SlideShare a Scribd company logo

Whiskey, Tango, Foxtrot: Understanding API Usage

Clay Loveless
Clay Loveless

Launch an API that can survive! Learn about unexpected load recovery techniques, analytic best practices and testing approaches to make sure your API runs smoothly & thrives with these tips from the trenches. Clay Loveless is Mashery's Chief Architect, the leading API management solution provider. With over 100 high-volume API customers, Mashery manages a broad range of enterprise API deployments.

Technology
1 of 39
Whiskey, Tango, Foxtrot: Understanding API Usage Clay Loveless Chief Architect, Mashery @claylo OSCON July 22 2010
APIs Gone Wild If You Build It ... Itʼll Turn On You Someday
APIs Gone Wild If You Build It ... Itʼll Turn On You Someday GET Overview What Happens When Things 200 Go Wrong? PUT 200 5 Tips to Stay Ahead GET 200 The Secret 6th Tip GET 503
Multiple Points of Failure APIs Can Mean Exponential New Failure Opportunities
Multiple Points of Failure APIs Can Mean Exponential New Failure Opportunities Backend Systems • DB Servers/Caches • Hardware failures • Power hiccups • Incomplete reboots
Multiple Points of Failure APIs Can Mean Exponential New Failure Opportunities Backend Systems Interconnections • DB Servers/Caches • Router failures • Hardware failures • Bad cables • Power hiccups • Severed internets • Incomplete reboots • Remote-hands fail
Multiple Points of Failure APIs Can Mean Exponential New Failure Opportunities Backend Systems Interconnections External Deps • DB Servers/Caches • Router failures • Fail Whales • Hardware failures • Bad cables • Unannounced • Power hiccups • Severed internets upgrades • Incomplete reboots • Remote-hands fail • Random cloud latency
Multiple Points of Failure APIs Can Mean Exponential New Failure Opportunities Backend Systems Interconnections External Deps • DB Servers/Caches • Router failures • Fail Whales • Hardware failures • Bad cables • Unannounced • Power hiccups • Severed internets upgrades • Incomplete reboots • Remote-hands fail • Random cloud latency
The Retry Effect “Try Again in a Few Moments” = Right Now Successful Concurrent 600 450 Requests 300 150 Seconds
The Five Tips
Tip 1: Test It All Seriously, Test It All
Tip 1: Test It All Seriously, Test It All Unit Tests Are Just the Beginning If you donʼt have them yet, start elsewhere
Tip 1: Test It All Seriously, Test It All Unit Tests Are Just the Beginning If you donʼt have them yet, start elsewhere Test What Users Experience End-to-End Black Box tests
Tip 1: Test It All Seriously, Test It All Unit Tests Are Just the Beginning If you donʼt have them yet, start elsewhere Test What Users Experience End-to-End Black Box tests Replay Your Access Logs More accurate than assumptions in unit tests
Tip 1: Test It All Seriously, Test It All Unit Tests Are Just the Beginning If you donʼt have them yet, start elsewhere Test What Users Experience End-to-End Black Box tests Replay Your Access Logs More accurate than assumptions in unit tests Validate Return Payloads A stack trace is not valid XML
Tip 2: Plan for Future Versions The Sun Will Come Up Tomorrow
Tip 2: Plan for Future Versions The Sun Will Come Up Tomorrow Versions. Whoʼda thunk it? Yes, versioning is useful beyond the code powering your API.
Tip 2: Plan for Future Versions The Sun Will Come Up Tomorrow Versions. Whoʼda thunk it? Yes, versioning is useful beyond the code powering your API. Versions Arenʼt Sexy/Semantic Do it anyway, & stand up straight.
Tip 2: Plan for Future Versions The Sun Will Come Up Tomorrow Versions. Whoʼda thunk it? Yes, versioning is useful beyond the code powering your API. Versions Arenʼt Sexy/Semantic Do it anyway, & stand up straight. Announce Versions Often No one likes surprises when it comes to API behavior.
Tip 3: Embrace Standards When Practical APIs Are Better When Predictable
Tip 3: Embrace Standards When Practical APIs Are Better When Predictable Standard Approaches Mean Tools Itʼs easier to monitor anomalies on non-unique snowflakes.
