Phil Wilkins, profile picture
Uploaded byPhil Wilkins
75 views

APIs, STOP Polling, lets go Streaming

The document discusses the disadvantages of API polling and promotes the transition to streaming methods, highlighting different streaming techniques like web sockets, server-sent events, and GraphQL subscriptions. It outlines the challenges and benefits of each method, emphasizing the importance of handling security, API documentation, and consumer experience. Recommendations and resources for developers looking to implement streaming APIs are also included.

Embed presentation

APIs, Stop Polling Let’s Go Streaming Name Phil Wilkins OCI August 2022
Speaker PhilWilkins Cloud Developer Evangelist 2 Copyright © 2022, Oracle and/or its affiliates Philip.Wilkins@Oracle.com https://bit.ly/devrel-slack-emea @Phil Wilkins mp3monster.org / cloud-native.info / oracle-integration.cloud linkedin.com/in/philwilkins github.com/mp3monster @mp3monster
©Disney (under Fair Use) Downsides of API Polling • Too frequent … • Unnecessary server effort repeating the same queries • Too much load and risk of service degradation • Each API call carries an overhead of initiating the exchange • Network bandwidth consumption transmitting duplicated data • If content refresh frequency can impact user experience – try to do something and the data has already changed • Too infrequent … • Data received too late to be actionable • User experience – application content not refreshing quickly enough, and users start to force app refreshes – typically more costly! • Amount of data that may need to be cached is a function of the polling interval 3 Copyright © 2022, Oracle and/or its affiliates STOP POLLIN G!
Before we go streaming, we need to consider … • Security… • Know who is getting what data • Is data going to the requestor • Satisfying consumer security needs (assurance of legitimate origin when pushing events) • Is the Consumer consuming data… • Recognizing consumer connection loss • Consumer coping with data volume (back pressure) • Handling out of sequence or missing events • Only receiving data they’re allowed to get (events & attributes) • API documentation… • Open API Specification – not geared to Async / Streaming API specifications • Consumer enablement e.g. tech availability - libraries, SDKs, etc. • Monetization of APIs… • How might the charging model work if we’re pushing events? • Controlling data serving costs e.g. not sending events that aren’t needed/wanted • Ease of development & maintenance • How well is the technology understood • Is the solution maintainable? 4 Copyright © 2022, Oracle and/or its affiliates
The Make-Up of a Good API 5 Copyright © 2022, Oracle and/or its affiliates Legalese Authentication & Authorization SDK Test Framework
Common ‘Streaming’ API options … 6 Copyright © 2022, Oracle and/or its affiliates • Web Hooks (Inverted APIs) • Web Sockets • Server Sent Events • GraphQL Subscriptions • gRPC Streams
Trends on different Stream Techniques 7 Copyright © 2022, Oracle and/or its affiliates Web Socket s Web Hooks The Others!
Web Sockets • Web Sockets (WS) have been around 10-15 years and formalized through IETF’s RFC6455 • There are a variety sub-protocols/specializations • Some recognized by IANA2 e.g. STOMP & MQTT • Custom sub-protocols – not recognized by IANA e.g. something created yourself • WS does have some challenges … • It works at a lower level than REST (emphasis on TCP rather than HTTP for traffic) • Some organizations choose to prevent sockets – the bidirectional nature means the risk of data egress. • Not same origin restrictions enforced like HTTP • Resource hungry – the socket is not multiplexed between requests but dedicated to 1 client • Need to recognize when the client has failed to close properly to release resources. 8 Copyright © 2022, Oracle and/or its affiliates Client Serve r HTTP Handshake Uses HTTP Upgrade Header Bidirectional messages Full duplex Channel Closed by 1 side Connection is persistent 1 https://caniuse.com/websockets 2 https://www.iana.org/assignments/websocket/websocket.xml#subprotocol-name
Load Balancer?? Proxy? Web Sockets • More challenges … • Some web proxies can’t differentiate between a WS connection and a normal HTTP request in a ‘limbo’ state • The conversation is stateful • therefore, impact on managing load balancing etc. • Depending on how data is exchanged over the socket – may need to track conversation state • The benefits … • It is transient, so the client doesn’t have a continuously open network port • About 98% of browsers support WS today1 • Plenty of library implementations to ease the workload • Reduced overhead – 1 handshake until the communication completes 9 Copyright © 2022, Oracle and/or its affiliates Client Serve r HTTP Handshake Uses HTTP Upgrade Header Bidirectional messages Full duplex Channel Closed by 1 side Connection is persistent Serve r Serve r State Cach e
