SlideShare uma empresa Scribd logo

Recipes for API Ninjas

Nordic APIs
Nordic APIs

Main focus of the talk is to communicate some key concepts of designing/implementing APIs based on an enterprise grade API Standards and Guidelines. We will try to handcraft few API recipes(i.e. implementation design) with real-life examples mixed with a live coding session. While working on each recipe, we will delve into the rationale behind design decisions and best practices. We believe that these concepts will help a developer build a comprehensive API solution from scratch.

Tecnologia
1 de 19
Baixar para ler offline
Sandip Dhummad Director Technology Architecture S&P Global Ratings DevSecOps Communities of Practice Lead Recipes for API Ninjas Amit Patel Sr Cloud Architect S&P Global Ratings API Communities of Practice Lead https://www.linkedin.com/in/sandipdhummad/ @sdhummad https://www.linkedin.com/in/avpatel257 @two57
Agenda Recipes Recipe #1 – Build RESTful service Recipe #2 – Input data validation Recipe #3 – Fetch selected fields only Recipe #4 – Filter response Recipe #5 – Request results in paginated fashion Recipe #6 – Cache API result Recipe #7 – Compress API result Luncheon – Demo of an API using relational DB supporting all recipes 2
APIs Everywhere 3 01 API can attract blockbuster complements 02 APIs are the windows to new ecosystems API First• Over 19,000-API mark in January of 2018 • Since January of 2014, an average of more than 2,000 APIs have been added per year
API First Strategy 4 But….. Will it make my APIs a hit in market like Netflix, Facebook, Twitter, Google APIs? Important architectural/technical aspects for building scalable, reliable, light weight API What makes APIs more consumer friendly and easy to use???
API – Culinary Art 5 Customers Cook Pizza Soup Taco Fries Requests Customer API with several features(i.e. Recipes) Business User API Ninja Tries to implement API with requested features using various techniques that we are going to discuss today Comprehensive API Chef
Recipe #1 Build RESTful service 6 Build Restful API for managing customer information. A customer can have one or many contacts. A Contact can have one or many addresses Business User API Ninja URI Action Mapping • URI is the identity of an API like one’s name. Think twice before finalize the resource name URI • Follow below 4 resource archetypes • Document – Singular concept, represents fields with values or links. E.g. /customers/john • Collection – Server managed directory of resources E.g. /customers • Store - Client managed resource repo. E.g. PUT /customers/john • Controller - Procedural concept like executable function. E.g. /customers/john/credit-check Action Mapping • Create –> POST, Read –> GET, Update –> PUT, Delete –> DELETE Guidelines
Recipe #1 Build RESTful service 7 Build Restful API for managing customer information. A customer can have one or many contacts. A Contact can have one or many addresses Business User API Ninja URI Action Mapping • Standard naming conventions makes API more intuitive • Good API documentations plays very important role in API adoption. Don’t neglect them. Naming Conventions API Docs URI • All lower case • Separate words by ‘-’, e.g. /credit-check • Archetype mapping • Document names -> Singular Noun • Collection names -> Plural Noun • Store names -> Plural Noun • Controller names -> Verb or Verb phrase Query Param • Either follow the same pattern as URI or define it based on data binding supported by backend language(s), e.g. ?fields={firstName, lastName} API Docs • API docs with inline test/try capability Guidelines
Recipe #2 Input data validation 8 Length Check Null Check Pattern Check Input Sanitization Make sure that customer provides first name, size of name fields is not more than 80, provides valid email/phone number etc. Business User Other API Ninja • Input data validation is important vehicle for API security Input Data Validation • Leverage cross cutting aspects for data validation for avoiding boiler plate code • Use data binding/validation frameworks like Bean Validation, Hibernate Validations etc. for Java applications • Leverage consistent error handling mechanism for all your APIs Input Sanitization • Prevents attacks like XSS, SQL Injection, Header Bomb etc. • Use API gateway or a cross cutting concern for input sanitization Guidelines
Recipe #3 Fetch selected fields only 9 Approach Controller Resource Versioning • API Consumer knows how to use API for their applications, let’s put them in driving seat. Also implement similar high performant API with partial response for mobile clients Business User API Ninja Why Partial Response Capability Needed? • To avoid over-fetching or under-fetching problems • Helps remove service sprawl and version sprawl issue Methods - Service Provider vs Consumer • Service provider defines what should a domain object look like for a given resource • Depending on the client application need, consumer knows the shape of an object needed better than service provider Approaches 1. Controller Resource • TShirt sizing or templatizing response leads to service sprawl issue. For e.g. /customers/1/lite • Leads to Service sprawl issues 2. Versioning • Never ever use versioning for shaping response object • Leads to version sprawl issues
