Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Unless otherwise indicated, these slides are © 2013-2014 Pivotal Software, Inc. and licensed under a
Creative Commons Attr...
What Is An Api?
2
3
API: (acronym) Application Programming Interface
“…specifies a software component in terms of its operations,
their inpu...
4
API: (acronym) Application Programming Interface
“…specifies a software component in terms of its operations,
their inpu...
Api Is A Separation of Concern…Or Is It?
5
6
• Proxy
• Vendor Api Gate
• Zuul
• MQ
• Vendor API Gate
API Processing
& Data Shared
7
Handles
Request/Response
Builds resource for
Request/Response
Api Is An Architectural Cross-Cutting Concern
8
9
“In computer science, cross-cutting concerns are aspects of
a program that affect other concerns. These concerns often
c...
10
REQUEST
TOOLING RESPONSE
TOOLING
APPLICATION
CLIENT
API Partial API
Data/Functionality
Partial API
Data/Functionality
11
REQUEST
TOOLING
RESPONSE
TOOLING
APPLICATION
CLIENT
API
•API is shared across architecture and application
•API functionality/data is associated with I/O; not business logic
•Dup...
What Are The Issue?
13
14
• processing rules
• configuration
Shared API Concerns
Scattered: API Functionality Redundant; Not Dry
15
Controller1
Method1
Method2
Method3
Controller2
Method1
Method2
Method3
batch
batch batch
format
resource
role
check
fo...
16
Entangled & Scattered: Role Checks Not Atomic
•Uri Roles
•[ROLE_ADMIN,ROLE_USER]
•Request Roles
•ROLE_ADMIN = id
•ROLE_...
17
Entangled & Scattered: Role Checks Not Atomic
•Security attached to controller; can’t externalize
internal roles used t...
How Come Nobody Thought of This Before?
18
19
urlmapping
controller controller
model
entrypoint (api_v.0.1/*)
endpoint (test/show)
http://localhost:8080/api_v0.1/tes...
20
“Endpoints facilitate a standard programmable layer of
abstraction whereby heterogeneous software systems
and/or subsys...
21
EVERYTHING IS…
AW… SH#T!!AW… SH#T!!
EVERYTHING IS…
spaceship?!
©Warner Bros.
22
API Incoming Data
• data checks
• security checks ( no data role
checks)
• processing
API Outgoing Data
• processing / ...
23
http://localhost:8080/api_v0.1/test/show/1
urlmapping
preHandler / postHandler
controller controller
model
entrypoint (...
24
Test.json{
"VALUES": {
"id": {"type": "PKEY"},
"testdata": {"type": "String","mockData": "blahblahblah"}
},
“CURRENTSTA...
25
ApiObject Further Explained
…
"REQUEST": {
“ROLE_ADMIN”:[“id"],
“ROLE_USER":["username"]
},
"RESPONSE": {
“ROLE_ADMIN":...
•Separation of Package and Packaging in Version
•Resource does not change often but the way it is requested will
•Data nee...
So How Does This All Fit Together?
27
28
Do to lack of contracts (and being approached by VC), we are
removing all further content.
We continually have develope...
Upcoming SlideShare
Loading in …5
×

Api Abstraction & Api Chaining

7,278 views

Published on

API abstraction is the separation of cross cutting concerns related to the api to better enable externalization to architectural concerns. Not only does this enable easier externalization, synchronization and sharing of the environment with external architecture but this also enables us to reload the api configuration on the fly, have DRY'r code, easier batching, api chaining, reduced code, synchronized configuration/security, reduced throughput and much more.

Video Available here : http://java.dzone.com/articles/springone2gx-2014-replay-api

Published in: Internet
  • Hey guys! Who wants to chat with me? More photos with me here 👉 http://www.bit.ly/katekoxx
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Api Abstraction & Api Chaining

