Archives For REST

1-11-2014 3-31-44 PM A couple months ago I was asked to explain OAuth and I really did a horrible job at it. To be honest, I had used it without really digging into details. Following tutorials, using existing SDKs and NuGet packages I got by pretty well, but I wasn’t able to describe how it all worked.

OAuth is an open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications.

Recently, a requirement came up about authentication and authorization for a semi-public API. Remembering how I failed to answer the question the first time, I decided to get my hands on a short book that would bring me up to speed.

I bought "Getting Started with OAuth 2.0" by Ryan Boyd. In my opinion, it’s really a good place to start learning about OAuth 2.0. The book is short and to the point. It gives you a pretty good overview of the possible OAuth Flows, when to use them and which major OAuth provider currently supports them. The book is a little dated so you might want to refer to each of the provider’s documentation.

The OAuth 2.0 Authorization Framework enables a third-party application to obtain limited access to an HTTP service.

OAuth Flows Covered in This Book

  • Server-Side Web Application Flow
  • Client-Side Web Application Flow
  • Resource Owner Password Flow
  • Client Credentials Flow

The book also introduces OpenID Connect, which is a simple identity layer on top of OAuth 2.0. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

Have you read this book? Let me know if it satisfied your expectations.



With an ecosystem of devices that is constantly evolving, it’s hard to predict who will consume your REST APIs and how they will consume them. Devices as we know them are changing shape, consequently applications are constantly adapting to new platforms.

Lets face it, mobile apps are the norm and shouldn’t be ignored. They travel and shouldn’t be considered as sedentary.

Imagine a scenario where you are on a business trip and try to fetch today’s news from a different continent. Your device formulates a URI with a date and calls a service… no results…
That’s weird! Its 10 PM and I should get results for today’s news. This is probably the moment where you realize that you aren’t in your normal time zone… your phone has adapted to your new geographic location but the APIs the app is calling has not!

Continue Reading…


By default, a web browser – or in this case any .Net application that uses the System.Net.WebRequest class – will only allow up to 2 simultaneous threads at a time per host domain.

One way to lift this limit is to run Fiddler. It bypasses this limit and you can see much more throughput. I admit that this is a hack but it works when debugging.

When your code is running inside Windows Azure, Fiddler isn’t a possible hack, but wait there’s a better way!

Add the following configuration to your App.Config or Web.Config.

Continue Reading…

I regularly consume REST services from code running in Web Roles and Worker Roles. The best practice when it comes to anything going over the network, is to use the The Transient Fault Handling Application Block. The RestClient from this post is a Fluent REST Client that uses the HttpTransientErrorDetectionStrategy and a RetryPolicy to be tolerant of transient faults. Find out more about the HttpTransientErrorDetectionStrategy in an earlier post.

Take some time to get to know the characteristics of good REST services. They are part of an established convention that help us to rapidly understand and consume new REST services. 

The code from this Post is part of the Brisebois.WindowsAzure NuGet Package

To install Brisebois.WindowsAzure, run the following command in the Package Manager Console

PM> Install-Package Brisebois.WindowsAzure

Get more details about the Nuget Package.


Continue Reading…

public class HttpTransientErrorDetectionStrategy
    : ITransientErrorDetectionStrategy
    private readonly List<HttpStatusCode> statusCodes = 
        new List<HttpStatusCode>

    public HttpTransientErrorDetectionStrategy(bool isNotFoundAsTransient = false)
        if (isNotFoundAsTransient)

    public bool IsTransient(Exception ex)
        var we = ex as WebException;
        if (we == null)
            return false;

        var response = we.Response as HttpWebResponse;

        var isTransient = response != null 
                                   && statusCodes.Contains(response.StatusCode);
        return isTransient;

Continue Reading…

REST (Representational state transfer) Services play an important role in today’s interconnected systems. By exploiting HTTP, a well-known protocol, they enable applications of all types to easily exploit these service.

Continue Reading...