Recipe #3 Fetch selected fields only 10 Approach Controller Resource Identifying Path Optional Fields Nested Fields Mandatory Fields Field Selector • API Consumer knows how to use API for their applications, let’s put them in driving seat. Also implement similar high performant API with partial response for mobile clients Business User API Ninja Approaches 3. Leverage Identifying Path • Add form factor in URI. E.g. /mobile/customers/1 • If different field list provided based on dimensions other than form factor like client, product etc. then add them in the path. E.g. /premium/customers/1 • Leads to Service sprawl issues 4. Field Selector • Ability to define list of fields to be retrieved by API consumer. E.g. /customers/1?fields=firstName,lastName • Need to make sure that mandatory fields like id are always provided as they are needed for following operations • Support for Nested Object field is a big plus • This method provides much control to consumers without causing service/version sprawl • Downside of this approach is that field name proliferation to client code Versioning
Recipe #4 Filter response 11 Approach Support for Query Operators Type binding Multi Datastore SupportController Resource By the way I also need an ability to query the response like select all customers living in NYC. Take a look at Salesforce API. Business User API Ninja Why Response Filtering is Needed? • Consumer knows what needs to be filtered based on application context • To avoid over-fetching or under-fetching problems • Helps remove service sprawl and version sprawl issue Approaches 1. Controller Resource • Controllers supporting predefined filters. E.g. /customers/nyc • Can support very limited filtering needs • Leads to Service sprawl issues 2. Filtering through Query Expression • Filtering response through query expression provides lots of flexibilities. E.g. /customers?query=firstName==Jonh* • Queries can be supplied either in request body or through query parameter • Inner architecture is complex – data type binding, operators, federation to multi data sources etc. • Leverage spec like FIQL/RSQL, Elastic Search, GraphQL, OData etc. for Query language • API Consumer would love to play with your API, if they support simple filtering mechanisms. This differentiating capability would empower your API consumers for building newer apps
12 Looks like API is too slow and BTW why are your returning all records at once? Business User API Ninja • Request that returns multiple items should be paginated Without pagination, a simple search could return millions or even billions of hits causing extraneous network traffic. Offset Pagination • simplest form of paging • Easiest to implement • Not performant for large offset values • Not reliable when new items are inserted to DB Keyset-based/Continuation Token: • Faster and more reliable • Scalability, reliability and efficiency depends on the approach • continuation token points to the last element of the current page. It is passed back to the server in order to retrieve the next page • Link for next page (HATEOS) Guidelines Approach DB Level Pagination Client Side Pagination Application Level Pagination Recipe #5 Pagination
13 Looks like API is too slow? Business User API Ninja • Cache settings and cache management should be carefully done matching application needs. • Client side Caching • caching policy via the Cache-Control HTTP header • Server side cache • Memcached • Redis • Leverage external cache, preferably distributed cache for API result caching • Prefer to do method level caching for API result • Add proper cache expiration headers in the API results Guidelines Approach DB Level Caching Client Side Caching Application Level Caching Cache Options Local Cache Distributed Cache Recipe #6 Cache API result
14 Looks like API returns huge payload and is slow? Business User API Ninja • Its a good practice to compress the service responses especially for the methods returning collection of objects Compression Algorithm • Leverage widely adopted standard compression algorithm like Gzip Framework Support • Use a method level custom annotation implemented(@Compress) in the services framework, wherever compression of API result is required Guidelines Approach Shared Functionality Browser Friendly Compression Algo Toggle ON/OFF Recipe #7 Compression
Luncheon 15
Demo of an API using relational DB supporting all recipes 16 The reference implementation of Customer API connecting to relational DB(Mysql/H2) supports following features: • CRUD operations • Input data validation • Fetch selected fields only • Filter response by expression • Compress API result
17 Let’s pray to Demo God -:Demo Time:- https://github.com/avpatel257/nordic-apis-2019
18 Thank You!!
19 Icon(s) made by Freepik from www.flaticon.com References REST API Design Rulebook by Mark Masse https://www.programmableweb.com/news/research-shows-interest-providing-apis-still- high/research/2018/02/23 https://hbr.org/2015/01/the-strategic-value-of-apis Programmable Web - Harvard Business Review Article - Important Information Credit https://github.com/avpatel257/nordic-apis-2019 Sample Source Code

