Professional Documents
Culture Documents
Department of CST
University of Bedfordshire
Luton, United Kingdom
Email: NehaVasantbhai.Nakrani@study.beds.ac.uk
ABSTRACT:
This paper discuss the REST API and JSON data format that is used to transfer data between the two parties.
Each and every journal used to review are based on how rest web services works or designed on various
systems. The main aspects of rest api along with its principles and constraints are detailed in the paper. This also
includes the detailed explanation of how the rest pi can be used to design cross terminal web system and
construction of knowledge graphs, and a sample student information system is designed to implement basic rest
call to add or modify or delete and get student details in a secure way using JWT and how to create a JWT token
the syntax of the token and how it is used to access the subsequent client request has been given. Once the
application is designed and implemented the rules on how to test the application is explained. The main aim of
this paper is to summaries the already existing journals of REST and JSON and its implementation and the
secured way of transferring the data between client and server using JWT on a sample student information
system a spring boot application is discussed. The drawbacks of REST api and the introduction of GraphQL
which overcomes the draw backs of REST API are also explained in this paper.
Table of Contents
1. Introduction 5
REST APIs 11
Rest API Best Practices 12
Mobile Internet Traffic analysis 12
REST API analysis using data sets …………………………………………………………………………………..12
6. Review by Kaladevi Suresh ………………………………………………………………………………………….12
1. Introduction
The REST stands for Representational State transfer an architecture for distributed systems which was first
presented by Roy Fielding in the year 2000. Rest has its own guiding principles and constraints so an
application or architecture considered RESTful or REST-style if the state and functionality are divided into
distributed resources which means that every resource should be accessible via the normal http commands of
get, post, put, or delete. So if someone wanted to get a file from a server, they should be able to issue the get
request and get the file. If they want to put a file on the server, they should be able to either issue the post or put
request. And finally, if they wanted to delete a file from the server, they an issue the delete request. The
architecture is client/server, stateless, layered, and supports caching Client-server is the typical architecture
where the server can be the web server hosting the application, and the client can be as simple as the web
browser then stateless means that the state of the application is not maintained in rest. For example, if you delete
a resource from a server using the delete command, you cannot expect that delete information to be passed to
the next request. In order to ensure that the resource is deleted, you would need to issue the get request. The get
request would be used to first get all the resources on the server. After which one would need to see if the
resource was actually deleted. This is the most fundamental requirement of a REST based architecture. It means
that the server will have a RESTful web service which would provide the required functionality to the client.
The client send’s a request to the web service on the server. The server would either reject the request or comply
and provide an adequate response to the client. JSON (JavaScript Object Notation) is the most widely used data
format for data interchange on the web. This data interchange can happen between two computer applications at
different geographical locations or running within the same machine JSON is a human-readable as well as a
machine-readable format. So while applications/libraries can parse the JSON documents humans can also look
at the data and derive the meaning from it. All modern programming languages like Java, JavaScript, Ruby, C#,
PHP, Python, and Groovy and application platforms provide excellent support for producing and consuming
JSON data. This paper reviews various journals about rest API services and implementation of those services in
detail.
2. Review by VAMSHI KRISHNA knowledge graphs are very popular in the semantic
KONGARA- 1844255 web which will help in identifying the concepts and
connections between different entities which will
Knowledge graphs construction using RESTful are being used by the popular search engines such
API and JSON Schema as Google and Yahoo in establishing different key
The large volumes of data that has been generated network links which are efficiently useful for some
from different kinds of applications and user of the popular social network sites such as
interactions requires immediate data processing to Facebook and LinkedIn. In this research review, we
identify and generate useful information by are going to discuss about an effective
applying different data mining techniques. Another representation of knowledge graphs by integration
important aspect of data mining is data of the RESTful API style along with JSON meta
visualisation process which allows the data schema which helps in creation of an application
scientists to represent the data that has been programming interface which helps data processing
processed into a visualised procedure that helps in users in defining data elements without any
analysing the results in a much efficient way. There restriction and generating efficient visualisation
are different kinds of data visualisation techniques analytics for end users [1].
