Category: API Development

Posted in API Development

Getting Started with Postman: A 10 Minute Quick Guide

Posted on by Swetha Kannan

Postman is a popular platform that is used for API development and testing. The easy-to-use and simple interface helps make the API development process faster and more efficient.

Users of Postman can send HTTP requests and get responses which makes the API building, testing and debugging process simple.

Features of Postman

  • The Postman API enables users to access any data that is stored in the Postman account easily.
  • Postman offers a set of tools to help design, test, document APIs and also share and collaborate on the API development process.
  • Postman has different types of workspaces for personal use, teams to collaborate as well as public workspaces. These help in organizing the APIs effectively.
  • The Governance feature in Postman API gives the API design rules, industry best practices and good development practices to help teams design the best APIs for use.

Installing Postman

Postman can be downloaded and installed on your laptop for use. See here for more details. You can also use Postman on the web. There is a CLI tool and Newman which can run collections from command line.

Postman Interface – Sending an HTTP Request

Remember the simple User REST API app that we created in a previous blog post? If you haven’t read Your Ultimate Guide to Understanding REST APIs yet, I highly recommend that you do. Now let us see how we do the GET request from Postman.

curl GET http://localhost:8080/users
  1. You can create a new request by clicking the + sign above the request tab.
  2. The drop down menu in the interface has a list of HTTP methods such as GET, POST, PUT etc. The box next to it is where we enter the URL path of our request.

3. You can add parameters, headers, authorization etc for your API below the request bar.

4. Once you click the “Send” button, the request should be sent.

5. At the bottom you will find the response window with the results, status code, time taken for the request etc.

Postman Collections

You will notice an icon called Collections on the left side. This is where you can organize your APIs based on use cases. Each collection is a set of endpoints and API calls for a particular application.

Collections can be easily saved, shared and collaborated on by importing or exporting the collections.

Authorization in Postman

Postman has a lot of different types of Authorization that can be enabled including OAuth 2.0 which is the most popular type.

To use OAuth 2.0, enter the request details in the request tab with the necessary parameters, body etc.

Click the Authorization Tab.

Select OAuth 2.0 fro the drop down menu.

Configure the Settings with the token name, type and other credentials.

Click “Request Token” once all the fields are filled out.

Once you have the token, Postman will add it to the Authorization header automatically and you can now send your requests to the API.

Postman Environment Variables

Environment Variables in Postman enable you to save values that are used frequently in variables to load them dynamically during request execution. You can use them across different environments such as prod, dev etc.

  1. Click the Environment Tab in your workspace to create a new environment.
  2. Name your environment – prod, dev etc.
  3. Add keys and values for the environment variables. The OAuth token mentioned in the previous section can be stored as an environment variable.
  4. Save the environment.

You can also save global variables in the Globals section.

To use these variables in the request, use double curly braces {{ }}. For example

  • Authorization Header
Bearer {{authToken}}
  • URL
{{baseUrl}}/users

Hope this quick guide helps you get started with Postman. There are a lot more powerful features in Postman. I have linked some additional resources below for further reading.

Additional Resources

Configure and use a Postman Mock Server

Postman Learning Center

Posted in API Development, Java Programming

Your Ultimate Guide to Understanding REST APIs

Posted on by Swetha Kannan

What is a REST API?

REST stands for Representational State Transfer which simply is a set of rules for software to interact with each other over the network. There are many other protocols for software to communicate with each other such as SOAP (Simple Object Access Protocol), GraphQL (An API query language), gRPC (gRPC Remote Procedure Call) etc. REST is one among them. REST is widely popular due to being simple, interoperable, lightweight and scalable. It is suited well for web services and applications with CRUD operations.

Key Features of REST APIs

Understanding Resources and URIs are key to understanding REST APIs. Resources are data objects that can be accessed via REST APIs. They are identified with a Uniform Resource Identifier (URI). HTTP methods such as GET, POST, PUT and DELETE are used to perform operations on the resources. The resources are represented in formats such as JSON, XML etc.

REST APIs have the following key features.

Client Server Architecture

REST operates on a Client-Server model where a client sends a request to the server and the server sends back an appropriate response. This is done using the URIs mentioned above. This type of model also allows for the client and server to be modified independently offering a separation of concerns.

Statelessness

REST is stateless meaning the client should have the all the information that the server needs to process a request, contained within the request. The server won’t store any client state. Each request is handled independently by the server.

Layered Architecture

REST has a layered architecture where each layer is independent and interacts with the layers interfacing with it. This enables scalability and security in the system. For example, layers such as load balancing, security etc can be added to the system and the client will not know which layers it is talking to.

REST API Methods

REST APIs use standard HTTP methods making them simpler to use.

