SlideShare a Scribd company logo

API Docs with OpenAPI 3.0

Download as PPTX, PDF
Fabrizio Ferri-Benedetti
Fabrizio Ferri-Benedetti

The document provides an introduction and overview of APIs, REST, and OpenAPI specification. It discusses key concepts like resources, HTTP verbs, and OpenAPI structure. It also demonstrates OpenAPI syntax using JSON and YAML examples and highlights best practices for documenting APIs with OpenAPI.

Software
1 of 50
API Docs with OpenAPI 3.0 An Introduction + Hands-on Workshop
What is an API? And a Web API? • API stands for Application Programming Interface • APIs provide ways for software to communicate with other software • A Web API is an API whose endpoints are exposed to the web • Want to explore? More than 23k web APIs are listed at https://www.programmableweb.com/apis/directory Howdy! My name’s Soundwave, and I’m an API. Sort of.
Example: AccuWeather Web API
REST is king (for now) https://smartbear.com/SmartBearBrand/media/pdf/SmartBear_State_of_API_2019.pdf
What is REST? Representation State Transfer, a software architectural style. REST web services allow to access and manipulate resources by using a uniform, idempotent (HTTP), predefined set of stateless operations. https://en.wikipedia.org/wiki/Representational_state_transfer REST API GET /accounts Response (JSON, XML, etc.) Stuff happening behind the scenes Client Data
Resources are stuff, not what you do on stuff • A resource are objetcs you manipulate using the API, from data to states to attributes. But they can’t be actions! • ✅ POST /pictures/1/metadata • 🛑 POST /pictures/1/delete • Resources have identifiers (that’s why you usually pluralize the nouns) • Resources usually carry a data model • Technical writers have much to say about resource naming and styling https://restfulapi.net/resource-naming/
Uniform set of operations: HTTP verbs • GET: Retrieve a resource or a list of resources • POST: Create a resource or a list of resources, or send data • PUT: Update a resource or a list of resources • PATCH: Partially update a resource or a list of resources • DELETE: Removes or disable a resource or a list of resources All you’ll find are recommendations: actions can be implemented in a variety of non-standard ways – check with your engineering team!
Design is Documentation is Design • You should not limit yourself to the task of documenting the API • As an API technical writer, you’ve a complete view of the whole API • You can, and should, help the engineering team to decide: • Naming and formatting conventions for the API • Structure of the API • Style guide for summaries, examples, and descriptions • Text for the error codes • Examples • If nobody is in charge, take the helm • Recruit architects / lead engineers to deal with the most technical bits
What is RESTful https://damienfremont.com/2017/11/23/rest-api-maturity-levels-from-0-to-5/ /RetrieveAllShinyPinkResourcesThanks /resources GET /resources/1
What is OpenAPI? It’s a language-agnostic specification for describing, producing, consuming, and visualizing RESTful web services.
Why OpenAPI? https://smartbear.com/SmartBearBrand/media/pdf/SmartBear_State_of_API_2019.pdf
API Reference documentation is key https://smartbear.com/SmartBearBrand/media/pdf/SmartBear_State_of_API_2019.pdf
Generating API Reference docs from OpenAPI • SwaggerHub (and Swagger UI) • ReDoc • Widdershins • Readme.com (Saas) • Stoplight Docs (Saas)
Dive into OpenAPI Why is it so dark in here?
OpenAPI 3 • JSON or YAML format • Can be written using any text or code editor • Can contain extensions (custom fields) • Supports CommonMark in description fields • Names are case sensitive (cuteDog != cutedog) • Allows external references ($ref) to reuse definitions or split large specifications • https://swagger.io/specification/
JSON or YAML? Curly braces or whitespaces? JSON YAML
YAML Basics • Two-space indent to nest objects • No need for quotes or braces • Hyphens for arrays (sequences) • Arrays (sequences) can be nested https://learnxinyminutes.com/docs/yaml/
Swagger 2 or OpenAPI 3? https://blog.readme.io/an-example-filled-guide-to-swagger-3-2/
OpenAPI Structure
Info object https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md
Servers object OpenAPI in a Nutshell 21 https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md
Security object https://swagger.io/docs/specification/authentication/
23 Security schemes • HTTP Authentication • Basic • Bearer • API keys • Cookies • OAuth 2 • OpenID
Tags object • Used to organize paths together in docs and UIs • Useful when you have lots of endpoints
Path object https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md
Parameters • path parameters, such as /users/{id} • query parameters, such as /users?role=admin • header parameters, such as X-MyHeader: Value • cookie parameters • default values can be set in non-required params • Empty parameters: allowEmptyValue: true • Nullable? Use nullable: true • Constant parameters are allowed as well • Predefined values can be defined using enum: • Parameters shared by all operations of a path can be defined on the path level instead of the operation level. Path-level parameters are inherited by all operations of that path and can be overridden.
Let’s go to the pet store https://github.com/OAI/OpenAPI-Specification/blob/master/examples/v3.0/petstore.yaml
Parameter serialization • Serialization is translating data into a format that can be transmitted and reconstructed later • Operation parameters support serialization for path, query, header, and cookie • Default settings are OK for most cases, but can be overridden using style and explode Default values https://swagger.io/docs/specification/serialization In Style Explode URI template Array example path simple false /users/{id} /users/3,4,5 query form true /users{?id*} /users?id=3&id=4&id=5 header simple false {id} X-MyHeader: 3,4,5 cookie form true
Data types Type Format Attributes number / integer - float, double - int32, int64 - minimum, maximum (number) - exclusiveMinimum, exclusiveMaximum (bool) - multipleOf (number) string - date, date-time, password, byte, binary (files) - email, uuid, uri… - minLength, maxLength (number) - pattern (regex!) boolean array - items: of other types, including objects - minItems, maxItems (number) - uniqueItems (bool) objects - properties: - required (bool) - readOnly, writeOnly (bool) null (nullable:) https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md
Enum • Enums can be used to specify acceptable values of a request or a model property https://swagger.io/docs/specification/data-models/enums/
Dictionaries, hashmaps, and associative arrays • A dictionary (also known as a map, hashmap or associative array) is a set of key/value pairs. OpenAPI lets you define dictionaries where the keys are strings. • To define a dictionary, use type: object and use the additionalProperties keyword to specify the type of values in key/value pairs. • If the dictionary values can be of any type (aka free-form object), use additionalProperties: true https://swagger.io/docs/specification/data-models/dictionaries/