Tip 3: Embrace Standards When Practical APIs Are Better When Predictable Standard Approaches Mean Tools Itʼs easier to monitor anomalies on non-unique snowflakes. Avoid Uncomfortable Migrations No one wants an OAuthpocalypse.
Tip 3: Embrace Standards When Practical APIs Are Better When Predictable Standard Approaches Mean Tools Itʼs easier to monitor anomalies on non-unique snowflakes. Avoid Uncomfortable Migrations No one wants an OAuthpocalypse. Enhance Runtime Validation Standards can make it easier to detect+reject bogus calls earlier in the request pipeline.
Tip 4: Monitor Everything & Be Honest Slow Status Dashboards Suck More Than No Dashboard
Tip 4: Monitor Everything & Be Honest Slow Status Dashboards Suck More Than No Dashboard Test It All, All the Time Better if you notice before your users notice.
Tip 4: Monitor Everything & Be Honest Slow Status Dashboards Suck More Than No Dashboard Test It All, All the Time Better if you notice before your users notice. Trends Are Your Friends Canʼt spot trends without continuous monitoring
Tip 4: Monitor Everything & Be Honest Slow Status Dashboards Suck More Than No Dashboard Test It All, All the Time Better if you notice before your users notice. Trends Are Your Friends Canʼt spot trends without continuous monitoring Fess Up Fast No user wants to think theyʼre your early-warning ops team.
Tip 4: Monitor Everything & Be Honest Slow Status Dashboards Suck More Than No Dashboard Test It All, All the Time Better if you notice before your users notice. Trends Are Your Friends Canʼt spot trends without continuous monitoring Fess Up Fast No user wants to think theyʼre your early-warning ops team. Be Open Automatically Real-time public health instills trust.
Tip 5: Fail Well Donʼt Ice Me, Bro
Tip 5: Fail Well Donʼt Ice Me, Bro Well-formed Errors Win Friends Developers are more tolerant of failure if you anticipate the possibility.
Tip 5: Fail Well Donʼt Ice Me, Bro Well-formed Errors Win Friends Developers are more tolerant of failure if you anticipate the possibility. Make Monitoring Easy The more obvious the failure, the easier it is to spot.
Tip 5: Fail Well Donʼt Ice Me, Bro Well-formed Errors Win Friends Developers are more tolerant of failure if you anticipate the possibility. Make Monitoring Easy The more obvious the failure, the easier it is to spot. Donʼt Punish Everyone Determine who gets hurt most by failures, and screw them last (or not at all).
The Shameless Plug
Tip 6: Use an API Management Service Like ... Mashery!
Tip 6: Use an API Management Service Like ... Mashery!
Tip 6: Use an API Management Service Like ... Mashery! Managed API Service FTW Use a service with active monitoring and a support team. Let them call you first.
Tip 6: Use an API Management Service Like ... Mashery! Managed API Service FTW Use a service with active monitoring and a support team. Let them call you first. Reports Covering Entire Ecosystem Make sure reports & analytics cover the entire spectrum of your APIʼs usage.
Tip 6: Use an API Management Service Like ... Mashery! Managed API Service FTW Use a service with active monitoring and a support team. Let them call you first. Reports Covering Entire Ecosystem Make sure reports & analytics cover the entire spectrum of your APIʼs usage. Get Help Building Meaningful Community Nothing tells your developers you care like a community with a pulse.
Did I Mention the Free Beer? Free beer as in FREE BEER. OSCON API Hour 7-9pm TONIGHT @ The EastBurn 1800 East Burnside Street Just a 5 minute cab ride. Mmm, beeer. And vintage games. Clay Loveless Chief Architect Wear Your OSCON Badge 2-3 drinks in, youʼll be happy clay@mashery.com everyone has nametags. Twitter: @claylo

Recommended

Java EE 7 meets Java 8
Java EE 7 meets Java 8Java EE 7 meets Java 8
Java EE 7 meets Java 8Roberto Cortez
 
AppSec is Eating Security
AppSec is Eating SecurityAppSec is Eating Security
AppSec is Eating SecurityAlex Stamos
 
