SlideShare a Scribd company logo

Call for a better error handling in APIs

André Cedik
André Cedik

"API calls are either successful or they fail" – at least that’s the concept current web protocols are based upon. But in the real world, it isn’t always that simple. There are use cases where a 3rd party system returns something that can’t be defined as a clear error, but returning a simple http status code of 200 OK without any additional information is also wrong. For those cases, every api provide has their own way of communicating to the client what has gone wrong in the backend. This is why we need to find a common way to communicate errors and especially those edge cases.

Technology
1 of 54
Download to read offline
Call for a better error handling in APIs
André Cedik · Developer Advocate shipcloud.io · andre@shipcloud.io shipcloud GmbH · Mittelweg 162 20148 Hamburg
API v2 • Incoporate learnings from more than 5 years • Easier integration in existing shop- / ERP-software • I18n • Returning translated strings • White label • Design first approach using OpenAPI
But most of all ...
... better error communication!
shipcloud error communication
History of errors
Mariner 1 • Veered off course, because unscheduled maneuver • Steering unpossible • Missing hyphen in the code allowed transmission of incorrect guidance signals • Engineers hit self destruct button • $18 million error
ESA Ariane 5 Flight 501 • Reused software from Ariane 4 • Ariane 5 had faster engines • Software tried to push a 64-bit float into a signed 16- bit integer • Engineers hit self destruct button at 37 sec. into its maiden launch • $8 billion error
NASA Mars Climate Orbiter • Failed conversion from imperial units to metric • Send the orbiter too close to Mars‘ surface • $125 million error
Y2K Bug • Year numbers where saved with 2 digits (98,99,00,01) • No one knew what will happen when the year 2000 sets in • Since ‘00‘ also meant 1900 • $500 billion error
Pentium-FDIV-Bug • In 1994 Math Prof. Thomas R. Nicely reported the bug • Processor might return incorrect binary floating point results when dividing a number • Intel attributed error to missing entries in the lookup table • Tried to downplay the bug • Had to replace processors • $475 million error
Miscommunication
Mokusatsu - The World‘s Most Tragic Translation • Allied leaders called for Japan’s unconditional surrender • Japanese government said nothing while considering their options • PM Kantaro Suzuki was pressured for comment • said only one word "mokusatsu“ • Mistranslation leads to the dropping of the atomic bomb
Hawaii Missle Strike • In Jan. 2018 citizens of Hawaii were warned of an inbound ballistic missile strike • Turned out to be a false alert • Recording over phone „EXERCISE“ • Message with „THIS IS NOT A DRILL“ • Same UI used for drill and real alerts • No safeguards were in place • It took 38 minutes to retract the alert, because there was no response protocol for a false alert
Error handling in APIs Tools used at the moment
"Building fault-tolerant software boils down to detecting errors and doing something when errors are detected" Joe Armstrong, inventor of Erlang
http response status codes • Informational 1xx • Successful 2xx • 200 OK • Redirection 3xx • 301 Moved Permanently • Client Error 4xx • Server Error 5xx
http response status codes 4xx & 5xx • 400 Bad Request • 402 Payment Required • 403 Forbidden • 404 Not Found • 500 Internal Server Error • 502 Bad Gateway • 504 Gateway Timeout
Error handling in the body • Good: • Return complex structures • Get more specific about an error • Convey multiple errors • Bad: • Everyone has their own way of doing it • Therefore developers have to understand „the way“
Error handling in APIs The bad
shipcloud error communication
Sabre Dev Studio – error attribute • „error“ is always a string • Sometimes all Uppercase - > seems to be like an error code
Sabre Dev Studio – error attribute • „error“ is always a string • Sometimes all Uppercase - > seems to be like an error code • Sometimes it looks like an error trace
