jump to navigation

OpenSSL Security Update / Heartbleed April 9, 2014

Posted by Swann Vichot in APISpark, Security.
add a comment

A major OpenSSL vulnerability was revealed yesterday. Learn more about the Heartbleed Bug.

The Restlet Operations team immediately started analyzing its implications: our AWS Elastic Load Balancers (ELB) used for APISpark were our main infrastructure component at risk.

APISpark Logo

Amazon has now fully fixed its ELBs and communicated the procedure for their customers to renew the SSL certificates. We have now completed the renewal of our SSL certificates for both APISpark.com and APISpark.net.

Logo - Restlet Framework

Regarding the Restlet Framework itself, as it relies on the Java Virtual Machine which includes its own SSL security implementation not related to OpenSSL, it isn’t directly affected.

However, be aware that some Java EE application servers such as Tomcat or JBoss allow you to use a native SSL implementation based on OpenSSL, so please make sure to double check how your Restlet applications are deployed and run in production.

Sometimes, SSL encryption is terminated before your Restlet application (such as for APISpark), so you might still be vulnerable in a higher layer.

If you have any question or concern, don’t hesitate to contact us via email.

Restlet Framework 2.2.0 and 2.3 M1 released! March 27, 2014

Posted by Swann Vichot in Restlet Releases, Uncategorized.
add a comment

It’s been a year and a half since the 2.1.0 release of the Restlet Framework so we are proud to announce the release version 2.2.0!

In 2013 we were also very busy with the development of APISpark, our new cloud platform for web APIs based on the framework. Actually, we recently released APISpark 2.0 so feel free to try it out, there’s lots to explore!

What’s new?

Let’s step back and review the major changes introduced since version 2.1. For complete details, you can consult the related changes log.


  • Java 6 foundation
  • Apache License 2.0
  • Internal HTTP client and server now based on JDK Net classes
    • reduced size by 45Kb for org.restlet.jar
    • recommended Android HTTP client by Google
    • moved previous internal connector to new NIO extension
  • Added Guice extension, Google’s dependency injection library
  • Added Swagger extension (only JAX-RS API support for now)
  • Added Thymeleaf extension for templating
  • Added GSON extension, supporting Google’s JSON serialization library
  • Added HTTP PATCH method support
  • Added JSONP filter to workaround single origin policies in browsers
  • Updated Jackson extension to support additional media types
    • JSON, Smile (JSON binary), XML, YAML and CSV
  • Updated OAuth extension to final 2.0 RFC (preview)
    • added client support for HTTP OAuth MAC authentication
  • Updated JAX-RS extension with client support (not JAX-RS 2.0 based)
  • Updated OSGi extension with inter-bundle OBAP:// pseudo-protocol
  • Revamped User Guide with easier navigation and content update
    • most broken links due to Daisy wiki migration were fixed
    • “Edit” button linked to GitHub for easy maintenance
  • Converter exceptions are now properly transmitted
  • Added Javadocs artefacts to Maven repository
  • Updated over 25 dependencies (Jackson, Jetty, Apache HTTP Client)
  • Many bug fixes


Early in the 2.2 development, we also:

  • Redesigned Restlet Framework logo and web site
  • Migrated forge to GitHub for source code, issues tracker and devs wiki
  • Made contributions easier as modules are now regular Eclipse projects
  • Increased user questions answers via StackOverflow

What’s coming next?

Here’s a sneak peak of the enhancements coming in version 2.3. You can download the new version 2.3 M1 here.

  • Java 7 foundation
  • Web API documentation and management
    • based on APISpark and Swagger
    • supporting various API description languages
    • introspecting various Java APIs for REST
  • Jetty 9.1 (SPDY, HTTP client)
  • Restlet API refactorings and enhancements
  • JAX-RS 2.0 support (via RESTEasy embedding)
  • Mailing lists migration to Google Groups
  • Improved user guide and new tutorial

Check out the complete 2.3 road map here.