Erlang - Because s**t Happens by Mahesh Paolini-Subramanya
Erlang - Because s**t Happens by Mahesh Paolini-SubramanyaErlang - Because s**t Happens by Mahesh Paolini-Subramanya
Erlang - Because s**t Happens by Mahesh Paolini-SubramanyaHakka Labs
 
Careful - APIs Inside: Testing and Monitoring for App Development
Careful - APIs Inside: Testing and Monitoring for App DevelopmentCareful - APIs Inside: Testing and Monitoring for App Development
Careful - APIs Inside: Testing and Monitoring for App Development3scale
 
IT Trends 120-ish in the real world
IT Trends 120-ish in the real world IT Trends 120-ish in the real world
IT Trends 120-ish in the real worldChristian John Felix
 
AppSec Pipelines and Event based Security
AppSec Pipelines and Event based SecurityAppSec Pipelines and Event based Security
AppSec Pipelines and Event based SecurityMatt Tesauro
 
Cloud native resiliency patterns from the ground up
Cloud native resiliency patterns from the ground upCloud native resiliency patterns from the ground up
Cloud native resiliency patterns from the ground upAna-Maria Mihalceanu
 
XRebel Overview
XRebel OverviewXRebel Overview
XRebel OverviewElizabeth Quinn-Woods
 

More Related Content

What's hot

Solving Cross-Cutting Concerns in PHP - DutchPHP Conference 2016
Solving Cross-Cutting Concerns in PHP - DutchPHP Conference 2016 Solving Cross-Cutting Concerns in PHP - DutchPHP Conference 2016
Solving Cross-Cutting Concerns in PHP - DutchPHP Conference 2016 Alexander Lisachenko
 
Maven - Taming the Beast
Maven - Taming the BeastMaven - Taming the Beast
Maven - Taming the BeastRoberto Cortez
 
Principles Of Chaos Engineering - Chaos Engineering Hamburg
Principles Of Chaos Engineering - Chaos Engineering HamburgPrinciples Of Chaos Engineering - Chaos Engineering Hamburg
Principles Of Chaos Engineering - Chaos Engineering HamburgNils Meder
 
Chaos Engineering - Limiting Damage During Chaos Experiments
Chaos Engineering - Limiting Damage During Chaos ExperimentsChaos Engineering - Limiting Damage During Chaos Experiments
Chaos Engineering - Limiting Damage During Chaos ExperimentsNils Meder
 
Continuous Delivery Testing @HiQ
Continuous Delivery Testing @HiQContinuous Delivery Testing @HiQ
Continuous Delivery Testing @HiQTomas Riha
 
Migration tales from java ee 5 to 7
Migration tales from java ee 5 to 7Migration tales from java ee 5 to 7
Migration tales from java ee 5 to 7Roberto Cortez
 
Taking the Best of Agile, DevOps and CI/CD into security
Taking the Best of Agile, DevOps and CI/CD into securityTaking the Best of Agile, DevOps and CI/CD into security
Taking the Best of Agile, DevOps and CI/CD into securityMatt Tesauro
 

What's hot (7)

Solving Cross-Cutting Concerns in PHP - DutchPHP Conference 2016
Solving Cross-Cutting Concerns in PHP - DutchPHP Conference 2016 Solving Cross-Cutting Concerns in PHP - DutchPHP Conference 2016
Solving Cross-Cutting Concerns in PHP - DutchPHP Conference 2016
 
Maven - Taming the Beast
Maven - Taming the BeastMaven - Taming the Beast
Maven - Taming the Beast
 
Principles Of Chaos Engineering - Chaos Engineering Hamburg
Principles Of Chaos Engineering - Chaos Engineering HamburgPrinciples Of Chaos Engineering - Chaos Engineering Hamburg
Principles Of Chaos Engineering - Chaos Engineering Hamburg
 
Chaos Engineering - Limiting Damage During Chaos Experiments
Chaos Engineering - Limiting Damage During Chaos ExperimentsChaos Engineering - Limiting Damage During Chaos Experiments
Chaos Engineering - Limiting Damage During Chaos Experiments
 