Recomendados

Dependency Down, Flexibility Up – The Benefits of API-First Development
Dependency Down, Flexibility Up – The Benefits of API-First DevelopmentDependency Down, Flexibility Up – The Benefits of API-First Development
Dependency Down, Flexibility Up – The Benefits of API-First DevelopmentNordic APIs
 
Developer Support Models: Calibrating Service Level to Commitment
Developer Support Models: Calibrating Service Level to CommitmentDeveloper Support Models: Calibrating Service Level to Commitment
Developer Support Models: Calibrating Service Level to CommitmentNordic APIs
 
Take Your API Docs from 406 Not Acceptable to 200 OK
Take Your API Docs from 406 Not Acceptable to 200 OKTake Your API Docs from 406 Not Acceptable to 200 OK
Take Your API Docs from 406 Not Acceptable to 200 OKNordic APIs
 
Serverless Functions and Machine Learning: Putting the AI in APIs
Serverless Functions and Machine Learning: Putting the AI in APIsServerless Functions and Machine Learning: Putting the AI in APIs
Serverless Functions and Machine Learning: Putting the AI in APIsNordic APIs
 
Hacks, Workarounds, and Creative Solutions: How Unsupported Use Cases Reveal ...
Hacks, Workarounds, and Creative Solutions: How Unsupported Use Cases Reveal ...Hacks, Workarounds, and Creative Solutions: How Unsupported Use Cases Reveal ...
Hacks, Workarounds, and Creative Solutions: How Unsupported Use Cases Reveal ...Nordic APIs
 
Public API
Public APIPublic API
Public APIAmir Zuker
 
How to Build an Effective API Security Strategy
How to Build an Effective API Security StrategyHow to Build an Effective API Security Strategy
How to Build an Effective API Security StrategyNordic APIs
 
Pain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywherePain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywhereNordic APIs
 

Recomendados

Dependency Down, Flexibility Up – The Benefits of API-First Development
Dependency Down, Flexibility Up – The Benefits of API-First DevelopmentDependency Down, Flexibility Up – The Benefits of API-First Development
Dependency Down, Flexibility Up – The Benefits of API-First DevelopmentNordic APIs
 
Developer Support Models: Calibrating Service Level to Commitment
Developer Support Models: Calibrating Service Level to CommitmentDeveloper Support Models: Calibrating Service Level to Commitment
Developer Support Models: Calibrating Service Level to CommitmentNordic APIs
 
Take Your API Docs from 406 Not Acceptable to 200 OK
Take Your API Docs from 406 Not Acceptable to 200 OKTake Your API Docs from 406 Not Acceptable to 200 OK
Take Your API Docs from 406 Not Acceptable to 200 OKNordic APIs
 
Serverless Functions and Machine Learning: Putting the AI in APIs
Serverless Functions and Machine Learning: Putting the AI in APIsServerless Functions and Machine Learning: Putting the AI in APIs
Serverless Functions and Machine Learning: Putting the AI in APIsNordic APIs
 
Hacks, Workarounds, and Creative Solutions: How Unsupported Use Cases Reveal ...
Hacks, Workarounds, and Creative Solutions: How Unsupported Use Cases Reveal ...Hacks, Workarounds, and Creative Solutions: How Unsupported Use Cases Reveal ...
Hacks, Workarounds, and Creative Solutions: How Unsupported Use Cases Reveal ...Nordic APIs
 
Public API
Public APIPublic API
Public APIAmir Zuker
 
How to Build an Effective API Security Strategy
How to Build an Effective API Security StrategyHow to Build an Effective API Security Strategy
How to Build an Effective API Security StrategyNordic APIs
 
Pain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywherePain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywhereNordic APIs
 
Achieving Microservices Maturity
Achieving Microservices MaturityAchieving Microservices Maturity
Achieving Microservices MaturityNordic APIs
 
Lessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc SiteLessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc SitePronovix
 
Best Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & EfficientBest Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & EfficientNordic APIs
 
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...apidays
 
Lean Method for Building Good APIs for Business – APIOps Cycles
Lean Method for Building Good APIs for Business – APIOps CyclesLean Method for Building Good APIs for Business – APIOps Cycles
Lean Method for Building Good APIs for Business – APIOps CyclesNordic APIs
 
Evolution of API Management in the BBC
Evolution of API Management in the BBCEvolution of API Management in the BBC
Evolution of API Management in the BBCNordic APIs
 
How to Build an Effective API Security Strategy
How to Build an Effective API Security StrategyHow to Build an Effective API Security Strategy
How to Build an Effective API Security StrategyNordic APIs
 
API Products: Who, What, Where, When, Why, and How?
API Products: Who, What, Where, When, Why, and How?API Products: Who, What, Where, When, Why, and How?
API Products: Who, What, Where, When, Why, and How?Nordic APIs
 
Why APIs are Different Than Integration
Why APIs are Different Than IntegrationWhy APIs are Different Than Integration
Why APIs are Different Than IntegrationApigee | Google Cloud
 
Overview of API Management Architectures
Overview of API Management ArchitecturesOverview of API Management Architectures
Overview of API Management ArchitecturesNordic APIs
 
APIs in the Enterprise -Lessons Learned
APIs in the Enterprise -Lessons LearnedAPIs in the Enterprise -Lessons Learned
APIs in the Enterprise -Lessons LearnedApigee | Google Cloud
 
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)Nordic APIs
 
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge WorkshopI Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge WorkshopApigee | Google Cloud
 
Rest api best practices – comprehensive handbook
Rest api best practices – comprehensive handbookRest api best practices – comprehensive handbook
Rest api best practices – comprehensive handbookKaty Slemon
 