  1. 1. Unless otherwise indicated, these slides are © 2013-2014 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ API Abstraction & API Chaining in Grails By Owen Rubel
  2. 2. What Is An Api? 2
  3. 3. 3 API: (acronym) Application Programming Interface “…specifies a software component in terms of its operations, their inputs and outputs and underlying types. Its main purpose is to define a set of functionalities that are independent of their respective implementation…
  4. 4. 4 API: (acronym) Application Programming Interface “…specifies a software component in terms of its operations, their inputs and outputs and underlying types. Its main purpose is to define a set of functionalities that are independent of their respective implementation…” In Short: An API abstracts I/O for functionality of resource management
  5. 5. Api Is A Separation of Concern…Or Is It? 5
  6. 6. 6 • Proxy • Vendor Api Gate • Zuul • MQ • Vendor API Gate API Processing & Data Shared
  7. 7. 7 Handles Request/Response Builds resource for Request/Response
  8. 8. Api Is An Architectural Cross-Cutting Concern 8
  9. 9. 9 “In computer science, cross-cutting concerns are aspects of a program that affect other concerns. These concerns often cannot be cleanly decomposed/separated from the rest of the system in both the design and implementation, and can result in either: •scattering (code duplication) •tangling (significant dependencies between systems) •or both.” - Crosscutting Concern,Wikipedia
  10. 10. 10 REQUEST TOOLING RESPONSE TOOLING APPLICATION CLIENT API Partial API Data/Functionality Partial API Data/Functionality
  11. 11. 11 REQUEST TOOLING RESPONSE TOOLING APPLICATION CLIENT API
  12. 12. •API is shared across architecture and application •API functionality/data is associated with I/O; not business logic •Duplication of API functionality across application/architecture •Sharing of API configuration across architecture 12
  13. 13. What Are The Issue? 13
  14. 14. 14 • processing rules • configuration Shared API Concerns Scattered: API Functionality Redundant; Not Dry
  15. 15. 15 Controller1 Method1 Method2 Method3 Controller2 Method1 Method2 Method3 batch batch batch format resource role check format resource format resource role check format resource format resource format resource role check role check role check role check Scattered: API Functionality Redundant; Not Dry
  16. 16. 16 Entangled & Scattered: Role Checks Not Atomic •Uri Roles •[ROLE_ADMIN,ROLE_USER] •Request Roles •ROLE_ADMIN = id •ROLE_USER = username •Response Roles •permitAll = [‘username’,’fname’,’lname’] •ROLE_ADMIN = [‘id’,’password’] •Security not atomic; roles only checked upon request •Apidocs/OPTIONS show incorrect information
  17. 17. 17 Entangled & Scattered: Role Checks Not Atomic •Security attached to controller; can’t externalize internal roles used to generate data @Secured(['ROLE_ADMIN', 'ROLE_USER']) def show(){ List authorities = springSecurityService.getPrincipal().getAuthorities() String id Widget widget if(authorities.contains(‘ROLE_ADMIN’)){ widget = Widget.get(params.id.toLong()) }else if(authorities.contains(‘ROLE_USER’)){ widget = Widget.getByUsername(params.username) } … }
  18. 18. How Come Nobody Thought of This Before? 18
  19. 19. 19 urlmapping controller controller model entrypoint (api_v.0.1/*) endpoint (test/show) http://localhost:8080/api_v0.1/test/show/1
  20. 20. 20 “Endpoints facilitate a standard programmable layer of abstraction whereby heterogeneous software systems and/or subsystems may communicate with each other and that the means of communication are decoupled from the communicating subsystems.” - Communication Endpoint,Wikipedia
  21. 21. 21 EVERYTHING IS… AW… SH#T!!AW… SH#T!! EVERYTHING IS… spaceship?! ©Warner Bros.
  22. 22. 22 API Incoming Data • data checks • security checks ( no data role checks) • processing API Outgoing Data • processing / resource formatting
  23. 23. 23 http://localhost:8080/api_v0.1/test/show/1 urlmapping preHandler / postHandler controller controller model entrypoint (api_v.0.1/*) endpoint (test/show)
  24. 24. 24 Test.json{ "VALUES": { "id": {"type": "PKEY"}, "testdata": {"type": "String","mockData": "blahblahblah"} }, “CURRENTSTABLE": “1”, "VERSION": { "1": { “DEPRECATED”:{‘MM/DD/YYYY’,’deprecation message’}, "DEFAULT": “test/show", "URI": { "test/show": { "METHOD":"GET", "DESCRIPTION":"Get test data", "ROLES":["ROLE_ADMIN","ROLE_USER"], "REQUEST": { "permitAll":["id"] }, "RESPONSE": { "permitAll":["id"], "ROLE_ADMIN":["testdata"] } } } } } }
  25. 25. 25 ApiObject Further Explained … "REQUEST": { “ROLE_ADMIN”:[“id"], “ROLE_USER":["username"] }, "RESPONSE": { “ROLE_ADMIN":["id"], “permitAll”:[“username”,”fname”,”lname"] } … … "REQUEST": {}, "RESPONSE": { “ROLE_ADMIN":["id"], “permitAll”:[“username”,”fname”,”lname"] } … Chainable Request Varied Role Request
  26. 26. •Separation of Package and Packaging in Version •Resource does not change often but the way it is requested will •Data needs to be separated/shared concern 26 Why A Reloadable ApiObject?
  27. 27. So How Does This All Fit Together? 27
  28. 28. 28 Do to lack of contracts (and being approached by VC), we are removing all further content. We continually have developer from Google, Twitter, Amazon, Baidu, and a ton of other enterprises reading our work and attempting to duplicate without hiring us for a consult… thus we are taking down all further content. No further contributions will be made or provided without community help, sponsorship or VC. You can contact us at info@beapi.io

×