ROBOT |
ロボスタ |
5秒の会話でロボットがメンタルヘルスチェック 正式な商品化へ向けて小田原市鴨宮ケアセンターで実証実験 |
https://robotstart.info/2022/10/04/plen-robotics-rimtech.html
|
秒の会話でロボットがメンタルヘルスチェック正式な商品化へ向けて小田原市鴨宮ケアセンターで実証実験シェアツイートはてブPLENRobotics株式会社とリスク計測テクノロジーズ株式会社以下、Rimtechは、小田原市鴨宮ケアセンターでメンタルヘルスチェックの実証実験を実施することを発表した。 |
2022-10-04 04:34:12 |
IT |
ITmedia 総合記事一覧 |
[ITmedia News] 「Kindle」日本上陸から10周年 特設サイト公開、キャンペーンも |
https://www.itmedia.co.jp/news/articles/2210/04/news116.html
|
itmedia |
2022-10-04 13:30:00 |
IT |
ITmedia 総合記事一覧 |
[ITmedia PC USER] JBL、イヤーチップの付け替えでオープン型/密閉型を選べる2way仕様の完全ワイヤレスイヤフォン |
https://www.itmedia.co.jp/pcuser/articles/2210/04/news115.html
|
itmediapcuserjbl |
2022-10-04 13:03:00 |
python |
Pythonタグが付けられた新着投稿 - Qiita |
【機械学習】数式をコード化する基本のき |
https://qiita.com/DeepRecommend/items/08fc84fd266aac505203
|
機械学習 |
2022-10-04 13:55:33 |
技術ブログ |
Developers.IO |
CX事業本部 Delivery部にジョインしました野坂です! |
https://dev.classmethod.jp/articles/nosaka-join-to-cx-delivery/
|
delivery |
2022-10-04 04:46:23 |
技術ブログ |
Developers.IO |
Brazeのアプリグループや権限設定についてまとめてみた |
https://dev.classmethod.jp/articles/braze-permission/
|
braze |
2022-10-04 04:22:43 |
海外TECH |
DEV Community |
Designing a secure API |
https://dev.to/vaultree/designing-a-secure-api-4059
|
Designing a secure APIDesigning a secure API Best Practices Application programming interface or API in general is a bridge that connects two or more programs and it is through this bridge that it is possible to make companies interact for example through payment It is a very generic term that applies from public methods of a framework to integration with microservices API is one of the terms that has been widely discussed lately but what are the minimum requirements to create or maintain one What are the trade offs strategies and at the end what makes an API secure In this article we ll outline ten steps for creating and maintaining a safe API I API DesignFirst let s talk about the types of contracts that exist within an API it s important to highlight that in this article we ll discuss APIs through Web services So as the first item it is crucial to talk about the beginning of an application s life cycle An important point within an API is that it must establish pre established behaviours through a Spec contract or simply convention Considering the creation from this contract there are two ways to start an API Contract FirstContract first as the name implies is when the construction of the API starts with the contract or conditions of the API operation As with any software engineering strategy there are trade offs The biggest advantage of this approach is that once the API is fully specified it is possible to parallelize the work for example while the mobile and front end team mock the services and the back end team manages to implement the business However this approach has some disadvantages Initially the great effort to close the scope of the API makes several teams wait in the meantime Moreover as most teams rely on agile operations and ever changing software closing the scope of the API can be a difficult and time consuming task Contract Last Contract Last is the opposite of contract first That is it starts with the code and then the API is created The biggest advantage of this approach of course is the possibility of reusing existing classes and methods However maintaining compatibility between the existing code and the service is one of the biggest challenges ⅠⅠGlory of RestPresented by Leonard Richardson at QCon in it is also known as the Richardson Maturity Model or simply Richardson Maturity Model Richardson proposes levels of maturity for a good design of a Rest API over the HTTP Protocol The Glory of Rest is when you reach the maximum level that is level as a sign that you are using REST properly in your API These levels are divided Level ーThe Swamp of POX Plain Old XML It s what Richardson called a URI and an HTTP method verb But after all what does that mean Level despite using HTTP as a transport system for remote interactions does not rely on multiple URIs or HTTP methods verbs or the HATEOAS capability which we have at higher levels It s the most basic level of maturity and it doesn t use any fancy features other than HTTP using a tunnelling mechanism like remoting But note that it does not necessarily mean that you are using REST by using HTTP We have as an example SOA in its most primitive form which uses the POST verb and uses an XML structure as the body of communication between services This means that all the verbs defined by Roy Fielding in his thesis are not used That is all functions are accessed by sending a POST request to a single URI This way it reminds us of what many may not remember but services based on XML RPC sending data as POX ーPlain Old XML We can assume that I want to make an appointment at a barbershop with a specific barber We have an application where you seek to check availability at times of a certain date for a specific doctor POST serviceSchedulingBarber “schedulingRequest “date “barber “john When you submit this request with POST we will get a return as follows HTTP OK “listAvailableTimes “start pm “end pm “barber john “start pm “end pm “barber john From the moment you end up choosing which time you want to schedule you must send a new request using the same HTTP verb and the same URI POST serviceSchedulingBarber “schedulingRequest “start pm “end pm “barber john “client peter Assuming that