Major contributors

Thanks to all contributors including Abraham Kang, Alvaro Munoz, Andy Dennie, Bobby Sawhney, Brian Sletten, Carl J. Mosca, Cyril Lakech, Daniel Halperin, David Jorm, David Roussel, Dennis Mitchell, Dinis Cruz, Emmanuel Liossis, Florian Bucklers, Grzegorz Godlewski, Koen Maes, Ioan Lupu, Jason Guild, Jeff Plourde, Laurent Rustuel, Loïc Oudot, Luke Adams, Mark Kharitonov, Martin Grohmann, Martin Svensson, Neal Mi, Neha Saini, Nicolas Rinaudo, Peter Ansell, Ralph van Etten, Reddy Lakshman, Robert Fischer, Shaun Elliott, Shotaro Uchida, Tal Liron, Tim Peierls, Xiaoping Feng, Yan Pujante and Wei Wei Wang.

All your contributions made a big difference!

Additional resources

Changes log:

Download links:

Learn more:
Tutorial, User guide, Javadocs
A Field Guide to Web APIs by Kin Lane

For more updates:
Follow Restlet Framework on Twitter (@restlet_org)

APISpark 2.0 released March 11, 2014

Posted by Swann Vichot in APISpark, Restlet General.

First of all we are very happy to announce that our website has undergone a major redesign!

It’s clearer, easier to navigate and we’ve merged APISpark.com and APISpark.org so you can find everything on the same site!

Screen Shot 2014-03-06 at 5.34.01 PM

Concerning the platform itself, a great deal of work has gone towards stabilizing the console.

Since last release in December, there have been numerous bug fixes (more than 100) in addition to several enhancements to keep our beta testers buzzing! Below is a detailed summary:

New features

  • API firewall (preview)
    • introduced IP addresses filtering with white & black lists
    • default CORS support to allow cross origin browser access
    • coming next: rate limitation
  • GitHub wrapper (preview)
    • provides a File Store wrapper backed by GitHub repositories
    • coming next: subfolders, account pairing and branch selection



  • Entity Store browser
    • auto-generated fields are hidden at creation and update time
    • 1-1 and 1-n cardinalities are supported for both primitive properties and properties referencing other entities
    • bug fixes for default values, duplicate properties and date entry (MM/dd/yyyy format enforced)

add entity from browser5

  • Error pages:
    • more explicit messages displayed
    • redirection after re-authentication in case of session expiration
  • Domain selection:
    • clearer error message in case of unavailability or forbidden characters

error messages

  • Entity Store:
    • added min/max values, auto-generated and nullable properties
    • default primary key was renamed to “id” (was “_id” before)
    • new auto-generated properties (creator, lastUpdated, created)
    • properties constraints now enforced at insertion and update time

new entity properties3

  • Web API:
    • fixed date entry issue (MM/dd/yyyy format enforced)
    • improved properties ordering for representation samples

Thank you to all our beta testers who have taken the time to give us feedback and who have supported us from the start. We hope you enjoy this new version of APISpark. Let us know what you think by sending us an email or by using the Help Desk.

APISpark 2.1 sneak peek?

For the next release, the console will be following in the footsteps of the web site start getting a complete makeover. Stay tuned!

Stay in Touch:

twitter icon orange small     google+ icon orange small     slideshare icon orange small     wordpress icon orange small     linkedin icon orange small

Restlet Framework 2.1.7 and 2.2 RC1 released February 13, 2014

Posted by Swann Vichot in Restlet Releases, Uncategorized.
add a comment

We are happy to release two new Restlet Framework versions: 2.2 RC1 and 2.1.7, quickly moving forward towards version 2.2.0 and beginning work on the 3.0 branch. Check out the updated road map for details.

Don’t forget to download A Field Guide to Web APIs from Kin Lane, API Evangelist. It’s a comprehensive developer guide, covering history of web APIs, technology used, cloud trends etc. If you want a preview before downloading the full guide, check out our previous blog post.

What’s new?