Server side var WebSocket = require('ws'); var ws = new WebSocket('ws://localhost:8992/'); ws.on('open', function open() { data = … // something happens & prep data ws.send(data); }); ws.on('error', function(error) {console.log(error);}); ws.on('message', function(data, flags) { console.log('Server said: ' + data);}); 10 Copyright © 2022, Oracle and/or its affiliates var WebSocketServer = require('ws').Server; const wssPort = process.env.PORT || 8080; const wss = new WebSocketServer({port: wssPort}); var clients = new Array; function handleConnection(client, request) { clients.push(client); // add this client to the clients array function endClient() { var position = clients.indexOf(client); clients.splice(position, 1); console.log("connection closed"); } function clientResponse(data) { console.log(data); } // set up client event listeners: client.on('message', clientResponse); client.on('close', endClient); } wss.on('connection', handleConnection); Client side • Example uses Node.js with Web Socket library
Load Balancer Proxy Server Sent Events • Developed around 2006 - EventSource API is standardized as part of HTML5 • Supported by all major browsers • Process follows • Client supplies the server with the URL • Server calls the URL provided and sends a stream of events. • Once the server decides it is finished it closes the connection. • Unlike Sockets – is only 1 direction and only closed by the server. • No elegant means to perform heartbeat or event ack • Does focus on HTTP level exchanges rather than TCP – and gains the security restrictions • More efficient than using long polling (call and wait for an event) 11 Copyright © 2022, Oracle and/or its affiliates Client Serve r HTTP Request response One way messages Close channel Serve r Serve r State Cach e
Web Hook • Web Hooks (WH) is very half duplex (i.e. 1 end communicating at a time) • Client provides URI to be called on when something happens – just like any other API call • Some challenges … • Client has a discoverable endpoint • Security is better when information is pulled NOT pushed • If clients are transient, risk of someone else getting the API call • Expose endpoint for URL • Some benefits … • Simple to implement • Security management approaches can help protect clients e.g. client registers with a key to be used when called • Easier to load balance, exploit common OOTB services such as an API Gateway for outbound to track data (audit, attach security creds etc) 12 Copyright © 2022, Oracle and/or its affiliates Client API Server Register Endpoint Client endpoint invoked when needed Serve r API Server Deregister Endpoint Registrations Cache
Load Balancer Web Hook • Improve security through API Gateway • Audit outbound traffic • Authenticate transmission request (egress authorization) • Attach client-provided credentials to outbound traffic • Out of the box features 13 Copyright © 2022, Oracle and/or its affiliates Client API Server Register Endpoint Serve r API Server Deregister Endpoint Registrations Cache API Server Client endpoint invoked when needed
Load Balancer Proxy GraphQL Subscriptions • GraphQL Subscriptions (GQL Subs) defines how subscriptions should functionally work – but not how to implement • Different implementations may use different strategies, but WS is the most common • Benefits of GQL Subs… • Same benefits as a GQL request (tailored data set, option for attribute level access controls, etc) • Lower level mechanisms abstracted • Challenges of GQL Subs … • Lot of work on the server – ability to build cached answers for all harder • Need to consider potential variance or custom sub-protocols imposing client constraints 14 Copyright © 2022, Oracle and/or its affiliates Client Serve r Register subscription (connection initialize) Event(s) Pushed Subscription Closed by 1 side Serve r Serve r State Cach e HTTP Handshake Connection ack Other msgs e.g. event acks HTTP Websocket
GraphQL – Basic Query • Schemas with strong typing • Schemas can define multiple entities • Schemas support the idea of abstraction through interfaces • Different entities can be linked via common attributes 15 Copyright © 2022, Oracle and/or its affiliates Droid implements Character { id: ID! name: String! friends: [Character] appearsIn: [Episode]! primaryFunction: String } interface Character { id: ID! name: String! friends: [Character] appearsIn: [String]! } { "data": { "droid": { "name": "C-3PO“ “primaryFunction”: “Interpreter” } } } Query { droid(id: "2000") { name, primaryFunction } } type Query {droid(id: ID!): Droid } type Mutation {deleteDroid(id: ID!) type Mutation (addDroid(newDroid: Droid!} • Schemas can define different types of operations • Query  get • Mutations  insert / update / delete • Subscriptions  live query • Operations can then be used • Operations can define the attributes to use/retrieve Based on:https://github.com/graphql/swapi-graphql