Continuous Delivery Testing @HiQ
Continuous Delivery Testing @HiQContinuous Delivery Testing @HiQ
Continuous Delivery Testing @HiQ
 
Migration tales from java ee 5 to 7
Migration tales from java ee 5 to 7Migration tales from java ee 5 to 7
Migration tales from java ee 5 to 7
 
Taking the Best of Agile, DevOps and CI/CD into security
Taking the Best of Agile, DevOps and CI/CD into securityTaking the Best of Agile, DevOps and CI/CD into security
Taking the Best of Agile, DevOps and CI/CD into security
 

Viewers also liked

Kienbaum Hr Climate Index 2011
Kienbaum Hr Climate Index 2011Kienbaum Hr Climate Index 2011
Kienbaum Hr Climate Index 2011ldragomir
 
Lessons From the Failure of SOAP
Lessons From the Failure of SOAPLessons From the Failure of SOAP
Lessons From the Failure of SOAPClay Loveless
 

Viewers also liked (8)

Ethics in sinhala
Ethics in sinhalaEthics in sinhala
Ethics in sinhala
 
Kienbaum Hr Climate Index 2011
Kienbaum Hr Climate Index 2011Kienbaum Hr Climate Index 2011
Kienbaum Hr Climate Index 2011
 
Painless OAuth
Painless OAuthPainless OAuth
Painless OAuth
 
Photography & camera
Photography & cameraPhotography & camera
Photography & camera
 
Lessons From the Failure of SOAP
Lessons From the Failure of SOAPLessons From the Failure of SOAP
Lessons From the Failure of SOAP
 
Kadapatha 3rd
Kadapatha 3rdKadapatha 3rd
Kadapatha 3rd
 
Kadapatha 4th
Kadapatha 4thKadapatha 4th
Kadapatha 4th
 
Kadapatha | college paper edited by me
Kadapatha | college paper edited by meKadapatha | college paper edited by me
Kadapatha | college paper edited by me
 

Similar to Whiskey, Tango, Foxtrot: Understanding API Usage

Cheapass.in — presented at JSFoo 2016
Cheapass.in — presented at JSFoo 2016Cheapass.in — presented at JSFoo 2016
Cheapass.in — presented at JSFoo 2016Aakash Goel
 
Continues Deployment - Tech Talk week
Continues Deployment - Tech Talk weekContinues Deployment - Tech Talk week
Continues Deployment - Tech Talk weekrantav
 
Chris Mathias Presents Advanced API Design Considerations at LA CTO Forum
Chris Mathias Presents Advanced API Design Considerations at LA CTO ForumChris Mathias Presents Advanced API Design Considerations at LA CTO Forum
Chris Mathias Presents Advanced API Design Considerations at LA CTO ForumChris Mathias
 
Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014Robert Reiz
 
SeConf_Nov2016_London
SeConf_Nov2016_LondonSeConf_Nov2016_London
SeConf_Nov2016_LondonPooja Shah
 
Simplifying the Web Accessibility Test Lab
Simplifying the Web Accessibility Test LabSimplifying the Web Accessibility Test Lab
Simplifying the Web Accessibility Test Labmitchellevan
 
How penetration testing techniques can help you improve your qa skills
How penetration testing techniques can help you improve your qa skillsHow penetration testing techniques can help you improve your qa skills
How penetration testing techniques can help you improve your qa skillsMarian Marinov
 
Alexander Janssens & Gert-Jan van Rooij- Getting started with API
Alexander Janssens & Gert-Jan van Rooij- Getting started with APIAlexander Janssens & Gert-Jan van Rooij- Getting started with API
Alexander Janssens & Gert-Jan van Rooij- Getting started with APITOPdesk
 
Puppet Camp Paris 2014: Achieving Continuous Delivery and DevOps with Puppet
Puppet Camp Paris 2014: Achieving Continuous Delivery and DevOps with Puppet Puppet Camp Paris 2014: Achieving Continuous Delivery and DevOps with Puppet
Puppet Camp Paris 2014: Achieving Continuous Delivery and DevOps with Puppet Puppet
 
Achieving Continuous Delivery with Puppet
Achieving Continuous Delivery with PuppetAchieving Continuous Delivery with Puppet
Achieving Continuous Delivery with PuppetDevoteam Revolve
 