2.1 branch (stable)

Since announcing the release of the 2.1.4, we fixed several issues including:

  • XML External Entity injection security fix (please read our technical note and upgrade)
  • Generation of HTML representation of a WADL document
  • Complete the content-type header with the right boundary parameter value when using multipart representations
  • Status reason phrase set by the Jetty connector
  • Service-Component header missing in manifest.mf for Servlet extension in OSGi edition
  • OData not passing null when property not marked nullable
  • EncoderService exposes lists of ignored and accepted media types
  • Base64 characters padding to encoded MD5 hash before decoding.

In terms of enhancements, we added:

  • Support of nowrap “deflater” (support of GZIP compatible compression)
  • Ability to override Accept-encoding header values
  • WritableSocketChannel write loop to ensure all data has been written

Logo Restlet Framework

2.2 branch (testing)

In addition to the 2.1 branch fixes, we also solved six bugs including:

  • Declaration of Gson’s maven artifact identifier
  • Android ICS and HttpUrlConnectionCall.getResponseHeaders
  • The @Patch annotation was ignored

As well as numerous enhancements:

  • Updated over 25 dependencies (Jetty, Apache, MongoDB, etc.)
  • Added a Message#bufferEntity() method
  • Moved BufferingRepresentation from Engine to org.restlet.representation package
  • Added client support for HTTP OAuth MAC authentication
  • Added Javadocs artefacts for Maven repository
  • Added Thymeleaf templating extension
  • Improved ServerServlet.createComponent()
  • Added Swagger extension (only JAX-RS API support for now)

And made the following changes to Restlet Core (API and Engine):

  • Added new internal HTTP/HTTPS server connectors based on the com.sun.net.httpserver package available in JDK 6
  • Moved org.restlet.ext.net HTTP/HTTPS/FTP client connectors into the core org.restlet module (org.restlet.engine.net package) as the new internal client connectors
  • Moved NIO-based internal connector to new org.restlet.ext.nio extension. Marked as “developer preview” state.
  • Moved org.restlet.ext.ssl into core org.restlet.engine.ssl package except classes related to the jSSLutils library now part of new org.restlet.ext.jsslutils extension and for CertificateAuthenticator class now in org.restlet.security
  • Deprecated MediaType#APPLICATION_RDF_TURTLE and added TEXT_TURTLE constant

Recent contributors

  • Alvaro Munoz
  • Andy Dennie
  • Bobby Sawhney
  • Carl J. Mosca
  • David Roussel
  • Grzegorz Godlewski
  • Ioan Lupu
  • Jason Guild
  • Luke Adams
  • Peter Ansell
  • Ralph van Etten
  • Tal Liron
  • Xiaoping Feng

Thanks to all others who helped us in various ways.

Additional resources

Changes log:

Download links:

Learn more:
Tutorial, User guide, Javadocs
A Field Guide to Web APIs by Kin Lane

For more updates:
Follow Restlet Framework on Twitter (@restlet_org)

A Field Guide to Web APIs by Kin Lane February 11, 2014

Posted by Swann Vichot in APISpark, General, Restlet General.
1 comment so far

Kin Lane, API Evanglist, has been in the technology space for over 20 years and wants to help the world understand the great value and potential that is growing in the web API market.

To do so, he teamed up with GigaOM Research and Restlet to write a comprehensive guide to web APIs. Follow Kin on Twitter: @kinlane

Kin Lane, API Evangelist

Following are the summary and a few extracts of the guide. Download the full electronic version here: A Field Guide to Web APIs.

  • Executive Summary
  • What are APIs used for?
  • Why are web APIs different?
  • History of web APIs
  • What technology goes into an API?
  • Deploying your web API
  • Established practices for managing APIs
  • Marketing and API evangelism
  • The Future of Web APIs
  • Cloud Trends
  • Key takeaways

“A new breed of web API has emerged, delivering a vision of a lightweight, low-cost approach to connect devices and allowing applications to exchange data efficiently.”

“The most popular approach to delivering web APIs is REpresentational State Transfer (REST). This approach to API design takes advantage of the same internet mechanisms used to view regular web pages, so it has the advantage of faster implementations and is easier for developers to understand and put to use.”