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...Nordic APIs
 
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...Nordic APIs
 
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...apidays
 
API First: Going Beyond SOA, ESBs, and Integration
API First: Going Beyond SOA, ESBs, and Integration API First: Going Beyond SOA, ESBs, and Integration
API First: Going Beyond SOA, ESBs, and Integration Apigee | Google Cloud
 
Applying Domain-Driven Design to APIs and Microservices - Austin API Meetup
Applying Domain-Driven Design to APIs and Microservices - Austin API MeetupApplying Domain-Driven Design to APIs and Microservices - Austin API Meetup
Applying Domain-Driven Design to APIs and Microservices - Austin API MeetupLaunchAny
 
SOA in the API World - Facades, Transactions, Stateless Services
SOA in the API World - Facades, Transactions, Stateless Services SOA in the API World - Facades, Transactions, Stateless Services
SOA in the API World - Facades, Transactions, Stateless Services Apigee | Google Cloud
 
How to design effective APIs
How to design effective APIsHow to design effective APIs
How to design effective APIsBansilal Haudakari
 
Effective API Design
Effective API DesignEffective API Design
Effective API DesignBansilal Haudakari
 

Mais conteúdo relacionado

Mais procurados

Achieving Microservices Maturity
Achieving Microservices MaturityAchieving Microservices Maturity
Achieving Microservices MaturityNordic APIs
 
Lessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc SiteLessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc SitePronovix
 
Best Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & EfficientBest Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & EfficientNordic APIs
 
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...apidays
 
Lean Method for Building Good APIs for Business – APIOps Cycles
Lean Method for Building Good APIs for Business – APIOps CyclesLean Method for Building Good APIs for Business – APIOps Cycles
Lean Method for Building Good APIs for Business – APIOps CyclesNordic APIs
 
Evolution of API Management in the BBC
Evolution of API Management in the BBCEvolution of API Management in the BBC
Evolution of API Management in the BBCNordic APIs
 
How to Build an Effective API Security Strategy
How to Build an Effective API Security StrategyHow to Build an Effective API Security Strategy
How to Build an Effective API Security StrategyNordic APIs
 
API Products: Who, What, Where, When, Why, and How?
API Products: Who, What, Where, When, Why, and How?API Products: Who, What, Where, When, Why, and How?
API Products: Who, What, Where, When, Why, and How?Nordic APIs
 
Why APIs are Different Than Integration
Why APIs are Different Than IntegrationWhy APIs are Different Than Integration
Why APIs are Different Than IntegrationApigee | Google Cloud
 
Overview of API Management Architectures
Overview of API Management ArchitecturesOverview of API Management Architectures
Overview of API Management ArchitecturesNordic APIs
 
APIs in the Enterprise -Lessons Learned
APIs in the Enterprise -Lessons LearnedAPIs in the Enterprise -Lessons Learned
APIs in the Enterprise -Lessons LearnedApigee | Google Cloud
 
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)Nordic APIs
 
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge WorkshopI Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge WorkshopApigee | Google Cloud
 
Rest api best practices – comprehensive handbook
Rest api best practices – comprehensive handbookRest api best practices – comprehensive handbook
Rest api best practices – comprehensive handbookKaty Slemon
 
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...Nordic APIs
 
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...Nordic APIs
 
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...apidays
 
API First: Going Beyond SOA, ESBs, and Integration
API First: Going Beyond SOA, ESBs, and Integration API First: Going Beyond SOA, ESBs, and Integration
API First: Going Beyond SOA, ESBs, and Integration Apigee | Google Cloud
 
Applying Domain-Driven Design to APIs and Microservices - Austin API Meetup
Applying Domain-Driven Design to APIs and Microservices - Austin API MeetupApplying Domain-Driven Design to APIs and Microservices - Austin API Meetup
Applying Domain-Driven Design to APIs and Microservices - Austin API MeetupLaunchAny
 
SOA in the API World - Facades, Transactions, Stateless Services
SOA in the API World - Facades, Transactions, Stateless Services SOA in the API World - Facades, Transactions, Stateless Services
SOA in the API World - Facades, Transactions, Stateless Services Apigee | Google Cloud
 

Mais procurados (20)

Achieving Microservices Maturity
Achieving Microservices MaturityAchieving Microservices Maturity
Achieving Microservices Maturity
 
Lessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc SiteLessons Learned from Revamping Our Doc Site
Lessons Learned from Revamping Our Doc Site
 
Best Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & EfficientBest Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & Efficient
 
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...
 
Lean Method for Building Good APIs for Business – APIOps Cycles
Lean Method for Building Good APIs for Business – APIOps CyclesLean Method for Building Good APIs for Business – APIOps Cycles
Lean Method for Building Good APIs for Business – APIOps Cycles
 
Evolution of API Management in the BBC
Evolution of API Management in the BBCEvolution of API Management in the BBC
Evolution of API Management in the BBC
 
How to Build an Effective API Security Strategy
How to Build an Effective API Security StrategyHow to Build an Effective API Security Strategy
How to Build an Effective API Security Strategy
 
API Products: Who, What, Where, When, Why, and How?
API Products: Who, What, Where, When, Why, and How?API Products: Who, What, Where, When, Why, and How?
API Products: Who, What, Where, When, Why, and How?
 
Why APIs are Different Than Integration
Why APIs are Different Than IntegrationWhy APIs are Different Than Integration
Why APIs are Different Than Integration
 
Overview of API Management Architectures
Overview of API Management ArchitecturesOverview of API Management Architectures
Overview of API Management Architectures
 
APIs in the Enterprise -Lessons Learned
APIs in the Enterprise -Lessons LearnedAPIs in the Enterprise -Lessons Learned
APIs in the Enterprise -Lessons Learned
 
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
 
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge WorkshopI Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
 
Rest api best practices – comprehensive handbook
Rest api best practices – comprehensive handbookRest api best practices – comprehensive handbook
Rest api best practices – comprehensive handbook
 
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
 
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
 
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...
APIdays Paris 2019 - Microservices vs Miniservices vs Monoliths: Winner Takes...
 
API First: Going Beyond SOA, ESBs, and Integration
API First: Going Beyond SOA, ESBs, and Integration API First: Going Beyond SOA, ESBs, and Integration
API First: Going Beyond SOA, ESBs, and Integration
 
Applying Domain-Driven Design to APIs and Microservices - Austin API Meetup
Applying Domain-Driven Design to APIs and Microservices - Austin API MeetupApplying Domain-Driven Design to APIs and Microservices - Austin API Meetup
Applying Domain-Driven Design to APIs and Microservices - Austin API Meetup
 
SOA in the API World - Facades, Transactions, Stateless Services
SOA in the API World - Facades, Transactions, Stateless Services SOA in the API World - Facades, Transactions, Stateless Services
SOA in the API World - Facades, Transactions, Stateless Services
 

Semelhante a Recipes for API Ninjas

apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...apidays
 
Lessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptxLessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptxapidays
 
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...Callon Campbell
 
Designing your API Server for mobile apps
Designing your API Server for mobile appsDesigning your API Server for mobile apps
Designing your API Server for mobile appsMugunth Kumar
 
Integration strategies best practices- Mulesoft meetup April 2018
Integration strategies best practices- Mulesoft meetup April 2018Integration strategies best practices- Mulesoft meetup April 2018
Integration strategies best practices- Mulesoft meetup April 2018Rohan Rasane
 
Grand tour of Azure API Management.pdf
Grand tour of Azure API Management.pdfGrand tour of Azure API Management.pdf
Grand tour of Azure API Management.pdfSherman37
 
Scaling API Design
Scaling API DesignScaling API Design
Scaling API DesignJason Harmon
 
Scaling API Design - Nordic APIs 2014
Scaling API Design - Nordic APIs 2014Scaling API Design - Nordic APIs 2014
Scaling API Design - Nordic APIs 2014Jason Harmon
 
APIs In Action -Harnessing the Power of Azure API Management: Building Robust...
APIs In Action -Harnessing the Power of Azure API Management: Building Robust...APIs In Action -Harnessing the Power of Azure API Management: Building Robust...
APIs In Action -Harnessing the Power of Azure API Management: Building Robust...Hamida Rebai Trabelsi
 
Oscon2014 Netflix API - Top 10 Lessons Learned
Oscon2014 Netflix API - Top 10 Lessons LearnedOscon2014 Netflix API - Top 10 Lessons Learned
Oscon2014 Netflix API - Top 10 Lessons LearnedSangeeta Narayanan
 
API Management Building Blocks and Business value
API Management Building Blocks and Business valueAPI Management Building Blocks and Business value
API Management Building Blocks and Business valueWSO2
 
apidays LIVE LONDON - API Standards and Governance Platform by Nicoleta Stoica
apidays LIVE LONDON - API Standards and Governance Platform by Nicoleta Stoicaapidays LIVE LONDON - API Standards and Governance Platform by Nicoleta Stoica
apidays LIVE LONDON - API Standards and Governance Platform by Nicoleta Stoicaapidays
 
Business Applications Integration In The Cloud
Business Applications Integration In The CloudBusiness Applications Integration In The Cloud
Business Applications Integration In The CloudAnna Brzezińska
 
Top 10 Lessons Learned from the Netflix API - OSCON 2014
Top 10 Lessons Learned from the Netflix API - OSCON 2014Top 10 Lessons Learned from the Netflix API - OSCON 2014
Top 10 Lessons Learned from the Netflix API - OSCON 2014Daniel Jacobson
 
WSO2Con EU 2015: Towards a Winning API Strategy
WSO2Con EU 2015: Towards a Winning API StrategyWSO2Con EU 2015: Towards a Winning API Strategy
WSO2Con EU 2015: Towards a Winning API StrategyWSO2
 
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...apidays
 

Semelhante a Recipes for API Ninjas (20)

How to design effective APIs
How to design effective APIsHow to design effective APIs
How to design effective APIs
 