that are being used currently among which Existing framework:
collaboration sporting is one of the key platforms
which is used for representing data that has been The collaboration spotting CS is the popular
collected and processed from heterogeneous platform used for visualisation analytics generation
sources. While processing large amounts of data such as knowledge graphs which uses data mining
and identifying useful knowledge which is known procedures to collect data from heterogeneous data
as knowledge representation, knowledge graphs are sources and organise them in a structural format to
key graphical structured elements which will be generate different perspective using various
used in the data models to represent data in the graphical algorithms and data mining techniques
form of events and abstract concepts which helps in however, with enhanced data structures and
identifying the interlinked associations between improved data mining procedures the collaboration
different data elements and components. The spotting requires further adjustments and
modifications in order to analyse publications and connections extended with RESTful message
support new data visualization innovations. The services from the clients and generating and re-
primary focus on the API structure that is being routing the responses back. Additionally, the Neo4j
represented in this paper is to provide support for interface has been used to establish connection
the creation of descriptors which will help the data between the RESTful calls where the project
scientists to describe data elements without any manager extends its connection to data validator
restrictions and to support the implementation of component which users predefined descriptors and
ontology and data hierarchy related procedures data analytic tools that are being highlighted. The
with controlled parameters which will help in outcomes of the project will be managed by the
implementation of data driven platforms. The project manager module which is located within the
newly designed architecture should also be able to architectural model in forwarding messages from
upload data and upload descriptors using the interfaces. The main categories of the
predefined nodes and edge description mechanisms architectural model include creating a project,
that should help the users to represent output data uploading the descriptors and then further
in multiple visualisation procedures. The further processing, and uploading the data which will be
details about the proposed architecture and its use represented as series of processes and modules
cases will be reviewed in the upcoming sections of associated with in the architectural model diagram
this review paper. [2].
The architecture of the proposed application The key processes that are being associated with in
programming interface for knowledge graphs the proposed architectural model will be managed
construction should match with certain by the project manager module which accepts the
requirements such as the implementation of HTTP messages and then redirecting them into
graphical database which helps the representation JSON meta schema validator. The detailed steps
of visual analytics and knowledge graphs using and procedures that are being followed within
different vertices and edges that are being utilised upload data process has been highlighted in the
in the visual representation. Apart from that, the following figure where we can see different HTTP
web framework that is being developed should also methods such as put and get where the data will be
have the ability of implementing Django based traversed using multiple single node mechanisms
framework in python along with implementation of following which the project will be selected and
JSON framework for data exchange between data validation will be performed after which the
different platform-based application layers. JSON meta schema will perform find descriptor
procedure where the data will be validated before
storing the data inside the project manager module
where the Neo4J interface will come into picture
before generating corresponding errors and creation
of restful API interface. The following figure gives
detailed overview of the series of steps that are
being followed by different modules within the
upload data procedures implemented inside the
architectural module.
REST is an architectural style and a set of guideline
s for developing highly scalable and reliable APIs u
sing HTTP. While the freedom afforded by this dec
ision is one of the reasons for REST's rapid adoptio
n, it is also one of the reasons why everyone unders
tands REST differently and only partially adher-es t
o rules and best practices. In this research, by
looking at the problem from a mobile viewpoint,
and to provide up-to-date information into how
well or poorly the principles and criteria of the
REST architectural style are followed. In the
further section to determine individual HTTP calls
directed at REST API and to characterize the
patterns by using HTTP traffic collected by
telecom Italia which is generate by almost 1 million
subscribers to compare them to guidelines and
principles. The Richardson's maturity model, is also
been discussed which provides an intriguing
approach to think about REST in terms of growing
One of the most comprehensive in this space is architectural advantages, to identify different levels
Facebook's GraphQL.Designed as a unified query of compliance with the principles.
language for APIs, GraphQL aims to give API
consumers only the data they need, rather than REST APIs
large payloads that may contain excess content.