one of, anyof, allof, not • oneOf – validates the value against exactly one of the subschemas • allOf – validates the value against all the subschemas • anyOf – validates the value against any (one or more) of the subschemas • not – make sure value is not valid against the specified schema • Inheritance: allOf • Polymorphism: anyOf / oneOf https://swagger.io/docs/specification/data-models/oneof-anyof-allof-not/ https://swagger.io/docs/specification/data-models/inheritance-and-polymorphism/
Media types • Media type declarations go within the content object • They have a schema and can have several examples • Vendor-specific types are indicated by .vnd • Wildcards can be used (for example, image/*) https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md
Request body https://swagger.io/docs/specification/describing-request-body/ • POST, PUT, PATCH can have request bodies • Optional by default, but can set to required: true • Admits summary, description, and examples • Can link to reusable bodies ($ref) • File uploads can be specified via media type + format: binary or format: base64 • multipart/form-data allows to send files alongside other data
Form data • application/x-www-form-urlencoded • ASCII key=value pairs • multipart/form-data • Multiple media types (image, text, etc.)
Responses https://swagger.io/docs/specification/describing-responses/ • Each operation must have at least one response • Responses are defined by HTTP status codes • Response data is defined as primitives or objects • default: can be used to describe HTTP codes that are not covered individually for an operation (for instance, all undescribed error codes) • Responses can be reused by defining them under components
Links • Provide next actions in responses • Enable self-documented APIs • Added at responses: level • operationId: ID of the path element • operationRef: when ID is not available • parameters / requestBody: what parameters or request body are relayed to the target operation • Strings containing embedded runtime expressions or hardcoded values can be used as well: ID_{$response.body#/id} start_date: ‘’ https://swagger.io/docs/specification/links/
Callbacks • Used for webhooks and subscription mechanisms • Multiple callbacks can be defined https://swagger.io/docs/specification/callbacks/
Examples • Part of the reference documentation • Can be added to parameters, properties, and objects • They can be used to simulate the API behavior • NOT the same as default values
Runtime expressions Expression Description $url The full request URL, including the query string. $method Request HTTP method, such as GET or POST. $request.query.param_name The value of the specified query parameter. The parameter must be defined in the operation’s parameters section, otherwise, it cannot be evaluated. Parameter names are case sensitive. $request.path.param_name The value of the specified path parameter. The parameter must be defined in the operation’s parameters section, otherwise, it cannot be evaluated. Parameter names are case sensitive. $request.header.header_name The value of the specified request header. This header must be defined in the operation’s parameters section, otherwise, it cannot be evaluated. Header names are case insensitive. $request.body The entire request body. $request.body#/foo/bar A portion of the request body specified by a JSON Pointer. $statusCode HTTP status code of the response. For example, 200 or 404. $response.header.header_name The complete value of the specified response header, as a string. Header names are case-insensitive. The header does not need to be defined in the response’s headers section. $response.body The entire response body. $response.body#/foo/bar A portion of the request body specified by a JSON Pointer. foo{$request.path.id}bar Enclose an expression into {} curly braces to embed it into a string.
$REF and component reuse • $ref keyword allows to reuse a definition (so that you type less!) • Links to the path of the object (can be local, remote, or an URL) • $ref: '#/definitions/myElement’ • $ref: '../document.json#/myElement’ • $ref: 'http://path/to/your/resource.json#myElement' https://swagger.io/docs/specification/using-ref/
Components object • Serves as a container of various reusable definitions, parameters, examples, etc. • Only used when $referenced • Components can act as aliases for external definitions
Extensions https://swagger.io/docs/specification/openapi-extensions/
Useful resources Beyond NOTEPAD.EXE
Most Frequent mistakes (OPENAPI + YAML) Not indenting properly: not enough spaces, nesting inside the wrong object Typos: bad paths, names, etc. Names in YAML are case sensitive, too Using hyphen notation (array) when not needed—writing lists is so tempting Not escaping strings (for instance description: This is the item: oh hello breaks due to the colon) Forgetting about colons and slashes, especially in path objects (#components or /users{id}) Using required as a property attribute instead of object-level list Using wrong data types and keywords Keywords without a value Forgetting about keywords (for instance, not adding type to properties) Using default with required parameters/properties Forgetting about components—you’ll regret that in the long run
Validate your specs! • Speccy - https://speccy.io/ • speccy lint openapi.yaml • OpenAPI Lint for VS Code • SwaggerHub Editor
Useful VS CODE EXTENSIONS • Bracket Pair Colorizer 2 (for JSON) • Indent Rainbow (for YAML) • OpenAPI Lint • Swagger Viewer • YAML
Useful websites • https://mermade.github.io/openapi-gui/ • https://editor.swagger.io/ • https://openapi-map.apihandyman.io/ • https://openapi.tools/ • https://opensource.zalando.com/restful-api-guidelines/ • https://github.com/APIs-guru/openapi-directory • https://idratherbewriting.com/learnapidoc/
Exercise! Time to write a simple OpenAPI 3.0 Specification
Improve the Gelato API The Gelato API lets everyone get data on ice creams and toppings. With proper authentication, users can also add ice creams, toppings, and customers. Let’s improve it! • Open Swagger Editor and load the gelato.yaml file from here: http://bit.do/gelatoapi 1. Add contact information to the info object 2. Add the gelatoKey security to the POST operations 3. Define the topping schema in components (toppings need to have an id) 4. Add a DELETE operation to get rid of a topping via its id (don’t forget to tag it and add security) 5. Add the person object properties to the customer object via inheritance 6. Complete the POST operation to add a new customer (hint: it needs request data) 7. Check that the specification is valid and generate .NET server code from the specification