Test driven infrastructure development (2 - puppetconf 2013 edition)
Test driven infrastructure development (2 - puppetconf 2013 edition)Test driven infrastructure development (2 - puppetconf 2013 edition)
Test driven infrastructure development (2 - puppetconf 2013 edition)Tomas Doran
 
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...CloudBees
 
How we took our server side application to the cloud and liked what we got
How we took our server side application to the cloud and liked what we gotHow we took our server side application to the cloud and liked what we got
How we took our server side application to the cloud and liked what we gotBaruch Sadogursky
 
Contributing to StrongLoop LoopBack (and other open source projects)
Contributing to StrongLoop LoopBack (and other open source projects)Contributing to StrongLoop LoopBack (and other open source projects)
Contributing to StrongLoop LoopBack (and other open source projects)Supasate Choochaisri
 
2016 - Daniel Lebrero - REPL driven development
2016 - Daniel Lebrero - REPL driven development2016 - Daniel Lebrero - REPL driven development
2016 - Daniel Lebrero - REPL driven developmentPROIDEA
 
Your API Sucks! Why developers hang up and how to stop that.
Your API Sucks! Why developers hang up and how to stop that.Your API Sucks! Why developers hang up and how to stop that.
Your API Sucks! Why developers hang up and how to stop that.Apigee | Google Cloud
 
London Atlassian User Group - February 2014
London Atlassian User Group - February 2014London Atlassian User Group - February 2014
London Atlassian User Group - February 2014Steve Smith
 
Scaling a Web Site - OSCON Tutorial
Scaling a Web Site - OSCON TutorialScaling a Web Site - OSCON Tutorial
Scaling a Web Site - OSCON Tutorialduleepa
 

Similar to Whiskey, Tango, Foxtrot: Understanding API Usage (20)

Pinto+Stratopan+Love
Pinto+Stratopan+LovePinto+Stratopan+Love
Pinto+Stratopan+Love
 
Cheapass.in — presented at JSFoo 2016
Cheapass.in — presented at JSFoo 2016Cheapass.in — presented at JSFoo 2016
Cheapass.in — presented at JSFoo 2016
 
Continues Deployment - Tech Talk week
Continues Deployment - Tech Talk weekContinues Deployment - Tech Talk week
Continues Deployment - Tech Talk week
 
Chris Mathias Presents Advanced API Design Considerations at LA CTO Forum
Chris Mathias Presents Advanced API Design Considerations at LA CTO ForumChris Mathias Presents Advanced API Design Considerations at LA CTO Forum
Chris Mathias Presents Advanced API Design Considerations at LA CTO Forum
 
Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014
 
SeConf_Nov2016_London
SeConf_Nov2016_LondonSeConf_Nov2016_London
SeConf_Nov2016_London
 
Simplifying the Web Accessibility Test Lab
Simplifying the Web Accessibility Test LabSimplifying the Web Accessibility Test Lab
Simplifying the Web Accessibility Test Lab
 
How penetration testing techniques can help you improve your qa skills
How penetration testing techniques can help you improve your qa skillsHow penetration testing techniques can help you improve your qa skills
How penetration testing techniques can help you improve your qa skills
 
Alexander Janssens & Gert-Jan van Rooij- Getting started with API
Alexander Janssens & Gert-Jan van Rooij- Getting started with APIAlexander Janssens & Gert-Jan van Rooij- Getting started with API
Alexander Janssens & Gert-Jan van Rooij- Getting started with API
 
Puppet Camp Paris 2014: Achieving Continuous Delivery and DevOps with Puppet
Puppet Camp Paris 2014: Achieving Continuous Delivery and DevOps with Puppet Puppet Camp Paris 2014: Achieving Continuous Delivery and DevOps with Puppet
Puppet Camp Paris 2014: Achieving Continuous Delivery and DevOps with Puppet
 
Achieving Continuous Delivery with Puppet
Achieving Continuous Delivery with PuppetAchieving Continuous Delivery with Puppet
Achieving Continuous Delivery with Puppet
 
Test driven infrastructure development (2 - puppetconf 2013 edition)
Test driven infrastructure development (2 - puppetconf 2013 edition)Test driven infrastructure development (2 - puppetconf 2013 edition)
Test driven infrastructure development (2 - puppetconf 2013 edition)
 
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...
 