Effective API Design
Effective API DesignEffective API Design
Effective API Design
 
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
 
Lessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptxLessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptx
 
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
 
Designing your API Server for mobile apps
Designing your API Server for mobile appsDesigning your API Server for mobile apps
Designing your API Server for mobile apps
 
Integration strategies best practices- Mulesoft meetup April 2018
Integration strategies best practices- Mulesoft meetup April 2018Integration strategies best practices- Mulesoft meetup April 2018
Integration strategies best practices- Mulesoft meetup April 2018
 
Grand tour of Azure API Management.pdf
Grand tour of Azure API Management.pdfGrand tour of Azure API Management.pdf
Grand tour of Azure API Management.pdf
 
Scaling API Design
Scaling API DesignScaling API Design
Scaling API Design
 
Scaling API Design - Nordic APIs 2014
Scaling API Design - Nordic APIs 2014Scaling API Design - Nordic APIs 2014
Scaling API Design - Nordic APIs 2014
 
APIs In Action -Harnessing the Power of Azure API Management: Building Robust...
APIs In Action -Harnessing the Power of Azure API Management: Building Robust...APIs In Action -Harnessing the Power of Azure API Management: Building Robust...
APIs In Action -Harnessing the Power of Azure API Management: Building Robust...
 
Open Banking & Open Insurance
Open Banking & Open InsuranceOpen Banking & Open Insurance
Open Banking & Open Insurance
 
Oscon2014 Netflix API - Top 10 Lessons Learned
Oscon2014 Netflix API - Top 10 Lessons LearnedOscon2014 Netflix API - Top 10 Lessons Learned
Oscon2014 Netflix API - Top 10 Lessons Learned
 
API Management Building Blocks and Business value
API Management Building Blocks and Business valueAPI Management Building Blocks and Business value
API Management Building Blocks and Business value
 
apidays LIVE LONDON - API Standards and Governance Platform by Nicoleta Stoica
apidays LIVE LONDON - API Standards and Governance Platform by Nicoleta Stoicaapidays LIVE LONDON - API Standards and Governance Platform by Nicoleta Stoica
apidays LIVE LONDON - API Standards and Governance Platform by Nicoleta Stoica
 
Business Applications Integration In The Cloud
Business Applications Integration In The CloudBusiness Applications Integration In The Cloud
Business Applications Integration In The Cloud
 
Top 10 Lessons Learned from the Netflix API - OSCON 2014
Top 10 Lessons Learned from the Netflix API - OSCON 2014Top 10 Lessons Learned from the Netflix API - OSCON 2014
Top 10 Lessons Learned from the Netflix API - OSCON 2014
 
WSO2Con EU 2015: Towards a Winning API Strategy
WSO2Con EU 2015: Towards a Winning API StrategyWSO2Con EU 2015: Towards a Winning API Strategy
WSO2Con EU 2015: Towards a Winning API Strategy
 
Smartone v1.0
Smartone v1.0Smartone v1.0
Smartone v1.0
 
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
 

Mais de Nordic APIs

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...Nordic APIs
 
The Art of API Design, by David Biesack at Apiture
The Art of API Design, by David Biesack at ApitureThe Art of API Design, by David Biesack at Apiture
The Art of API Design, by David Biesack at ApitureNordic APIs
 
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...Nordic APIs
 
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...Nordic APIs
 
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...Nordic APIs
 
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNLAPI Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNLNordic APIs
 
API Discovery from Crawl to Run - Rob Dickinson, Graylog
API Discovery from Crawl to Run - Rob Dickinson, GraylogAPI Discovery from Crawl to Run - Rob Dickinson, Graylog
API Discovery from Crawl to Run - Rob Dickinson, GraylogNordic APIs
 
Productizing and Monetizing APIs - Derric Gilling, Moseif
Productizing and Monetizing APIs - Derric Gilling, MoseifProductizing and Monetizing APIs - Derric Gilling, Moseif
Productizing and Monetizing APIs - Derric Gilling, MoseifNordic APIs
 
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, SipiosSecurely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, SipiosNordic APIs
 
Security of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.ioSecurity of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.ioNordic APIs
 
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...Nordic APIs
 
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...Nordic APIs
 
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...Nordic APIs
 
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAnyEstablish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAnyNordic APIs
 
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...Nordic APIs
 
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIsGoing Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIsNordic APIs
 
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Nordic APIs
 
GenAI: Producing and Consuming APIs by Paul Dumas, Gartner
GenAI: Producing and Consuming APIs by Paul Dumas, GartnerGenAI: Producing and Consuming APIs by Paul Dumas, Gartner
GenAI: Producing and Consuming APIs by Paul Dumas, GartnerNordic APIs
 
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...Nordic APIs
 
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...Nordic APIs
 

Mais de Nordic APIs (20)

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
 
The Art of API Design, by David Biesack at Apiture
The Art of API Design, by David Biesack at ApitureThe Art of API Design, by David Biesack at Apiture
The Art of API Design, by David Biesack at Apiture
 