Moreover, with the evolution of modern This division of the research provides the
approaches, patterns, and standards, most of the information about REST and its core principles
integrations will still be RESTful. REST is still a along with the rest architectural style which offer a
safe option when building a new API nowadays, set of rules for design of networked hypermedia
but it may be beyond analyzing possibilities for system that have driven the creation of web. REST
example GraphQL, Falcor, or gRPC API. API design principles are in large part the outcome
of Web architecture choices aimed at boosting
scalability and resilience of networked, resource-
oriented systems built on HTTP. The main notion Level 2(HTTP methods): At this level,
of Rest API has been employed in study to see if APIs make good use of HTTP methods
the theory can be put into practice. Resource and status codes for each resource while
addressability and representations, Uniform still adhering to the uniform interface
interface, Statelessness, Hypermedia as the engine principle.
of state explain why the term "representational state Level 3(Hypermedia): At this level, APIs
transfer" was coined: Each request from the client embrace the concept of hypermedia. As a
to the server carries (transfers) interaction state, result, not only may resources be
which is encoded inside the representation of the accessible using a standardized interface,
resource the request refers to. but their relationships can also be
discovered and explored using appropriate
Rest API best practices
links.
Rest API development practice has been divided
into multiple sections. Resource Modelling, Mobile internet traffic analysis
Resource Identification, Resource Representation
In this section, the data includes all HTTP requests
and Operations that used in development. It can
has been captured by the data collector over the
handle different resource including document for
course of one full day of usage, including normal
single resource, collection for group of resource
Web surfing activities. Analysis has done on the
and controller for activities that don’t logically map
basis of HTTP traffic only and for instance doesn’t
to the standard. There are few naming conventions
take into account HTTPS traffic, streaming of
that are exclusive to rest API: No CRUD name in
audio, video, and other protocol.
the URL, no openness to server-side
implementation technologies and singular noun for Through (Descriptive statistics of the available
documents, plural noun for collection and verbs dataset characterizing state-of-the-art Mobile
only for controllers. When creating the resource Internet traffic) research, it has been identified that,
identifier, the URI format which consist of scheme, the median amount of data supplied is 1463 bytes,
authority, path, query and fragment should be whereas the median amount of data received is
followed. It has been indicated that during 1643 bytes. GET and POST are the most
resources representation the client should indicate it commonly utilized methods, followed by
intended representation using HTTP header CONNECT, HEAD, PUT, OPTION, and DELETE.
instruction and server should negotiate which Web distributed authoring and versioning have
representation to serve at runtime. employed PROFOUND and PROPATCH. Except
for the Source method, which has much larger
Operations: REST APIs should use the HTTP
values, the statistics are almost the same for all
standard's uniform set of operations (Post, Get, Put,
methods. Use of HTTP methods provides a first
Delete, Options, and Head) to manage resources
indication of the RESTful APIs' potential
and adhere to their standardized semantics:
compliance with the REST architectural style
For accessing rest compliance Richardson Maturity guidelines, which, as we've seen, advocate the use
Model has been used which provide a mechanism of not only Get and Post, but also Put, Delete,
to explain the various degree of compliance by Options, Head, and other HTTP methods for the
using different level of maturity. The further implementation of what's known as the "uniform
section of review will look at the level with interface" of REST APIs. This research reveals that
compares word that was employed in this study. certain request techniques are now not just widely
utilized by APIs, but are also considered state-of-
Level 0(Tunnelling): APIs work by the-art. “Media types” are the generic Web
tunnelling requests through a single synonym of “representations” in REST. The two
endpoint (URL) utilizing a single HTTP media types that are of particular interest in this
method at this level. paper are of course JSON and XML. Keep in mind
Level 1(Resources): Instead of using a that the dataset includes both API and non-API web
single endpoint, the API's functionality is traffic. Text/html is shown to be the most popular,
divided among numerous resources at this followed by text/jpeg and text/gif. More
level, increasing the API's addressability remarkable is the fact that data format
and making it easier to consume. Payload application/json is already ranked fourth, while
data or the URL are still used by Level 1 text/xml is ranked ninth. By examining user agents
services to identify operations. from collected datasets, it was discovered that
native apps account for 40.8 percent of traffic, REST and JSON
while mobile and web browsers account for the