Recommended

Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI Spec
Adam Paxton
 
Building APIs with the OpenApi Spec
Building APIs with the OpenApi SpecBuilding APIs with the OpenApi Spec
Building APIs with the OpenApi Spec
Pedro J. Molina
 
OpenAPI 3.0, And What It Means for the Future of Swagger
OpenAPI 3.0, And What It Means for the Future of SwaggerOpenAPI 3.0, And What It Means for the Future of Swagger
OpenAPI 3.0, And What It Means for the Future of Swagger
SmartBear
 
OpenAPI at Scale
OpenAPI at ScaleOpenAPI at Scale
OpenAPI at Scale
Nordic APIs
 
Introducing Swagger
Introducing SwaggerIntroducing Swagger
Introducing Swagger
Tony Tam
 
Writing REST APIs with OpenAPI and Swagger Ada
Writing REST APIs with OpenAPI and Swagger AdaWriting REST APIs with OpenAPI and Swagger Ada
Writing REST APIs with OpenAPI and Swagger Ada
Stephane Carrez
 
REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & Development
Ashok Pundit
 
Introduction to Swagger
Introduction to SwaggerIntroduction to Swagger
Introduction to Swagger
Knoldus Inc.
 

Recommended

Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI Spec
Adam Paxton
 
Building APIs with the OpenApi Spec
Building APIs with the OpenApi SpecBuilding APIs with the OpenApi Spec
Building APIs with the OpenApi Spec
Pedro J. Molina
 
OpenAPI 3.0, And What It Means for the Future of Swagger
OpenAPI 3.0, And What It Means for the Future of SwaggerOpenAPI 3.0, And What It Means for the Future of Swagger
OpenAPI 3.0, And What It Means for the Future of Swagger
SmartBear
 
OpenAPI at Scale
OpenAPI at ScaleOpenAPI at Scale
OpenAPI at Scale
Nordic APIs
 
Introducing Swagger
Introducing SwaggerIntroducing Swagger
Introducing Swagger
Tony Tam
 
Writing REST APIs with OpenAPI and Swagger Ada
Writing REST APIs with OpenAPI and Swagger AdaWriting REST APIs with OpenAPI and Swagger Ada
Writing REST APIs with OpenAPI and Swagger Ada
Stephane Carrez
 
REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & Development
Ashok Pundit
 
Introduction to Swagger
Introduction to SwaggerIntroduction to Swagger
Introduction to Swagger
Knoldus Inc.
 
What is Swagger?
What is Swagger?What is Swagger?
What is Swagger?
Philip Senger
 
Swagger
SwaggerSwagger
Swagger
NexThoughts Technologies
 
Developing Faster with Swagger
Developing Faster with SwaggerDeveloping Faster with Swagger
Developing Faster with Swagger
Tony Tam
 
Rest API
Rest APIRest API
Rest API
Rohana K Amarakoon
 
Rest API with Swagger and NodeJS
Rest API with Swagger and NodeJSRest API with Swagger and NodeJS
Rest API with Swagger and NodeJS
Luigi Saetta
 
API Testing: The heart of functional testing" with Bj Rollison
API Testing: The heart of functional testing" with Bj RollisonAPI Testing: The heart of functional testing" with Bj Rollison
API Testing: The heart of functional testing" with Bj Rollison
TEST Huddle
 
Documenting your REST API with Swagger - JOIN 2014
Documenting your REST API with Swagger - JOIN 2014Documenting your REST API with Swagger - JOIN 2014
Documenting your REST API with Swagger - JOIN 2014
JWORKS powered by Ordina
 
Swagger APIs for Humans and Robots (Gluecon)
Swagger APIs for Humans and Robots (Gluecon)Swagger APIs for Humans and Robots (Gluecon)
Swagger APIs for Humans and Robots (Gluecon)
Tony Tam
 
Api types
Api typesApi types
Api types
Sarah Maddox
 
Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1
SmartBear
 
Swagger / Quick Start Guide
Swagger / Quick Start GuideSwagger / Quick Start Guide
Swagger / Quick Start Guide
Andrii Gakhov
 
RESTful API Testing using Postman, Newman, and Jenkins
RESTful API Testing using Postman, Newman, and JenkinsRESTful API Testing using Postman, Newman, and Jenkins
RESTful API Testing using Postman, Newman, and Jenkins
QASymphony
 
API Design- Best Practices
API Design- Best PracticesAPI Design- Best Practices
API Design- Best Practices
Prakash Bhandari
 
Rest api standards and best practices
Rest api standards and best practicesRest api standards and best practices
Rest api standards and best practices
Ankita Mahajan
 
Document your rest api using swagger - Devoxx 2015
Document your rest api using swagger - Devoxx 2015Document your rest api using swagger - Devoxx 2015
Document your rest api using swagger - Devoxx 2015
johannes_fiala
 
OpenAPI and gRPC Side by-Side
OpenAPI and gRPC Side by-SideOpenAPI and gRPC Side by-Side
OpenAPI and gRPC Side by-Side
Tim Burks
 
Api Testing
Api TestingApi Testing
Api Testing
Vishwanath KC
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUD
Prem Sanil
 
An Introduction To REST API
An Introduction To REST APIAn Introduction To REST API
An Introduction To REST API
Aniruddh Bhilvare
 
Belajar Postman test runner
Belajar Postman test runnerBelajar Postman test runner
Belajar Postman test runner
Fachrul Choliluddin
 
ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web api
Tiago Knoch
 
Api crash
Api crashApi crash
Api crash
Tony Nguyen
 

More Related Content

What's hot

What is Swagger?
What is Swagger?What is Swagger?
What is Swagger?
Philip Senger
 
Swagger
SwaggerSwagger
Swagger
NexThoughts Technologies
 
Developing Faster with Swagger
Developing Faster with SwaggerDeveloping Faster with Swagger
Developing Faster with Swagger
Tony Tam
 
Rest API
Rest APIRest API
Rest API
Rohana K Amarakoon
 
Rest API with Swagger and NodeJS
Rest API with Swagger and NodeJSRest API with Swagger and NodeJS
Rest API with Swagger and NodeJS
Luigi Saetta
 
API Testing: The heart of functional testing" with Bj Rollison
API Testing: The heart of functional testing" with Bj RollisonAPI Testing: The heart of functional testing" with Bj Rollison
API Testing: The heart of functional testing" with Bj Rollison
TEST Huddle
 
Documenting your REST API with Swagger - JOIN 2014
Documenting your REST API with Swagger - JOIN 2014Documenting your REST API with Swagger - JOIN 2014
Documenting your REST API with Swagger - JOIN 2014
JWORKS powered by Ordina
 
Swagger APIs for Humans and Robots (Gluecon)
Swagger APIs for Humans and Robots (Gluecon)Swagger APIs for Humans and Robots (Gluecon)
Swagger APIs for Humans and Robots (Gluecon)
Tony Tam
 
Api types
Api typesApi types
Api types
Sarah Maddox
 
Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1
SmartBear
 
Swagger / Quick Start Guide
Swagger / Quick Start GuideSwagger / Quick Start Guide
Swagger / Quick Start Guide
Andrii Gakhov
 
RESTful API Testing using Postman, Newman, and Jenkins
RESTful API Testing using Postman, Newman, and JenkinsRESTful API Testing using Postman, Newman, and Jenkins
RESTful API Testing using Postman, Newman, and Jenkins
QASymphony
 
API Design- Best Practices
API Design- Best PracticesAPI Design- Best Practices
API Design- Best Practices
Prakash Bhandari
 
Rest api standards and best practices
Rest api standards and best practicesRest api standards and best practices
Rest api standards and best practices
Ankita Mahajan
 
Document your rest api using swagger - Devoxx 2015
Document your rest api using swagger - Devoxx 2015Document your rest api using swagger - Devoxx 2015
Document your rest api using swagger - Devoxx 2015
johannes_fiala
 
OpenAPI and gRPC Side by-Side
OpenAPI and gRPC Side by-SideOpenAPI and gRPC Side by-Side
OpenAPI and gRPC Side by-Side
Tim Burks
 
Api Testing
Api TestingApi Testing
Api Testing
Vishwanath KC
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUD
Prem Sanil
 
An Introduction To REST API
An Introduction To REST APIAn Introduction To REST API
An Introduction To REST API
Aniruddh Bhilvare
 
Belajar Postman test runner
Belajar Postman test runnerBelajar Postman test runner
Belajar Postman test runner
Fachrul Choliluddin
 

What's hot (20)

What is Swagger?
What is Swagger?What is Swagger?
What is Swagger?
 
Swagger
SwaggerSwagger
Swagger
 
Developing Faster with Swagger
Developing Faster with SwaggerDeveloping Faster with Swagger
Developing Faster with Swagger
 
Rest API
Rest APIRest API
Rest API
 
Rest API with Swagger and NodeJS
Rest API with Swagger and NodeJSRest API with Swagger and NodeJS
Rest API with Swagger and NodeJS
 
API Testing: The heart of functional testing" with Bj Rollison
API Testing: The heart of functional testing" with Bj RollisonAPI Testing: The heart of functional testing" with Bj Rollison
API Testing: The heart of functional testing" with Bj Rollison
 
Documenting your REST API with Swagger - JOIN 2014
Documenting your REST API with Swagger - JOIN 2014Documenting your REST API with Swagger - JOIN 2014
Documenting your REST API with Swagger - JOIN 2014
 
Swagger APIs for Humans and Robots (Gluecon)
Swagger APIs for Humans and Robots (Gluecon)Swagger APIs for Humans and Robots (Gluecon)
Swagger APIs for Humans and Robots (Gluecon)
 
Api types
Api typesApi types
Api types
 
Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1
 
Swagger / Quick Start Guide
Swagger / Quick Start GuideSwagger / Quick Start Guide
Swagger / Quick Start Guide
 
RESTful API Testing using Postman, Newman, and Jenkins
RESTful API Testing using Postman, Newman, and JenkinsRESTful API Testing using Postman, Newman, and Jenkins
RESTful API Testing using Postman, Newman, and Jenkins
 
API Design- Best Practices
API Design- Best PracticesAPI Design- Best Practices
API Design- Best Practices
 
Rest api standards and best practices
Rest api standards and best practicesRest api standards and best practices
Rest api standards and best practices
 
Document your rest api using swagger - Devoxx 2015
Document your rest api using swagger - Devoxx 2015Document your rest api using swagger - Devoxx 2015
Document your rest api using swagger - Devoxx 2015
 
OpenAPI and gRPC Side by-Side
OpenAPI and gRPC Side by-SideOpenAPI and gRPC Side by-Side
OpenAPI and gRPC Side by-Side
 
Api Testing
Api TestingApi Testing
Api Testing
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUD
 
An Introduction To REST API
An Introduction To REST APIAn Introduction To REST API
An Introduction To REST API
 
Belajar Postman test runner
Belajar Postman test runnerBelajar Postman test runner
Belajar Postman test runner
 

Similar to API Docs with OpenAPI 3.0

ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web api
Tiago Knoch
 
Api crash
Api crashApi crash
Api crash
Hoang Nguyen
 
API workshop: Introduction to APIs (TC Camp)
API workshop: Introduction to APIs (TC Camp)API workshop: Introduction to APIs (TC Camp)
API workshop: Introduction to APIs (TC Camp)
Tom Johnson
 
