Yesterday we updated the endpoints in the API and today I was going to implement it in RAML and let the generator we use to create the Spring MVC code. However, I had another problem with the generator again as it wasn’t generating the createTask method anymore because I put the boardId in the path. Besides that, the code started to get messy with no added benefit anymore.
Before we implement any security, let’s step back and add multiple kanban boards for a user.
Last time we started talking about security and I asked you how you would advise me as your client.
It is time for thinking about the securing our API. Right now, it is open to everyone, which we don’t want. So, what choices do we have?
When we return error messages, and along, we should not expose too much information. Same goes for normal data. More, especially detailed is not always better. It depends on the type of API and what the clients do with it and who the clients are.
Last time we talked about using proper HTTP status codes and also returning errors in a JSON format back to the client.
Let’s start talking about error handling in our API.
The black box testing with a RAML tool failed last time, so we are left with unit and our own integration tests. Which brings me to the point what should we use? Should our tests focus more on pure unit testing or more integration tests, testing different parts at the same time?
This episode is another one of “it didn’t work out as planned.” I originally wanted to use Abao as a tool for testing my API implementation against the RAML description. Unfortunately, Abao only works with RAMl 0.8 and not with RAML 1.0 which I was using. The request ticket for RAML 1.0 support was opened in 2015 and is still not done.
I implemented a basic version of the TaskService today. You can find the full version in the GitHub repo as I’ll only discuss certain findings.