SlideShare a Scribd company logo

Chris Mathias Presents Advanced API Design Considerations at LA CTO Forum

C
Chris Mathias

4/13/2018, this was a review of some of the key considerations in advanced API design for RESTful APIs, presented by invitation to the LA CTO Forum

1 of 26
Download to read offline
A Few Advanced API Considerations API Maturity Components
Chris Mathias Chief Architect, Raken Founder/CEO, SolipsAR chris@solipsar.com 602.677.5956
Why?
What We’ll Cover I Made This! Now What? With Maturity Comes Knowledge…and Compromise Why are we still using REST? Intentional Limits - Throttling, Burst, Quotas Contract Ownership, Swagger & Static Dev Versioning and Versioning and Versions Coarse vs.Fine Grained Data Sourcing & Freshness Async, Push/Pull…etc
Why Are We Still Using REST? • HAL • HATEOAS • JSON:API • GraphQL • JSON Schema The Case for RESTful API’s As someone who came up in the days of the CORBA, then the SOAP protocol, I find all these attempts at formalism an ironic conclusion to the "wow REST is so much easier" saga.
Growing Up (about design) • Simplicity is an outcome of clear understanding • Build what you need, what adds value to the business • When deciding what to build, ask: • What does success look like? • What is success measured by? • Now, what does your API look like, all grown up? “Everything should be made as simple as possible, but not simpler.” 
 - attributed to Albert Einstein
Contract Ownership Design by Design Swagger & Static Dev
This Probably Goes Without Saying • Swagger == Modern REST • Open-API Standard == Swagger 2 • Google/Paypal/Adobe/Ebay/Microsoft/Salesforce/Atlassian/SAP/IBM/Oracle/Mulesoft • Tooling curve up & to the right • Standards without rigidity • Doesn’t automatically engender back-end complexity • RAML (I guess Swagger+YAML wasn’t cutting it…) Lets be realistic - sometimes developers “just start coding” to get it done as fast as possible. Thus do we break the "good" leg of the "good/fast/cheap" triangle.
Design by Consumer… • Lots of Actors • Front End Dev • Back End Dev • Public Consumer • “The Architect” • The Customer is Always Right
…Then Iterate 1. Front End Developer Designs 2. Swagger YAML/JSON 3. Generated Server & Client 3.1.The Wall is Getting Built. 4. Front End Implementation 5. Oops! Return to Step 1… 6. Working Static Prototype (business says Hooray!) 7. Backend Work 8. Functioning API. Rinse & Repeat
Some Tools • http://swagger.io • http://raml.org • https://apiary.io/ • https://aws.amazon.com/api-gateway • https://www.getpostman.com/ • http://robohydra.org/
Intentional Limitations What should we control?
What Kind of Limits Do You Need? • Rate Limiting (Throttling) - protect well-understood system thresholds • System-based • Client-based • Bursting - allowed overages of limits for special clients or off-peak usages • Metering/Quotas - artificial limits to align to pay-per-use models
This Sounds Complicated Should I Build It? • API Platform Vendors May be Worth It • https://apigee.com/ • https://aws.amazon.com/api-gateway • https://www.mulesoft.com/ • https://cloud.oracle.com/api-platform • Many Others: https://www.gartner.com/doc/3488151/ magic-quadrant-life-cycle-api
Versioning This thing will change…
Version Mechanisms: Access • How Do We Get To The Right Version? • Is There a Right Way? • URL • Header • Content-Type • These Aren’t Really All That Different
Version Management: Routing • What is Being Versioned? • Models • Parameters • Mechanisms • Altered or Additive or Destructive? • Version Routing • Code-Based (in-app) • Release-Based (extra-app)
Version Management: Lifespan • How Many Versions? • I like the answer "current - 1" because that makes the preceding slide (legos) a bit easier. • Finite infrastructure cost if I can guarantee that I only ever host 2 versions. • Inevitably though business will find reasons to host more • Like anything, it comes down to finding a good balance. • Internal is easier than external. • Try really hard to limit your public API change rate. • What if No Version is Specified? • Show the latest. • What if That Screws up Customer X? • Meh. Teach your users to always pass a version.
Sizing Coarse-Grained vs Fine-Grained API
Dao or Session Facade? • Turns out this is a pretty hotly contested topic! • Many Backend developers: “expose the database on the web” • Let the front end devs or api consumers figure out the rest. • It's the "teach them to fish" approach. • Fine-grained endpoints for every model entity in your API is good, clean, simple to understand and build. • Can really backfire! How many business rules can be circumvented unintentionally here? Just give them the fish, for goodness sake. • Yes: do fine-grained API's, but only for internal consumption • Build Coarse-Grained API's too. I've also used the term "orchestrated" API's.
An Example Do you want the front end developer or public api consumer to: 1. Create an Account 2. Create a User, manually associating the account id 3. Create a Profile, manually associating the user id with the profile 4. Create Entitlements for the User 5. Log the User in Or do you want an API called "provisionNewUser" that takes a few pieces of info and properly orchestrates that series of calls? If you are on the consumption side, I can predict which approach you might feel more affinity toward. Model your API's after your primary use cases and reduce the heavy lifting. Expose your fine-grained API's surgically where necessary to accommodate corner cases or internal needs.
API Style Data Sourcing & Freshness
Asynchronous API • Do You Need It? • What Is Asynchronous API? • Request/Response (no) • Pub/Sub (yes) • Streaming (yes) • Fire & Forget (yes) • No Reactive Ppl, NOT “Everything” is a Stream!
Does Asynchronous Mean Realtime? • No. But Sometimes It Means Performance. • Data is always old, it’s just a question of how old. • What is Realtime? • As Fast As Possible • Daily Revenue Report? No! • Dynamic Ad Spend Bidder? Yes!
Data Access Mechanisms • Depending on API Type/Style/Requirements • General Push vs. Pull • Client-Facing or Business Facing? • CRUD API? • Are You a Data Vendor or Provider? Both? • Depending on Freshness Concerns • Polling • Push/Webhook • Dynamic Subscription
In Conclusion
Ad

