接口(API)开发核心知识点

接口(API)开发核心知识点

一、API基础概念

1. 什么是API

• API (Application Programming Interface)：应用程序编程接口
• Web API：基于HTTP协议的接口，用于系统间数据交互
• RESTful API：符合REST架构风格的API设计

2. API设计原则

• 统一接口：使用标准HTTP方法(GET, POST, PUT, DELETE等)
• 无状态：每个请求包含处理所需的所有信息
• 资源导向：URI指向资源而非动作
• 表述性：资源与表现形式分离(JSON/XML等)

二、RESTful API设计规范

1. 资源命名

• 使用名词复数形式表示资源：

  /users        # 用户集合
  /users/123    # ID为123的用户
  /users/123/orders  # 用户123的订单
  

2. HTTP方法使用

方法	描述	示例
GET	获取资源	GET /users
POST	创建资源	POST /users
PUT	全量更新资源	PUT /users/123
PATCH	部分更新资源	PATCH /users/123
DELETE	删除资源	DELETE /users/123
HEAD	获取资源元数据	HEAD /users

3. 状态码规范

状态码	含义
200	OK - 成功
201	Created - 创建成功
204	No Content - 无内容
400	Bad Request - 请求错误
401	Unauthorized - 未授权
403	Forbidden - 禁止访问
404	Not Found - 资源不存在
500	Server Error - 服务器错误

4. 请求/响应设计

• 请求头：

  Accept: application/json
  Content-Type: application/json
  Authorization: Bearer <token>
  

• 请求体（JSON示例）：

  {"username": "john_doe","email": "john@example.com"
  }
  

• 响应体（JSON示例）：

  {"status": "success","data": {"id": 123,"username": "john_doe"},"message": "User created successfully"
  }
  

三、API开发技术栈

1. Java常用框架

• Spring Boot：快速构建API服务
• Spring MVC：处理HTTP请求/响应
• JAX-RS：Java API for RESTful Web Services
• Swagger/OpenAPI：API文档生成

2. 数据库访问

• JDBC：Java数据库连接
• JPA/Hibernate：ORM框架
• MyBatis：SQL映射框架
• Spring Data：简化数据访问

3. 安全认证

• Basic Auth：基本认证
• JWT：JSON Web Token
• OAuth2：开放授权协议
• Spring Security：安全框架

四、Spring Boot实现API示例

1. 控制器示例

@RestController
@RequestMapping("/api/users")
public class UserController {@Autowiredprivate UserService userService;// 获取用户列表@GetMappingpublic ResponseEntity<List<User>> getAllUsers() {return ResponseEntity.ok(userService.findAll());}// 获取单个用户@GetMapping("/{id}")public ResponseEntity<User> getUserById(@PathVariable Long id) {return userService.findById(id).map(ResponseEntity::ok).orElse(ResponseEntity.notFound().build());}// 创建用户@PostMappingpublic ResponseEntity<User> createUser(@Valid @RequestBody User user) {User savedUser = userService.save(user);URI location = ServletUriComponentsBuilder.fromCurrentRequest().path("/{id}").buildAndExpand(savedUser.getId()).toUri();return ResponseEntity.created(location).body(savedUser);}// 更新用户@PutMapping("/{id}")public ResponseEntity<User> updateUser(@PathVariable Long id, @Valid @RequestBody User user) {return ResponseEntity.ok(userService.update(id, user));}// 删除用户@DeleteMapping("/{id}")public ResponseEntity<Void> deleteUser(@PathVariable Long id) {userService.delete(id);return ResponseEntity.noContent().build();}
}

2. 统一响应封装

public class ApiResponse<T> {private String status;private T data;private String message;// 构造方法、getter/setter省略public static <T> ApiResponse<T> success(T data) {return new ApiResponse<>("success", data, null);}public static ApiResponse<?> error(String message) {return new ApiResponse<>("error", null, message);}
}

3. 全局异常处理

@ControllerAdvice
public class GlobalExceptionHandler {@ExceptionHandler(ResourceNotFoundException.class)public ResponseEntity<ApiResponse<?>> handleNotFound(ResourceNotFoundException ex) {return ResponseEntity.status(HttpStatus.NOT_FOUND).body(ApiResponse.error(ex.getMessage()));}@ExceptionHandler(MethodArgumentNotValidException.class)public ResponseEntity<ApiResponse<?>> handleValidation(MethodArgumentNotValidException ex) {List<String> errors = ex.getBindingResult().getFieldErrors().stream().map(FieldError::getDefaultMessage).collect(Collectors.toList());return ResponseEntity.badRequest().body(ApiResponse.error(errors.toString()));}@ExceptionHandler(Exception.class)public ResponseEntity<ApiResponse<?>> handleAll(Exception ex) {return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(ApiResponse.error("Internal server error"));}
}

