API Integration

Review API Server Build

1. Explain the different between a query string parameter and a path parameter.

The path parameter defines the resource location, while the query parameter defines sort, pagination, or filter operations. The user’s input (the query) is passed as a variable in the query parameter, while each path parameter must be substituted with an actual value when the client makes an API call.

2. What would our API URL with a path id parameter be given the following information:

1. Domain: http://our-site.com
2. v3
3. model name: stuff
4. id: things

http://our-site.com/v3/stuff/things

3. We have created a dynamic API with an “interface”. Describe how that interface works to a non-technical friend.

Review Auth Server Build

1. Describe how you would use middleware to implement basic and bearer auth.

Basic auth middleware provides an HTTP basic authentication. For valid credentials it calls the next handler. In the context of an HTTP transaction, basic access authentication is a method for an HTTP user agent (e.g. a web browser) to provide a user name and password when making a request. In basic HTTP authentication, a request contains a header field in the form of Authorization: Basic <credentials>, where credentials is the Base64 encoding of ID and password joined by a single colon :.

Bearer authentication (also called token authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens. The name “Bearer authentication” can be understood as “give access to the bearer of this token.” The bearer token is a cryptic string, usually generated by the server in response to a login request. The client must send this token in the Authorization header when making requests to protected resources

2. Describe the handshake necessary to implement OAuth.

Step 1 – The User Shows Intent. Step 2 – The Consumer Gets Permission. Step 3 – The User Is Redirected to the Service Provider. Step 4 – The User Gives Permission. Step 5 – The Consumer Obtains an Access Token. Step 6 – The Consumer Accesses the Protected Resource.

3. Describe how Role Based Access Control works to a non-technical friend.

• Define the resources and services you provide to your users (e.g., email, CRM, file shares, cloud apps) .
• Create a mapping of roles to resources from step 1 such that each function can access resources needed to complete their job.
• Create security groups that represent each role.
• Assign users to defined roles by adding them to the relevant role-based groups.
• Apply groups to access control lists on the resources (e.g., folders, mailboxes, sites) that contain data