Book Image

Modern API Development with Spring and Spring Boot

By : Sourabh Sharma
Book Image

Modern API Development with Spring and Spring Boot

By: Sourabh Sharma

Overview of this book

The philosophy of API development has evolved over the years to serve the modern needs of enterprise architecture, and developers need to know how to adapt to these modern API design principles. Apps are now developed with APIs that enable ease of integration for the cloud environment and distributed systems. With this Spring book, you'll discover various kinds of production-ready API implementation using REST APIs and explore async using the reactive paradigm, gRPC, and GraphQL. You'll learn how to design evolving REST-based APIs supported by HATEOAS and ETAGs and develop reactive, async, non-blocking APIs. After that, you'll see how to secure REST APIs using Spring Security and find out how the APIs that you develop are consumed by the app's UI. The book then takes you through the process of testing, deploying, logging, and monitoring your APIs. You'll also explore API development using gRPC and GraphQL and design modern scalable architecture with microservices. The book helps you gain practical knowledge of modern API implementation using a sample e-commerce app. By the end of this Spring book, you'll be able to develop, test, and deploy highly scalable, maintainable, and developer-friendly APIs to help your customers to transform their business.
Table of Contents (21 chapters)
1
Section 1: RESTful Web Services
7
Section 2: Security, UI, Testing, and Deployment
12
Section 3: gRPC, Logging, and Monitoring
16
Section 4: GraphQL

Testing security

You can clone the code and build it using the following command:

Run it from project home
$ gradlew clean build

This code is tested with Java 15.

Important

Make sure to generate the keys again, as keys generated by the JDK keytool are only valid for 90 days.

Then, you can run the application from your project home, as shown in the following code snippet:

$ java -jar build/libs/Chapter06-0.0.1-SNAPSHOT.jar

Now, you must be looking forward to testing. Let's test our first use case.

Let's hit the GET /api/vi/addresses API without the Authorization header, as shown in the following code snippet:

$ curl -v 'http://localhost:8080/api/v1/addresses' -H 'Content-Type: application/json' -H 'Accept: application/json'
< HTTP/1.1 401
< Vary: Origin
< Vary: Access-Control-Request-Method
< Vary: Access-Control-Request-Headers
< WWW-Authenticate: Bearer
< X-Content-Type-Options: nosniff
< X-XSS...