“A company with resources to deploy and maintain websites can easily research and deploy APIs using the growing variety of available API frameworks such as Restlet [...]“.

GigaOM Logo

“A handful of solutions such as APISpark [...] have emerged in the past year to provide API deployment as a service. They connect to existing or new data sources and then generate web APIs complete with a portal and management tools.”

“Cloud API deployment from common data sources is making API deployment accessible to the masses, enabling API deployment of numerous resources easier for developers while making API deployment something even a nondeveloper can understand.”

Restlet Logo

“PaaS, which is one of the fastest-growing aspects of web and mobile development, provides an API-driven suite of tools that provides essential services for developers in a pay-as-you-go approach. This is the next generation of business utilities designed for developer consumption.”

Download the full electronic version here: A Field Guide to Web APIs.

The research report was underwritten by Restlet.

APISpark public beta launched December 23, 2013

Posted by Swann Vichot in APISpark, General, Restlet General.
1 comment so far

The APISpark team is happy to report the launch of its public beta. The access is no longer restricted and you can sign up today to create your first API on APISpark.com!

The launch was announced during the APIDays Conference (December 4th – 5th 2013) in Paris and feedback so far has been very encouraging. See this report on our participation to the event.


When signing up for APISpark, you will be able to follow tutorials to get you started and become familiar with the platform.

If you encounter any issue, you can let us know via the Help Desk so we can look into it and fix it. By doing so, you will be contributing to the successful development of APISpark and for that, we thank you.

New features and enhancements

Since our last release, we have made the following changes:

HTTPS endpoints for APISpark.net subdomains
We had previously announced HTTPS access to both the APISpark public web site and the console. Well, now you can also deploy your APIs safely as we have added HTTPS endpoints for all APISpark.net domains.

HTTPS endpoints

We also fixed SSL certificates to prevent unecessary browser warnings.

Quick export of Data Stores as Web APIs

Previously, creating a regular CRUD web API from an entity store required several steps including:

  • switching from the entity store to the dashboard
  • creating a new custom web API
  • importing the entity store from the API via the settings tab
  • launching the feature adding the resources from the store
  • switching to the API overview to see the new API contract

While this only takes five minutes to achieve, we realized that these steps are not very intuitive for new users. This is where the new API export feature really helps.

Quick export

Instead of five steps, you can now do all this in a single step! We have added an “Export custom API” action to the actions menu of entity stores (and also to file stores).

That action displays a special Web API creation wizard, right inside the store page. Once you fill out all the info and click on “Create”, you directly see the API overview of the new API.

Global ordering review

In this version, we also revamped the ordering of items displayed in the console, such as the properties of an entity and the list of resources of an API.

We now guarantee that their visual order will be maintained and will be logical as it can have some impact at runtime, for example on routing of API calls.


As you can see above, you can easily drag & drop a resource to change its order as well.

Misc changes

To ensure an efficient recovery plan, your structured data (store via the default entity stores) is now replicated 3 times in 2 regions (USA and Europe).

The next step for us it now to also replicate the web APIs and provide a cross-region deployment and availability of those APIs.

Finally, we also fixed about 18 bugs in this new release.

From all the Restlet team, we wish you Happy Holidays!

Swann Vichot

News coverage:

APISpark at APIdays Paris 2013 December 17, 2013

Posted by Swann Vichot in APISpark, General, Restlet General.
1 comment so far

What an event!

First of all, let me just say that as a newbie to the API arena, I found this conference to be full of valuable information and extremely rich in content.

Api Days 2013 Paris.

There were many industry-leading speakers. Jérôme Louvel, CEO of Restlet, was a speaker for the first day of the event and had wonderful turnout for his speech “Web APIs, the New Language Frontier”. He also announced the public beta of APISpark, more details are coming in another blog post!

Api Days 2013 Paris.