How we took our server side application to the cloud and liked what we got
How we took our server side application to the cloud and liked what we gotHow we took our server side application to the cloud and liked what we got
How we took our server side application to the cloud and liked what we got
 
Contributing to StrongLoop LoopBack (and other open source projects)
Contributing to StrongLoop LoopBack (and other open source projects)Contributing to StrongLoop LoopBack (and other open source projects)
Contributing to StrongLoop LoopBack (and other open source projects)
 
2016 - Daniel Lebrero - REPL driven development
2016 - Daniel Lebrero - REPL driven development2016 - Daniel Lebrero - REPL driven development
2016 - Daniel Lebrero - REPL driven development
 
Your API Sucks! Why developers hang up and how to stop that.
Your API Sucks! Why developers hang up and how to stop that.Your API Sucks! Why developers hang up and how to stop that.
Your API Sucks! Why developers hang up and how to stop that.
 
Linux Users are People, Too!
Linux Users are People, Too!Linux Users are People, Too!
Linux Users are People, Too!
 
London Atlassian User Group - February 2014
London Atlassian User Group - February 2014London Atlassian User Group - February 2014
London Atlassian User Group - February 2014
 
Scaling a Web Site - OSCON Tutorial
Scaling a Web Site - OSCON TutorialScaling a Web Site - OSCON Tutorial
Scaling a Web Site - OSCON Tutorial
 

Recently uploaded

Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
QMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdfQMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdfROWELL MARQUINA
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneUiPathCommunity
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 

Recently uploaded (20)

Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
QMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdfQMMS Lesson 2 - Using MS Excel Formula.pdf
QMMS Lesson 2 - Using MS Excel Formula.pdf
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
How Tech Giants Cut Corners to Harvest Data for A.I.
How Tech Giants Cut Corners to Harvest Data for A.I.How Tech Giants Cut Corners to Harvest Data for A.I.
How Tech Giants Cut Corners to Harvest Data for A.I.
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyone
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 

