A Bearer Token is a type of access token used for authentication and authorization in web applications and APIs. The term "Bearer" means "holder," which implies that anyone in possession of the token can access protected resources—without additional verification.
Authorization: Bearer <token>
.GET /protected-data HTTP/1.1
Host: api.example.com
Authorization: Bearer abcdef123456
💡 Tip: To enhance security, use short-lived tokens and transmit them only over HTTPS.
OAuth (Open Authorization) is an open standard protocol for authorization that allows applications to access a user's resources without knowing their credentials (e.g., password). It is commonly used for Single Sign-On (SSO) and API access.
OAuth operates using tokens, which allow an application to access a user's data on their behalf. The typical flow is as follows:
Entity headers are HTTP headers that provide information about the body of a message. They can appear in both requests and responses, describing properties of the content such as type, length, encoding, or last modification date.
1.
Content-Type
Content-Type: application/json; charset=UTF-8
2.
Content-Length
Content-Length: 1024
3.
Content-Encoding
Content-Encoding: gzip
4. Content-Language
Content-Language: de-DE
5. Cache-Location
Content-Location: /files/document.pdf
6. Last-Modified
Last-Modified: Tue, 30 Jan 2025 14:20:00 GMT
7. ETag
ETag: "abc123xyz"
8. Expires
Expires: Fri, 02 Feb 2025 12:00:00 GMT
9. Allow
Allow: GET, POST, HEAD
10. Refresh
(Not standardized but often used)
Refresh: 10; url=https://example.com
These headers help describe the content of an HTTP message, optimize caching strategies, and ensure correct rendering.
Request headers are HTTP headers sent by a client (e.g., a web browser or API request) to the server, providing additional information about the request, the client, or the desired content.
1. Host
Host: www.example.com
2. User-Agent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
3. Accept
Accept: text/html, application/json
4. Accept-Language
Accept-Language: de-DE, en-US
5. Accept-Encoding
Accept-Encoding: gzip, deflate, br
6. Referer
Referer: https://www.google.com/
7. Authorization
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
8. Cookie
Cookie: sessionId=abc123; theme=dark
9. Content-Type
(for POST/PUT-Anfragen)
Content-Type: application/json
10. Origin
Origin: https://www.example.com
These headers help the server understand the request and respond accordingly by providing details about the client, preferred content, and security aspects.
General HTTP headers are headers that can be used in both HTTP requests and responses. They contain general information about the connection and data transfer that is not specific to the client, server, or content.
1. Cache-Control
Cache-Control: no-cache, no-store, must-revalidate
2. Connection
Connection: keep-alive
3. Date
Date: Wed, 31 Jan 2025 12:34:56 GMT
4. Pragma
(veraltet, aber noch genutzt)
Cache-Control
, mainly used for backward-compatible caching rules.für rückwärtskompatible Caching-Regeln genutzt.Pragma: no-cache
5. Trailer
Trailer: Expires
6. Transfer-Encoding
Transfer-Encoding: chunked
7. Upgrade
Upgrade: websocket
8. Via
Via: 1.1 proxy.example.com
These headers improve communication between the client and server, manage caching, and allow protocol upgrades.
HTTP headers are metadata exchanged between the client (e.g., a browser) and the server during HTTP requests and responses. They contain important information for communication, such as:
Cache-Control
for caching rules).User-Agent
, which identifies the browser type).Server
, which indicates the web server used).Content-Type
, which specifies the media type of the response).Example of an HTTP request with headers:
GET /index.html HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0
Accept: text/html
Example of an HTTP response with headers:
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 3456
Server: Apache
HTTP headers are commonly used for security (e.g., Strict-Transport-Security
), performance optimization (e.g., Cache-Control
), and authentication (e.g., Authorization
).
A Remote Function Call (RFC) is a method that allows a computer program to execute a function on a remote system as if it were called locally. RFC is commonly used in distributed systems to facilitate communication and data exchange between different systems.
Contract Driven Development (CDD) is a software development approach that focuses on defining and using contracts between different components or services. These contracts clearly specify how various software parts should interact with each other. CDD is commonly used in microservices architectures or API development to ensure that communication between independent modules is accurate and consistent.
Contracts as a Single Source of Truth:
Separation of Implementation and Contract:
Contract-Driven Testing:
Consumer-Driven Contract
test can be used to ensure that the data and formats expected by the consumer are provided by the provider.Management Overhead:
Versioning and Backward Compatibility:
Over-Documentation:
Contract Driven Development is especially suitable for projects with many independent components where clear and stable interfaces are essential. It helps prevent misunderstandings and ensures that the communication between services remains robust through automated testing. However, the added complexity of managing contracts needs to be considered.
RESTful (Representational State Transfer) describes an architectural style for distributed systems, particularly for web services. It is a method for communication between client and server over the HTTP protocol. RESTful web services are APIs that follow the principles of the REST architectural style.
Resource-Based Model:
Use of HTTP Methods:
GET
: To retrieve a resource.POST
: To create a new resource.PUT
: To update an existing resource.DELETE
: To delete a resource.PATCH
: To partially update an existing resource.Statelessness:
Client-Server Architecture:
Cacheability:
Uniform Interface:
Layered System:
Assume we have an API for managing "users" and "posts" in a blogging application:
/users
: Collection of all users./users/{id}
: Single user with ID {id}
./posts
: Collection of all blog posts./posts/{id}
: Single blog post with ID {id}
.GET /users/1 HTTP/1.1
Host: api.example.com
Response:
{
"id": 1,
"name": "John Doe",
"email": "john.doe@example.com"
}
POST Request:
POST /users HTTP/1.1
Host: api.example.com
Content-Type: application/json
{
"name": "Jane Smith",
"email": "jane.smith@example.com"
}
Response:
HTTP/1.1 201 Created
Location: /users/2
RESTful APIs are a widely used method for building web services, offering a simple, scalable, and flexible architecture for client-server communication.
Protocol Buffers, commonly known as Protobuf, is a method developed by Google for serializing structured data. It is useful for transmitting data over a network or for storing data, particularly in scenarios where efficiency and performance are critical. Here are some key aspects of Protobuf:
Serialization Format: Protobuf is a binary serialization format, meaning it encodes data into a compact, binary representation that is efficient to store and transmit.
Language Agnostic: Protobuf is language-neutral and platform-neutral. It can be used with a variety of programming languages such as C++, Java, Python, Go, and many others. This makes it versatile for cross-language and cross-platform data interchange.
Definition Files: Data structures are defined in .proto
files using a domain-specific language. These files specify the structure of the data, including fields and their types.
Code Generation: From the .proto
files, Protobuf generates source code in the target programming language. This generated code provides classes and methods to encode (serialize) and decode (deserialize) the structured data.
Backward and Forward Compatibility: Protobuf is designed to support backward and forward compatibility. This means that changes to the data structure, like adding or removing fields, can be made without breaking existing systems that use the old structure.
Efficient and Compact: Protobuf is highly efficient and compact, making it faster and smaller compared to text-based serialization formats like JSON or XML. This efficiency is particularly beneficial in performance-critical applications such as network communications and data storage.
Use Cases:
In summary, Protobuf is a powerful and efficient tool for serializing structured data, widely used in various applications where performance, efficiency, and cross-language compatibility are important.