Building APIs in a Cloud Native Era
0 likes208 views
Slides from my talk at APIDays Paris 2020 on building APIs in a Cloud Native Era. This discusses the challenges in building APIs in the Cloud and how we need to address them smartly.
![[APIdays INTERFACE 2021] Now that we have K8s, can we stop re-inventing API p...](https://cdn.slidesharecdn.com/ss_thumbnails/apidaysk8platform-210708083659-thumbnail.jpg?width=560&fit=bounds)
![[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...](https://cdn.slidesharecdn.com/ss_thumbnails/wso2integrationsummitsanfrancisco2019protectingapiinfrastructuresanai-poweredsolutionforapisfromping-191014095011-thumbnail.jpg?width=560&fit=bounds)
![[apidays Live Australia] How do you enhance customer experience through event...](https://cdn.slidesharecdn.com/ss_thumbnails/shiro-eventdrivenapis-customerenhancement-roundtable1-210922093028-thumbnail.jpg?width=560&fit=bounds)
![[WSO2 Integration Summit San Francisco 2019] The Composable Enterprise](https://cdn.slidesharecdn.com/ss_thumbnails/wso2integrationsummitsanfrancisco2019thecomposableenterprise-191010075746-thumbnail.jpg?width=560&fit=bounds)
![[WSO2 Integration Summit San Francisco 2019] The API-driven World](https://cdn.slidesharecdn.com/ss_thumbnails/wso2integrationsummitsanfrancisco2019theapi-drivenworld-191010075229-thumbnail.jpg?width=560&fit=bounds)
![[WSO2 Integration Summit Stuttgart 2019] Decentralizing APIs for Agile Busine...](https://cdn.slidesharecdn.com/ss_thumbnails/wso2integrationsummitstuttgart2019-decentralizingapisforagilebusinesses-190806052931-thumbnail.jpg?width=560&fit=bounds)
Ad
More Related Content
What's hot (20)
Similar to Building APIs in a Cloud Native Era (20)
![[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise](https://cdn.slidesharecdn.com/ss_thumbnails/wso2apidaytoronto2019cloud-nativeintegrationfortheenterprise-191113063107-thumbnail.jpg?width=560&fit=bounds)
![[API World 2021 ] - Understanding Cloud Native Deployment](https://cdn.slidesharecdn.com/ss_thumbnails/eric-cloudnativeapideployment-211108112442-thumbnail.jpg?width=560&fit=bounds)
![[APIdays INTERFACE 2021] Programming the Cloud through APIs](https://cdn.slidesharecdn.com/ss_thumbnails/programmingthecloudwithapisinterfacebyapidays-210709084209-thumbnail.jpg?width=560&fit=bounds)
Ad
More from Nuwan Dias (7)
Ad
Recently uploaded (20)
![Get & Download Wondershare Filmora Crack Latest [2025]](https://cdn.slidesharecdn.com/ss_thumbnails/revolutionizingresidentialwi-fi-250422112639-60fb726f-250429170801-59e1b240-thumbnail.jpg?width=560&fit=bounds)
Building APIs in a Cloud Native Era
- 1. Building APIs in a Cloud Native Era December 10, 2020
- 2. Hello! Nuwan Dias VP and deputy CTO for API Management and Integration - WSO2 @nuwandias Co-Author of Microservices Security in Action
- 3. "By 2021, over 75% of midsize and large organizations will have adopted a multi-cloud and/or hybrid IT strategy." - Gartner 3
- 4. ● APIs connect systems together. ● APIs are built by connecting systems together APIs…. 4
- 5. A simple Order Processing API 5 Order Processing API Purchase order request Save order in database Purchase order response
- 6. An actual Order Processing API 6 Order Processing API
- 7. Python code that calls the Twilio Send SMS API Initializing the Twilio client with credentials Sending Message
- 8. cURL request to send an SMS from Twilio curl -X POST https://api.twilio.com/2010-04-01/Accounts/$TWILIO_ACCOUNT_SID/Mess ages.json --data-urlencode "Body=Hi there$EXCLAMATION_MARK" --data-urlencode "From=+15017122661" --data-urlencode "To=+15558675310" -u $TWILIO_ACCOUNT_SID:$TWILIO_AUTH_TOKEN Basic Auth Header Message Payload
- 9. That was the happy path!! 9 Wait! What? There’s an unhappy path too? It’s Twilio, what could possibly go wrong?
- 10. ● How to deal with credentials securely ⦿ How to obtain credentials? ⦿ How to store credentials securely? ⦿ How to propagate credentials through CI/CD pipelines of the app? ● How to handle application errors. ⦿ When the phone number is invalid or disconnected ⦿ When the credentials are invalid or expired. ● How to handle connectivity issues. ⦿ Network connectivity issues. ⦿ APIs being retired. ⦿ Expired certificates. What problems did you not see above? 10
- 11. ● Lots of boilerplate code. ● The need for developers to learn things outside the scope of their business. ⦿ Learning how to use the APIs/SDKs (if available). ⦿ Learning how to obtain and manage credentials securely. ⦿ . . . . ● Risk of mistakes and the need of a good governance model to avert them. ● Developers having to keep up with the new versions of the endpoints ⦿ For security and other important updates. ● A repetition of all drawbacks above as more developers start connecting to the same endpoints. Drawbacks of writing code to connect well known endpoints 11
- 12. Introducing Integration APIs to solve the problem 12 Orders Microservice Products Microservice Cloud Services Integration APIs Utility APIs
- 13. ● Can be implemented using low-code/no-code tooling. ● Flexible enough to be extended using code (doesn’t stop at low/no code). ● Has all characteristics of a proper cloud-native microservice ⦿ Atomic execution. ⦿ Lightweight in distribution and resource utilization. ⦿ Supports GitOps based CI/CD flows. ⦿ Observable. ⦿ . . . . . ● Has a rich family of connectors to well known cloud APIs. ● Provides rich value for connecting to any endpoint (even non-SaaS) ● Has rich constructs for well known integration needs (data mapping, error handling, etc) Important characteristics of Integration APIs 13
- 14. Q: Isn’t this what a Service Mesh is for? 14 A: No
- 15. ● The primary goal of a service mesh is to solve problems in a MSA when service communicate with each other. ⦿ Service discoverability ⦿ Transport level security ⦿ Circuit breaking ⦿ Message tracing and observability What is a service mesh and what problems does it solve? 15 Orders Microservice Shipping Microservice
- 16. We now have a functional API. What does it take to run this in production? 16
- 17. ● Granting secure access to the API. ⦿ Standard protocols such as OAuth2.0/OIDC. ⦿ Security federation across cloud IDPs. ⦿ Security context propagation to upstream microservices. ● Updating the API with no downtime and client impact. ⦿ API versions and revisions. ⦿ Seamless migration of clients to newer versions of the API. ● Supporting different styles of APIs and protocols ⦿ Regular, request/response type APIs ⦿ Event driven APIs ⦿ HTTP, gRPC, GraphQL, WebSockets, SSEs, WebHooks. ● Setting up automated tests for the API. ● Hybrid deployment patterns. Running an API in Production in a Cloud Native Era 17
- 18. API Management 18 Orders Microservice Products Microservice Integration APIs Utility APIsEdge APIs - API Gateways Control Plane
- 19. API Management - Expanded 19 Orders Microservice Products Microservice Integration APIs Utility APIsEdge APIs - API Gateways API Governance Policy Management Business Insights Developer Portals Low code tooling Connector Governance Artificial Intelligence CI/CD and deployment mgt Observability CI/CD and deployment mgt Observability
- 20. wso2.com Thanks!