Whiskey, Tango, Foxtrot: Understanding API Usage

  • 1. Whiskey, Tango, Foxtrot: Understanding API Usage Clay Loveless Chief Architect, Mashery @claylo OSCON July 22 2010
  • 2. APIs Gone Wild If You Build It ... Itʼll Turn On You Someday
  • 3. APIs Gone Wild If You Build It ... Itʼll Turn On You Someday GET Overview What Happens When Things 200 Go Wrong? PUT 200 5 Tips to Stay Ahead GET 200 The Secret 6th Tip GET 503
  • 4. Multiple Points of Failure APIs Can Mean Exponential New Failure Opportunities
  • 5. Multiple Points of Failure APIs Can Mean Exponential New Failure Opportunities Backend Systems • DB Servers/Caches • Hardware failures • Power hiccups • Incomplete reboots
  • 6. Multiple Points of Failure APIs Can Mean Exponential New Failure Opportunities Backend Systems Interconnections • DB Servers/Caches • Router failures • Hardware failures • Bad cables • Power hiccups • Severed internets • Incomplete reboots • Remote-hands fail
  • 7. Multiple Points of Failure APIs Can Mean Exponential New Failure Opportunities Backend Systems Interconnections External Deps • DB Servers/Caches • Router failures • Fail Whales • Hardware failures • Bad cables • Unannounced • Power hiccups • Severed internets upgrades • Incomplete reboots • Remote-hands fail • Random cloud latency
  • 8. Multiple Points of Failure APIs Can Mean Exponential New Failure Opportunities Backend Systems Interconnections External Deps • DB Servers/Caches • Router failures • Fail Whales • Hardware failures • Bad cables • Unannounced • Power hiccups • Severed internets upgrades • Incomplete reboots • Remote-hands fail • Random cloud latency
  • 9. The Retry Effect “Try Again in a Few Moments” = Right Now Successful Concurrent 600 450 Requests 300 150 Seconds
  • 11. Tip 1: Test It All Seriously, Test It All
  • 12. Tip 1: Test It All Seriously, Test It All Unit Tests Are Just the Beginning If you donʼt have them yet, start elsewhere
  • 13. Tip 1: Test It All Seriously, Test It All Unit Tests Are Just the Beginning If you donʼt have them yet, start elsewhere Test What Users Experience End-to-End Black Box tests
  • 14. Tip 1: Test It All Seriously, Test It All Unit Tests Are Just the Beginning If you donʼt have them yet, start elsewhere Test What Users Experience End-to-End Black Box tests Replay Your Access Logs More accurate than assumptions in unit tests
  • 15. Tip 1: Test It All Seriously, Test It All Unit Tests Are Just the Beginning If you donʼt have them yet, start elsewhere Test What Users Experience End-to-End Black Box tests Replay Your Access Logs More accurate than assumptions in unit tests Validate Return Payloads A stack trace is not valid XML
  • 16. Tip 2: Plan for Future Versions The Sun Will Come Up Tomorrow
  • 17. Tip 2: Plan for Future Versions The Sun Will Come Up Tomorrow Versions. Whoʼda thunk it? Yes, versioning is useful beyond the code powering your API.
  • 18. Tip 2: Plan for Future Versions The Sun Will Come Up Tomorrow Versions. Whoʼda thunk it? Yes, versioning is useful beyond the code powering your API. Versions Arenʼt Sexy/Semantic Do it anyway, & stand up straight.
  • 19. Tip 2: Plan for Future Versions The Sun Will Come Up Tomorrow Versions. Whoʼda thunk it? Yes, versioning is useful beyond the code powering your API. Versions Arenʼt Sexy/Semantic Do it anyway, & stand up straight. Announce Versions Often No one likes surprises when it comes to API behavior.
  • 20. Tip 3: Embrace Standards When Practical APIs Are Better When Predictable
  • 21. Tip 3: Embrace Standards When Practical APIs Are Better When Predictable Standard Approaches Mean Tools Itʼs easier to monitor anomalies on non-unique snowflakes.
  • 22. Tip 3: Embrace Standards When Practical APIs Are Better When Predictable Standard Approaches Mean Tools Itʼs easier to monitor anomalies on non-unique snowflakes. Avoid Uncomfortable Migrations No one wants an OAuthpocalypse.
  • 23. Tip 3: Embrace Standards When Practical APIs Are Better When Predictable Standard Approaches Mean Tools Itʼs easier to monitor anomalies on non-unique snowflakes. Avoid Uncomfortable Migrations No one wants an OAuthpocalypse. Enhance Runtime Validation Standards can make it easier to detect+reject bogus calls earlier in the request pipeline.
  • 24. Tip 4: Monitor Everything & Be Honest Slow Status Dashboards Suck More Than No Dashboard
  • 25. Tip 4: Monitor Everything & Be Honest Slow Status Dashboards Suck More Than No Dashboard Test It All, All the Time Better if you notice before your users notice.
  • 26. Tip 4: Monitor Everything & Be Honest Slow Status Dashboards Suck More Than No Dashboard Test It All, All the Time Better if you notice before your users notice. Trends Are Your Friends Canʼt spot trends without continuous monitoring
  • 27. Tip 4: Monitor Everything & Be Honest Slow Status Dashboards Suck More Than No Dashboard Test It All, All the Time Better if you notice before your users notice. Trends Are Your Friends Canʼt spot trends without continuous monitoring Fess Up Fast No user wants to think theyʼre your early-warning ops team.
  • 28. Tip 4: Monitor Everything & Be Honest Slow Status Dashboards Suck More Than No Dashboard Test It All, All the Time Better if you notice before your users notice. Trends Are Your Friends Canʼt spot trends without continuous monitoring Fess Up Fast No user wants to think theyʼre your early-warning ops team. Be Open Automatically Real-time public health instills trust.
  • 29. Tip 5: Fail Well Donʼt Ice Me, Bro
  • 30. Tip 5: Fail Well Donʼt Ice Me, Bro Well-formed Errors Win Friends Developers are more tolerant of failure if you anticipate the possibility.
  • 31. Tip 5: Fail Well Donʼt Ice Me, Bro Well-formed Errors Win Friends Developers are more tolerant of failure if you anticipate the possibility. Make Monitoring Easy The more obvious the failure, the easier it is to spot.
  • 32. Tip 5: Fail Well Donʼt Ice Me, Bro Well-formed Errors Win Friends Developers are more tolerant of failure if you anticipate the possibility. Make Monitoring Easy The more obvious the failure, the easier it is to spot. Donʼt Punish Everyone Determine who gets hurt most by failures, and screw them last (or not at all).
  • 34. Tip 6: Use an API Management Service Like ... Mashery!
  • 35. Tip 6: Use an API Management Service Like ... Mashery!
  • 36. Tip 6: Use an API Management Service Like ... Mashery! Managed API Service FTW Use a service with active monitoring and a support team. Let them call you first.
  • 37. Tip 6: Use an API Management Service Like ... Mashery! Managed API Service FTW Use a service with active monitoring and a support team. Let them call you first. Reports Covering Entire Ecosystem Make sure reports & analytics cover the entire spectrum of your APIʼs usage.
  • 38. Tip 6: Use an API Management Service Like ... Mashery! Managed API Service FTW Use a service with active monitoring and a support team. Let them call you first. Reports Covering Entire Ecosystem Make sure reports & analytics cover the entire spectrum of your APIʼs usage. Get Help Building Meaningful Community Nothing tells your developers you care like a community with a pulse.
  • 39. Did I Mention the Free Beer? Free beer as in FREE BEER. OSCON API Hour 7-9pm TONIGHT @ The EastBurn 1800 East Burnside Street Just a 5 minute cab ride. Mmm, beeer. And vintage games. Clay Loveless Chief Architect Wear Your OSCON Badge 2-3 drinks in, youʼll be happy clay@mashery.com everyone has nametags. Twitter: @claylo