If you missed it or are interested in reviewing the slides again, you can find them here:

Web APIs, the New Language Frontier from Restlet

The second and last day was a little less restless (pun intended – excuse me, as a non-tech person, this is probably the only one accessible to me!) Steve Sfartz, VP of Engineering at Restlet, gave his speech “How to Build your Web API”. There weren’t many developers in the room but we did get visits at our booth after the presentation and got valuable feedback and a very interesting use case to explore – thanks to Wenting Sun of Nanyang Technological University of Singapore.

Here are Steve and Wenting, using the APISpark platform on an iPad to build and study her API needs.

ApiDays Paris 2013

As a Gold Sponsor we were really happy with the way things were set up. There were some stimulating talks and positive energy throughout. Overall, a great success!

On a complete side note, breakfast was delicious and very français.

Thank you to Webshell and FaberNovel for organizing this great event.


by Swann Vichot
Marketing Assistant at Restlet

Thank you to APIdays and François Tancré for the photos.


Restlet gets funding to accelerate APISpark growth! November 13, 2013

Posted by Jerome Louvel in APISpark, Restlet General, Uncategorized.
1 comment so far

All the Restlet team is excited to share some great news today. We are announcing a large seed funding round, our company Board and new team members!

Open Roots

When I launched the Restlet open source project on TheServerSide in 2005 as a consultant, I didn’t know how far this could lead me, but I knew Restlet Framework was the first of its kind, true to the principles of the Web (the REST architecture style published in 2000).

It changed the way Java developers can build and consume web applications & sites, without forcing previous paradigms such as RPC and MVC into a web “pipe” or artificial separating web server (think Servlet) and web client (think Apache HTTP client) technologies.

From Noelios to Restlet

After many  iterations, we reached version 1.0 and transformed Noelios as a company in 2008 with my co-founder Thierry Boileau to offer professional services. This allowed us to fund the R&D effort on Restlet, dedicate time to the writing of ‘Restlet in Action’ book and refine our ROA/D methodology.

In 2010, our technology was getting mature with 6 consistent editions supported (Android, GWT, GAE, Java SE/EE, OSGi) and the web API and cloud computing market were warming up. We started thinking about the next 5 years, now that REST and web APIs were about to become mainstream.

What was our next challenge?

APISpark, a PaaS for Web APIs

We decided to build a product around our open core that would help developers create and use the hundreds of thousands of web APIs expected in the coming years.

Our new mission was to democratize REST and web APIs for the broader developers community, beyond our community of API experts and Java engineers. 

0111_apiSpark_Logo (wordpress)

APISpark was born from the idea that creating APIs should be as simple as creating blogs on WordPress.com: a couple of minutes, a simple browser and a fraction of the “Do It Yourself” cost. APISpark brings together the IDE, hosting and management aspects into an unified Platform as a Service (PaaS) for APIs.

We also renamed the company to Restlet and changed our business model to leverage the cloud economics. APISpark is a freemium service that any developer can use free to get started. See our pricing page for details.

Funding, Board and Team

In order to successfully pivot, we needed funding, help from experienced entrepreneurs and a stronger presence in Silicon Valley. Today, we are happy to announce that we have closed a $2M seed round from two European VCs (SIPAREX and CapDecisif Management) and a few individual investors. 

We are also delighted to welcome our Board members: Bertrand Diard, co-founder and VP Strategy of Talend, Reza Malekzadeh, VP Business of Cumulus Networks and Matthieu Hug, CEO of Fujitsu RunMyProcess, along with our investor representatives. See our Board page for details.

In addition, we are welcoming Stève Sfartz as a third co-founder and VP Engineering. His strong experience in online service operations and R&D management will help us grow and structure our engineering team. Olfa Zorgati is also joining our team as our new CFO, based in the Silicon Valley where I’m moving as well. See our Team page for details.

We have also posted our first job descriptions for open positions immediately available in our engineering team.


I’m excited to pursue Restlet adventure and would like to thank all contributors to the Restlet Framework, early testers of APISpark, company advisors, numerous partners and customers who helped us getting so far!

Jérôme Louvel
Restlet, CEO

News coverage

APISpark integrates with existing data stores September 23, 2013

Posted by Jerome Louvel in APISpark, Restlet General, Uncategorized.
add a comment

Summer has been hot for the APISpark team. We improved the overall platform stability, fixed more than 50 issues, and added many new features. Today, we are happy to roll out a new release in production!

