my blog. for you.

Let’s talk digital.

I’m an independent IT consultant and entrepreneur in the Internet and software business. I’m interested in design, enterprise applications, web apps and SaaS products. I design and develop business solutions and applications. I help companies in terms of software quality and knowledge transfer, e.g. with Angular and Spring Boot.

Problem Spring Web: A Library for Handling Problems in Spring Web MVC

Problem Spring Web is an implementation of the proposed application/problem+json HTTP API problem details response for Spring Web (im both its MVC and WebFlux flavours). Error responses should be a first-class citizen when it comes to providing REST APIs. These responses often are generated in an ad-hoc, non-standardised fashion, which not only makes handling such responses more difficult and tedious in client applications but also makes for less maintainable software in the back-end software providing the API. Problem Spring Web attempts to ... Read more

Documenting REST APIs Provided by Express Applications

swagger-jsdoc is an NPM library that allows us to generate an OpenAPI specification for REST APIs provided by an Express application. swagger-jsdoc consumes YAML-formatted OpenAPI specification segments within JSDoc comments annotated with the @openapi annotation and turns those into a comprehensive OpenAPI specification for our API. This specification, in turn, can for example be used for automatically having a Swagger UI documentation page created for our REST APIs (using Swagger UI Express, for instance). While annotating Express routes with syntactically and semantically correct OpenAPI ... Read more

CORS: What It Is and How It Works

Expanding on last week's article on best practices for REST API Design I'd like to point to a specific aspect working REST APIs frequently entails: A browser security feature called "Cross-Origin Resource Sharing (CORS)". This feature allows you to define which resources provided by a web application are supposed to be accessible from which origin, which in turn typically is comprised of protocol, host / domain name and port. This website's origin for example is https://bjoernkw.com:80 (port 80 is the default port ... Read more

REST API Design: Best Practices

It's probably safe to say that REST (REpresentational State Transfer - originally described by Roy Fielding) is the most widely used architectural pattern when it comes to APIs in web application contexts. From statelessness, to self-descriptive messages, and hypermedia as the engine of application state (HATEOAS) REST comes with quite a few principles, constraints, patterns, and flavours, not all of which are used or applied consistently with each REST API. REST often is a rather loosely-applied architectural pattern or a continuum, on ... Read more

The Richardson Maturity Model for REST APIs

On his website about software design patterns Martin Fowler provides an in-depth explanation of the Richardson Maturity Model for HTTP-based REST APIs by Leonard Richardson. According to that model REST APIs come in 4 levels of sophistication: Level 0, aka the "Everything is a POST request" model for example propagated by SOAP. This is basically tantamount to remote procedure invocation. Level 1 - Resources: Every resource is accessed through its own canonical URL. Level 2 - HTTP Verbs: Verbs such as GET, PUT, PATCH and ... Read more

JSON Web Tokens: Downsides, Best Practices and Secure and Robust Alternatives

JSON Web Tokens (JWTs) nowadays are commonly used for transmitting authentication data in web applications, especially those exhibiting the widespread client-server architecture where you have a fat client / single-page application written in JavaScript as a front-end and a back-end server providing REST endpoints for use by that front-end client. However, while common there are good arguments against this practice. In a nutshell, JWT often are used for storing session data such user authorization and authentication information although they aren't particularly well-suited to ... Read more

Jess Frazelle: “For the Love of Pipes”

Somewhat recently, Jess Frazelle wrote about her love of UNIX pipes, a sentiment I wholeheartedly share, to the extent that I think web apps should behave more like Unix programs by making data readily available via APIs so other applications can easily process that data. This, in a nutshell, is the Unix philosophy as stated by Doug McIlroy: Make each program do one thing well. To do a new job, build afresh rather than complicate old programs by adding new "features". Expect the output ... Read more

HTTP and REST Standards, Protocols and Headers for More Secure and More Robust Applications

Standards.REST is a website that helps you create better, more robust HTTP- and REST-based applications by providing an overview of existing, proven standards that allow you to build on existing solutions rather than re-invent the wheel yourself. The list of standards mentioned includes OAuth 2.0, the HTTP Caching standard and Application-Level Profile Semantics (ALPS), which - among others - is used extensively in Spring Data REST and Spring HATEOAS. On a closely related note, Stefan Judis published an article on HTTP headers ... Read more

More on JSON and REST API Specifications

Expanding on my previous posts about annotating and validating JSON data structure with JSON Schema defining and documenting REST APIs using Swagger I have two additional suggestions for tools that help you define and build HTTP-based APIs in a less haphazard, more deliberate manner: JSON API: While JSON Schema allows you to annotate and validate JSON-based data types JSON API gives you clear, opinionated guidelines for structuring JSON API responses so you don't have think about those implementation details yourself. Having uniform guidelines for API ... Read more

Swagger: A Roundtrip Tool For Creating And Consuming REST APIs

In this second part of my series on useful tools for developing CRUD applications I'd like to introduce Swagger and Swagger Codegen in particular. Introduce perhaps isn't exactly the right word because first of all Swagger is quite well known in developer circles these days. Secondly, a few months ago I wrote a blog post about how to use Swagger to generate client SDKs for REST APIs. Swagger - originally having originated at Wordnik is a tool for documenting and publishing their ... Read more
Next Page »