apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
Managing the usage of Asynchronous APIs: What does it take?
Sanjeewa Malalgoda, Architect & Associate Director at WSO
3. ● Why Asynchronous APIs?
● Asynchronous API usages and applications.
● API Management for asynchronous APIs.
● Asynchronous API management challenges and solutions.
3
Agenda
6. ● View your account balance.
● Transfer money from your account via mobile application.
● Place order through e-commerce application.
● Search about something on the web.
● Upload your picture to social media.
6
Usages of synchronous APIs
8. ● Additional network calls between client and server.
● Processing in server and client for each additional call
● Some researches found <5% new results coming through polling.
● Poor user experience.
● E-tags only solves part of the problem.
8
Polling?
10. ● Receiving notifications about someone's reaction on your social media
account.
● A new message notification on your mobile device.
● Liquidisation reminder from your trading application.
● Live location/schedule updates in transportation scenarios.
● Live sports score updates.
● Video games.
● Updates when 2 people works on same online document or issue.
10
Why Asynchronous APIs?
12. ● When to use asynchronous and synchronous APIs?
● Selecting implementation for your asynchronous API.
⦿ WebSockets - multiplexed, bidirectional streaming and for applications that need a
huge amount of messages from both ends of the connection.
⦿ MQTT - for IoT devices with limited battery life.
⦿ Server-Sent Events - especially useful in browser client applications
⦿ Webhooks - pushing notifications to one or a small number of servers.
12
Choose Synchronous/Asynchronous
13. ● Standardize asynchronous API design and documentation.
● Protocol agnostic API definitions.
● Tools support for APIs( document generation, client, SDK generations etc.)
● Address EDA specific requirements.
13
AsyncAPI Specification
15. The API Product Lifecycle
Building
● Building your API.
● Different technologies - REST, SOAP,
GraphQL, gRPC, Events, etc.
Assembly
● Integrating systems and services to build
APIs.
Packaging
● Packaging APIs to form products
● Creating documentation
● Associating business plans
● Categorization
Delivery
● API Platforms (Marketplaces)
● Catering to demand
Automation
● API Automation techniques
● CI/CD and delivery pipelines
API Product Lifecycle
16. ● API Management related QoS applicable for asynchronous APIs as well.
⦿ Unify API development and subscription experience across protocols.
⦿ Authentication and authorization
⦿ Rate limits and throttling
⦿ Usage data monitoring and alerting
⦿ Business insights
⦿ Conformity scans
16
Asynchronous API Management
17. Event Driven API Management -
https://github.com/wso2/reference-
architecture/blob/master/event-driven-api-
architecture.md
18. ● Different development experiences ( ex websub proxy/hub API creations does
not need endpoint while websocket needs one).
● Users can start API development with API definition (AsyncAPI).
● Asynchronous APIs can have topics while synchronous REST APIs having
resources.
● API development experience (Design > Development > Deploy > Test >
Publish).
19
API Development Experience
19. ● API discovering experience
● Subscriptions for APIs with business plans.
● Use API documentation
● Common API store features like comments, rating etc.
20
API Consumption
20. ● Different protocols ties to different security mechanisms
⦿ Webhook(hub scenarios) use security mechanisms like verification token, signature
(HMAC), thin payload, mutual TLS
⦿ WebSocket can be secured with standard OAuth with scopes or any other standard
security mechanism.
⦿ SSE can be secured with tokens.
● Security mechanisms enabled for subscriber need to work across different
protocols.
● Handle protocol specific security demands.
21
API Security
21. ● Ability to support protocol specific rate limits
⦿ Webhook, SSE API can be rate limit with number of
events transfer within a day or hour along with number
of active subscriptions at any given time.
⦿ WebSocket APIs can be rate limit based on the data
volume transferred.
● Ability to define business plans, rate limiting tiers by
combining multiple rate limiting methodologies.
22
Rate Limiting
22. ● Capture right events for API usages
● Capture protocol specific usage attributes
⦿ Ex: WebSocket bandwidth, SSE event
counts, Webhook active user counts etc
● Visualizing collected data in meaningful
way.
23
Monitoring & Alerting
23. ● GraphQL allows users to subscribe for the events with attributes list. So they
will be notified with requested content only.
● Ability to intercept messages and filter contents for async API will be plus point
for any API Management system.
● With content inspection capability, upstream service modifications it can be
detect easily and prevent client failures.
24
Content Scanning & Filtering
24. 25
Connect with Events Streams
Ability to connect with event
sources directly and expose
them as managed APIs via
different protocols
API Management Layer
GraphQL is programming api definition language
WebSocket is a computer communications protocol, providing full-duplex communication
A webhook in web development is a method of augmenting or altering the behavior of a web
(SSE) is a server push technology enabling a client to receive automatic updates from a server via an HTTP connection
Apache Kafka is a framework implementation of a software bus using stream-processing.
MQTT iis a lightweight, publish-subscribe network protocol that transports messages between devices.
NATS is an open-source messaging system. The NATS server is written in the Go programming language