Practices and Tools for Building Better APIs
Practices and Tools for Building Better APIsPractices and Tools for Building Better APIs
Practices and Tools for Building Better APIs
Peter Hendriks
 
Practices and tools for building better APIs
Practices and tools for building better APIsPractices and tools for building better APIs
Practices and tools for building better APIsNLJUG
 
Practices and tools for building better API (JFall 2013)
Practices and tools for building better API (JFall 2013)Practices and tools for building better API (JFall 2013)
Practices and tools for building better API (JFall 2013)
Peter Hendriks
 
REST APIs
REST APIsREST APIs
REST APIs
Arthur De Magalhaes
 
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays
 
Mule soft meetup_4_mty_online_oct_2020
Mule soft meetup_4_mty_online_oct_2020Mule soft meetup_4_mty_online_oct_2020
Mule soft meetup_4_mty_online_oct_2020
Veyra Celina
 
OWASP PDX May 2016 : Scanning with Swagger (OAS) 2.0
OWASP PDX May 2016 : Scanning with Swagger (OAS) 2.0 OWASP PDX May 2016 : Scanning with Swagger (OAS) 2.0
OWASP PDX May 2016 : Scanning with Swagger (OAS) 2.0
Scott Lee Davis
 
Always up to date, testable and maintainable documentation with OpenAPI
Always up to date, testable and maintainable documentation with OpenAPIAlways up to date, testable and maintainable documentation with OpenAPI
Always up to date, testable and maintainable documentation with OpenAPI
GOG.com dev team
 
Design API using RAML - basics
Design API using RAML - basicsDesign API using RAML - basics
Design API using RAML - basics
kunal vishe
 
Schema-First API Design
Schema-First API DesignSchema-First API Design
Schema-First API Design
Yos Riady
 
INTERFACE by apidays 2023 - API Design Governance, Nauman Ali, Stoplight
INTERFACE by apidays 2023 - API Design Governance, Nauman Ali, StoplightINTERFACE by apidays 2023 - API Design Governance, Nauman Ali, Stoplight
INTERFACE by apidays 2023 - API Design Governance, Nauman Ali, Stoplight
apidays
 

Similar to API Docs with OpenAPI 3.0 (20)

ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web api
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
Api crash
Api crashApi crash
Api crash
 
API workshop: Introduction to APIs (TC Camp)
API workshop: Introduction to APIs (TC Camp)API workshop: Introduction to APIs (TC Camp)
API workshop: Introduction to APIs (TC Camp)
 
Practices and Tools for Building Better APIs
Practices and Tools for Building Better APIsPractices and Tools for Building Better APIs
Practices and Tools for Building Better APIs
 
Practices and tools for building better APIs
Practices and tools for building better APIsPractices and tools for building better APIs
Practices and tools for building better APIs
 
Practices and tools for building better API (JFall 2013)
Practices and tools for building better API (JFall 2013)Practices and tools for building better API (JFall 2013)
Practices and tools for building better API (JFall 2013)
 
REST APIs
REST APIsREST APIs
REST APIs
 
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
 
Mule soft meetup_4_mty_online_oct_2020
Mule soft meetup_4_mty_online_oct_2020Mule soft meetup_4_mty_online_oct_2020
Mule soft meetup_4_mty_online_oct_2020
 
OWASP PDX May 2016 : Scanning with Swagger (OAS) 2.0
OWASP PDX May 2016 : Scanning with Swagger (OAS) 2.0 OWASP PDX May 2016 : Scanning with Swagger (OAS) 2.0
OWASP PDX May 2016 : Scanning with Swagger (OAS) 2.0
 
Always up to date, testable and maintainable documentation with OpenAPI
Always up to date, testable and maintainable documentation with OpenAPIAlways up to date, testable and maintainable documentation with OpenAPI
Always up to date, testable and maintainable documentation with OpenAPI
 
Design API using RAML - basics
Design API using RAML - basicsDesign API using RAML - basics
Design API using RAML - basics
 
Schema-First API Design
Schema-First API DesignSchema-First API Design
Schema-First API Design
 
INTERFACE by apidays 2023 - API Design Governance, Nauman Ali, Stoplight
INTERFACE by apidays 2023 - API Design Governance, Nauman Ali, StoplightINTERFACE by apidays 2023 - API Design Governance, Nauman Ali, Stoplight
INTERFACE by apidays 2023 - API Design Governance, Nauman Ali, Stoplight
 

Recently uploaded

Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
abdulrafaychaudhry
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
takuyayamamoto1800
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
KrzysztofKkol1
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
Globus
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
informapgpstrackings
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
Globus
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
Globus
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
Georgi Kodinov
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
kalichargn70th171
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
De mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEDe mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FME
Jelle | Nordend
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
Globus
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 

Recently uploaded (20)

Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
De mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEDe mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FME
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 

