O’REILLY Learning「Microservice APIs」11〜14


Part 4. Securing, testing, and deploying microservice APIs

API認証の最新標準はOpenID Connectで、API認証はOpen Authorization (OAuth) 2.1。

11 API authorization and authentication

This chapter covers
・Using Open Authorization to allow access to our APIs
・Using OpenID Connect to verify the identity of our API users
・What kinds of authorization flows exist, and which flow is more suitable for each authorization scenario
・Understanding JSON Web Tokens (JWT) and using Python’s PyJWT library to produce and validate them
・Adding authentication and authorization middleware to our APIs

JSON Web Token (JWT) のエンコードとデコードを可能にするPythonライブラリ。
JWTは、2者間で安全にクレームを表現するためのオープンな業界標準(RFC 7519)。


最も重要なプロトコルはOAuth (Open Authorization) とOpenID Connect (OIDC) の2つ。

12 Testing and validating APIs

This chapter covers
・Generating automatic tests for REST APIs using Dredd and Schemathesis
・Writing Dredd hooks to customize the behavior of your Dredd test suite
・Using property-based testing to test APIs
・Leveraging OpenAPI links to enhance your Schemathesis test suite
・Testing GraphQL APIs with Schemathesis

HTTP API Testing Framework


13 Dockerizing microservice APIs

This chapter covers
・How to Dockerize an application
・How to run Docker containers
・How to run an application with Docker Compose
・Publishing a Docker image to AWS Elastic Container Registry

14 Deploying microservice APIs with Kubernetes

This chapter covers
・Creating a cluster with AWS’s Elastic Kubernetes Service (EKS)
・Exposing services using the AWS Load Balancer Controller
・Deploying services to a Kubernetes cluster
・Managing secrets securely in Kubernetes
・Deploying an Aurora Serverless database

Appendix A. Types of web APIs and protocols

・RPC and its variants, JSON-RPC and XML-RPC

memoO'REILLY Learning

Posted by shi-n