Editor's Notes

  25. APIs Gone Wild API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there. - Lots of POSTs/PUTs/DELETEs - Nearly every call triggers a dynamic operation IN THE NEXT HALF HOUR, WE’LL COVER WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT
  26. APIs Gone Wild API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there. - Lots of POSTs/PUTs/DELETEs - Nearly every call triggers a dynamic operation IN THE NEXT HALF HOUR, WE’LL COVER WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT
  27. APIs Gone Wild API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there. - Lots of POSTs/PUTs/DELETEs - Nearly every call triggers a dynamic operation IN THE NEXT HALF HOUR, WE’LL COVER WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT
  28. APIs Gone Wild API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there. - Lots of POSTs/PUTs/DELETEs - Nearly every call triggers a dynamic operation IN THE NEXT HALF HOUR, WE’LL COVER WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT
  29. APIs Gone Wild API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there. - Lots of POSTs/PUTs/DELETEs - Nearly every call triggers a dynamic operation IN THE NEXT HALF HOUR, WE’LL COVER WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT
  30. APIs Gone Wild API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there. - Lots of POSTs/PUTs/DELETEs - Nearly every call triggers a dynamic operation IN THE NEXT HALF HOUR, WE’LL COVER WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT
  31. APIs Gone Wild API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there. - Lots of POSTs/PUTs/DELETEs - Nearly every call triggers a dynamic operation IN THE NEXT HALF HOUR, WE’LL COVER WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT
  32. APIs Gone Wild API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there. - Lots of POSTs/PUTs/DELETEs - Nearly every call triggers a dynamic operation IN THE NEXT HALF HOUR, WE’LL COVER WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT
  33. APIs Gone Wild API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there. - Lots of POSTs/PUTs/DELETEs - Nearly every call triggers a dynamic operation IN THE NEXT HALF HOUR, WE’LL COVER WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT
  34. APIs Gone Wild API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there. - Lots of POSTs/PUTs/DELETEs - Nearly every call triggers a dynamic operation IN THE NEXT HALF HOUR, WE’LL COVER WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT
  35. APIs Gone Wild API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there. - Lots of POSTs/PUTs/DELETEs - Nearly every call triggers a dynamic operation IN THE NEXT HALF HOUR, WE’LL COVER WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT