAS
Best practices for designing REST APIs
An overview of the e-commerce app
Summary
Questions
Further reading
3
Chapter 2: Spring Concepts and REST APIs
Chapter 2: Spring Concepts and REST APIs
Technical requirements
Introduction to Spring
Learning the basic concepts of the Spring Framework
Purpose of servlet dispatcher
Summary
Questions
Further reading
4
Chapter 3: API Specifications and Implementation
Chapter 3: API Specifications and Implementation
Technical requirements
Designing APIs with OAS
Converting OAS to Spring code
Implementing the OAS code interfaces
Adding a Global Exception Handler
Summary
Questions
Further reading
5
Chapter 4: Writing Business Logic for APIs
Chapter 4: Writing Business Logic for APIs
Technical requirements
Overview of the service design
Adding a Repository component
@Repository annotation
Adding a Service component
Implementing hypermedia
Enhancing the controller with a service and HATEOAS
Adding ETags to API responses
Testing the APIs
Summary
Questions
Further reading
6
Chapter 5: Asynchronous API Design
Chapter 5: Asynchronous API Design
Technical requirements
Understanding Reactive Streams
Exploring Spring WebFlux
Understanding DispatcherHandler
Implementing Reactive APIs for our e-commerce app
Summary
Questions
Further reading
7
Section 2: Security, UI, Testing, and Deployment
Section 2: Security, UI, Testing, and Deployment
8
Chapter 6: Security (Authorization and Authentication)
Chapter 6: Security (Authorization and Authentication)
Technical requirements
Implementing authentication using Spring Security and JWT
Securing REST APIs with JWT
Configuring CORS and CSRF
Understanding authorization
Testing security
Summary
Questions
Further reading
9
Chapter 7: Designing a User Interface
Chapter 7: Designing a User Interface
Technical requirements
Learning React fundamentals
Exploring React components and other features
Configuration to remove unused styles in production
Designing e-commerce app components
Consuming APIs using Fetch
Implementing authentication
Summary
Questions
Further reading
10
Chapter 8: Testing APIs
Chapter 8: Testing APIs
Technical requirements
Testing APIs and code manually
Testing automation
Summary
Questions
Further reading
11
Chapter 9: Deployment of Web Services
Chapter 9: Deployment of Web Services
Technical requirements
Exploring the fundamentals of containerization
Building a Docker image
Deploying an application in Kubernetes
Summary
Questions
Further reading
12
Section 3: gRPC, Logging, and Monitoring
Section 3: gRPC, Logging, and Monitoring
13
Chapter 10: gRPC Fundamentals
Chapter 10: gRPC Fundamentals
Technical requirements
Introduction and gRPC architecture
Understanding service definitions
Exploring the RPC life cycle
Understanding the gRPC server and gRPC stub
Handling errors
Summary
Questions
Further reading
14
Chapter 11: gRPC-based API Development and Testing
Chapter 11: gRPC-based API Development and Testing
Technical requirements
Writing an API interface
Developing the gRPC server
Handling errors
Developing the gRPC client
Learning microservice concepts
Summary
Questions
Further reading
15
Chapter 12: Logging and Tracing
Chapter 12: Logging and Tracing
Technical requirements
Introducing logging and tracing
Installing the ELK stack
Implementing logging and tracing
Distributed tracing with Zipkin
Summary
Questions
Further reading
16
Section 4: GraphQL
Section 4: GraphQL
17
Chapter 13: GraphQL Fundamentals
Chapter 13: GraphQL Fundamentals
Technical requirements
Introducing GraphQL
Learning about the fundamentals of GraphQL
Designing a GraphQL schema
Testing GraphQL queries and mutations
Solving the N+1 problem
Summary
Questions
Further reading
18
Chapter 14: GraphQL API Development and Testing
Chapter 14: GraphQL API Development and Testing
Technical requirements
Workflow and tooling for GraphQL
Implementation of the GraphQL server
Documenting APIs
Test automation
Summary
Questions
Further reading
19
Assessments
Assessments
Chapter 1 – RESTful Web Services Fundamentals
Chapter 2 – Spring Concepts and REST APIs
Chapter 3 – API Specifications and Implementation
Chapter 4 – Writing Business Logic for APIs
Chapter 5 – Asynchronous API Design
Chapter 6 – Security (Authorization and Authentication)
Chapter 7 – Designing the User Interface
Chapter 8 – Testing APIs
Chapter 9 – Deployment of Web Services
Chapter 10 – gRPC Fundamentals
Chapter 11 – gRPC-Based API Development and Testing
Chapter 12 – Logging and Tracing
Chapter 13 – GraphQL Fundamentals
Chapter 14 – GraphQL API Development and Testing
Why subscribe?
20
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Leave a review - let other readers know what you think

Securing REST APIs with JWT

In this section, you'll secure the REST endpoints exposed in Chapter 4, Writing Business Logic for APIs. Therefore, we'll use the code from Chapter 4, Writing Business Logic for APIs and enhance it to secure the APIs.

The REST APIs should be protected with the following features:

  • No secure API should be accessed without JWT.
  • A JWT can be generated using sign-in/sign-up or a refresh token.
  • A JWT and a refresh token should only be provided for a valid user's username/password combination or a valid user sign-up.
  • The password should be stored in encoded format using a bcrypt strong hashing function.
  • The JWT should be signed with RSA (for Rivest, Shamir, Adleman) keys with a strong algorithm.
  • Claims in the payload should not store sensitive or secured information. If they do, then these should be encrypted.
  • You should be able to authorize API access for certain roles.

We need to include new APIs for the...

Previous Section
End of Section 4
Next Section