if the appointment is confirmed you should receive a confirmation like the answer below HTTP OK “scheduling “start pm “end pm “barber john “client peter In case someone ends up scheduling before you and you can t see it notice that the message below despite the HTTP status being shows that the transaction was not completed HTTP OK FailRequireSchedule “start pm “end pm “barber “john “client peter “reason Schedule is no longer available As you can see it is a very basic way of making an API Let s move on to the next level of maturity Level ーIndividual Resources This is what we call a URI based on multiple resources and an HTTP method verb It s when your range of URI s starts to increase and become more diverse but your HTTP verb is still unique When you have a feature like that in your API we can say that you are at maturity level In terms of modern APIs level is not the ideal scenario but it s better than level As a REST API although getting closer with multiple more individual endpoints for certain purposes Taking the barbershop as an example let s make an appointment with the catatau barber POST barber catatau HTTP “schedulingRequest “date In response to the above request we have HTTP OK “listAvailableTimes “id “start pm “end pm “barber “john “id “start pm “end pm “barber “john In the navigability flow you must choose a time and submit a different URI as shown below POST time HTTP “schedulingRequest “client peter If the query is confirmed we will have something like that HTTP OK “schedule “start pm “end pm “barber “John “client Peter Notice that we no longer have just one resource but different URIs for each action Level ーHTTP Verbs We ve reached a more complete maturity level where we re starting to not only have individual resources like multiple URIs but also multiple HTTP Here we have reached a level of maturity that we call REST We have verbs for each action within CRUD Create Read Update Delete In previous maturity models the only verb used even for querying was POST Let s continue with the example notice that to check an available date for scheduling we stopped using POST and started using GET GET barber john schedule date status openIn this case we will receive a JSON with the format below HTTP OK “listAvailableTimes “id “start pm “end pm “barber “john “id “start pm “end pm “barber “john As REST defines itself for queries or selects in the Database we must use the HTTP GET verb This is very important because we start to have a pattern in the request for available features To move on with the next step to book an appointment at the barbershop you must use the POST as you will enter new information in the database POST time HTTP “schedulingRequest “client Peter When making the request the HTTP Status of the HTTP response is no longer OK we get a Created HTTP Created “Scheduling “id “start pm “end pm “barber “john “client peter In case of failure we would have a different HTTP Status as an exception will be thrown This indicates that the request with HTTP Status different from was not successfully performed and that probably someone a little earlier managed to schedule an appointment at the barbershop We must respect REST here where we introduce HTTP verbs and HTTP response codes in this maturity model HTTP Conflict “ListAvailableTimes “id “start pm “end pm “barber “john Level ーHypermedia Controls The top of the maturity chain comes with a not very pretty and difficult to pronounce word HATEOAS Hypertext As The Engine Of Application State The result though it s beautiful This level provides a navigation resource so that the entire navigation flow ends up being documented in the metadata itself We continue with the example of Barbershop GET barber John schedule date amp status openIn this case we will receive a JSON with the format below HTTP OK “listAvailableTimes “id “start pm “end pm “barber “john “links “href time “rel schedule “type POST “id “start pm “end pm “barber “john “links “href time “rel scheduling “type POST Note that each available time has a link that contains a URI to show us how to schedule an appointment and what the next step in the flow is POST time HTTP “schedulingRequest “client peter And the scheduling response returns us various hypermedia controls or simply streams of different things that we can do next As in the example below that returns a URI of how to cancel the appointment “Scheduling “id “start pm “end pm “barber “john “client peter “links “href time cancel “rel cancelSchedule “type DELETE Level the top level of REST maturity is the absolute Glory of Rest We can use a lot of HTTP resources that Roy Fielding ended up suggesting in his project ⅢDocumentationDocumentation is everything that the engineering team writes It is however kind of ignored by other developers And there are several reasons for this for example poorly documented or outdated information The good news is that there are good tools that can help us on this documentation journey Swagger for example greatly simplifies this process for us There is also the Open API whose objective is to create a specification for the APIs bringing several advantages in addition to the documentation With a little help it is possible to generate an SDK for several languages from the Open API For example if you are from the Java world you can add code generation with a maven plugin And it is possible to generate this SDK for several languages In addition