Professional Documents
Culture Documents
Web Services and Security
Web Services and Security
Web Services and Security
SAIT 205
Web services
• Web service is a standardized medium to propagate communication
between the client and server applications on the World Wide Web.
• Web services provide a common platform that allows multiple
heterogenous applications built on various programming language to have
the ability to communicate to one another.
• There are mainly two types of web services: SOAP web services and RESTful
web services.
• Soap(Simple object access protocol) is a messaging protocol specification
for exchanging structured information in the implementation of web
services in computer networks.
• A REST API is an application programming interface that conforms to the
constrains of REST architectural style and allows for interaction with
RESTful web services.
Web Services
SOAP Web services
• This is based onsta simple client server connection model. This came into play during the internet
boom of the 21 century, the server needed to respond to thousands of requests.
• The server must be aware of what is happening with the client and this can be handled in two ways:
• Stateful: server must keep the information that it receives from the client across multiple
requests(stores the client information). Churning of messages.
• This may be crucial in situations involving multiple parties and complex transactions example bank
transactions and flight bookings(heavy on the server.
• Stateless: Each message contains enough information about the state of the client so that the
server don’t need to be bothered about it. Once the server returns the requested data it forgets
about the clients. Each request is isolated from the previous one.
• Stateless operations helps to reduce server load and increase speed of communication.
• Soap is designed to be , operating system, platform independent and is based on xml.
Soap message structure
• A soap message is encoded as
an XML document, consisting
of an <Envelope> element
which contains an optional
<Header> element and a
mandatory <Body> element.
• The <Fault> element,
contained in the <Body> is
used for reporting errors.
• Task 1: Install soap UI
Why REST API
• Consider a movie booking application where you book for a movie for both
online and offline(box office) viewing.
• The application reserves your movie, the time of the movie and the seat
number for the movie.
• In such an application data is never static ,they is a lot of input data and
data keeps on changing every time. The movie titles, time and seats keep
on changing daily and is updated on a regular bases.
• In a client server architecture a client can send a request and the server
send a response/ returns data in the form of a structured data either in the
JSON Format or XML Format.
• These two formats has a proper structure in which data can be
represented.
JSON AND XML FORMAT
• XML FORMAT
<city>
<movies>
<category>coming soon</category>
</movies>
</city>
• JSON FORMAT
{‘city’:{
‘movies’:{
‘category’: ‘coming soon’
}
}
The problem
• You need to put in a lot of methods(Request Object, Response
Object) to retrieve the data.
• Too much work to be done to get the response/ return the data and
considering that you are doing this continuously this becomes
cumbersome.
• This where the REST API comes into play .
What is REST API
• Representational State Transfer
• You can create an object on the server side and return the values of an
object in response to the user.
• Will the movie Mukadota shown in the movie house situated at the
Westgate mall tomorrow afternoon at 2 p.m.?
• When a client sends a request to the server, rest API creates an object on
the server of these particular request and it finds whether the info is
available. It searches for the data on the server for the client. If it finds out
the data is present , it sends the response back to the client with the values
of that particular object.
• You are creating an object and you have the values of an object . The
values of the object are send to the client. This is the state of the object
being send to the client.
REST
• Each and every time you don’t need to generate a new object.
• You just need to pass the state of that object to the client.
• Object to be passed to the client
▪ City
▪ Movie name
▪ Place
▪ Timing
• Since you are passing the state of an object that’s when the term
Representational State Transfer comes in.
REST
• REST is an architectural style as well as an approach for
communications purpose that is often used in various web services
development.
• It is often regarded as the language of the internet
• It is a stateless client and server model
Conceptual Overview
Representational State Transfer (REST)
• Client-server
• Separation of concerns
• Clients are separated from servers by a uniform interface.
• Networking
• Clients are not concerned with data storage, which remains internal to each server, so
that the portability of client code is improved. Servers are not concerned with the user
interface or user state, so that servers can be simpler and more scalable.
• Independent evolution
• Servers and clients may also be replaced and developed independently, as long as the
interface is not altered.
Conceptual Overview
REST Architectural Constrains (2)
• Stateless communication
• Scalability, reliability
• No client context being stored on the server between requests. Each request from any
client contains all of the information necessary to service the request.
• Resources are conversationally stateless
• Any conversational state is held in the client.
• Uniform Interface
• Simplicity (vs. efficiency)
• Large-grained hypermedia data transfer
• Example: Create, Retrieve, Update, Delete
Conceptual Overview
REST Architectural Constrains (3)
• Caching
• Efficiency, scalability
• Well-managed caching partially or completely eliminates some client-server interactions,
further improving scalability and performance.
• Consistency issues
• As on the World Wide Web, clients are able to cache responses. Responses must therefore,
implicitly or explicitly, define themselves as cacheable or not, to prevent clients reusing stale or
inappropriate data in response to further requests.
• Code-on-demand
• Extending client functionality
• Servers are able to temporarily extend or customize the functionality of a client by transferring
to it logic that it can execute. Examples of this may include compiled components such as Java
applets and client-side scripts such as JavaScript.
Features of Rest
• Simpler than SOAP
• Comes with a good documentation
• It has proper logging of error messages. E.g. lets say you are creating
a REST API using a particular framework , if you error it gives you the
error as it is.
Principles of REST API
• Stateless
• Client Server
• Uniform Interface
• Cacheable
• Layered System
• Code on Demand
Principles of REST API
• Stateless: When request are send from the client to the server. It contains all the
information that is required to make the server understand it. It can be URL, query string
parameters. URL uniquely identifies the resource
• Client Server: It has a uniform interface that separates the client from the server.
Separation of concerns basically helps it to improve users interface portability across
multiple platforms. It enhances the scalability of the server components.
• Uniform interface: REST has four interface constraints to achieve uniform interface.
Resource identification, resource manipulation, self descriptive messaging
• Cacheable: in order to provide a better performance the applications are mirrored as
cacheable. It is done by labelling the response from the server as cacheable or non
cacheable either implicitly or explicitly.
• Layered System: This allows the application to be more stable by limiting the component
behavior. It enables load balancing and provide shared cache for promoting scalability.
The layered architecture helps enhances application security as the components in each
layer cannot interact beyond the next immediate layer.
Methods of REST API
• We use the acrimony CRUD
• Create , Read, Update, Delete a resource.
• Resource is something the client want to know or the data the client is
looking for e.g. this URL https://mymovies.com/action/mukadota
represents a resource.
• To achieve CRUD you use the http methods which are methods of REST API
• C, Create we use POST
• R, Read, we use GET
• U, Update, we use PUT
• D, Delete, we use Delete
• POST, GET, PUT, DELETE are the http methods.
Monolithic Architecture
• Monolithic architecture is like a big container wherein all the
software components of an application are assembled together and
tightly packaged.
Monolithic architecture example
Drawbacks of monolithic application