In this video, Keith Casey describes how individual middlewares fit together with sorting, weighting, and before and after handling.
- View Offline
- [Narrator] So let's make sure we understand…our constraints and concerns.…First, we need to keep the API credentials a secret.…So we need to remember what is secure and what is not.…The URL we request is not secure or secret.…Anything we put into the URL such as credentials…will be captured and stored by web servers,…proxies, and caching systems across the internet.…And even tools like Runscope or Postman…will store them indefinitely.…In fact, once we put an API key in the URL,…we may copy and paste that into an email…or slack channel without even thinking about it.…
Alternatively, everything in the header…is somewhat protected.…I don't mean they're encrypted or a complete secret,…but the headers are not captured and stored by default.…This isn't perfect, but it's heading in the right direction.…Next, we want to limit damage or separate concerns…in case the credentials are compromised.…As a result, we don't want to use…our account's username and password.…While that seems like an easy solution,…it's creating some unnecessary dependencies.…
This course begins with a simple application specification and builds it one step at a time. Each chapter includes a key concept, with examples from other public APIs, and then shows how to build it yourself with Silex. Learn about URL routing, validating input, and generating response codes and hypermedia payloads. Like any project, the first implementation may be a little messy, but don't worry. The last chapter covers refactoring and what it takes to scale and support the API going forward.
- Understanding the project goals
- Adding authentication with Silex
- Using cross-framework and authentication middleware
- Creating a read-write API in Silex
- Uploading files via an API
- Adding file security
- Creating payloads and response codes in Silex
- Scaling your API