Recommended

Do's and Don'ts of APIs
Do's and Don'ts of APIsDo's and Don'ts of APIs
Do's and Don'ts of APIs
Jason Harmon
 
Api Design Anti-Patterns
Api Design Anti-PatternsApi Design Anti-Patterns
Api Design Anti-Patterns
Jason Harmon
 
Api Design
Api DesignApi Design
Api Design
Jason Harmon
 
Rest in practice
Rest in practiceRest in practice
Rest in practice
Ian Brennan
 
Inside Wordnik's Architecture
Inside Wordnik's ArchitectureInside Wordnik's Architecture
Inside Wordnik's Architecture
Tony Tam
 
Scala & Swagger at Wordnik
Scala & Swagger at WordnikScala & Swagger at Wordnik
Scala & Swagger at Wordnik
Tony Tam
 
Building a framework agnostic API
Building a framework agnostic APIBuilding a framework agnostic API
Building a framework agnostic API
dmanners87
 
Building the Eventbrite API Ecosystem
Building the Eventbrite API EcosystemBuilding the Eventbrite API Ecosystem
Building the Eventbrite API Ecosystem
Mitch Colleran
 
Lizards & Pumpkins Catalog Replacement at mm17de
Lizards & Pumpkins Catalog Replacement at mm17deLizards & Pumpkins Catalog Replacement at mm17de
Lizards & Pumpkins Catalog Replacement at mm17de
vinaikopp
 
API 101 - Understanding APIs
API 101 - Understanding APIsAPI 101 - Understanding APIs
API 101 - Understanding APIs
3scale
 
Mocking APIs Collaboratively with Postman
Mocking APIs Collaboratively with PostmanMocking APIs Collaboratively with Postman
Mocking APIs Collaboratively with Postman
Nordic APIs
 
The API-Application Semantic Gap
The API-Application Semantic GapThe API-Application Semantic Gap
The API-Application Semantic Gap
3scale
 
API design principles for accelerated development
API design principles for accelerated developmentAPI design principles for accelerated development
API design principles for accelerated development
Jonathan LeBlanc
 