Re-expose your backend as web APIs

Today, mobile and HTML 5 applications are connected. These applications rely on a cloud backend to store user and shared data. Beside the lengthy Do It Yourself (DIY) approach, many developers prefer to rely on BaaS (Backend as a Service) providers such as Parse, StackMob and Firebase.

Several developers came to us asking for an easy and flexible way to re-expose data contained in their mobile backends. Moreover, these developers want to add business value to their data through custom, domain specific Web APIs. In other words, the built-in Web API provided for free by their traditional BaaS lacks flexibility and extensibility to suit their needs.

This is where APISpark’s new “Entity Store Wrappers” come into play, providing an easy way to expose one or multiple custom API on top of an existing BaaS. Click above to follow the APISpark tutorial for each wrapper.

Turn your Google Spreadsheets into APIs

In addition, we have worked on an integration with Google Spreadsheet. This brand new wrapper helps you expose structured data while keeping the ability to edit them using your traditional spreadsheet UI. We strongly believe that this wrapper will suit a large set of user needs and specifically Open Data use cases.

Expose your Database in the Cloud as APIs

To finish with, we also added a wrapper for any JDBC data sources, such as classic relational databases as explained in this tutorial. We have plans for additional entity wrappers, so please give us feedback on the integration models you would like to see work on.

Serve your existing files stored in AWS S3

Even though APISpark already comes with built-in file stores, internally backed by AWS S3, some users want to re-expose files stored in their own AWS S3 account. Thanks to the new File Store wrapper, APISpark supports this scenario as explained in this tutorial.

Our plan is to incrementally add new wrappers. Google Drive comes next on our list.

Many more enhancements!

In addition to these new wrappers, we have added many features based on your feed-back including:

  • GWT and Android client SDKs

  • Source code export for your web APIs (based on the open source Restlet Framework)

  • Support for GitHub login and more providers

  • Subscription management (plan selection, payment, billing)

  • Deployment region can now be selected (US-West or EU-West right now)

  • Enhanced dashboard filters, full-text capabilities, instant search

  • Terms of Use and Privacy Policy pages

Next steps

If you don’t have an APISpark account yet, we invite you to sign up for the beta. And if you can’t  wait to discover APISpark, walk through our first tutorial. If you want to know what is coming next, please check our updated public roadmap.

Thanks for all your feed-back. We can’t wait to seeing what you will build with APISpark!

Restlet Framework 2.1.4 and 2.2 M5 released September 18, 2013

Posted by Jerome Louvel in Restlet Releases, Uncategorized.

After a big push on the APISpark front during the summer, it was time to release new versions of the Restlet Framework.

2.1 branch (stable)

Since last announcement, we released both versions 2.1.3 and 2.1.4, fixing ten issues including:

  • Security issue with JavaBeans object de-serialization mechanism, now been disabled by default
  • HTTP status error in AJAX with old IE versions
  • Extension headers are now copied from JAX-RS API response to Restlet API response
  • JSON extension building has been fixed for GWT edition
  • Infinite loop in Feed class of Atom extension
  • Date concurrency issue due to broken caching attempts

Logo Restlet Framework

2.2 branch (testing)

In addition, here are the main changes made to the 2.2 branch:

  • Added GSON extension, supporting Google’s serialization library between Java and JSON
  • OAuth 2.0 extension upgraded to support final OAuth 2.0 specification
  • All bugs fixes in versions 2.1.3 and  2.1.4

Recent contributors

  • Abraham Kang
  • Alvaro Munoz
  • David Jorm
  • Dinis Cruz
  • Koen Maes
  • Loïc Oudot
  • Mark Kharitonov
  • Neal Mi
  • Robert Fischer
  • Shotaro Uchida
  • Tim Peierls

Thanks to all others who helped us in various ways.

Additional resources

Changes log:

Download links:


Get every new post delivered to your Inbox.

Join 62 other followers