to automatically generating the APIs SDK there is the option to create manually Despite the work there is the possibility of polishing this SDK with for example DSL and Fluent APIs concepts In this approach it is worth using the language documentation if you use Java or JavaDoc for example ⅠⅤVersioningLet s talk about versioning But don t think it s git versioning Let s talk about how to version your API so that what s ongoing in your application doesn t break when you need to make a change Think about the impact to your already integrated clients if you have to change anything in the API Here s a list of important ways to version our APIs URI versioning One way or another this is the most pragmatic and straightforward way of versioning an API despite the fact that it violates a principle that a URI must refer to a single unique resource In this case we have an example below on how we could version In this example it is clear that the version is part of the API content and cannot be just numeric It should follow a pattern using the version v and x which would be the version number like “vx There are those who say that this is not the best way but as I always said for every choice a resignation The advantage of versioning the API is that it allows freedom to change and evolve the code without impacting the legacy Another interesting thing is an alias of the main URI always to the latest version of the URI That is if the most current version of your API is then the alias must be pointing to that version In the case of an upgrade from version to you must tell clients to change only the URI as the main URI would be for the current version If the intention is to make this API obsolete it is necessary to discontinue it so with this way everything is much more pragmatic to be discontinued Query ParametersAnother way to version and which is not very cool because you end up not following Rest to the letter is with Query Parameters You create a parameter and pass the version as an argument in case you are using an HTTP POST Verb using this model doesn t make much sense Customising Request HeaderREST APIs can use this other way of versioning with custom Headers and the version number being used as an attribute of the Header Your advantage is that it always preserves the original URIcurl H “Accepts version Versioning the Accept HeaderAlthough this model also leaves the versioning URL free it has a certain degree of complexity in managing versions and ends up leaving the responsibility for the API Controllers In the end we have a super complex API and with that our clients need to know which headers to send before requesting a request Accept application vnd example v jsonAccept application vnd example json version ⅤArea CodeIt is very difficult to talk about API and services without talking about DDD And there are several reasons for this for example the concept of a ubiquitous language that aims to bring the code closer to the business and this is very important when creating an API In addition to good naming practices it is extremely vital to separate the domains and subdomains of the application The concept of subdomain is quite interesting as it aims to divide the company s business for better understanding Once the concept of division has been mentioned there is a problem in defining boundaries and services It takes a good balance and knowing when and how to break boundaries There are several cases where breakage has brought advantages however in an equal or greater number where APIs have returned to monoliths ⅤArea CodeIt is very difficult to talk about API and services without talking about DDD There are several reasons for this One of them is the concept of ubiquitous language that aims to bring code closer to business which is very important when creating an API In addition to good naming practices it is extremely vital to separate the domains and subdomains of the application The concept of subdomain is quite interesting as it aims to divide the company s business for better understanding Once the concept of division has been mentioned there is a problem in defining boundaries and services It takes a good balance and knowledge on when and how to break boundaries There are several cases where breakage has brought advantages however there s an equal or greater number where APIs have returned to monoliths ⅤⅠClean ArchitectureLet s talk about clean architecture with a focus on layered architecture It simply boils down to the division of large layers presentation application domain and infrastructure We can say that the presentation layer contains all the classes responsible for sending the response back to the client that is where our Controllers are located The application layer contains business logic that is not part of the business rules such as an orchestration service The domain layer as the name implies represents the domain of your application consisting of entities Entity classes some services Service classes all the business rules must be here If it s a business rule and it s not here it s wrong The infrastructure layer also known as the persistence layer contains all the classes that perform some strictly technical function For example our repositories and our configuration classes Its benefits go beyond simplicity with consistency even in different projects separation of responsibilities and the ease of knowing where to change