GraphQL – Subscription • Subscription much like a query • Primary difference is we’re also stipulating what we want as the query when data changes. Copyright © 2022, Oracle and/or its affiliates Droid implements Character { id: ID! name: String! friends: [Character] appearsIn: [Episode]! primaryFunction: String } interface Character { id: ID! name: String! friends: [Character] appearsIn: [String]! } type Query {droid(id: ID!): Droid } type subscription (characterUpdate(id: ID!} {onCharacterUpdated(id : ID) { id: ID! name: String! } } Based on:https://github.com/graphql/swapi-graphql
gRPC Streams • HTTP/2 foundation escape constraints of HTTP 1.x • Multiple streams per connection • Enabled by different flow control implementation • Greater network level efficiencies • Header compression & security mechanisms • Parallelism can be achieved • Ability to have half or full duplex depending on needs • HTTP/2 does have challenges • Does require infrastructure/software stack to support HTTP/2 • Monitoring of HTTP/2 is harder to implement • Streams can’t be load balanced, so 17 Copyright © 2022, Oracle and/or its affiliates Client Serve r Serve r Server State Cach e gRPC request Server pushed uniary stream Event(s) Pushed Summary record Stream Closed ack gRPC request Event(s) Pushed Client pushed uniary stream Summary record Stream Closed ack gRPC request Event(s) Pushed Stream Closed Bidirectional event stream ack
gRPC Expression • The same considerations of normal data structure definitions still apply – streaming or otherwise • The RPC definitions in Protobuf 2 & 3 define whether the invocation will stream • The stream initiation can include metadata controlling the life of the stream (e.g. use of setting a deadline to receive the data) • API design needs to consider whether the stream uses strategies like ping-pong to manage the delivery of messages Copyright © 2022, Oracle and/or its affiliates Based on:https://github.com/graphql/swapi-graphql • The only difference between single calls and streams is the keyword stream in the rpc definition • Position of stream in the rpc will dictate half or full duplex message Droid { Id id = 1; string primaryFunction =2; Character character = 3; } message Ids { repeated uint32 id = 1;} syntax = "proto3"; message Id { uint32 id = 1;} message Character { Id id =1; string name =2; repeated string appearsIn =3; repeated Character friends =4; } service GetService { rpc getDroidById (Id) returns (Droid) {} rpc setCharacter (Character) {} rpc getCharacters () returns (stream Character) {} rpc shareCharacters (stream Character) returns (stream Character) {} }
Summary / Recommendations 19 Copyright © 2022, Oracle and/or its affiliates Web Hooks Web Sockets Server Sent Events (SSE) GraphQL Subscriptions gRPC Streams Pros • Technically simple & proven • Lowest common denominator • Each message can be ack’d to server in HTTP response • Well supported • Same connection for bidirectional traffic • Should consider SDK to mask serialization • Single direction calls • More efficient than webhooks for multiple events • All the power of selective data from GraphQL • Often (not always) implemented using WebSockets • Bi-directional • Very efficient • Easy to express once you know gRPC • Exploits HTTP/2 performance • Single or bidirectional flow Con s • Not very efficient • Client exposed endpoint for inbound calls • More work as having to (de)serialize payloads • Lose some HTTP level security • Not so commonly used • Client exposed endpoint for server to call • No means to ack each message • Potential for differences in implementation – ideally provide client with additional info or SDK • Client needs to have correct code frame • Needs HTTP/2 Also need to consider the specifics of these API
Useful Background resources Streaming API Application • Why Oracle Hospitality adopted streaming APIs - https://bit.ly/OHIPStreamingWhy • How Oracle Hospitality decided on their streaming technology - https://bit.ly/OHIPStrategy • JavaScript and Oracle Database subscribe to data changes - https://bit.ly/DBChangeSubscriptions • Oracle Content Management uses GraphQL https://bit.ly/GraphQLOCM Technology Resources • Web Socket Examples using Node.js frameworks - https://tigoe.github.io/websocket- examples/ • Documentation on different Streaming mechanisms https://ably.com/ • Async API specification - https://www.asyncapi.com/docs 20 Copyright © 2022, Oracle and/or its affiliates
OCI Architecture Center -- Free Content & More URLS are https://oracle.com/goto/... Reference Architectures GitHub - DevRel /ref-archs Playbooks /playbooks /gh-devrel /deployed Built & Deployed Live Labs /labs Tutorials /tutorial Blogs Developer Open Source Learning Videos Apex PaaS Community GitHub - Oracle /gh-oracle Cloud Customer Connect /connect /open /dev /paas /apex /blog /youtube Oracle Community /community GitHub - Samples /gh-samples URLS are https://oracle.com/goto/...
Questions / Thank you Copyright © 2022, Oracle and/or its affiliates Phil Wilkins Cloud Developer Evangelist Philip.Wilkins@Oracle.com bit.ly/devrel-slack-emea @Phil Wilkins mp3monster.org / cloud-native.info / oracle- integration.cloud linkedin.com/in/philwilkins github.com/mp3monster @mp3monster
APIs, STOP Polling, lets go Streaming

