© 2018

API Development

A Practical Guide for Business Implementation Success


Table of contents

  1. Front Matter
    Pages i-xiv
  2. Sascha Preibisch
    Pages 1-9
  3. Sascha Preibisch
    Pages 11-21
  4. Sascha Preibisch
    Pages 23-39
  5. Sascha Preibisch
    Pages 41-60
  6. Sascha Preibisch
    Pages 61-105
  7. Sascha Preibisch
    Pages 107-124
  8. Sascha Preibisch
    Pages 125-142
  9. Sascha Preibisch
    Pages 143-158
  10. Sascha Preibisch
    Pages 159-169
  11. Back Matter
    Pages 171-178

About this book


Implement application programming interface (API) usability, security, availability, reliability, and scalability to extend your company’s market and potentially generate revenue. Businesses know they need to extend their markets into the digital world, and expose internal data to the Internet. This book shows how stakeholders within an organization can make it a successful journey.

Stakeholder needs are not identical and departments experience difficulties discussing requirements with each other due to their different fundamental understanding of the process. The goal of this book is to introduce a common language for all business groups—developers, security experts, architects, product managers—around APIs and provide an overview of all aspects that need to be considered when exposing internal data.

Most of the content in this book is based on feedback from real-world enterprise customer questions, challenges, and business scenarios. Practical guidance is provided on the business value of APIs, the general requirements to know, and how to undertake an audience-based implementation. You will learn how to protect access to data, as well as API error handling, documentation, management, integration, and more.

What You’ll Learn:

  • Know the types of APIs and their business and technical requirements
  • The main benefits of APIs, including business value, loose coupling, and frequent updates
  • Protect access to APIs through role-based access, attribute-based access, and rate limiting
  • Distinguish between OAuth and OpenID Connect, and know how they both work
  • Manage API error handling, including what should and should not be handled
  • Understand the distinction between runtime, dynamic data, and static data
  • Leverage external APIs as part of your own APIs


API APIs API security API management API gateways Microservices Developers Web development Software architects Loose coupling OAuth OpenID Connect Caching CA Technologies

Authors and affiliations

  1. 1.RichmondCanada

About the authors

Sascha Preibisch has been involved in enterprise-grade software development since 2005. He worked as a consultant in Switzerland where he helped customers expose SOAP-based web services in a secure way. Today, as software architect for CA Technologies in Vancouver, Canada, he works with customers who expose RESTful services. He advises customers in the usage of OAuth, OpenID Connect, mobile API security, and SSO between mobile and desktop applications. Sascha regularly attends the Internet Identity Workshop (IIW) in Mountain View,California, USA, which is the birth place of OAuth 2.0 and OpenID Connect. He is a member of the OpenID Foundation. He maintains a blog on all aspects of API development, and he wrote a short book about a software framework (Application Development with XML, Eclipse RCP, and Web Services). Sascha holds a patent on a secure mobile app registration protocol. 

Bibliographic information

Industry Sectors
IT & Software
Consumer Packaged Goods
Finance, Business & Banking
Oil, Gas & Geosciences