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
Nordic APIs
 
Enabling CD in Enterprises with Testing
Enabling CD in Enterprises with TestingEnabling CD in Enterprises with Testing
Enabling CD in Enterprises with Testing
Anand Bagmar
 
In App Purchases
In App PurchasesIn App Purchases
In App Purchases
Mugunth Kumar
 
API-first development
API-first developmentAPI-first development
API-first development
Vasco Veloso
 
Golden Rules of API Design
Golden Rules of API DesignGolden Rules of API Design
Golden Rules of API Design
David Koelle
 
Automated UI test on mobile - with Cucumber/Calabash
Automated UI test on mobile - with Cucumber/CalabashAutomated UI test on mobile - with Cucumber/Calabash
Automated UI test on mobile - with Cucumber/Calabash
Niels Frydenholm
 
Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)
Nordic APIs
 
Design First API's with RAML and SoapUI
Design First API's with RAML and SoapUIDesign First API's with RAML and SoapUI
Design First API's with RAML and SoapUI
Daniel Feist
 
Tests supporting multiple mobile platforms
Tests supporting multiple mobile platformsTests supporting multiple mobile platforms
Tests supporting multiple mobile platforms
vodqancr
 
Operational API design anti-patterns (Jason Harmon)
Operational API design anti-patterns (Jason Harmon)Operational API design anti-patterns (Jason Harmon)
Operational API design anti-patterns (Jason Harmon)
Nordic APIs
 
Using the latest Java Persistence API 2 Features - Tech Days 2010 India
Using the latest Java Persistence API 2 Features - Tech Days 2010 IndiaUsing the latest Java Persistence API 2 Features - Tech Days 2010 India
Using the latest Java Persistence API 2 Features - Tech Days 2010 India
Arun Gupta
 
Let's Jira do the work
Let's Jira do the workLet's Jira do the work
Let's Jira do the work
Frank Ittermann
 
Episode 11 building & exposing rest api in salesforce v1.0
Episode 11 building & exposing rest api in salesforce v1.0Episode 11 building & exposing rest api in salesforce v1.0
Episode 11 building & exposing rest api in salesforce v1.0
Jitendra Zaa
 
Getting the best value out of your unit tests
Getting the best value out of your unit testsGetting the best value out of your unit tests
Getting the best value out of your unit tests
Robert Baillie
 
Evolution of API Management in the BBC
Evolution of API Management in the BBCEvolution of API Management in the BBC
Evolution of API Management in the BBC
Nordic APIs
 
code talks Commerce: The API Economy as an E-Commerce Operating System
code talks Commerce: The API Economy as an E-Commerce Operating Systemcode talks Commerce: The API Economy as an E-Commerce Operating System
code talks Commerce: The API Economy as an E-Commerce Operating System
Adelina Todeva
 
Introduction to GraphQL (or How I Learned to Stop Worrying about REST APIs)
Introduction to GraphQL (or How I Learned to Stop Worrying about REST APIs)Introduction to GraphQL (or How I Learned to Stop Worrying about REST APIs)
Introduction to GraphQL (or How I Learned to Stop Worrying about REST APIs)
Hafiz Ismail
 
Ad

More Related Content

What's hot (20)

Lizards & Pumpkins Catalog Replacement at mm17de
Lizards & Pumpkins Catalog Replacement at mm17deLizards & Pumpkins Catalog Replacement at mm17de
Lizards & Pumpkins Catalog Replacement at mm17de
vinaikopp
 
API 101 - Understanding APIs
API 101 - Understanding APIsAPI 101 - Understanding APIs
API 101 - Understanding APIs
3scale
 
Mocking APIs Collaboratively with Postman
Mocking APIs Collaboratively with PostmanMocking APIs Collaboratively with Postman
Mocking APIs Collaboratively with Postman
Nordic APIs
 
The API-Application Semantic Gap
The API-Application Semantic GapThe API-Application Semantic Gap
The API-Application Semantic Gap
3scale
 
API design principles for accelerated development
API design principles for accelerated developmentAPI design principles for accelerated development
API design principles for accelerated development
Jonathan LeBlanc
 