More Related Content

ODP
Server Sent Events, Async Servlet, Web Sockets and JSON; born to work together!
byMasoud Kalali
 
PDF
WebSocket in Enterprise Applications 2015
byPavel Bucek
 
PDF
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
byWSO2
 
PPTX
The Right Kind of API – How To Choose Appropriate API Protocols and Data Form...
byNordic APIs
 
PPT
CLOUD ENABLING TECHNOLOGIES WITH SERVICE ORIENTED ARCHITECTURE
byGeethaRRaj
 
PDF
API Design and WebSocket
byFrank Greco
 
PPTX
cloud enabling tecnologies , unit ii [cc]
bySMENAKA1
 
PDF
OutSystsems User Group Netherlands September 2024.pdf
bymail496323
 
Server Sent Events, Async Servlet, Web Sockets and JSON; born to work together!
byMasoud Kalali
 
WebSocket in Enterprise Applications 2015
byPavel Bucek
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
byWSO2
 
The Right Kind of API – How To Choose Appropriate API Protocols and Data Form...
byNordic APIs
 
CLOUD ENABLING TECHNOLOGIES WITH SERVICE ORIENTED ARCHITECTURE
byGeethaRRaj
 
API Design and WebSocket
byFrank Greco
 
cloud enabling tecnologies , unit ii [cc]
bySMENAKA1
 
OutSystsems User Group Netherlands September 2024.pdf
bymail496323
 

Similar to APIs, STOP Polling, lets go Streaming

PDF
Welcome to the Reactive Revolution:RSocket and Spring Cloud Gateway - Spencer...
byVMware Tanzu
 
PDF
Distributed Reactive Services with Reactor & Spring - Stéphane Maldini
byVMware Tanzu
 
PDF
Java API for WebSocket 1.0: Java EE 7 and GlassFish
byArun Gupta
 
PDF
Java EE 7 (Lyon JUG & Alpes JUG - March 2014)
byDavid Delabassee
 
PPTX
Introduction to Web Services
byJeffrey Anderson
 
PPTX
Api 101
byDrSimoneDiCola
 
PPT
INTERPROCESS COMMUNICATION INTERPROCESS COMMUNICATION INTERPROCESS COMMUNICATION
byPRASAD BANOTH
 
PDF
09-01-services-slides.pdf for educations
bykatariraju71
 
PDF
[WSO2 API Manager Community Call: Streaming API Support in WSO2 API Manager 4.0
byWSO2
 
PDF
Olist Architecture v2.0
byOsvaldo Santana Neto
 
PPT
IntroJan14.ppt
byAnkitKumarSharma54
 
PPTX
APIs at the Edge
byRed Hat
 
PPTX
SOAP vs REST
byNadia Boumaza
 
PDF
End-to-End Reactive Data Access Using R2DBC with RSocket and Proteus
byVMware Tanzu
 
PDF
Con fess 2013-sse-websockets-json-bhakti
byBhakti Mehta
 
PPTX
StrongLoop Overview
byShubhra Kar
 
PPTX
Web API or WCF - An Architectural Comparison
byAdnan Masood
 
PPTX
Scaling GraphQL Subscriptions
byАртём Курапов
 
PDF
Brian.suda.thesis
byAravindharamanan S
 
PDF
Using Communication and Messaging API in the HTML5 World
byGil Fink
 
Welcome to the Reactive Revolution:RSocket and Spring Cloud Gateway - Spencer...
byVMware Tanzu
 
Distributed Reactive Services with Reactor & Spring - Stéphane Maldini
byVMware Tanzu
 
Java API for WebSocket 1.0: Java EE 7 and GlassFish
byArun Gupta
 
Java EE 7 (Lyon JUG & Alpes JUG - March 2014)
byDavid Delabassee
 
Introduction to Web Services
byJeffrey Anderson
 
Api 101
byDrSimoneDiCola
 
INTERPROCESS COMMUNICATION INTERPROCESS COMMUNICATION INTERPROCESS COMMUNICATION
byPRASAD BANOTH
 
09-01-services-slides.pdf for educations
bykatariraju71
 
[WSO2 API Manager Community Call: Streaming API Support in WSO2 API Manager 4.0
byWSO2
 
Olist Architecture v2.0
byOsvaldo Santana Neto
 
IntroJan14.ppt
byAnkitKumarSharma54
 
APIs at the Edge
byRed Hat
 
SOAP vs REST
byNadia Boumaza
 
End-to-End Reactive Data Access Using R2DBC with RSocket and Proteus
byVMware Tanzu
 
Con fess 2013-sse-websockets-json-bhakti
byBhakti Mehta
 
StrongLoop Overview
byShubhra Kar
 
Web API or WCF - An Architectural Comparison
byAdnan Masood
 
Scaling GraphQL Subscriptions
byАртём Курапов
 
Brian.suda.thesis
byAravindharamanan S
 
Using Communication and Messaging API in the HTML5 World
byGil Fink
 

More from Phil Wilkins

PPTX
API Design – More than just a Payload Definition
byPhil Wilkins
 
PPTX
Is 12 Factor App Right About Logging
byPhil Wilkins
 
PPTX
Fluentd – Making Logging Easy & Effective in a Multi-cloud & Hybrid Environme...
byPhil Wilkins
 
PPTX
GitHub Actions - using Free Oracle Cloud Infrastructure (OCI)
byPhil Wilkins
 
PPTX
Oracle OCI APIs and SDK
byPhil Wilkins
 
PPTX
Api more than payload (2021 Update)
byPhil Wilkins
 
PPTX
API more than payload
byPhil Wilkins
 
PPTX
How fluentd fits into the modern software landscape
byPhil Wilkins
 
PPTX
gRPC, GraphQL, REST - Which API Tech to use - API Conference Berlin oct 20
byPhil Wilkins
 
PPTX
FluentD for end to end monitoring
byPhil Wilkins
 
PPTX
Meetups - The Oracle Ace Way
byPhil Wilkins
 
PPTX
Apiary - A Developers Perspective
byPhil Wilkins
 
PPTX
Secrets of Custom API Policies on the Oracle API Platform
byPhil Wilkins
 
PPTX
Terraform
byPhil Wilkins
 
PPTX
Oracle London Developer Meetup November 2018
byPhil Wilkins
 
PPTX
London Oracle Developer Meetup - June 18 - Drones with APIs
byPhil Wilkins
 
PPTX
London Oracle Developer Meetup April 18
byPhil Wilkins
 
PPTX
Oracle Developer Meetup March 2018
byPhil Wilkins
 
PPTX
OracleDeveloperMeetup - London 19-12-17
byPhil Wilkins
 
PPTX
Look at Oracle Integration Cloud – its relationship to ICS. Customer use Case...
byPhil Wilkins
 
API Design – More than just a Payload Definition
byPhil Wilkins
 
Is 12 Factor App Right About Logging
byPhil Wilkins
 
Fluentd – Making Logging Easy & Effective in a Multi-cloud & Hybrid Environme...
byPhil Wilkins
 
GitHub Actions - using Free Oracle Cloud Infrastructure (OCI)
byPhil Wilkins
 
Oracle OCI APIs and SDK
byPhil Wilkins
 
Api more than payload (2021 Update)
byPhil Wilkins
 
API more than payload
byPhil Wilkins
 
How fluentd fits into the modern software landscape
byPhil Wilkins
 
gRPC, GraphQL, REST - Which API Tech to use - API Conference Berlin oct 20
byPhil Wilkins
 
FluentD for end to end monitoring
byPhil Wilkins
 
Meetups - The Oracle Ace Way
byPhil Wilkins
 
Apiary - A Developers Perspective
byPhil Wilkins
 
Secrets of Custom API Policies on the Oracle API Platform
byPhil Wilkins
 
Terraform
byPhil Wilkins
 
Oracle London Developer Meetup November 2018
byPhil Wilkins
 
London Oracle Developer Meetup - June 18 - Drones with APIs
byPhil Wilkins
 
London Oracle Developer Meetup April 18
byPhil Wilkins
 
Oracle Developer Meetup March 2018
byPhil Wilkins
 
OracleDeveloperMeetup - London 19-12-17
byPhil Wilkins
 
Look at Oracle Integration Cloud – its relationship to ICS. Customer use Case...
byPhil Wilkins
 

Recently uploaded

PDF
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
PDF
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
Incident Response Planning with a Foundation Model
byKim Hammar
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
PDF
December Patch Tuesday
byIvanti
 
PDF
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
PDF
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
PDF
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
PDF
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
PDF
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
PDF
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Incident Response Planning with a Foundation Model
byKim Hammar
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
December Patch Tuesday
byIvanti
 
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 

APIs, STOP Polling, lets go Streaming

  • 1.
    APIs, Stop PollingLet’s Go Streaming Name Phil Wilkins OCI August 2022
  • 2.
    Speaker PhilWilkins Cloud Developer Evangelist 2Copyright © 2022, Oracle and/or its affiliates Philip.Wilkins@Oracle.com https://bit.ly/devrel-slack-emea @Phil Wilkins mp3monster.org / cloud-native.info / oracle-integration.cloud linkedin.com/in/philwilkins github.com/mp3monster @mp3monster
  • 3.
    ©Disney (under FairUse) Downsides of API Polling • Too frequent … • Unnecessary server effort repeating the same queries • Too much load and risk of service degradation • Each API call carries an overhead of initiating the exchange • Network bandwidth consumption transmitting duplicated data • If content refresh frequency can impact user experience – try to do something and the data has already changed • Too infrequent … • Data received too late to be actionable • User experience – application content not refreshing quickly enough, and users start to force app refreshes – typically more costly! • Amount of data that may need to be cached is a function of the polling interval 3 Copyright © 2022, Oracle and/or its affiliates STOP POLLIN G!
  • 4.
    Before we gostreaming, we need to consider … • Security… • Know who is getting what data • Is data going to the requestor • Satisfying consumer security needs (assurance of legitimate origin when pushing events) • Is the Consumer consuming data… • Recognizing consumer connection loss • Consumer coping with data volume (back pressure) • Handling out of sequence or missing events • Only receiving data they’re allowed to get (events & attributes) • API documentation… • Open API Specification – not geared to Async / Streaming API specifications • Consumer enablement e.g. tech availability - libraries, SDKs, etc. • Monetization of APIs… • How might the charging model work if we’re pushing events? • Controlling data serving costs e.g. not sending events that aren’t needed/wanted • Ease of development & maintenance • How well is the technology understood • Is the solution maintainable? 4 Copyright © 2022, Oracle and/or its affiliates
  • 5.
    The Make-Up ofa Good API 5 Copyright © 2022, Oracle and/or its affiliates Legalese Authentication & Authorization SDK Test Framework
  • 6.
    Common ‘Streaming’ APIoptions … 6 Copyright © 2022, Oracle and/or its affiliates • Web Hooks (Inverted APIs) • Web Sockets • Server Sent Events • GraphQL Subscriptions • gRPC Streams
  • 7.
    Trends on differentStream Techniques 7 Copyright © 2022, Oracle and/or its affiliates Web Socket s Web Hooks The Others!
  • 8.
    Web Sockets • WebSockets (WS) have been around 10-15 years and formalized through IETF’s RFC6455 • There are a variety sub-protocols/specializations • Some recognized by IANA2 e.g. STOMP & MQTT • Custom sub-protocols – not recognized by IANA e.g. something created yourself • WS does have some challenges … • It works at a lower level than REST (emphasis on TCP rather than HTTP for traffic) • Some organizations choose to prevent sockets – the bidirectional nature means the risk of data egress. • Not same origin restrictions enforced like HTTP • Resource hungry – the socket is not multiplexed between requests but dedicated to 1 client • Need to recognize when the client has failed to close properly to release resources. 8 Copyright © 2022, Oracle and/or its affiliates Client Serve r HTTP Handshake Uses HTTP Upgrade Header Bidirectional messages Full duplex Channel Closed by 1 side Connection is persistent 1 https://caniuse.com/websockets 2 https://www.iana.org/assignments/websocket/websocket.xml#subprotocol-name
  • 9.
    Load Balancer?? Proxy? Web Sockets • Morechallenges … • Some web proxies can’t differentiate between a WS connection and a normal HTTP request in a ‘limbo’ state • The conversation is stateful • therefore, impact on managing load balancing etc. • Depending on how data is exchanged over the socket – may need to track conversation state • The benefits … • It is transient, so the client doesn’t have a continuously open network port • About 98% of browsers support WS today1 • Plenty of library implementations to ease the workload • Reduced overhead – 1 handshake until the communication completes 9 Copyright © 2022, Oracle and/or its affiliates Client Serve r HTTP Handshake Uses HTTP Upgrade Header Bidirectional messages Full duplex Channel Closed by 1 side Connection is persistent Serve r Serve r State Cach e
  • 10.