something when necessary ⅦDatabaseThis item is quite fast regarding the database it is not based on the choice of database whether relational or non relational Each database has its own goals and purposes and as an architect feel free to use the type of database that best solves the specific problem The points worth mentioning here is that they take into account the CAP theorem and also prevent database information or details from leaking to the API client Encapsulation is important in many aspects both in design and in an architectural view So it is important to avoid them ⅦⅠCQRSWe come to CQRS or simply Command Query Responsibility Segregation It is a pattern written by Greg Young in the year that separates data models a little and their responsibility for writing and reading With this we have a division of a Command Model where all writing in the database is done by it and a Query Model which as the name implies is where all reading in the database is done by the UI The image below depicts this architecture well and was taken from Martin Fowler s blog ⅨPaginationPaging is the process of separating content into discrete pages Each page has a list of database entities Paging allows you to retrieve a considerable number of elements from the data store in small blocks for example it returns ten pages with a hundred items instead of returning a thousand in large scale in the storage engine Adding pagination in an API when returning an entity collection allows that computational resources such as network database and object serialisation are not wasted There are a few ways to set pagination for example HATEOAS ⅩSecurityLast but not least security the tenth commandment for creating an API There are several ways to secure your API and here we cover basic authentication and OAuth Basic Authentication This authentication boils down to username and password and is much more basic OAuth It is an industry standardised protocol for authorization And there are some specs like the one below that can be used with OAuth So in this session we talk about some self contained tokens using JWT For more details we have the site with the JWT specification ー JWT Json Web Token ーRFC ーWith JWT we can transport data in compressed and Base encoded JSON With this it has several attributes known as claims Information such as token expiration who authorised the generation of this token etc So this specification has the claims divided into three Public Here the attributes can be easily used and defined by an application for example Imagine that you need to pass a scope as an attribute the scope is an attribute that can be used outside the environment and context of the application Private These are private names defined by an Authorization Server or a firm As an example we have the possibility of having an attribute of the name of the user who authorised its generation Registered Registered claims are native to the specification such as the token expiration date They are iss sub aud exp nbf iat and jti JWT is a standard format that can be signed and or encrypted When it is signed it uses JSON Web Signature or simply JWS when encrypted it uses JSON Web Encryption or simply JWE Its format is composed of sections separated by a period They are header payload and signature As you can see the Header has information about the type of token and whether it was signed or encrypted The Payload session is where the attributes or claims mentioned above exist And the last part of the JWT called the Signature is the Payload signature used to verify its integrity ensuring that no one has intercepted and changed it JWS Json Web Signature ーRFC ーDefines a process for a signature of a JWTJWE Json Web Encryption ーRFC ーDefines a process for encrypting a JWT JOIN OUR COMMUNITY ON DISCORDFor more valuable information and trends to help you keep your data safe join our community |
2022-10-04 04:09:09 |
海外TECH |
CodeProject Latest Articles |
libpe - PE32/PE32+ Binaries Viewer Library |
https://www.codeproject.com/Articles/5205732/libpe-PE32-PE32plus-Binaries-Viewer-Library
|
information |
2022-10-04 04:18:00 |
海外ニュース |
Japan Times latest articles |
Munetaka Murakami earns place in NPB history with dominant season |
https://www.japantimes.co.jp/sports/2022/10/04/baseball/japanese-baseball/murakami-56th-home-run/
|
Munetaka Murakami earns place in NPB history with dominant seasonThe Swallows slugger broke new ground for a Japan born player on Monday when he finished the regular season with his th home run wrapping up |
2022-10-04 13:34:34 |
ニュース |
BBC News - Home |
North Korea fires ballistic missile over Japan |
https://www.bbc.co.uk/news/world-asia-63126534?at_medium=RSS&at_campaign=KARANGA
|
japanese |
2022-10-04 04:38:50 |
北海道 |
北海道新聞 |
与野党、北朝鮮に厳重抗議 弾道ミサイルの発射で |
https://www.hokkaido-np.co.jp/article/740417/
|
厳重抗議 |
2022-10-04 13:04:00 |
北海道 |
北海道新聞 |
愛知県議謝罪「勉強不足だった」 同性婚巡るSNS投稿 |
https://www.hokkaido-np.co.jp/article/740416/
|
交流サイト |
2022-10-04 13:03:00 |
IT |
週刊アスキー |
自動販売機でコーンポタージュより売れた(マジか)人気商品 「コクと旨味の一風堂とんこつラーメンスープ」今年も登場! |
https://weekly.ascii.jp/elem/000/004/107/4107651/
|
自動販売機 |
2022-10-04 13:30:00 |
IT |
週刊アスキー |
ファミマの「ファミマル」1周年! 人気商品から「ガチ推し20商品」を20円引き |
https://weekly.ascii.jp/elem/000/004/107/4107648/
|
感謝セール |
2022-10-04 13:15:00 |
マーケティング |
AdverTimes |
テレビCM、4〜8月は放送回数で前年同期上回る |
https://www.advertimes.com/20221004/article397541/
|
jakkapanrf |
2022-10-04 04:28:43 |
コメント
コメントを投稿