Sabre Dev Studio – code attribute • Sometimes it looks like a http response status code • Sometimes like an internal code • Same code used more than once • different error text • 102 • 111 • 404 • 500 • 700101 • 050002 • 060016 • 700202
Sabre Dev Studio – code attribute
Pitney Bowes • Each validated field has its own error code
Pitney Bowes • Each validated field has its own error code • "XXX is invalid, unsupported or missing“ • So what is it now?!?
Google Maps Geocoding API • Has a „status“ attribute • OK, ZERO_RESULTS, OVER_DAILY_LIMIT, OVER_QUERY_LIMIT, REQUEST_DENIED, INVALID_REQUEST, UNKNOWN_ERROR • INVALID_REQUEST = 400 Bad Request • OVER_QUERY_LIMIT = 200 OK
Google Drive API v3
Klarna
API Football
Error handling in APIs The good parts
squarespace
Facebook GraphAPI
Facebook Marketing API
Facebook Marketing API
Banks API
Figo.io
What we can do better
What‘s the problem? • „API calls either fail or are successful“ – Phil Sturgeon • „Soft errors“ • Not an exception type „crash“ • More like a warning
application/problem+json • RFC 7807 • Pros • Own content type • Predefined set of attributes • Extensible • Cons • Not encapsulated • Mixing with other content • Multi error handling just for one error type HTTP/1.1 403 Forbidden Content-Type: application/problem+json Content-Language: en { "type": "https://example.com/probs/out-of-credit", "title": "You do not have enough credit.", "detail": "Your current balance is 30, but that costs 50.", "instance": "/account/12345/msgs/abc", "balance": 30, "accounts": ["/account/12345", "/account/67890"] }
Warning header • RFC 7234 • Pros • You could handle „soft errors“ • Multiple warning header for multiple different errors • Cons • Complex data can‘t be returned • It‘s just a string HTTP/1.1 200 OK Date: Sat, 25 Aug 2012 23:34:45 GMT Warning: 112 - "network down" "Sat, 25 Aug 2012 23:34:45 GMT"
application/health+json • Internet Draft inadarei-api- health-check • Pros • „status“ attribute („pass“, „warn“, „error“) • Cons • Specific to health of an api • Overhead content HTTP/1.1 200 OK Content-Type: application/health+json { "status": "pass", "version": "1", "releaseId": "1.2.2", "notes": [""], "output": "", "serviceId": "f03e522f-1f44-4062-9b55-9587f91c9c41", "description": "health of authz service", "checks": { "cassandra:responseTime": [ { "componentId": "dfd6cf2b-1b6e-4412-a0b8-f6f7797a60d2", "componentType": "datastore", "observedValue": 250, "observedUnit": "ms", "status": "pass", "affectedEndpoints" : [ "/users/{userId}", "/customers/{customerId}/status", "/shopping/{anything}" ], "time": "2018-01-17T03:36:48Z", "output": "" }
application/vnd.api+json • JSON:API standard • Pros • Errors array to handle multiple errors • JSON pointers to show devs where an error has occurred • Cons • Everything is in errors object • „soft errors“ not possible
Best current practice • HTTP status code • Error object • Easy referencing of errors • „Code“ • „Subcode“ • Request IDs in the body • for easier request identification in support cases • Human readable message • In multiple languages
"An excellent error message is precise and lets the user know about the nature of the error so that they can figure their way out of it." Guy Levin, RestCase
Future of error handling in APIs A proposal
A proposal – to be discussed
A proposal – to be discussed • Responses in a new format • „data“ holds everything we‘d normally have in the root • „errors“ and „warnings“ give information about what happened • „errors“ and „warnings“ follow the RFC 7807 pattern
A proposal – to be discussed • „data“ is empty since no resource was created • Warnings possible if api supports this use case
Questions? Open Discussion @andrecedik
Sources • Atlas Agena with Mariner 1: NASA, https://commons.wikimedia.org/wiki/File:Atlas_Agena_with_Mariner_1.jpg • Ariane 5: DLR German Aerospace Center, https://www.flickr.com/photos/48213136@N06/8958839420 • Mars Climate Orbiter: NASA/JPL/Corby Waste, https://commons.wikimedia.org/wiki/File:Mars_Climate_Orbiter_2.jpg • Bug de l'an 2000: https://commons.wikimedia.org/wiki/File:Bug_de_l%27an_2000.jpg • Pentium: Konstantin Lanzet, https://commons.wikimedia.org/wiki/File:KL_Intel_Pentium_A80501.jpg • Hawaii Missle Alert SMS: https://twitter.com/tulsigabbard/status/952243723525677056

Recommended

Building Better Web APIs with Rails
Building Better Web APIs with RailsBuilding Better Web APIs with Rails
Building Better Web APIs with Rails
All Things Open
 
An introduction to the API for OnTime for IBM
An introduction to the API for OnTime for IBMAn introduction to the API for OnTime for IBM
An introduction to the API for OnTime for IBM
ontimesuite
 
継続的な開発スタイル 「AbemaTV iOSアプリを週一でリリースしている話」
継続的な開発スタイル 「AbemaTV iOSアプリを週一でリリースしている話」継続的な開発スタイル 「AbemaTV iOSアプリを週一でリリースしている話」
継続的な開発スタイル 「AbemaTV iOSアプリを週一でリリースしている話」
Yuji Hato
 
crashing in style
crashing in stylecrashing in style
crashing in styleDroidcon Berlin
 
AFNetworking
AFNetworking AFNetworking
AFNetworking
joaopmaia
 
ASFWS 2012 - Audit d’applications iOS par Julien Bachmann
ASFWS 2012 - Audit d’applications iOS par Julien BachmannASFWS 2012 - Audit d’applications iOS par Julien Bachmann
ASFWS 2012 - Audit d’applications iOS par Julien Bachmann
Cyber Security Alliance
 
DevOps goes Mobile (daho.am)
DevOps goes Mobile (daho.am)DevOps goes Mobile (daho.am)
DevOps goes Mobile (daho.am)
Wooga
 
How to Reliably Measure and Optimize Graphics Performance of Your Android Games
How to Reliably Measure and Optimize Graphics Performance of Your Android GamesHow to Reliably Measure and Optimize Graphics Performance of Your Android Games
How to Reliably Measure and Optimize Graphics Performance of Your Android Games
Bitbar
 

Recommended

Building Better Web APIs with Rails
Building Better Web APIs with RailsBuilding Better Web APIs with Rails
Building Better Web APIs with Rails
All Things Open
 
An introduction to the API for OnTime for IBM
An introduction to the API for OnTime for IBMAn introduction to the API for OnTime for IBM
An introduction to the API for OnTime for IBM
ontimesuite
 
継続的な開発スタイル 「AbemaTV iOSアプリを週一でリリースしている話」
継続的な開発スタイル 「AbemaTV iOSアプリを週一でリリースしている話」継続的な開発スタイル 「AbemaTV iOSアプリを週一でリリースしている話」
継続的な開発スタイル 「AbemaTV iOSアプリを週一でリリースしている話」
Yuji Hato
 
crashing in style
crashing in stylecrashing in style
crashing in styleDroidcon Berlin
 
AFNetworking
AFNetworking AFNetworking
AFNetworking
joaopmaia
 
ASFWS 2012 - Audit d’applications iOS par Julien Bachmann
ASFWS 2012 - Audit d’applications iOS par Julien BachmannASFWS 2012 - Audit d’applications iOS par Julien Bachmann
ASFWS 2012 - Audit d’applications iOS par Julien Bachmann
Cyber Security Alliance
 
DevOps goes Mobile (daho.am)
DevOps goes Mobile (daho.am)DevOps goes Mobile (daho.am)
DevOps goes Mobile (daho.am)
Wooga
 
How to Reliably Measure and Optimize Graphics Performance of Your Android Games
How to Reliably Measure and Optimize Graphics Performance of Your Android GamesHow to Reliably Measure and Optimize Graphics Performance of Your Android Games
How to Reliably Measure and Optimize Graphics Performance of Your Android Games
Bitbar
 
Innovation dank DevOps (DevOpsCon Berlin 2015)
Innovation dank DevOps (DevOpsCon Berlin 2015)Innovation dank DevOps (DevOpsCon Berlin 2015)
Innovation dank DevOps (DevOpsCon Berlin 2015)
Wooga
 
How to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsHow to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS Apps
Bitbar
 
The Status of Android Hardware and Software - From App Developer's Point of View
The Status of Android Hardware and Software - From App Developer's Point of ViewThe Status of Android Hardware and Software - From App Developer's Point of View
The Status of Android Hardware and Software - From App Developer's Point of View
Bitbar
 
Building a scalable API with Grails
Building a scalable API with GrailsBuilding a scalable API with Grails
Building a scalable API with Grails
Tanausu Cerdeña
 
How to Leverage Appium in Your Mobile App Testing
How to Leverage Appium in Your Mobile App TestingHow to Leverage Appium in Your Mobile App Testing
How to Leverage Appium in Your Mobile App Testing
Bitbar
 
Get step-by-step instructions on implementing notifications in your apps.
Get step-by-step instructions on implementing notifications in your apps.Get step-by-step instructions on implementing notifications in your apps.
Get step-by-step instructions on implementing notifications in your apps.
Jigar Maheshwari
 
ruxc0n 2012
ruxc0n 2012ruxc0n 2012
ruxc0n 2012
mimeframe
 
Serverless in production, an experience report (Going Serverless)
Serverless in production, an experience report (Going Serverless)Serverless in production, an experience report (Going Serverless)
Serverless in production, an experience report (Going Serverless)
Yan Cui
 
Different Android Test Automation Frameworks - What Works You the Best?
Different Android Test Automation Frameworks - What Works You the Best?Different Android Test Automation Frameworks - What Works You the Best?
Different Android Test Automation Frameworks - What Works You the Best?
Bitbar
 
An Introduction To Automated API Testing
An Introduction To Automated API TestingAn Introduction To Automated API Testing
An Introduction To Automated API Testing
Sauce Labs
 
CMG imPACt2016 - Mobile performance testing - Vendor training - Federico Tole...
CMG imPACt2016 - Mobile performance testing - Vendor training - Federico Tole...CMG imPACt2016 - Mobile performance testing - Vendor training - Federico Tole...
CMG imPACt2016 - Mobile performance testing - Vendor training - Federico Tole...
Federico Toledo
 
LDNSE: Testdroid for Mobile App and Web Testing (London Selenium Meetup)
LDNSE: Testdroid for Mobile App and Web Testing (London Selenium Meetup)LDNSE: Testdroid for Mobile App and Web Testing (London Selenium Meetup)
LDNSE: Testdroid for Mobile App and Web Testing (London Selenium Meetup)
Bitbar
 
System insight without Interference
System insight without InterferenceSystem insight without Interference
System insight without Interference
Tony Tam
 
Android lessons you won't learn in school
Android lessons you won't learn in schoolAndroid lessons you won't learn in school
Android lessons you won't learn in school
Michael Galpin
 
Создание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружениеСоздание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружение
SQALab
 
Coding 100-session-slides
Coding 100-session-slidesCoding 100-session-slides
Coding 100-session-slides
Cisco DevNet
 
Embracing HTTP in the era of API’s
Embracing HTTP in the era of API’sEmbracing HTTP in the era of API’s
Embracing HTTP in the era of API’s
Visug
 
Architecture app
Architecture appArchitecture app
Architecture app
Ynon Perek
 
Api fundamentals
Api fundamentalsApi fundamentals
Api fundamentals
AgileDenver
 
Api FUNdamentals #MHA2017
Api FUNdamentals #MHA2017Api FUNdamentals #MHA2017
Api FUNdamentals #MHA2017
JoEllen Carter
 
Cross-platform logging and analytics
Cross-platform logging and analyticsCross-platform logging and analytics
Cross-platform logging and analytics
Drew Crawford
 
Spsbe2012 sessie start to-jquery
Spsbe2012 sessie start to-jquerySpsbe2012 sessie start to-jquery
Spsbe2012 sessie start to-jqueryMarijn Somers
 

More Related Content

What's hot

Innovation dank DevOps (DevOpsCon Berlin 2015)
Innovation dank DevOps (DevOpsCon Berlin 2015)Innovation dank DevOps (DevOpsCon Berlin 2015)
Innovation dank DevOps (DevOpsCon Berlin 2015)
Wooga
 
How to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsHow to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS Apps
Bitbar
 
The Status of Android Hardware and Software - From App Developer's Point of View
The Status of Android Hardware and Software - From App Developer's Point of ViewThe Status of Android Hardware and Software - From App Developer's Point of View
The Status of Android Hardware and Software - From App Developer's Point of View
Bitbar
 