remaining 59.2 percent. Integrating applications using simple and uniform
web service. Rest or representation state transfer is
REST API analysis by using datasets an architectural style that is used to make beautiful
API calls for restful web service application. This
HTTP requests that interleave queries for APIs allows easy access of APIs implemented at the
intended for machine consumption with requests server end via http protocol. Client server
for Web apps intended for human consumption, it applications developed in any languages for
has been identified that, the media type example java can support rest to implement
application/json has the highest frequency, uniform web service. Let us consider a student
followed by text/html, text/xml and others. The information application system which has four
presence of text/HTML, text/CSS and APIs like add student details, get student details,
text/JavaScript indicates that through the same host delete existing student details and modify existing
names also content oriented toward human agents student details. Using rest the APIs are designed in
(Web sites) is delivered, not only content oriented such a way so that the external user or client can
toward software agents. Hence, host names are not easily call the restful uniform rest service interface
good API identifiers in general. it also depends on with less compatibility issues. Any CRUD
the how well the designers of the respective APIs operations can be invoked at the client end
followed the design principles and best practices. associated with the respective http verbs. In rest
Research shows that, even though a large portion of resources are transferred between client and server
the dataset complies with Level 1, the APIs do not using xml, YAML or JSON. While JSON is the
make proper use of HTTP, The majority of the most commonly used format, JSON is a simple
dataset, on the other hand, makes effective use of light weight data representation format with less
HTTP and conforms with Level 2, with only a few Meta data that can be used to exchange data
hosts meeting Level These findings suggest that between software applications. In this paper we
most REST APIs are used to provide CRUD access consider student information application as
to individual resources (Level 1 and 2), rather than example to learn about the implementation of
full-fledged APIs that properly interlink resources REST API with JWT token
and employ hypermedia as the state engine.
Analyses of RESTful design patterns and anti- What is JWT (JSON Web token)?
patterns have been the subject of recent studies
shed light on design trends and show that even JSON is JavaScript object notation that is used to
well-known REST APIs have flaws. However, transfer data between client and server to securely
rather than a large-scale investigation of API transfer data JWT (JSON web token) was created
design techniques, most studies focus on validating and they are generally pronounced as JAWT. Since
the proposed frameworks. The design and JSON is a light weight data format JWT can be sent
experiment have been reviewed in this research through a POST parameter, or inside and http
paper, clearly shows that while REST APIs have header and it can be transmitted quickly. This JWT
inextricably become part of modern Web token send along with the http call has all
engineering practice, the gap between theory and information about the entity to avoid querying the
practice remains shockingly large, with only a database more than once and the representation of
fraction of the APIs studied reaching the highest JWT does not need to call a server to validate the
level of maturity. token. They are basically used for managing
authentication. There are other authorization
6. Review by : Kaladevi Suresh mechanisms like session token other than JSON
web token (JWT).
Student Id: 1956841
When the response from the server is dynamic
Title: “An authentication based scheme
depends on the client then the request from the
for application using JSON Web client must have the information about who the
Token” and “Token based client is that needs to be authenticated in the server
end to give appropriate response based on the
authentication using JSON Web Token client. In our example student information system
on SIKASIR RESTful Web Service” access to adding or deleting student details can be
done only super user or admin, so API calls to add
student details or delete student details should
include which type of user is trying to access the For example if HMAC SHA256 algorithm is used
APIs along with the other information will be sent then the JWT token looks like
with the http request that will be authorized in the
server end to process the request. HMACSHA256( base64UrlEncode(header) + "." +
base64UrlEncode(payload), secret).
Structure of JWT
How JWT works
The JWT is a string that consists of a header, a
payload and a signature separated by a dots(.) so The basic mechanism for authenticating client in
for example a typical JWT token looks the server using JWT are as follows:
likexxxxx.yyyyy.zzzzz. 1. User logs in to the application using
The in depth breakdown of all the parts are as his username and password or using
follows other sign in options like Google or
Facebook account to login, the
Header authentication request has details of
like username to authenticate.