API Docs with OpenAPI 3.0

  • 1. API Docs with OpenAPI 3.0 An Introduction + Hands-on Workshop
  • 2. What is an API? And a Web API? • API stands for Application Programming Interface • APIs provide ways for software to communicate with other software • A Web API is an API whose endpoints are exposed to the web • Want to explore? More than 23k web APIs are listed at https://www.programmableweb.com/apis/directory Howdy! My name’s Soundwave, and I’m an API. Sort of.
  • 4. REST is king (for now) https://smartbear.com/SmartBearBrand/media/pdf/SmartBear_State_of_API_2019.pdf
  • 5. What is REST? Representation State Transfer, a software architectural style. REST web services allow to access and manipulate resources by using a uniform, idempotent (HTTP), predefined set of stateless operations. https://en.wikipedia.org/wiki/Representational_state_transfer REST API GET /accounts Response (JSON, XML, etc.) Stuff happening behind the scenes Client Data
  • 6. Resources are stuff, not what you do on stuff • A resource are objetcs you manipulate using the API, from data to states to attributes. But they can’t be actions! • ✅ POST /pictures/1/metadata • 🛑 POST /pictures/1/delete • Resources have identifiers (that’s why you usually pluralize the nouns) • Resources usually carry a data model • Technical writers have much to say about resource naming and styling https://restfulapi.net/resource-naming/
  • 7. Uniform set of operations: HTTP verbs • GET: Retrieve a resource or a list of resources • POST: Create a resource or a list of resources, or send data • PUT: Update a resource or a list of resources • PATCH: Partially update a resource or a list of resources • DELETE: Removes or disable a resource or a list of resources All you’ll find are recommendations: actions can be implemented in a variety of non-standard ways – check with your engineering team!
  • 8. Design is Documentation is Design • You should not limit yourself to the task of documenting the API • As an API technical writer, you’ve a complete view of the whole API • You can, and should, help the engineering team to decide: • Naming and formatting conventions for the API • Structure of the API • Style guide for summaries, examples, and descriptions • Text for the error codes • Examples • If nobody is in charge, take the helm • Recruit architects / lead engineers to deal with the most technical bits
  • 10. What is OpenAPI? It’s a language-agnostic specification for describing, producing, consuming, and visualizing RESTful web services.
  • 12. API Reference documentation is key https://smartbear.com/SmartBearBrand/media/pdf/SmartBear_State_of_API_2019.pdf
  • 13. Generating API Reference docs from OpenAPI • SwaggerHub (and Swagger UI) • ReDoc • Widdershins • Readme.com (Saas) • Stoplight Docs (Saas)
  • 14. Dive into OpenAPI Why is it so dark in here?
  • 15. OpenAPI 3 • JSON or YAML format • Can be written using any text or code editor • Can contain extensions (custom fields) • Supports CommonMark in description fields • Names are case sensitive (cuteDog != cutedog) • Allows external references ($ref) to reuse definitions or split large specifications • https://swagger.io/specification/
  • 16. JSON or YAML? Curly braces or whitespaces? JSON YAML
  • 17. YAML Basics • Two-space indent to nest objects • No need for quotes or braces • Hyphens for arrays (sequences) • Arrays (sequences) can be nested https://learnxinyminutes.com/docs/yaml/
  • 18. Swagger 2 or OpenAPI 3? https://blog.readme.io/an-example-filled-guide-to-swagger-3-2/
  • 21. Servers object OpenAPI in a Nutshell 21 https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md
  • 23. 23 Security schemes • HTTP Authentication • Basic • Bearer • API keys • Cookies • OAuth 2 • OpenID
  • 24. Tags object • Used to organize paths together in docs and UIs • Useful when you have lots of endpoints
  • 26. Parameters • path parameters, such as /users/{id} • query parameters, such as /users?role=admin • header parameters, such as X-MyHeader: Value • cookie parameters • default values can be set in non-required params • Empty parameters: allowEmptyValue: true • Nullable? Use nullable: true • Constant parameters are allowed as well • Predefined values can be defined using enum: • Parameters shared by all operations of a path can be defined on the path level instead of the operation level. Path-level parameters are inherited by all operations of that path and can be overridden.
  • 27. Let’s go to the pet store https://github.com/OAI/OpenAPI-Specification/blob/master/examples/v3.0/petstore.yaml
  • 28. Parameter serialization • Serialization is translating data into a format that can be transmitted and reconstructed later • Operation parameters support serialization for path, query, header, and cookie • Default settings are OK for most cases, but can be overridden using style and explode Default values https://swagger.io/docs/specification/serialization In Style Explode URI template Array example path simple false /users/{id} /users/3,4,5 query form true /users{?id*} /users?id=3&id=4&id=5 header simple false {id} X-MyHeader: 3,4,5 cookie form true
  • 29. Data types Type Format Attributes number / integer - float, double - int32, int64 - minimum, maximum (number) - exclusiveMinimum, exclusiveMaximum (bool) - multipleOf (number) string - date, date-time, password, byte, binary (files) - email, uuid, uri… - minLength, maxLength (number) - pattern (regex!) boolean array - items: of other types, including objects - minItems, maxItems (number) - uniqueItems (bool) objects - properties: - required (bool) - readOnly, writeOnly (bool) null (nullable:) https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md
  • 30. Enum • Enums can be used to specify acceptable values of a request or a model property https://swagger.io/docs/specification/data-models/enums/
  • 31. Dictionaries, hashmaps, and associative arrays • A dictionary (also known as a map, hashmap or associative array) is a set of key/value pairs. OpenAPI lets you define dictionaries where the keys are strings. • To define a dictionary, use type: object and use the additionalProperties keyword to specify the type of values in key/value pairs. • If the dictionary values can be of any type (aka free-form object), use additionalProperties: true https://swagger.io/docs/specification/data-models/dictionaries/