五、API安全

1. JWT认证实现

// JWT工具类
public class JwtTokenUtil {private static final String SECRET = "your-secret-key";private static final long EXPIRATION = 86400000; // 24小时public static String generateToken(UserDetails userDetails) {return Jwts.builder().setSubject(userDetails.getUsername()).setIssuedAt(new Date()).setExpiration(new Date(System.currentTimeMillis() + EXPIRATION)).signWith(SignatureAlgorithm.HS512, SECRET).compact();}public static String getUsernameFromToken(String token) {return Jwts.parser().setSigningKey(SECRET).parseClaimsJws(token).getBody().getSubject();}public static boolean validateToken(String token, UserDetails userDetails) {final String username = getUsernameFromToken(token);return (username.equals(userDetails.getUsername()) && !isTokenExpired(token));}private static boolean isTokenExpired(String token) {Date expiration = Jwts.parser().setSigningKey(SECRET).parseClaimsJws(token).getBody().getExpiration();return expiration.before(new Date());}
}

2. Spring Security配置

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {@Autowiredprivate UserDetailsService userDetailsService;@Overrideprotected void configure(HttpSecurity http) throws Exception {http.csrf().disable().authorizeRequests().antMatchers("/api/auth/**").permitAll().anyRequest().authenticated().and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().addFilter(new JwtAuthenticationFilter(authenticationManager())).addFilter(new JwtAuthorizationFilter(authenticationManager()));}@Overridepublic void configure(AuthenticationManagerBuilder auth) throws Exception {auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());}@Beanpublic PasswordEncoder passwordEncoder() {return new BCryptPasswordEncoder();}
}

六、API文档

1. Swagger配置

@Configuration
@EnableSwagger2
public class SwaggerConfig {@Beanpublic Docket api() {return new Docket(DocumentationType.SWAGGER_2).select().apis(RequestHandlerSelectors.basePackage("com.example.api")).paths(PathSelectors.any()).build().apiInfo(apiInfo());}private ApiInfo apiInfo() {return new ApiInfoBuilder().title("API Documentation").description("API reference for developers").version("1.0").build();}
}

2. OpenAPI 3.0配置

@Configuration
public class OpenApiConfig {@Beanpublic OpenAPI customOpenAPI() {return new OpenAPI().info(new Info().title("API Documentation").version("1.0").description("API reference for developers").license(new License().name("Apache 2.0"))).externalDocs(new ExternalDocumentation().description("API Wiki Documentation").url("https://example.com/docs"));}
}

七、API测试

1. Postman测试

• 请求示例：

  GET http://localhost:8080/api/users
  Headers:Authorization: Bearer <token>Accept: application/json
  

2. 单元测试示例

@SpringBootTest
@AutoConfigureMockMvc
class UserControllerTest {@Autowiredprivate MockMvc mockMvc;@Testvoid shouldReturnAllUsers() throws Exception {mockMvc.perform(get("/api/users").contentType(MediaType.APPLICATION_JSON)).andExpect(status().isOk()).andExpect(jsonPath("$", hasSize(2)));}@Testvoid shouldCreateUser() throws Exception {String userJson = "{\"username\":\"test\",\"email\":\"test@example.com\"}";mockMvc.perform(post("/api/users").contentType(MediaType.APPLICATION_JSON).content(userJson)).andExpect(status().isCreated()).andExpect(jsonPath("$.username").value("test"));}
}

八、API性能优化

1. 缓存策略

• 客户端缓存：Cache-Control头
• 服务端缓存：Redis, Memcached
• 数据库缓存：查询缓存

2. 分页与限流

• 分页参数：

  GET /api/users?page=1&size=20
  

• 限流实现：

  @RateLimiter(value = 10, key = "#userId") // 每秒10次
  @GetMapping("/api/users/{userId}")
  public ResponseEntity<User> getUser(@PathVariable String userId) {// ...
  }
  

3. 异步处理

@Async
public CompletableFuture<User> getUserAsync(Long id) {return CompletableFuture.completedFuture(userRepository.findById(id).orElse(null));
}

九、微服务API网关

1. Spring Cloud Gateway

spring:cloud:gateway:routes:- id: user-serviceuri: lb://user-servicepredicates:- Path=/api/users/**filters:- StripPrefix=1

2. 常见网关功能

• 路由转发
• 负载均衡
• 熔断降级
• 权限验证
• 请求限流
• 日志监控

以上是API开发的核心知识点，涵盖了设计规范、实现技术、安全认证、文档生成和性能优化等方面，掌握这些内容可以开发出高质量、安全可靠的API接口。