They further consists of two parts, type of the token 2. In the server the user details are
and the signing algorithm used. The type of token verified by connecting to database
is JWT and the signing algorithm used can be any then a JWT token is created with the
of HMAC SHA256, RSA, etc. The algorithm in the retrieved authenticated data from the
header represents any hash algorithm for formation user and sent back to client to use the
of JWT signature. token for further client requests.
Example header: { “typ”:”JWT”, “alg”:HS256”} 3. The client uses this token to with
request to access resource form the
The first part of JWT is encoded with Base64Url. server
4. The server receives the request and
Payload
decodes the JWT token to recognize
The second part of the token is payload which the authentic client and then respond
basically the data stored in JWT. They can be about the client with appropriate response.
user for example user name, or email id. These
The main feature of JWT token is that it allows
payload information can be further divided into
transition of state to the communication so it
registered claims which are also predefined claims
becomes impossible for the client to change the
that are recommended to provide useful
information contained in the token. There is also a
information like iss (issuer), exp (Expiration time),
drawback for this approach as the same JWT token
etc. These claims are only three characters long to
is used until the user logs off the application.
make JWT compact. The next is public claims
which can be defined by anyone who is using JWT Student Information System Application
at their own will but the public claims need to be architecture
registered in IANA JSON WEB TOKEN Registry
to avoid any collisions. The last is private claims or The journal “Token based authentication using
custom claims to share information between the JSON web token in SIKASIR restful web service”
parties. explains about how the JWT token is implemented
in the SIKASIR web service. I have created a
Example payload: {“sub”: ”123456”, “name”: sample student information system to show the
”kala”, “admin”: “true”} implementation of the restful APIs like save
student details, retrieve student details, modify
This is also encode with Base64Urlto form the
existing student details and delete existing student
second part of the token.
details and how client access the APIs using JWT
Signature token. All these API calls can be made from the
client end. Here the rest API calls can be accessed
The final part of the token is signature. The via postman. This Student information system is
signature is created by adding the encoded header, used to demonstrate how rest API works with JWT
encoded payload , a secret algorithm specified in token and is built using spring boot and for now I
the header and sign that. have not used any database to connect instead all
the data are made static just to show the
Format: token = header + “.” + payload + “.” + “.”
+signature
implementation of REST API calls and making it 2. In the server the request is handled by
secure with the help of JWT token. JWT rest controller after the details are
validated JWT token is generated and
Initially the user logins in with the credentials shared to the client in response body.
username as kaladevi1956841 and password as 3. The client adds the JWT token in the
password and the rest URL mapping used for this header of the request i.e. in postman in the
login is authenticate. The entire rest URL is as authentication tab choose bearer token and
follows: give the JWT token details to access other
http://localhost:8080/authenticate rest API calls like get student details.
4. In the server student details controller
The Http protocol is used local host is the local handles the request and responses the
server of my system where the spring boot client with appropriate responses.
application is running in the port 8080 and
authenticate is the post mapping and a rest The Sample Student information system
controller is created on the backend to handle the application is created to implement the JWT
rest API call for authentication. token based rest API calls. The project is
uploaded in GitHub and I have shared the link
The rest controller checks the given user details of the project in the additional submissions I
with the existing static data already present in the have also include a document on how to test
code. If the data matches it then proceeds to creates the rest API calls using the JWT token.
the JWT token for the user the format for the
generate token is discussed earlier in the paper. There are many standard security approaches
Here I have used HS512 algorithm to create the that works well with rest API but JWT is better
JWT token. Once the token is created it is sent among all as the JWT’s main strength is
back to the client in the http response body. handling user authentication in a stateless
manner that is scalable. The user roles and
Next time when the client wants to access student permissions in the token itself created huge
details for example in postman a rest URL to get benefits in distributed systems architecture as
student information the client has to send the JWT the server that issues token does not have
token in the http request. access over the authentication data source.
The following are the steps involved in student
information system application to access rest APIs
created:
7. Discussions
The overall findings of all the individual research performed are discussed in this section. The key findings of
overall research will be discussed between all the team members and the highlighted points will be showcased in
this section.