  • 32. one of, anyof, allof, not • oneOf – validates the value against exactly one of the subschemas • allOf – validates the value against all the subschemas • anyOf – validates the value against any (one or more) of the subschemas • not – make sure value is not valid against the specified schema • Inheritance: allOf • Polymorphism: anyOf / oneOf https://swagger.io/docs/specification/data-models/oneof-anyof-allof-not/ https://swagger.io/docs/specification/data-models/inheritance-and-polymorphism/
  • 33. Media types • Media type declarations go within the content object • They have a schema and can have several examples • Vendor-specific types are indicated by .vnd • Wildcards can be used (for example, image/*) https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md
  • 34. Request body https://swagger.io/docs/specification/describing-request-body/ • POST, PUT, PATCH can have request bodies • Optional by default, but can set to required: true • Admits summary, description, and examples • Can link to reusable bodies ($ref) • File uploads can be specified via media type + format: binary or format: base64 • multipart/form-data allows to send files alongside other data
  • 35. Form data • application/x-www-form-urlencoded • ASCII key=value pairs • multipart/form-data • Multiple media types (image, text, etc.)
  • 36. Responses https://swagger.io/docs/specification/describing-responses/ • Each operation must have at least one response • Responses are defined by HTTP status codes • Response data is defined as primitives or objects • default: can be used to describe HTTP codes that are not covered individually for an operation (for instance, all undescribed error codes) • Responses can be reused by defining them under components
  • 37. Links • Provide next actions in responses • Enable self-documented APIs • Added at responses: level • operationId: ID of the path element • operationRef: when ID is not available • parameters / requestBody: what parameters or request body are relayed to the target operation • Strings containing embedded runtime expressions or hardcoded values can be used as well: ID_{$response.body#/id} start_date: ‘’ https://swagger.io/docs/specification/links/
  • 38. Callbacks • Used for webhooks and subscription mechanisms • Multiple callbacks can be defined https://swagger.io/docs/specification/callbacks/
  • 39. Examples • Part of the reference documentation • Can be added to parameters, properties, and objects • They can be used to simulate the API behavior • NOT the same as default values
  • 40. Runtime expressions Expression Description $url The full request URL, including the query string. $method Request HTTP method, such as GET or POST. $request.query.param_name The value of the specified query parameter. The parameter must be defined in the operation’s parameters section, otherwise, it cannot be evaluated. Parameter names are case sensitive. $request.path.param_name The value of the specified path parameter. The parameter must be defined in the operation’s parameters section, otherwise, it cannot be evaluated. Parameter names are case sensitive. $request.header.header_name The value of the specified request header. This header must be defined in the operation’s parameters section, otherwise, it cannot be evaluated. Header names are case insensitive. $request.body The entire request body. $request.body#/foo/bar A portion of the request body specified by a JSON Pointer. $statusCode HTTP status code of the response. For example, 200 or 404. $response.header.header_name The complete value of the specified response header, as a string. Header names are case-insensitive. The header does not need to be defined in the response’s headers section. $response.body The entire response body. $response.body#/foo/bar A portion of the request body specified by a JSON Pointer. foo{$request.path.id}bar Enclose an expression into {} curly braces to embed it into a string.
  • 41. $REF and component reuse • $ref keyword allows to reuse a definition (so that you type less!) • Links to the path of the object (can be local, remote, or an URL) • $ref: '#/definitions/myElement’ • $ref: '../document.json#/myElement’ • $ref: 'http://path/to/your/resource.json#myElement' https://swagger.io/docs/specification/using-ref/
  • 42. Components object • Serves as a container of various reusable definitions, parameters, examples, etc. • Only used when $referenced • Components can act as aliases for external definitions
  • 45. Most Frequent mistakes (OPENAPI + YAML) Not indenting properly: not enough spaces, nesting inside the wrong object Typos: bad paths, names, etc. Names in YAML are case sensitive, too Using hyphen notation (array) when not needed—writing lists is so tempting Not escaping strings (for instance description: This is the item: oh hello breaks due to the colon) Forgetting about colons and slashes, especially in path objects (#components or /users{id}) Using required as a property attribute instead of object-level list Using wrong data types and keywords Keywords without a value Forgetting about keywords (for instance, not adding type to properties) Using default with required parameters/properties Forgetting about components—you’ll regret that in the long run
  • 46. Validate your specs! • Speccy - https://speccy.io/ • speccy lint openapi.yaml • OpenAPI Lint for VS Code • SwaggerHub Editor
  • 47. Useful VS CODE EXTENSIONS • Bracket Pair Colorizer 2 (for JSON) • Indent Rainbow (for YAML) • OpenAPI Lint • Swagger Viewer • YAML
  • 48. Useful websites • https://mermade.github.io/openapi-gui/ • https://editor.swagger.io/ • https://openapi-map.apihandyman.io/ • https://openapi.tools/ • https://opensource.zalando.com/restful-api-guidelines/ • https://github.com/APIs-guru/openapi-directory • https://idratherbewriting.com/learnapidoc/
  • 49. Exercise! Time to write a simple OpenAPI 3.0 Specification
  • 50. Improve the Gelato API The Gelato API lets everyone get data on ice creams and toppings. With proper authentication, users can also add ice creams, toppings, and customers. Let’s improve it! • Open Swagger Editor and load the gelato.yaml file from here: http://bit.do/gelatoapi 1. Add contact information to the info object 2. Add the gelatoKey security to the POST operations 3. Define the topping schema in components (toppings need to have an id) 4. Add a DELETE operation to get rid of a topping via its id (don’t forget to tag it and add security) 5. Add the person object properties to the customer object via inheritance 6. Complete the POST operation to add a new customer (hint: it needs request data) 7. Check that the specification is valid and generate .NET server code from the specification