  • GET – To retrieve data
  • HEAD – Transfer only the status line and header section
  • POST – To create a new resource
  • PUT – Update an existing resource
  • DELETE – Delete a resource
  • PATCH – Modify an existing resource partially

We will go over examples for some of these in the section below.

Build a REST API using Java Spring Boot

Let us build a simple User REST API using Java Spring Boot. Go to https://start.spring.io/ and generate a new project called restApi with the dependencies – Spring Data JPA (For database operations) and Spring Web (for REST APIs).

You can find the full working code on my Github link here.

Next, we will create a simple User REST API. There are 5 main components to the REST API.

  • User class – This defines the structure of a User Entity.
  • User Repository – handles data operations.
  • User Service – contains basic methods to manipulate User objects.
  • User REST API – Contains the GET, POST etc methods to perform http operations.
  • application.properties – To define the database connection for the REST API.

Design a User Entity

User has three defining class variables – user id, user name and user email. We will also add getters and setters for these variables.

@Entity
public class User {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;
    private String userName;
    private String userEmail;

    public Long getId() {
        return id;
    }

    public void setId(Long id) {
        this.id = id;
    }

    public String getUserName() {
        return userName;
    }

    public void setUserName(String userName) {
        this.userName = userName;
    }

    public String getUserEmail() {
        return userEmail;
    }

    public void setUserEmail(String userEmail) {
        this.userEmail = userEmail;
    }
}

Define a User Repository

The repository will handle data operations. JpaRepository is a JPA (Java Persistence API) extension of Repository with API for basic CRUD operations and also API for pagination and sorting.

@Repository
public interface UserRepository extends JpaRepository<User, Long> {
}

Define a User Service

This service interacts with the User Repository and will be called by the REST API to perform operations. 

@Service
public class UserService {

    @Autowired
    private UserRepository userRepository;

    public List<User> getAllUsers() {
        return userRepository.findAll();
    }

    public User getUserById(Long id) {
        return userRepository.findById(id).orElse(null);
    }

    public User createUser(User user) {
        return userRepository.save(user);
    }

    public void deleteUser(Long id) {
        userRepository.deleteById(id);
    }
}

Define the User REST APIs

This is the final User REST API. We need to specify @RestController for Spring Application to recognize our REST API.

We will use @GetMapping and @PostMapping annotations to mark the functionality of different endpoints of the REST API.

@RestController
@RequestMapping("/users")
public class UserController {

    @Autowired
    private UserService userService;

    @GetMapping
    public List<User> getAllUsers() {
        return userService.getAllUsers();
    }

    @GetMapping("/{id}")
    public User getUserById(@PathVariable Long id) {
        return userService.getUserById(id);
    }

    @PostMapping
    public User createUser(@RequestBody User user) {
        return userService.createUser(user);
    }

    @DeleteMapping("/{id}")
    public void deleteUser(@PathVariable Long id) {
        userService.deleteUser(id);
    }
}

Add a properties file for the Database connection

For the connection to work, you need to install MySQL connector and MySQL workbench, set up username and password and create a database called restApi. The MySQL server should be running when you run the Spring Boot Application.

spring.application.name=restApi
spring.datasource.url=jdbc:mysql://localhost:3306/restApi
spring.datasource.username=
spring.datasource.password=
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.jpa.hibernate.ddl-auto = update

For the full code, refer to my Github project here. Run the main application and your app should now be running at localhost:8080

Using the REST API

We initially do not have any users in our database. Let’s add some users.

Add users

curl -X POST http://localhost:8080/users \
     -H "Content-Type: application/json" \
     -d '{
           "userName": "John Doe",
           "userEmail": "johndoe@example.com"
         }'

curl -X POST http://localhost:8080/users \
     -H "Content-Type: application/json" \
     -d '{
           "userName": "Alex",
           "userEmail": "alex@example.com"
         }'

curl -X POST http://localhost:8080/users \
     -H "Content-Type: application/json" \
     -d '{
           "userName": "Tom",
           "userEmail": "tom@example.com"
         }'

List Users

Delete User

curl -X DELETE http://localhost:8080/users/1

Now that we know how to build a simple REST API, let’s look at some best practices to keep in mind when designing REST APIs.

REST API Best Practices

Here are some best practices to adhere to when designing REST APIs.

  • Use the right HTTP methods for different operations.
  • Use nouns for resource names such as id etc. and plural forms for collections such as users, items etc.
  • Be consistent with the naming conventions.
  • Use the right HTTP Status codes.
  • Handle errors on the server side and offer meaningful debug information.
  • Add rate limiting for your application.
  • Implement the right authentication to prevent unauthorized access to the application or data.
  • Document your REST APIs for easy usage.

When to Use REST Vs Other Protocols?

There are various other protocols out there such as SOAP, gRPC, GraphQL, WebsSockets etc.

