You're reading from Building an API Product Design, implement, release, and maintain API products that meet user needs

Product type Paperback

Published in Jan 2024

Last Updated in Jan 2024

Publisher Packt

ISBN-13 9781837630448

Length 278 pages

Edition 1st Edition

Concepts

Design

Author (1):

Bruno Pedro

View More author details

Table of Contents (26) Chapters

Preface

1. Part 1:The API Product

2. Chapter 1: What Are APIs? FREE CHAPTER

3. Chapter 2: API User Experience

4. Chapter 3: API-as-a-Product

5. Chapter 4: API Life Cycle

6. Part 2:Designing an API Product

7. Chapter 5: Elements of API Product Design

8. Chapter 6: Identifying an API Strategy

9. Chapter 7: Defining and Validating an API Design

10. Chapter 8: Specifying an API

11. Part 3:Implementing an API Product

12. Chapter 9: Development Techniques

13. Chapter 10: API Security

14. Chapter 11: API Testing

15. Chapter 12: API Quality Assurance

16. Part 4:Releasing an API Product

17. Chapter 13: Deploying the API

18. Chapter 14: Observing API Behavior

19. Chapter 15: Distribution Channels

20. Part 5:Maintaining an API Product

21. Chapter 16: User Support

22. Chapter 17: API Versioning

23. Chapter 18: Planning for API Retirement

24. Index

Why subscribe?

25. Other Books You May Enjoy

Authorization

With authentication, you make sure API consumers are correctly identified, and their access is controlled. Authorization happens right after, and its goal is to establish what authenticated users are allowed to do when accessing your API.

RBAC

One popular authorization model is role-based access control (RBAC). It works by first establishing a set of roles and then associating roles with permitted actions. Examples of common roles include the “administrator” and the “regular user.” Each feature then has to verify what role the API consumer has and if the requested action is listed as permitted for that role.

It’s important to highlight that, to be considered effective, RBAC has to be enforced at the interface level and then on each feature that the API server implements. Otherwise, you might end up letting users perform actions for which they don’t have the right permission. It’s possible to implement RBAC at the...