Editor's Notes

  1. REST stands for representational state transfer, a software architectural style. Resources are abstractions for data you access or manipulate. It can be documents, persons, accounts, or even likes on a page. Instead of using arbitrary operations as in SOAP, REST web services can use a uniform set of HTTP operations and it’s stateless, meaning that the server remembers nothing about previous queries: every request is treated as new. “No client context shall be stored on the server between requests. The client is responsible for managing the state of the application.” making multiple identical requests has the same effect as making a single request – then that REST API is called idempotent.
  2. There’s degrees of REST. That’s why we say RESTful. An API can be more or less RESTful depending on how it implements the REST style. The more RESTful an API is, the more uniform, self-descriptive, and stateless it is. At level 0, which is where we are right now with SOAP, we simply send arbitrary operations over HTTP. We use HTTP as a tunnel, and that’s it. Everything is hidden. At level 1, we use resources, so there’s an URI per resource, like /user. But we could be using the same HTTP action for two different things, such as creating and deleting gusers. At level 2, we use HTTP verbs, like GET, DELETE, PUT, etc. Actions are not in the URL, but in the HTTP method. There’s idempotence, meaning that actions can be applied multiple times without changing the result . At level 3, the API is self-descriptive and can be navigated. Responses include links to dig deeper into the API. Level 4 includes versioning. Level 5 includes next actions!
  3. OpenAPI is a specification format for describing RESTful APIs. It started as Swagger, but it’s now an open source project managed by the Linux Foundation. The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to RESTful APIs which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection. When properly defined, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. An OpenAPI definition can then be used by documentation generation tools to display the API, code generation tools to generate servers and clients in various programming languages, testing tools, and many other use cases. In OpenAPI you find this powerful idea that you can describe an API with a structured text file, and that that file can be used for multiple purposes, as the single source of truth on the API. Serves as a contract between team members Everyone collaborates on REST API design One spec for testing, implementation, documentation… Dependencies are removed (FE doesn’t wait for BE, etc.) Allows to… …generate interactive reference documentation (try out the API) …generate code stubs/boilerplate for server-side logic …create Node tests for the API using oatts
  4. OpenAPI is the most popular API design and specification standard according to the State of the API survey 2019. Using OpenAPI means having Not using a standard for defining an API is a bad choice. But then again, why OpenAPI?
  5. This is how a typical OpenAPI 3.0 file looks like. It can be in either JSON or YAML formats…
  6. OpenAPI specification files can be written in JSON or YAML. My choice is to go with YAML. It’s a superset of JSON, and it’s way easier to write and read. You can insert JSON into YAML but not viceversa. You can also convert between the two of them.
  7. First tough question: Swagger 2.0 or OpenAPI 3.0? Well, OpenAPI 3.0 is the future, has a simpler, better structure, and better support for the JSON schema. It supports links, callbacks, and other cool features. Swagger is still the name of the tools, so it can be a bit confusing.
  8. Security schemes are added at API level through the security object. They can be combined in several ways. In the first example, either basicAuth or apiKey can be used, while in the second it’s apiKey1 AND apiKey2. In the third, it’s OAUTH2 or the combination of two apiKeys. Security can be defined at path / method level, which overrides global settings.
  9. The PATH object contains the meat of the whole specification. It’s where you’ll spend the most time designing and documenting the API. The path object is composed of /paths, followed by HTTP operations that contain information such as request parameters/body, responses, etc. Since OpenAPI 3.0, paths can be deprecated.
  10. Path parameters are variable parts of a URL path.  The parameter name must be the same as specified in the path. Also remember to add required: true, because path parameters are always required.  Query parameters go in the URL. To describe API keys passed as query parameters, use securitySchemes and security instead. With allowReserved: true you can avoid the typical percent-encoded URLs. Header parameters go in the header of the HTTP request. Header parameters named Accept, Content-Type and Authorization are not allowed. To describe these headers, use the corresponding OpenAPI keywords. OpenAPI 3.0 does not support parameter dependencies and mutually exclusive parameters. There is an open feature request at https://github.com/OAI/OpenAPI-Specification/issues/256. 
  11. You can use uniqueItems: true to specify that all items in the array must be unique: An object is a collection of property/value pairs. The properties keyword is used to define the object properties – you need to list the property names and specify a schema for each property. An object can include nested objects Tip: In OpenAPI, objects are usually defined in the global components/schemas section rather than inline in the request and response definitions. A schema without a type matches any data type – numbers, strings, objects, and so on. {} is shorthand syntax for an arbitrary-type schema:
  12. OpenAPI 3.0 provides several keywords which you can use to combine schemas. You can use these keywords to create a complex schema, or validate a value against multiple criteria. Use the anyOf keyword to validate the data against any amount of the given subschemas. That is, the data may be valid against one or more subschemas at the same time. The not keyword does not exactly combine schemas, but as all of the keywords mentioned above it helps you to modify your schemas and make them more specific. When request bodies or response payloads may be one of a number of different schemas, a discriminator object can be used to aid in serialization, deserialization, and validation. The discriminator is a specific object in a schema which is used to inform the consumer of the specification of an alternative schema based on the value associated with it.
  13. The term “form data” is used for the media types application/x-www-form-urlencoded and multipart/form-data, which are commonly used to submit HTML forms.
  14. Links are one of the new features of OpenAPI 3.0. Using links, you can describe how various values returned by one operation can be used as input for other operations. It allows an API to be more self-descriptive.
  15. In OpenAPI 3 specs, you can define callbacks – asynchronous, out-of-band requests that your service will send to some other service in response to certain events. This helps you improve the workflow your API offers to clients. A typical example of a callback is subscription functionality – users subscribe to certain events of your service and receive a notification when this or that event occurs. For example, an e-shop can send a notification to the manager on each purchase. These notifications will be “out-of-band”, that is, they will go through a connection other than the connection through which a visitor works, and they will be asynchronous, as they will be out of the regular request-response flow. In OpenAPI 3, you can define the format of the “subscription” operation as well as the format of callback messages and expected responses to these messages. This description will simplify communication between different servers and will help you standardize the use of webhooks in your API. The way you implement the unsubscription mechanism is up to you. For example, the receiving server can return specific code in response to the callback message to indicate that it is no longer interested in callbacks. In this case, clients can unsubscribe only in response to a callback request. To allow clients to unsubscribe at any time, your API can provide a special “unsubscribe” operation. This is a rather common approach. 
  16. OpenAPI runtime expressions are syntax for extracting various values from an operation’s request and response. Links use runtime expressions to specify the parameter values to be passed to the linked operation. The expressions are called “runtime” because the values are extracted from the actual request and response of the API call and not, say, the example valuesprovided in the API specification.
  17. Extensions, or vendor extensions, are custom properties that start with x-, such as x-logo. They can be used to describe extra functionality that is not covered by the standard OpenAPI Specification.
  18. allOf: - $ref: "#/components/schemas/person"