REST works well in most cases for general purpose APIs, they are simple to implement and interface with and are compatible with most web technologies.

Other protocols such as SOAP are used in more enterprise environments, gRPC is better in use cases which need high performance and low latencies, GraphQL allows more flexibility with fetching data, Web Sockets work well for real time communication APIs.

REST API Observability and Monitoring

It is important to ensure that we log meaningful information and track metrics of our system for observability and performance monitoring.

Define the key metrics for your application and track metrics such as Latency, Throughput, Error rates, CPU usage, memory usage etc. There are many tools these days such as Prometheus for metrics collection and Grafana for visualizing metrics data.

Tracking logs such as Error Logs, Access Logs is also important when designing and maintaining APIs.

Once the metrics and logs are tracked, you can set up alerting on these to take action based on various scenarios.

Summary

I hope you enjoyed reading this ultimate guide to REST APIs where we started from the basics of REST APIs, went on build a simple REST API from scratch using Java SpringBoot and went over REST API design best practices as well Observability and Monitoring to-dos for a system.

If you want to read more such articles, subscribe to my blog below.

Posted in API Development, Software Engineering

Master cURL: A Detailed Guide to API Testing

Posted on by Swetha Kannan

In this blog post, we will take a deep dive into cURL which stands for “Client URL”. It is a command line tool that helps in transferring data to and from a server to a client. cURL supports a lot of different protocols such as HTTP, HTTPS, FTP etc. cURL uses the libcURL URL transfer library.

This blog post contains the following sections.

  1. Introduction to API Testing
  2. cURL Installation
  3. Commonly Used cURL Options
  4. cURL Methods
  5. Practical Example – Google Books API

Introduction to API Testing

API stands for Application Programming Interface which is a set of rules and protocols that allows a client to interact with a software. An API contains

  • Endpoints – these are specific URLS that a client can use to access different methods and resources. Ex: /users, /texts
  • Requests and Responses – Clients send requests to a server endpoint which in turn sends back responses.
  • Data format – APIs can use various formats such as JSON or XML etc for the data being transferred between the client and the server.
  • Authentication – APIs are more secure when they verify identity of a user and require authorization before exchange of data. This can be achieved using API Keys, OAuth, Tokens etc.
  • Methods – Includes methods such as GET, DELETE, PUT, POST etc which perform various actions.

There are different types of API protocols but REST and SOAP are some of the most popular ones. In this blog post, we will use REST protocol to understand cURL commands.

There are various popular API Testing Tools such as Postman, SoapUI, REST Assured, Katalon Studio etc.

cURL Installation

I have a macOS so I use brew. But please follow the instructions here to install cURL based on your operating system.

brew install curl

Commonly Used cURL Options

X: Specify request method (GET, POST etc.)

curl -X GET https://myurl.org/users

-d: Send data in POST request

The “&” is used to separate the key=value pairs. You can also use -F parameter to pass form data as name=value pairs. 

curl -d "name=john&id=2" https://myurl.org/users
curl -F name=john -F id=2 https://myurl.org/users

-H: Request headers

curl -H 'User-Agent: Chrome' -H 'Host: www.myurl.org' https://myurl.org/

Users can use a Bearer token for authorization as well. The bearer token is an encrypted string that provides authentication for a client to get access to protected resources.

curl -H "Authorization: {Bearer token}" https://myurl.org/

-I: Fetch only the HTTP Headers

This is the HTTP HEAD method to get only a resource’s HTTP headers.

curl -I https://myurl.org/

-o: Save output to a file (files with same name will be overwritten)

curl -o picture.png https://myurl.org/pictures/picture-3.png

-L: Redirect

Tell curl to follow redirect requests since curl does not perform 300 redirect requests.

curl -L https://myurl.org

-u: Username and password specification

curl -u {username}:{password} https://myurl.org

-c: Save cookies to a file

This will save the cookies returned by the server in the cookies.txt file.

curl -c cookies.txt https://myurl.org

-b: Read cookies from a file

curl -b cookies.txt https://myurl.org

To activate the cookie engine and read cookies. cURL will see the “=” and know that cookies are specified. 

curl -b {cookie-name}={cookie-value} https://myurl.org

-x: Use proxies

curl -x https://{proxyhost}:{proxyport} https://myurl.org/data

cURL Methods

There are four important cURL methods – GET, POST, PUT and DELETE.

GET Request

This is the default method when making HTTP calls with curl. The following example fetches all the users from the url.

curl https://myurl.org/users

POST Request

POST is used to send data to a receiving service. We can do this using the data or -d option.

curl -X POST -d "name=john&id=2" https://myurl.org/users

PUT Request

PUT is used to update an existing resource. In this case update the user id #1.

curl -X PUT -d "name=john&id=2" https://myurl.org/users/1

DELETE Request

This example deletes the user id #1.

curl -X DELETE https://myurl.org/users/1

Practical Example – Google Books API

Now let’s walk through an actual example in the code below. In the following example, let’s use the Google Books API.

