Take this

Software Development / Web Development

RESTful Web API Design with Node.js

Explore the practical sides of REST to build data-centric applications with Node


About This Video

  • Work through a series of guidelines and best practices to efficiently design RESTful Web APIs with Node
  • Understand the structure of APIs, their authentication protocols, and their implementation tools
  • This practical guide provides the knowledge you need to delve into the endless possibilities enabled by Big Data

In Detail

RESTful Web APIs allow developers to create unprecedented applications by leveraging the data on the Internet. Since JavaScript is the language of the web, building APIs using Node.js provides a seamless development experience on both the front end and the back end.

This video course gives you an overview of a RESTful API and goes through the logical steps of building one. It explores three different APIs, focusing on their similarities and differences to effectively implement one.

We’ll start off by defining APIs, showing how they can be built on top of HTTP, and listing the properties that make an API RESTful. We will develop Twitter Notes, a web application that lets its users leave notes for their Twitter friends. We will use Twitter’s API to implement a login flow and then design a web API. In addition to using Twitter’s API, we will take a closer look at two other real-world APIs—Facebook API and GitHub API. Finally, we’ll end up honing some best practices to keep the APIs secure, maintainable, and performant.

By the end of this course, you will have a good grasp of APIs, HTTP, REST, OAuth 1.0a, API testing, and API security. Since the course explores three different REST APIs, you will reach a level where you will be comfortable using any RESTful API, even if it does not have an SDK.

Full details


  • REST Fundamentals
    The Course Overview
    This video provides an overview of the entire course.
    What Is an API?
    The aim of this video is to define API in the context of this course. The video shows what an API is, what it is not, and how is it used in client-server communication. • Discuss the meaning of API • Show how APIs are used in the real world • Describe what a web API is
    Communication via HTTP
    This video aims to give the viewers an introduction to HTTP by focusing on the parts that are used in RESTful APIs. The terms that are explained in this video will be used throughout the course. • Show the anatomy of an HTTP request • Talk about the parts of a request in more detail • Illustrate the differences between a request and a response
    Identifying REST Resources
    This video explains the three kinds of REST resources, the endpoint names of each kind, and the methods that can be applied to each endpoint. • Show the interface to a REST collection • Show the interface to a REST element • Go over remote procedure calls using HTTP
    Properties of RESTful APIs
    APIs can run over HTTP and yet not be RESTful. This video covers the architectural constraints and properties that make an API RESTful. • Clarify that REST is an architecture and not a standard • Explain each of the six architectural constraints of REST • Show why REST is a good architectural decision for APIs
    Setting Up the Environment
    This video deals with setting up the development environment so that we are ready to create our application. • Learn the basics of Express.js and create an Express.js application • Generate Twitter API keys and add them to the application • Install MongoDB and the Node.js MongoDB client
  • Consuming a RESTful API
    A Look at OAuth 1.0a
    This video deals with the problem of authentication in REST APIs on behalf of users. It presents an overview of OAuth, which is an open standard for authentication that is common in REST APIs. • Explain OAuth and its uses • List the parties involved in OAuth • Show the process or authentication flow of OAuth
    Creating an OAuth Login Request
    We want to create the OAuth authentication flow in our application. This video shows how to generate a request token, send users to Twitter to sign in, and get authenticated users back to our application. • Set up Express.js routes for the authentication flow • Get Twitter’s API keys and add them to our application • Implement the authentication flow up to get temporary credential
    Getting an Access Token
    After user signed in to Twitter and authorized our application, the application now needs to get an access token to access the user’s Twitter profile and log the user in. • Exchange the request token for an access token • Use the access token to get the user’s profile • Sign the user into the application
    Exploring Twitter’s REST API
    Now that we have access to a user’s Twitter data, we need to use the data in our application. In this video, you will learn about Twitter’s API concepts, such as cursored collections and bulk APIs. • Use Twitter’s API to tweet and search for tweets • Navigate a cursored collection resource • Use async.js to combine API responses
    Saving Data in MongoDB
    Hitting Twitter’s API every time the app needs Twitter data is slow and can result in Twitter blocking our application. In this video, we will learn how to store Twitter’s data in our database to minimize the use of Twitter’s API. • Update the code to resemble the sample application • Save Twitter’s responses in MongoDB • Load the saved data from MongoDB
  • Building a RESTful API
    Designing the API Specifications
    The first step while building an API is to write the specifications. In this video, we will learn how to design the specifications from the data we have and the requirements that we want. • We look at the data in our database • Choose a representation by finding the requirements • We define the REST resources for our API
    Creating the API Handlers
    We know what the API should look like. Now we need to build it. In this video, we will define the API’s route handlers and call the API from the client to have a functional application. • Set up the API routes • Write the API route handlers • Show how AJAX requests are made on the client
    Acceptance Testing with Postman
    Changing an API can break an application. For this reason, every API should have acceptance tests, which help prevent breaking apps. In this video, we will use Postman to write acceptance tests for our API. • Explain acceptance testing and why it is important • Install Postman and describe its interface • Write acceptance tests using Postman
    Load Testing and Going Multicore
    An API that serves one request per second cannot have the same infrastructure as one that serves thousands of requests per second. In this video, we will learn how to measure the capacity of our API and how to increase that capacity by utilizing multiple CPU cores. • Explain load testing and why it is important • We load-test our API using Apache Benchmark • Increase CPU utilization using Node.js’s cluster module
  • APIs in the Real World
    Facebook Graph API
    A single API structure cannot fit all applications. We will look at how Facebook structured its API as a social graph. By the end of this video, you will understand what the Facebook Graph API is and how to use it. • Explain the graph’s structure and its use of REST resources • Look at Facebook’s API permissions • Use the Graph API Explorer to post and read posts
    GitHub API
    Some data needs time to be computed on the server. This makes the server slow under heavy load. In this video, we will see the approach that GitHub uses to keep its responses fast. • Show GitHub’s summary representations and detailed representations • Discuss GitHub’s use of HTTP verbs, especially PATCH • Look at HATEOAS and caching in the API
    The primary use of APIs is to connect applications. We will look at IFTTT, the perfect example of doing just that. • Show two recipes to illustrate IFTTT’s capabilities • Demonstrate some trigger APIs • Demonstrate some action APIs
  • Best Practices
    Security Considerations
    In this course, we’ve taken a pedagogical approach to explaining how APIs and authentication is done. In this video, we will look at the security issues with our API and what needs to be done to handle them. • Explain the importance of using HTTPS everywhere • We describe session hijacking, our API’s vulnerability, and the solution • Emphasize the importance of securing secret keys
    APIs are designed to be used by other people. These users need an easy way to know the capabilities of an API without reading source code. In this video, we will take a look at the tools for generating API documentation. • Cover three API documentation tools: Swagger, API Blueprint, and apiDoc • Generate an HTML page from an API Blueprint • Run a mock server using an API Blueprint
    Software requirements always change, and these changes should not break the apps or destroy the businesses of those using our APIs. API versioning helps us keep old clients compatible while providing new clients with all the new features. • Explain why API versioning is important • Show how API versioning can be done using URLs • Show how API versioning can be done using HTTP headers
    Performance and bandwidth are limited, so we should use them as efficiently as possible. This video shows three ways of caching responses to help conserve bandwidth and maximize performance. • Look at the HTTP mechanism for cache control • Explain in-memory data stores and their usage • Show reverse proxy caching for APIs


  • Application-Program Interface (API)
  • Node.js
  • Web API

Similar Courses

More Courses by this Instructor