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
Nordic APIs
 
Enabling CD in Enterprises with Testing
Enabling CD in Enterprises with TestingEnabling CD in Enterprises with Testing
Enabling CD in Enterprises with Testing
Anand Bagmar
 
In App Purchases
In App PurchasesIn App Purchases
In App Purchases
Mugunth Kumar
 
API-first development
API-first developmentAPI-first development
API-first development
Vasco Veloso
 
Golden Rules of API Design
Golden Rules of API DesignGolden Rules of API Design
Golden Rules of API Design
David Koelle
 
Automated UI test on mobile - with Cucumber/Calabash
Automated UI test on mobile - with Cucumber/CalabashAutomated UI test on mobile - with Cucumber/Calabash
Automated UI test on mobile - with Cucumber/Calabash
Niels Frydenholm
 
Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)
Nordic APIs
 
Design First API's with RAML and SoapUI
Design First API's with RAML and SoapUIDesign First API's with RAML and SoapUI
Design First API's with RAML and SoapUI
Daniel Feist
 
Tests supporting multiple mobile platforms
Tests supporting multiple mobile platformsTests supporting multiple mobile platforms
Tests supporting multiple mobile platforms
vodqancr
 
Operational API design anti-patterns (Jason Harmon)
Operational API design anti-patterns (Jason Harmon)Operational API design anti-patterns (Jason Harmon)
Operational API design anti-patterns (Jason Harmon)
Nordic APIs
 
Using the latest Java Persistence API 2 Features - Tech Days 2010 India
Using the latest Java Persistence API 2 Features - Tech Days 2010 IndiaUsing the latest Java Persistence API 2 Features - Tech Days 2010 India
Using the latest Java Persistence API 2 Features - Tech Days 2010 India
Arun Gupta
 
Let's Jira do the work
Let's Jira do the workLet's Jira do the work
Let's Jira do the work
Frank Ittermann
 
Episode 11 building & exposing rest api in salesforce v1.0
Episode 11 building & exposing rest api in salesforce v1.0Episode 11 building & exposing rest api in salesforce v1.0
Episode 11 building & exposing rest api in salesforce v1.0
Jitendra Zaa
 
Getting the best value out of your unit tests
Getting the best value out of your unit testsGetting the best value out of your unit tests
Getting the best value out of your unit tests
Robert Baillie
 
Evolution of API Management in the BBC
Evolution of API Management in the BBCEvolution of API Management in the BBC
Evolution of API Management in the BBC
Nordic APIs
 
Lizards & Pumpkins Catalog Replacement at mm17de
Lizards & Pumpkins Catalog Replacement at mm17deLizards & Pumpkins Catalog Replacement at mm17de
Lizards & Pumpkins Catalog Replacement at mm17de
vinaikopp
 
API 101 - Understanding APIs
API 101 - Understanding APIsAPI 101 - Understanding APIs
API 101 - Understanding APIs
3scale
 
Mocking APIs Collaboratively with Postman
Mocking APIs Collaboratively with PostmanMocking APIs Collaboratively with Postman
Mocking APIs Collaboratively with Postman
Nordic APIs
 
The API-Application Semantic Gap
The API-Application Semantic GapThe API-Application Semantic Gap
The API-Application Semantic Gap
3scale
 
API design principles for accelerated development
API design principles for accelerated developmentAPI design principles for accelerated development
API design principles for accelerated development
Jonathan LeBlanc
 
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
Nordic APIs
 
Enabling CD in Enterprises with Testing
Enabling CD in Enterprises with TestingEnabling CD in Enterprises with Testing
Enabling CD in Enterprises with Testing
Anand Bagmar
 
In App Purchases
In App PurchasesIn App Purchases
In App Purchases
Mugunth Kumar
 
API-first development
API-first developmentAPI-first development
API-first development
Vasco Veloso
 
Golden Rules of API Design
Golden Rules of API DesignGolden Rules of API Design
Golden Rules of API Design
David Koelle
 
