APIs like googlemaps API of facebook API are public and can be consumed by anybody. So my question is how do you make REST API private so it can be consumed only by choosen one consumer. For example You make Rest API only for your pwn AngularJS app. Is it common to do this, what is real world approach for this? And in that matter is there any differences between REST API and REST Web Services?
Facebook API的googlemaps API之类的API是公开的,任何人都可以使用。所以我的问题是如何将REST API设为私有,这样只有选择一个消费者才能使用它。例如,您只为您的pwn AngularJS应用程序制作Rest API。这样做是否常见,现实世界的方法是什么?那个问题是REST API和REST Web服务之间有什么区别吗?
2 个解决方案
#1
If I were to write a private RESTful API, I probably wouldn't bother to make it RESTful in the first place.
如果我要编写一个私有的RESTful API,我可能不会在第一时间让它成为RESTful。
By making a REST API private, you're losing one of this architectural style's primary advantages. Implementing an API like this is difficult but in return you get the ease of scalability and the ability for the consumers of your API to write clients that are not likely to break because of future changes (as long as you follow HATEOAS and use well-defined formats).
通过将REST API设为私有,您将失去这种架构风格的主要优势之一。实现这样的API很困难,但作为回报,您可以轻松实现可扩展性,并且API的使用者能够编写因未来更改而不可能破坏的客户端(只要您遵循HATEOAS并使用定义良好的格式)。
If you have the option to control both the service and all of its clients, giving up some of the constraints imposed by a RESTful architecture might actually be a good idea.
如果您可以选择同时控制服务及其所有客户端,那么放弃RESTful架构所施加的一些约束实际上可能是个好主意。
You should be fine with a simple API that serves JSON over HTTP as long as you stick to the protocol semantics.
只要您坚持使用协议语义,您就可以使用通过HTTP提供JSON的简单API。
In other words, you could implement a service that fulfils the requirements of a Level 2 API, as described by the Richardson Maturity Model
换句话说,您可以实现满足Level 2 API要求的服务,如Richardson成熟度模型所述
Because you wouldn't be making full use of the advantages offered by a Level 3 API, not to mention an actually RESTful API, implementing one could just prove an unnecessary effort.
因为您不会充分利用Level 3 API提供的优势,更不用说实际的RESTful API了,实现它可能只是证明了不必要的努力。
I gave a more comprehensive description of these design considerations in my answer to a programmers.stackexchange question. You can find some useful references in there as well.
在我对programmers.stackexchange问题的回答中,我对这些设计注意事项进行了更全面的描述。你也可以在那里找到一些有用的参考资料。
#2
You can make API private by requiring some authorization / authentication to use it (simple API keys for example).
您可以通过要求某些授权/身份验证来使API私有(例如,简单的API密钥)。
REST API vs REST Web Services?
REST API与REST Web服务?
Well, put it this way. REST Web services have REST APIs. Web service is a group of APIs united by purpose.
好吧,就这么说吧。 REST Web服务具有REST API。 Web服务是一组按目的联合的API。
#1
If I were to write a private RESTful API, I probably wouldn't bother to make it RESTful in the first place.
如果我要编写一个私有的RESTful API,我可能不会在第一时间让它成为RESTful。
By making a REST API private, you're losing one of this architectural style's primary advantages. Implementing an API like this is difficult but in return you get the ease of scalability and the ability for the consumers of your API to write clients that are not likely to break because of future changes (as long as you follow HATEOAS and use well-defined formats).
通过将REST API设为私有,您将失去这种架构风格的主要优势之一。实现这样的API很困难,但作为回报,您可以轻松实现可扩展性,并且API的使用者能够编写因未来更改而不可能破坏的客户端(只要您遵循HATEOAS并使用定义良好的格式)。
If you have the option to control both the service and all of its clients, giving up some of the constraints imposed by a RESTful architecture might actually be a good idea.
如果您可以选择同时控制服务及其所有客户端,那么放弃RESTful架构所施加的一些约束实际上可能是个好主意。
You should be fine with a simple API that serves JSON over HTTP as long as you stick to the protocol semantics.
只要您坚持使用协议语义,您就可以使用通过HTTP提供JSON的简单API。
In other words, you could implement a service that fulfils the requirements of a Level 2 API, as described by the Richardson Maturity Model
换句话说,您可以实现满足Level 2 API要求的服务,如Richardson成熟度模型所述
Because you wouldn't be making full use of the advantages offered by a Level 3 API, not to mention an actually RESTful API, implementing one could just prove an unnecessary effort.
因为您不会充分利用Level 3 API提供的优势,更不用说实际的RESTful API了,实现它可能只是证明了不必要的努力。
I gave a more comprehensive description of these design considerations in my answer to a programmers.stackexchange question. You can find some useful references in there as well.
在我对programmers.stackexchange问题的回答中,我对这些设计注意事项进行了更全面的描述。你也可以在那里找到一些有用的参考资料。
#2
You can make API private by requiring some authorization / authentication to use it (simple API keys for example).
您可以通过要求某些授权/身份验证来使API私有(例如,简单的API密钥)。
REST API vs REST Web Services?
REST API与REST Web服务?
Well, put it this way. REST Web services have REST APIs. Web service is a group of APIs united by purpose.
好吧,就这么说吧。 REST Web服务具有REST API。 Web服务是一组按目的联合的API。