    Server side var WebSocket= require('ws'); var ws = new WebSocket('ws://localhost:8992/'); ws.on('open', function open() { data = … // something happens & prep data ws.send(data); }); ws.on('error', function(error) {console.log(error);}); ws.on('message', function(data, flags) { console.log('Server said: ' + data);}); 10 Copyright © 2022, Oracle and/or its affiliates var WebSocketServer = require('ws').Server; const wssPort = process.env.PORT || 8080; const wss = new WebSocketServer({port: wssPort}); var clients = new Array; function handleConnection(client, request) { clients.push(client); // add this client to the clients array function endClient() { var position = clients.indexOf(client); clients.splice(position, 1); console.log("connection closed"); } function clientResponse(data) { console.log(data); } // set up client event listeners: client.on('message', clientResponse); client.on('close', endClient); } wss.on('connection', handleConnection); Client side • Example uses Node.js with Web Socket library
  • 11.
    Load Balancer Proxy Server Sent Events •Developed around 2006 - EventSource API is standardized as part of HTML5 • Supported by all major browsers • Process follows • Client supplies the server with the URL • Server calls the URL provided and sends a stream of events. • Once the server decides it is finished it closes the connection. • Unlike Sockets – is only 1 direction and only closed by the server. • No elegant means to perform heartbeat or event ack • Does focus on HTTP level exchanges rather than TCP – and gains the security restrictions • More efficient than using long polling (call and wait for an event) 11 Copyright © 2022, Oracle and/or its affiliates Client Serve r HTTP Request response One way messages Close channel Serve r Serve r State Cach e
  • 12.
    Web Hook • WebHooks (WH) is very half duplex (i.e. 1 end communicating at a time) • Client provides URI to be called on when something happens – just like any other API call • Some challenges … • Client has a discoverable endpoint • Security is better when information is pulled NOT pushed • If clients are transient, risk of someone else getting the API call • Expose endpoint for URL • Some benefits … • Simple to implement • Security management approaches can help protect clients e.g. client registers with a key to be used when called • Easier to load balance, exploit common OOTB services such as an API Gateway for outbound to track data (audit, attach security creds etc) 12 Copyright © 2022, Oracle and/or its affiliates Client API Server Register Endpoint Client endpoint invoked when needed Serve r API Server Deregister Endpoint Registrations Cache
  • 13.
    Load Balancer Web Hook • Improvesecurity through API Gateway • Audit outbound traffic • Authenticate transmission request (egress authorization) • Attach client-provided credentials to outbound traffic • Out of the box features 13 Copyright © 2022, Oracle and/or its affiliates Client API Server Register Endpoint Serve r API Server Deregister Endpoint Registrations Cache API Server Client endpoint invoked when needed
  • 14.
    Load Balancer Proxy GraphQL Subscriptions • GraphQLSubscriptions (GQL Subs) defines how subscriptions should functionally work – but not how to implement • Different implementations may use different strategies, but WS is the most common • Benefits of GQL Subs… • Same benefits as a GQL request (tailored data set, option for attribute level access controls, etc) • Lower level mechanisms abstracted • Challenges of GQL Subs … • Lot of work on the server – ability to build cached answers for all harder • Need to consider potential variance or custom sub-protocols imposing client constraints 14 Copyright © 2022, Oracle and/or its affiliates Client Serve r Register subscription (connection initialize) Event(s) Pushed Subscription Closed by 1 side Serve r Serve r State Cach e HTTP Handshake Connection ack Other msgs e.g. event acks HTTP Websocket
  • 15.
    GraphQL – BasicQuery • Schemas with strong typing • Schemas can define multiple entities • Schemas support the idea of abstraction through interfaces • Different entities can be linked via common attributes 15 Copyright © 2022, Oracle and/or its affiliates Droid implements Character { id: ID! name: String! friends: [Character] appearsIn: [Episode]! primaryFunction: String } interface Character { id: ID! name: String! friends: [Character] appearsIn: [String]! } { "data": { "droid": { "name": "C-3PO“ “primaryFunction”: “Interpreter” } } } Query { droid(id: "2000") { name, primaryFunction } } type Query {droid(id: ID!): Droid } type Mutation {deleteDroid(id: ID!) type Mutation (addDroid(newDroid: Droid!} • Schemas can define different types of operations • Query  get • Mutations  insert / update / delete • Subscriptions  live query • Operations can then be used • Operations can define the attributes to use/retrieve Based on:https://github.com/graphql/swapi-graphql
  • 16.
    GraphQL – Subscription •Subscription much like a query • Primary difference is we’re also stipulating what we want as the query when data changes. Copyright © 2022, Oracle and/or its affiliates Droid implements Character { id: ID! name: String! friends: [Character] appearsIn: [Episode]! primaryFunction: String } interface Character { id: ID! name: String! friends: [Character] appearsIn: [String]! } type Query {droid(id: ID!): Droid } type subscription (characterUpdate(id: ID!} {onCharacterUpdated(id : ID) { id: ID! name: String! } } Based on:https://github.com/graphql/swapi-graphql
  • 17.
    gRPC Streams • HTTP/2foundation escape constraints of HTTP 1.x • Multiple streams per connection • Enabled by different flow control implementation • Greater network level efficiencies • Header compression & security mechanisms • Parallelism can be achieved • Ability to have half or full duplex depending on needs • HTTP/2 does have challenges • Does require infrastructure/software stack to support HTTP/2 • Monitoring of HTTP/2 is harder to implement • Streams can’t be load balanced, so 17 Copyright © 2022, Oracle and/or its affiliates Client Serve r Serve r Server State Cach e gRPC request Server pushed uniary stream Event(s) Pushed Summary record Stream Closed ack gRPC request Event(s) Pushed Client pushed uniary stream Summary record Stream Closed ack gRPC request Event(s) Pushed Stream Closed Bidirectional event stream ack
  • 18.
    gRPC Expression • Thesame considerations of normal data structure definitions still apply – streaming or otherwise • The RPC definitions in Protobuf 2 & 3 define whether the invocation will stream • The stream initiation can include metadata controlling the life of the stream (e.g. use of setting a deadline to receive the data) • API design needs to consider whether the stream uses strategies like ping-pong to manage the delivery of messages Copyright © 2022, Oracle and/or its affiliates Based on:https://github.com/graphql/swapi-graphql • The only difference between single calls and streams is the keyword stream in the rpc definition • Position of stream in the rpc will dictate half or full duplex message Droid { Id id = 1; string primaryFunction =2; Character character = 3; } message Ids { repeated uint32 id = 1;} syntax = "proto3"; message Id { uint32 id = 1;} message Character { Id id =1; string name =2; repeated string appearsIn =3; repeated Character friends =4; } service GetService { rpc getDroidById (Id) returns (Droid) {} rpc setCharacter (Character) {} rpc getCharacters () returns (stream Character) {} rpc shareCharacters (stream Character) returns (stream Character) {} }
  • 19.
    Summary / Recommendations 19Copyright © 2022, Oracle and/or its affiliates Web Hooks Web Sockets Server Sent Events (SSE) GraphQL Subscriptions gRPC Streams Pros • Technically simple & proven • Lowest common denominator • Each message can be ack’d to server in HTTP response • Well supported • Same connection for bidirectional traffic • Should consider SDK to mask serialization • Single direction calls • More efficient than webhooks for multiple events • All the power of selective data from GraphQL • Often (not always) implemented using WebSockets • Bi-directional • Very efficient • Easy to express once you know gRPC • Exploits HTTP/2 performance • Single or bidirectional flow Con s • Not very efficient • Client exposed endpoint for inbound calls • More work as having to (de)serialize payloads • Lose some HTTP level security • Not so commonly used • Client exposed endpoint for server to call • No means to ack each message • Potential for differences in implementation – ideally provide client with additional info or SDK • Client needs to have correct code frame • Needs HTTP/2 Also need to consider the specifics of these API
  • 20.
    Useful Background resources StreamingAPI Application • Why Oracle Hospitality adopted streaming APIs - https://bit.ly/OHIPStreamingWhy • How Oracle Hospitality decided on their streaming technology - https://bit.ly/OHIPStrategy • JavaScript and Oracle Database subscribe to data changes - https://bit.ly/DBChangeSubscriptions • Oracle Content Management uses GraphQL https://bit.ly/GraphQLOCM Technology Resources • Web Socket Examples using Node.js frameworks - https://tigoe.github.io/websocket- examples/ • Documentation on different Streaming mechanisms https://ably.com/ • Async API specification - https://www.asyncapi.com/docs 20 Copyright © 2022, Oracle and/or its affiliates
  • 21.
    OCI Architecture Center-- Free Content & More URLS are https://oracle.com/goto/... Reference Architectures GitHub - DevRel /ref-archs Playbooks /playbooks /gh-devrel /deployed Built & Deployed Live Labs /labs Tutorials /tutorial Blogs Developer Open Source Learning Videos Apex PaaS Community GitHub - Oracle /gh-oracle Cloud Customer Connect /connect /open /dev /paas /apex /blog /youtube Oracle Community /community GitHub - Samples /gh-samples URLS are https://oracle.com/goto/...
  • 22.
    Questions / Thankyou Copyright © 2022, Oracle and/or its affiliates Phil Wilkins Cloud Developer Evangelist Philip.Wilkins@Oracle.com bit.ly/devrel-slack-emea @Phil Wilkins mp3monster.org / cloud-native.info / oracle- integration.cloud linkedin.com/in/philwilkins github.com/mp3monster @mp3monster

Editor's Notes

  • #13 Webhook icon - https://icon-icons.com/icon/webhook/138018
  • #15 https://betterprogramming.pub/understand-graphql-subscriptions-in-java-with-a-tic-tac-toe-game-832ba2729e6d