Automated UI test on mobile - with Cucumber/Calabash
Automated UI test on mobile - with Cucumber/CalabashAutomated UI test on mobile - with Cucumber/Calabash
Automated UI test on mobile - with Cucumber/Calabash
Niels Frydenholm
 
Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)Continuous Integration and Delivery at Shapeways (Matt Boyle)
Continuous Integration and Delivery at Shapeways (Matt Boyle)
Nordic APIs
 
Design First API's with RAML and SoapUI
Design First API's with RAML and SoapUIDesign First API's with RAML and SoapUI
Design First API's with RAML and SoapUI
Daniel Feist
 
Tests supporting multiple mobile platforms
Tests supporting multiple mobile platformsTests supporting multiple mobile platforms
Tests supporting multiple mobile platforms
vodqancr
 
Operational API design anti-patterns (Jason Harmon)
Operational API design anti-patterns (Jason Harmon)Operational API design anti-patterns (Jason Harmon)
Operational API design anti-patterns (Jason Harmon)
Nordic APIs
 
Using the latest Java Persistence API 2 Features - Tech Days 2010 India
Using the latest Java Persistence API 2 Features - Tech Days 2010 IndiaUsing the latest Java Persistence API 2 Features - Tech Days 2010 India
Using the latest Java Persistence API 2 Features - Tech Days 2010 India
Arun Gupta
 
Let's Jira do the work
Let's Jira do the workLet's Jira do the work
Let's Jira do the work
Frank Ittermann
 
Episode 11 building & exposing rest api in salesforce v1.0
Episode 11 building & exposing rest api in salesforce v1.0Episode 11 building & exposing rest api in salesforce v1.0
Episode 11 building & exposing rest api in salesforce v1.0
Jitendra Zaa
 
Getting the best value out of your unit tests
Getting the best value out of your unit testsGetting the best value out of your unit tests
Getting the best value out of your unit tests
Robert Baillie
 
Evolution of API Management in the BBC
Evolution of API Management in the BBCEvolution of API Management in the BBC
Evolution of API Management in the BBC
Nordic APIs
 

Similar to Chris Mathias Presents Advanced API Design Considerations at LA CTO Forum (20)

code talks Commerce: The API Economy as an E-Commerce Operating System
code talks Commerce: The API Economy as an E-Commerce Operating Systemcode talks Commerce: The API Economy as an E-Commerce Operating System
code talks Commerce: The API Economy as an E-Commerce Operating System
Adelina Todeva
 
Introduction to GraphQL (or How I Learned to Stop Worrying about REST APIs)
Introduction to GraphQL (or How I Learned to Stop Worrying about REST APIs)Introduction to GraphQL (or How I Learned to Stop Worrying about REST APIs)
Introduction to GraphQL (or How I Learned to Stop Worrying about REST APIs)
Hafiz Ismail
 
Building a REST API for Longevity
Building a REST API for LongevityBuilding a REST API for Longevity
Building a REST API for Longevity
MuleSoft
 
How And Why To Dogfood Your API
How And Why To Dogfood Your APIHow And Why To Dogfood Your API
How And Why To Dogfood Your API
ProgrammableWeb
 
How and Why to Dogfood Your API - Kaltura Video Platform - ProgrammableWeb AP...
How and Why to Dogfood Your API - Kaltura Video Platform - ProgrammableWeb AP...How and Why to Dogfood Your API - Kaltura Video Platform - ProgrammableWeb AP...
How and Why to Dogfood Your API - Kaltura Video Platform - ProgrammableWeb AP...
Zohar Babin
 
Maintainable Machine Learning Products
Maintainable Machine Learning ProductsMaintainable Machine Learning Products
Maintainable Machine Learning Products
Andrew Musselman
 
Building A Great API - Evan Cooke, Cloudstock, December 2010
Building A Great API - Evan Cooke, Cloudstock, December 2010Building A Great API - Evan Cooke, Cloudstock, December 2010
Building A Great API - Evan Cooke, Cloudstock, December 2010
Twilio Inc
 
APIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside OutAPIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside Out
3scale
 