The first review of the journal Knowledge graphs construction using RESTful API and JSON Schema by
Vamshi discusses about existing frameworks associated with collaboration spotting and corresponding
procedures where heterogeneous data will be collected and organised into a structural format following which
we have reviewed the detailed architecture which has been proposed using JSON framework that allows data
exchange between different platforms related application layer. We have also reviewed different processes and
models associated with this and corresponding use cases used for configuration of database models. This review
clearly highlights the effectiveness or proposed architectural model specifically for metadata schema that helps
in creation of knowledge graphs.
The cross-terminal web system design section by Vignesh primarily discusses about comparison with XML and
JSON to understand different parameters and parsing process which clearly highlights the data organising
process and key value combinations used for storing the information. We have also reviewed and compared
RPCful architecture and restful architecture to differentiate services and also client system model which helps to
understand the significant differences in both models and further we have started on creating a web services
design both on server side and client side individually by following the recommended architectural models
where we have used JSON and restful services instead of XML and RPC architecture which clearly showcased
significance and improvements in overall services delivery between client and server systems.
The subsequent review of the study on REST API Test Model Supporting Web Service Integration by Neha
Suraj’s review on A Large-Scale Analysis of Compliance with Principles and Best Practices discusses about
how using a full-fledged API that properly interlinked resource and hypermedia as the state engine the most in
practice are individual resource (Level 1 and Level2). The findings of this study reveal that even well-known
APIs aren't ideal. While the distance between theory and practice continues to widen. In 2021 some prediction
can be made for future of API as, with HTTP3 it is going to have better API experience in mobile device, we
can use event driven API to generate new business models, using micro service in API It allows developers to
define independent, loosely coupled pieces of code that are linked to API endpoints.
The final review made by Kaladevi Suresh on the authentication based scheme for application using JSON Web
Token the implementation of the same in a sample student information system application discusses about how
the rest API calls can be secured with JWT, the format of JWT which is classified into three parts, header,
payload and signature and how they are encoded using base64URL technique. The implementation of JWT
token has been explained with a sample student information system that has been created. This student
Information system is a spring boot application that has a JWT rest controller to handle the rest API calls to
create a JWT token by authorising the request parameters and updates the same response body with the JWT
token. The next request to the server are made by including the generated token in the header of the http request
so each request is validated and appropriate responses are provided based on the request.
8. Conclusion
To conclude all the journals discussed in this paper reviews various aspects of REST API like the how
a knowledge graph can be constructed with REST api , cross terminal web system is designed, how to
test the implemented web service using rest api, its principle and constraints and finally sample
application to implement the JWT token which depicts how the server interacts with the client by
transferring data securely using JWT for a student information system. This paper further discusses
about the drawbacks about the api the main drawback is the client has to receive the entire payload
even when the requested information by the client is very minimal and what is beyond the rest api the
usage of the graphql which is a unified query language api unlike rest api the graphql only provides the
client with the information requested that reducing the large payload that contains extra content. The
JWT token is discussed which is used to securely transfer data between two parties which is a light
weight and simple implementation and discuss the format of JWT how it works and also how its usage
is benefits the distributed system architecture.
9. REFERENCES
[1] . A. A. Frozza, R. dos Mello, and F. de Costa, “An approach for schema extraction of
JSON and extended JSON document collections,” 2018 IEEE International
Conference on Information Reuse and Integration (IRI), 2018.
[2] . A. Agocs and J.-M. L. Goff, “A web service based on restful API and JSON
schema/JSON meta schema to construct knowledge graphs,” 2018 International
Conference on Computer, Information and Telecommunication Systems (CITS),
2018.
[3] Niu, Z., Yang, C. & Zhang, Y., 2014. “A design of cross-terminal web system based
on JSON and rest”. 2014 IEEE 5th International Conference on Software Engineering
and Service Science.
[4] Späth, P., 2019. Building single-page web applications with rest and JSON.
Beginning Jakarta EE, pp.133–163.