Requests need to be authenticated using the API key or OAuth. Follow the instructions in the link above to get an API key that you can use for the request below.

#!/bin/bash

# Replace with your actual API key
API_KEY="{API_KEY}"

# Define the base URL for the Google Books API
BASE_URL="https://www.googleapis.com/books/v1"

# URL-encode the query term. Harry Potter becomes "Harry%20Potter"
QUERY="Harry Potter"
ENCODED_QUERY=$(echo "$QUERY" | jq -sRr @uri)

# Function to search for books by a query
search_books() {
  echo "Searching for books with query: $QUERY"
  curl -s "${BASE_URL}/volumes?q=${ENCODED_QUERY}&key=${API_KEY}" | jq '.items[] | {title: .volumeInfo.title, authors: .volumeInfo.authors, publisher: .volumeInfo.publisher, publishedDate: .volumeInfo.publishedDate}'
}

# After URL encoding, J.K. Rowling becomes "J.K.%20Rowling"
AUTHOR="J.K. Rowling"
ENCODED_AUTHOR=$(echo "$AUTHOR" | jq -sRr @uri)

# Function to list books by a specific author
list_books_by_author() {
  echo "Listing books by author: $AUTHOR"
  curl -s "${BASE_URL}/volumes?q=inauthor:${ENCODED_AUTHOR}&key=${API_KEY}" | jq '.items[] | {title: .volumeInfo.title, publisher: .volumeInfo.publisher, publishedDate: .volumeInfo.publishedDate}' | head -n 20
}

# Main script execution
search_books

# List books by author
list_books_by_author

The output of the above bash script will be as follows.

Searching for books with query: Harry Potter
{
  "title": "Harry Potter and the Sorcerer's Stone",
  "authors": [
    "J.K. Rowling"
  ],
  "publisher": "Pottermore Publishing",
  "publishedDate": "2015-12-08"
}
{
  "title": "Harry Potter and the Chamber of Secrets",
  "authors": [
    "J.K. Rowling"
  ],
  "publisher": "Pottermore Publishing",
  "publishedDate": "2015-12-08"
}
{
  "title": "Harry Potter and the Prisoner of Azkaban",
  "authors": [
    "J.K. Rowling"
  ],
  "publisher": "Pottermore Publishing",
  "publishedDate": "2015-12-08"
}
{
  "title": "Harry Potter and the Cursed Child",
  "authors": [
    "J. K. Rowling",
    "Jack Thorne",
    "John Tiffany"
  ],
  "publisher": null,
  "publishedDate": "2017"
}
{
  "title": "The Irresistible Rise of Harry Potter",
  "authors": [
    "Andrew Blake"
  ],
  "publisher": "Verso",
  "publishedDate": "2002-12-17"
}
{
  "title": "The Psychology of Harry Potter",
  "authors": [
    "Neil Mulholland"
  ],
  "publisher": "BenBella Books, Inc.",
  "publishedDate": "2007-04-10"
}
{
  "title": "Harry Potter and the Half-Blood Prince",
  "authors": [
    "J.K. Rowling"
  ],
  "publisher": "Pottermore Publishing",
  "publishedDate": "2015-12-08"
}
{
  "title": "Fantastic Beasts and Where to Find Them: The Illustrated Edition",
  "authors": [
    "J. K. Rowling",
    "Newt Scamander"
  ],
  "publisher": "Arthur A. Levine Books",
  "publishedDate": "2017-11-07"
}
{
  "title": "JK Rowling's Harry Potter Novels",
  "authors": [
    "Philip Nel"
  ],
  "publisher": "A&C Black",
  "publishedDate": "2001-09-26"
}
{
  "title": "The Magical Worlds of Harry Potter",
  "authors": [
    "David Colbert"
  ],
  "publisher": "Penguin",
  "publishedDate": "2008"
}


Listing books by author: J.K. Rowling
{
  "title": "Conversations with J. K. Rowling",
  "publisher": null,
  "publishedDate": "2002-01-01"
}
{
  "title": "Harry Potter and the Walls of America",
  "publisher": "Createspace Independent Publishing Platform",
  "publishedDate": "2017-01-01"
}
{
  "title": "Harry Potter and the Philosopher's Stone - Ravenclaw Edition",
  "publisher": "Bloomsbury Children's Books",
  "publishedDate": "2017-06"
}
{
  "title": "Harry Potter and the Philosopher's Stone",
  "publisher": "Bloomsbury Harry Potter",
  "publishedDate": "2001"
}

Hope you are now confident with making cURL requests! In the next blog post, let us look into Postman in detail – an API testing tool that makes things way easier for API development.