Open Bank Project Presentation Tel Aviv CA 4th April 2017
Open Bank Project Presentation Tel Aviv CA 4th April 2017 Open Bank Project Presentation Tel Aviv CA 4th April 2017
Open Bank Project Presentation Tel Aviv CA 4th April 2017
simonredfern
 
Lessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptxLessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptx
apidays
 
DevDay 2013 - Building Startups and Minimum Viable Products
DevDay 2013 - Building Startups and Minimum Viable ProductsDevDay 2013 - Building Startups and Minimum Viable Products
DevDay 2013 - Building Startups and Minimum Viable Products
Ben Hall
 
APIs distribuidos con alta escalabilidad
APIs distribuidos con alta escalabilidadAPIs distribuidos con alta escalabilidad
APIs distribuidos con alta escalabilidad
Software Guru
 
SGCE 2015 REST APIs
SGCE 2015 REST APIsSGCE 2015 REST APIs
SGCE 2015 REST APIs
Domingo Suarez Torres
 
Designing your API Server for mobile apps
Designing your API Server for mobile appsDesigning your API Server for mobile apps
Designing your API Server for mobile apps
Mugunth Kumar
 
Azure API Management - why should I care?
Azure API Management - why should I care?Azure API Management - why should I care?
Azure API Management - why should I care?
Jouni Heikniemi
 
Approaching APIs
Approaching APIsApproaching APIs
Approaching APIs
Ross Singer
 
API ARU-ARU
API ARU-ARUAPI ARU-ARU
API ARU-ARU
CData Software Japan
 
JOSA TechTalks - RESTful API Concepts and Best Practices
JOSA TechTalks - RESTful API Concepts and Best PracticesJOSA TechTalks - RESTful API Concepts and Best Practices
JOSA TechTalks - RESTful API Concepts and Best Practices
Jordan Open Source Association
 
Five Ways to Scale your API Without Touching Your Code
Five Ways to Scale your API Without Touching Your CodeFive Ways to Scale your API Without Touching Your Code
Five Ways to Scale your API Without Touching Your Code
3scale
 
APIs are for People Too
APIs are for People TooAPIs are for People Too
APIs are for People Too
Lisa Dusseault
 
code talks Commerce: The API Economy as an E-Commerce Operating System
code talks Commerce: The API Economy as an E-Commerce Operating Systemcode talks Commerce: The API Economy as an E-Commerce Operating System
code talks Commerce: The API Economy as an E-Commerce Operating System
Adelina Todeva
 
Introduction to GraphQL (or How I Learned to Stop Worrying about REST APIs)
Introduction to GraphQL (or How I Learned to Stop Worrying about REST APIs)Introduction to GraphQL (or How I Learned to Stop Worrying about REST APIs)
Introduction to GraphQL (or How I Learned to Stop Worrying about REST APIs)
Hafiz Ismail
 
Building a REST API for Longevity
Building a REST API for LongevityBuilding a REST API for Longevity
Building a REST API for Longevity
MuleSoft
 
How And Why To Dogfood Your API
How And Why To Dogfood Your APIHow And Why To Dogfood Your API
How And Why To Dogfood Your API
ProgrammableWeb
 
How and Why to Dogfood Your API - Kaltura Video Platform - ProgrammableWeb AP...
How and Why to Dogfood Your API - Kaltura Video Platform - ProgrammableWeb AP...How and Why to Dogfood Your API - Kaltura Video Platform - ProgrammableWeb AP...
How and Why to Dogfood Your API - Kaltura Video Platform - ProgrammableWeb AP...
Zohar Babin
 
Maintainable Machine Learning Products
Maintainable Machine Learning ProductsMaintainable Machine Learning Products
Maintainable Machine Learning Products
Andrew Musselman
 
Building A Great API - Evan Cooke, Cloudstock, December 2010
Building A Great API - Evan Cooke, Cloudstock, December 2010Building A Great API - Evan Cooke, Cloudstock, December 2010
Building A Great API - Evan Cooke, Cloudstock, December 2010
Twilio Inc
 
APIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside OutAPIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside Out
3scale
 