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
 
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
 
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
 
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNLAPI Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
 
API Discovery from Crawl to Run - Rob Dickinson, Graylog
API Discovery from Crawl to Run - Rob Dickinson, GraylogAPI Discovery from Crawl to Run - Rob Dickinson, Graylog
API Discovery from Crawl to Run - Rob Dickinson, Graylog
 
Productizing and Monetizing APIs - Derric Gilling, Moseif
Productizing and Monetizing APIs - Derric Gilling, MoseifProductizing and Monetizing APIs - Derric Gilling, Moseif
Productizing and Monetizing APIs - Derric Gilling, Moseif
 
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, SipiosSecurely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
 
Security of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.ioSecurity of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.io
 
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
 
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
 
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
 
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAnyEstablish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
 
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
 
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIsGoing Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
 
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
 
GenAI: Producing and Consuming APIs by Paul Dumas, Gartner
GenAI: Producing and Consuming APIs by Paul Dumas, GartnerGenAI: Producing and Consuming APIs by Paul Dumas, Gartner
GenAI: Producing and Consuming APIs by Paul Dumas, Gartner
 
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
 
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
 

Último

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 

Último (20)

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 

Recipes for API Ninjas

  • 1. Sandip Dhummad Director Technology Architecture S&P Global Ratings DevSecOps Communities of Practice Lead Recipes for API Ninjas Amit Patel Sr Cloud Architect S&P Global Ratings API Communities of Practice Lead https://www.linkedin.com/in/sandipdhummad/ @sdhummad https://www.linkedin.com/in/avpatel257 @two57
  • 2. Agenda Recipes Recipe #1 – Build RESTful service Recipe #2 – Input data validation Recipe #3 – Fetch selected fields only Recipe #4 – Filter response Recipe #5 – Request results in paginated fashion Recipe #6 – Cache API result Recipe #7 – Compress API result Luncheon – Demo of an API using relational DB supporting all recipes 2
  • 3. APIs Everywhere 3 01 API can attract blockbuster complements 02 APIs are the windows to new ecosystems API First• Over 19,000-API mark in January of 2018 • Since January of 2014, an average of more than 2,000 APIs have been added per year
  • 4. API First Strategy 4 But….. Will it make my APIs a hit in market like Netflix, Facebook, Twitter, Google APIs? Important architectural/technical aspects for building scalable, reliable, light weight API What makes APIs more consumer friendly and easy to use???
  • 5. API – Culinary Art 5 Customers Cook Pizza Soup Taco Fries Requests Customer API with several features(i.e. Recipes) Business User API Ninja Tries to implement API with requested features using various techniques that we are going to discuss today Comprehensive API Chef
  • 6. Recipe #1 Build RESTful service 6 Build Restful API for managing customer information. A customer can have one or many contacts. A Contact can have one or many addresses Business User API Ninja URI Action Mapping • URI is the identity of an API like one’s name. Think twice before finalize the resource name URI • Follow below 4 resource archetypes • Document – Singular concept, represents fields with values or links. E.g. /customers/john • Collection – Server managed directory of resources E.g. /customers • Store - Client managed resource repo. E.g. PUT /customers/john • Controller - Procedural concept like executable function. E.g. /customers/john/credit-check Action Mapping • Create –> POST, Read –> GET, Update –> PUT, Delete –> DELETE Guidelines
  • 7. Recipe #1 Build RESTful service 7 Build Restful API for managing customer information. A customer can have one or many contacts. A Contact can have one or many addresses Business User API Ninja URI Action Mapping • Standard naming conventions makes API more intuitive • Good API documentations plays very important role in API adoption. Don’t neglect them. Naming Conventions API Docs URI • All lower case • Separate words by ‘-’, e.g. /credit-check • Archetype mapping • Document names -> Singular Noun • Collection names -> Plural Noun • Store names -> Plural Noun • Controller names -> Verb or Verb phrase Query Param • Either follow the same pattern as URI or define it based on data binding supported by backend language(s), e.g. ?fields={firstName, lastName} API Docs • API docs with inline test/try capability Guidelines
  • 8. Recipe #2 Input data validation 8 Length Check Null Check Pattern Check Input Sanitization Make sure that customer provides first name, size of name fields is not more than 80, provides valid email/phone number etc. Business User Other API Ninja • Input data validation is important vehicle for API security Input Data Validation • Leverage cross cutting aspects for data validation for avoiding boiler plate code • Use data binding/validation frameworks like Bean Validation, Hibernate Validations etc. for Java applications • Leverage consistent error handling mechanism for all your APIs Input Sanitization • Prevents attacks like XSS, SQL Injection, Header Bomb etc. • Use API gateway or a cross cutting concern for input sanitization Guidelines