[5] H. Wenhui, H. Yu, L. Xueyang and X. Chen, "Study on REST API Test Model
Supporting Web Service Integration," 2017 ieee 3rd international conference on big
data security on cloud (bigdatasecurity), ieee international conference on high
performance and smart computing (hpsc), and ieee international conference on
intelligent data and security (ids), 2017. https://ieeexplore.ieee.org/stamp/stamp.jsp?
tp=&arnumber=7980330&isnumber=7980294
[6] B. Barnard and M. Di Pierro, "Extending Collection+JSON and Automatic CRUD
Interfaces," 2014 IEEE 17th International Conference on Computational Science and
Engineering, 2014
[7] Rodríguez C. et al. (2016) “REST APIs: A Large-Scale Analysis of Compliance with
Principles and Best Practices”. In: Bozzon A., Cudre-Maroux P., Pautasso C. (eds)
Web Engineering. ICWE 2016. Lecture Notes in Computer Science, vol 9671.
Springer, Cham. https://doi.org/10.1007/978-3-319-38791-8_2
[8] S. Ahmed and Q. Mahmood, "An authentication based scheme for applications using
JSON web token," 2019 22nd International Multitopic Conference (INMIC), 2019, pp.
1-6, doi: 10.1109/INMIC48123.2019.9022766.
[9] M. Haekal and Eliyani, "Token-based authentication using JSON Web Token on
SIKASIR RESTful Web Service," 2016 International Conference on Informatics and
Computing (ICIC), 2016, pp. 175-179, doi: 10.1109/IAC.2016.7905711.
10. Appendix
Abstract—Data visualisation assists domain experts in understanding their data and helps them make critical
decisions. Enhancing their cognitive insight essentially relies on the capability of combining domain-specific
semantic information with concepts extracted out of the data and visualizing the resulting networks. Data
scientists have the challenge of providing tools able to handle the overall network lifecycle. In this paper, we
present how the combination of two powerful technologies namely the REST architecture style and JSON
Schema/JSON Meta Schema enable data scientists to use a RESTful web service that permits the construction of
knowledge graphs, one of the preferred representations of large and semantically rich networks.
Abstract—a cross-terminal web system refers to a web system which can be accessed through various terminal
platforms, including the web browsers on personal computers, the mobile applications on smart phones and so
on. Traditional design of such a system usually uses XML data format and RPCful web services. There are some
issues lying in this design such as the low efficiency of data exchange, the complex interfaces, and the difficulty
in modifying and expanding. Therefore, it cannot meet the demands of designing a cross-terminal case well. In
order to solve the issues, a system design based on JSON data format and RESTful web services is presented,
which has high efficiency of data exchange, simple interfaces and convenience for modification and expansion.
The design also provides good support for the cross-terminal case.
REST APIs: A Large-Scale Analysis of Compliance with Principles and Best Practices
Abstract - Quickly and dominantly, REST API’s have spread over the web and percolated into modern software
development practice, especially in the mobile internet where they conveniently enable offloading data and
communications onto cloud service. We analyse more than 78 GB of HTTP traffic collected by Italy’s biggest
mobile internet provider over one full day and study how big the trend is in practice, how it changed the traffic
that is generated by applications and how REST APIs are implemented in practice. The analysis provides
insight into the compliance of state-of-the-art APIs with theoretical web engineering principles and guidelines,
Knowledge that affect how application should be developed to be scalable and robust. The perspective is that of
the mobile internet.
An authentication based scheme for application using JSON Web Token” and “Token based authentication
using JSON Web Token on SIKASIR RESTful Web Service
Abstract- REST APIs are great as they logically simple and don’t keep complex states in memory, they deal with
resources making their entire business logic cohesive. Due to the nature and mechanics behind REST APIs,
securing them is not always straightforward. In this paper, I have discussed about one of the very powerful yet
simple way you can achieve secured data transfer between two parties using JSON Web Tokens (JWT). The
paper discusses about the format and how the JWT can be used and also a simple implementation of JWT using
a student information system a spring boot application service which has JWT controller to validate the
authorisation of the users login and create the JWT token for the verified uses and also a student controller to
perform basic crud operations on the student object.