Open Bank Project Presentation Tel Aviv CA 4th April 2017
Open Bank Project Presentation Tel Aviv CA 4th April 2017 Open Bank Project Presentation Tel Aviv CA 4th April 2017
Open Bank Project Presentation Tel Aviv CA 4th April 2017
simonredfern
 
Lessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptxLessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptx
apidays
 
DevDay 2013 - Building Startups and Minimum Viable Products
DevDay 2013 - Building Startups and Minimum Viable ProductsDevDay 2013 - Building Startups and Minimum Viable Products
DevDay 2013 - Building Startups and Minimum Viable Products
Ben Hall
 
APIs distribuidos con alta escalabilidad
APIs distribuidos con alta escalabilidadAPIs distribuidos con alta escalabilidad
APIs distribuidos con alta escalabilidad
Software Guru
 
SGCE 2015 REST APIs
SGCE 2015 REST APIsSGCE 2015 REST APIs
SGCE 2015 REST APIs
Domingo Suarez Torres
 
Designing your API Server for mobile apps
Designing your API Server for mobile appsDesigning your API Server for mobile apps
Designing your API Server for mobile apps
Mugunth Kumar
 
Azure API Management - why should I care?
Azure API Management - why should I care?Azure API Management - why should I care?
Azure API Management - why should I care?
Jouni Heikniemi
 
Approaching APIs
Approaching APIsApproaching APIs
Approaching APIs
Ross Singer
 
API ARU-ARU
API ARU-ARUAPI ARU-ARU
API ARU-ARU
CData Software Japan
 
JOSA TechTalks - RESTful API Concepts and Best Practices
JOSA TechTalks - RESTful API Concepts and Best PracticesJOSA TechTalks - RESTful API Concepts and Best Practices
JOSA TechTalks - RESTful API Concepts and Best Practices
Jordan Open Source Association
 
Five Ways to Scale your API Without Touching Your Code
Five Ways to Scale your API Without Touching Your CodeFive Ways to Scale your API Without Touching Your Code
Five Ways to Scale your API Without Touching Your Code
3scale
 
APIs are for People Too
APIs are for People TooAPIs are for People Too
APIs are for People Too
Lisa Dusseault
 
Ad

Recently uploaded (20)

AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
Ad

Chris Mathias Presents Advanced API Design Considerations at LA CTO Forum

  • 1. A Few Advanced API Considerations API Maturity Components
  • 2. Chris Mathias Chief Architect, Raken Founder/CEO, SolipsAR [email protected] 602.677.5956
  • 4. What We’ll Cover I Made This! Now What? With Maturity Comes Knowledge…and Compromise Why are we still using REST? Intentional Limits - Throttling, Burst, Quotas Contract Ownership, Swagger & Static Dev Versioning and Versioning and Versions Coarse vs.Fine Grained Data Sourcing & Freshness Async, Push/Pull…etc
  • 5. Why Are We Still Using REST? • HAL • HATEOAS • JSON:API • GraphQL • JSON Schema The Case for RESTful API’s As someone who came up in the days of the CORBA, then the SOAP protocol, I find all these attempts at formalism an ironic conclusion to the "wow REST is so much easier" saga.
  • 6. Growing Up (about design) • Simplicity is an outcome of clear understanding • Build what you need, what adds value to the business • When deciding what to build, ask: • What does success look like? • What is success measured by? • Now, what does your API look like, all grown up? “Everything should be made as simple as possible, but not simpler.” 
 - attributed to Albert Einstein
  • 7. Contract Ownership Design by Design Swagger & Static Dev
  • 8. This Probably Goes Without Saying • Swagger == Modern REST • Open-API Standard == Swagger 2 • Google/Paypal/Adobe/Ebay/Microsoft/Salesforce/Atlassian/SAP/IBM/Oracle/Mulesoft • Tooling curve up & to the right • Standards without rigidity • Doesn’t automatically engender back-end complexity • RAML (I guess Swagger+YAML wasn’t cutting it…) Lets be realistic - sometimes developers “just start coding” to get it done as fast as possible. Thus do we break the "good" leg of the "good/fast/cheap" triangle.
  • 9. Design by Consumer… • Lots of Actors • Front End Dev • Back End Dev • Public Consumer • “The Architect” • The Customer is Always Right
  • 10. …Then Iterate 1. Front End Developer Designs 2. Swagger YAML/JSON 3. Generated Server & Client 3.1.The Wall is Getting Built. 4. Front End Implementation 5. Oops! Return to Step 1… 6. Working Static Prototype (business says Hooray!) 7. Backend Work 8. Functioning API. Rinse & Repeat
  • 11. Some Tools • http://swagger.io • http://raml.org • https://apiary.io/ • https://aws.amazon.com/api-gateway • https://www.getpostman.com/ • http://robohydra.org/
  • 13. What Kind of Limits Do You Need? • Rate Limiting (Throttling) - protect well-understood system thresholds • System-based • Client-based • Bursting - allowed overages of limits for special clients or off-peak usages • Metering/Quotas - artificial limits to align to pay-per-use models
  • 14. This Sounds Complicated Should I Build It? • API Platform Vendors May be Worth It • https://apigee.com/ • https://aws.amazon.com/api-gateway • https://www.mulesoft.com/ • https://cloud.oracle.com/api-platform • Many Others: https://www.gartner.com/doc/3488151/ magic-quadrant-life-cycle-api
  • 16. Version Mechanisms: Access • How Do We Get To The Right Version? • Is There a Right Way? • URL • Header • Content-Type • These Aren’t Really All That Different
  • 17. Version Management: Routing • What is Being Versioned? • Models • Parameters • Mechanisms • Altered or Additive or Destructive? • Version Routing • Code-Based (in-app) • Release-Based (extra-app)
  • 18. Version Management: Lifespan • How Many Versions? • I like the answer "current - 1" because that makes the preceding slide (legos) a bit easier. • Finite infrastructure cost if I can guarantee that I only ever host 2 versions. • Inevitably though business will find reasons to host more • Like anything, it comes down to finding a good balance. • Internal is easier than external. • Try really hard to limit your public API change rate. • What if No Version is Specified? • Show the latest. • What if That Screws up Customer X? • Meh. Teach your users to always pass a version.
  • 20. Dao or Session Facade? • Turns out this is a pretty hotly contested topic! • Many Backend developers: “expose the database on the web” • Let the front end devs or api consumers figure out the rest. • It's the "teach them to fish" approach. • Fine-grained endpoints for every model entity in your API is good, clean, simple to understand and build. • Can really backfire! How many business rules can be circumvented unintentionally here? Just give them the fish, for goodness sake. • Yes: do fine-grained API's, but only for internal consumption • Build Coarse-Grained API's too. I've also used the term "orchestrated" API's.
  • 21. An Example Do you want the front end developer or public api consumer to: 1. Create an Account 2. Create a User, manually associating the account id 3. Create a Profile, manually associating the user id with the profile 4. Create Entitlements for the User 5. Log the User in Or do you want an API called "provisionNewUser" that takes a few pieces of info and properly orchestrates that series of calls? If you are on the consumption side, I can predict which approach you might feel more affinity toward. Model your API's after your primary use cases and reduce the heavy lifting. Expose your fine-grained API's surgically where necessary to accommodate corner cases or internal needs.
  • 22. API Style Data Sourcing & Freshness
  • 23. Asynchronous API • Do You Need It? • What Is Asynchronous API? • Request/Response (no) • Pub/Sub (yes) • Streaming (yes) • Fire & Forget (yes) • No Reactive Ppl, NOT “Everything” is a Stream!
  • 24. Does Asynchronous Mean Realtime? • No. But Sometimes It Means Performance. • Data is always old, it’s just a question of how old. • What is Realtime? • As Fast As Possible • Daily Revenue Report? No! • Dynamic Ad Spend Bidder? Yes!
  • 25. Data Access Mechanisms • Depending on API Type/Style/Requirements • General Push vs. Pull • Client-Facing or Business Facing? • CRUD API? • Are You a Data Vendor or Provider? Both? • Depending on Freshness Concerns • Polling • Push/Webhook • Dynamic Subscription