  • 9. Recipe #3 Fetch selected fields only 9 Approach Controller Resource Versioning • API Consumer knows how to use API for their applications, let’s put them in driving seat. Also implement similar high performant API with partial response for mobile clients Business User API Ninja Why Partial Response Capability Needed? • To avoid over-fetching or under-fetching problems • Helps remove service sprawl and version sprawl issue Methods - Service Provider vs Consumer • Service provider defines what should a domain object look like for a given resource • Depending on the client application need, consumer knows the shape of an object needed better than service provider Approaches 1. Controller Resource • TShirt sizing or templatizing response leads to service sprawl issue. For e.g. /customers/1/lite • Leads to Service sprawl issues 2. Versioning • Never ever use versioning for shaping response object • Leads to version sprawl issues
  • 10. Recipe #3 Fetch selected fields only 10 Approach Controller Resource Identifying Path Optional Fields Nested Fields Mandatory Fields Field Selector • API Consumer knows how to use API for their applications, let’s put them in driving seat. Also implement similar high performant API with partial response for mobile clients Business User API Ninja Approaches 3. Leverage Identifying Path • Add form factor in URI. E.g. /mobile/customers/1 • If different field list provided based on dimensions other than form factor like client, product etc. then add them in the path. E.g. /premium/customers/1 • Leads to Service sprawl issues 4. Field Selector • Ability to define list of fields to be retrieved by API consumer. E.g. /customers/1?fields=firstName,lastName • Need to make sure that mandatory fields like id are always provided as they are needed for following operations • Support for Nested Object field is a big plus • This method provides much control to consumers without causing service/version sprawl • Downside of this approach is that field name proliferation to client code Versioning
  • 11. Recipe #4 Filter response 11 Approach Support for Query Operators Type binding Multi Datastore SupportController Resource By the way I also need an ability to query the response like select all customers living in NYC. Take a look at Salesforce API. Business User API Ninja Why Response Filtering is Needed? • Consumer knows what needs to be filtered based on application context • To avoid over-fetching or under-fetching problems • Helps remove service sprawl and version sprawl issue Approaches 1. Controller Resource • Controllers supporting predefined filters. E.g. /customers/nyc • Can support very limited filtering needs • Leads to Service sprawl issues 2. Filtering through Query Expression • Filtering response through query expression provides lots of flexibilities. E.g. /customers?query=firstName==Jonh* • Queries can be supplied either in request body or through query parameter • Inner architecture is complex – data type binding, operators, federation to multi data sources etc. • Leverage spec like FIQL/RSQL, Elastic Search, GraphQL, OData etc. for Query language • API Consumer would love to play with your API, if they support simple filtering mechanisms. This differentiating capability would empower your API consumers for building newer apps
  • 12. 12 Looks like API is too slow and BTW why are your returning all records at once? Business User API Ninja • Request that returns multiple items should be paginated Without pagination, a simple search could return millions or even billions of hits causing extraneous network traffic. Offset Pagination • simplest form of paging • Easiest to implement • Not performant for large offset values • Not reliable when new items are inserted to DB Keyset-based/Continuation Token: • Faster and more reliable • Scalability, reliability and efficiency depends on the approach • continuation token points to the last element of the current page. It is passed back to the server in order to retrieve the next page • Link for next page (HATEOS) Guidelines Approach DB Level Pagination Client Side Pagination Application Level Pagination Recipe #5 Pagination
  • 13. 13 Looks like API is too slow? Business User API Ninja • Cache settings and cache management should be carefully done matching application needs. • Client side Caching • caching policy via the Cache-Control HTTP header • Server side cache • Memcached • Redis • Leverage external cache, preferably distributed cache for API result caching • Prefer to do method level caching for API result • Add proper cache expiration headers in the API results Guidelines Approach DB Level Caching Client Side Caching Application Level Caching Cache Options Local Cache Distributed Cache Recipe #6 Cache API result
  • 14. 14 Looks like API returns huge payload and is slow? Business User API Ninja • Its a good practice to compress the service responses especially for the methods returning collection of objects Compression Algorithm • Leverage widely adopted standard compression algorithm like Gzip Framework Support • Use a method level custom annotation implemented(@Compress) in the services framework, wherever compression of API result is required Guidelines Approach Shared Functionality Browser Friendly Compression Algo Toggle ON/OFF Recipe #7 Compression
  • 16. Demo of an API using relational DB supporting all recipes 16 The reference implementation of Customer API connecting to relational DB(Mysql/H2) supports following features: • CRUD operations • Input data validation • Fetch selected fields only • Filter response by expression • Compress API result
  • 17. 17 Let’s pray to Demo God -:Demo Time:- https://github.com/avpatel257/nordic-apis-2019
  • 19. 19 Icon(s) made by Freepik from www.flaticon.com References REST API Design Rulebook by Mark Masse https://www.programmableweb.com/news/research-shows-interest-providing-apis-still- high/research/2018/02/23 https://hbr.org/2015/01/the-strategic-value-of-apis Programmable Web - Harvard Business Review Article - Important Information Credit https://github.com/avpatel257/nordic-apis-2019 Sample Source Code