Building a scalable API with Grails
Building a scalable API with GrailsBuilding a scalable API with Grails
Building a scalable API with Grails
Tanausu Cerdeña
 
How to Leverage Appium in Your Mobile App Testing
How to Leverage Appium in Your Mobile App TestingHow to Leverage Appium in Your Mobile App Testing
How to Leverage Appium in Your Mobile App Testing
Bitbar
 
Get step-by-step instructions on implementing notifications in your apps.
Get step-by-step instructions on implementing notifications in your apps.Get step-by-step instructions on implementing notifications in your apps.
Get step-by-step instructions on implementing notifications in your apps.
Jigar Maheshwari
 
ruxc0n 2012
ruxc0n 2012ruxc0n 2012
ruxc0n 2012
mimeframe
 
Serverless in production, an experience report (Going Serverless)
Serverless in production, an experience report (Going Serverless)Serverless in production, an experience report (Going Serverless)
Serverless in production, an experience report (Going Serverless)
Yan Cui
 
Different Android Test Automation Frameworks - What Works You the Best?
Different Android Test Automation Frameworks - What Works You the Best?Different Android Test Automation Frameworks - What Works You the Best?
Different Android Test Automation Frameworks - What Works You the Best?
Bitbar
 
An Introduction To Automated API Testing
An Introduction To Automated API TestingAn Introduction To Automated API Testing
An Introduction To Automated API Testing
Sauce Labs
 
CMG imPACt2016 - Mobile performance testing - Vendor training - Federico Tole...
CMG imPACt2016 - Mobile performance testing - Vendor training - Federico Tole...CMG imPACt2016 - Mobile performance testing - Vendor training - Federico Tole...
CMG imPACt2016 - Mobile performance testing - Vendor training - Federico Tole...
Federico Toledo
 
LDNSE: Testdroid for Mobile App and Web Testing (London Selenium Meetup)
LDNSE: Testdroid for Mobile App and Web Testing (London Selenium Meetup)LDNSE: Testdroid for Mobile App and Web Testing (London Selenium Meetup)
LDNSE: Testdroid for Mobile App and Web Testing (London Selenium Meetup)
Bitbar
 

What's hot (12)

Innovation dank DevOps (DevOpsCon Berlin 2015)
Innovation dank DevOps (DevOpsCon Berlin 2015)Innovation dank DevOps (DevOpsCon Berlin 2015)
Innovation dank DevOps (DevOpsCon Berlin 2015)
 
How to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsHow to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS Apps
 
The Status of Android Hardware and Software - From App Developer's Point of View
The Status of Android Hardware and Software - From App Developer's Point of ViewThe Status of Android Hardware and Software - From App Developer's Point of View
The Status of Android Hardware and Software - From App Developer's Point of View
 
Building a scalable API with Grails
Building a scalable API with GrailsBuilding a scalable API with Grails
Building a scalable API with Grails
 
How to Leverage Appium in Your Mobile App Testing
How to Leverage Appium in Your Mobile App TestingHow to Leverage Appium in Your Mobile App Testing
How to Leverage Appium in Your Mobile App Testing
 
Get step-by-step instructions on implementing notifications in your apps.
Get step-by-step instructions on implementing notifications in your apps.Get step-by-step instructions on implementing notifications in your apps.
Get step-by-step instructions on implementing notifications in your apps.
 
ruxc0n 2012
ruxc0n 2012ruxc0n 2012
ruxc0n 2012
 
Serverless in production, an experience report (Going Serverless)
Serverless in production, an experience report (Going Serverless)Serverless in production, an experience report (Going Serverless)
Serverless in production, an experience report (Going Serverless)
 
Different Android Test Automation Frameworks - What Works You the Best?
Different Android Test Automation Frameworks - What Works You the Best?Different Android Test Automation Frameworks - What Works You the Best?
Different Android Test Automation Frameworks - What Works You the Best?
 
An Introduction To Automated API Testing
An Introduction To Automated API TestingAn Introduction To Automated API Testing
An Introduction To Automated API Testing
 
CMG imPACt2016 - Mobile performance testing - Vendor training - Federico Tole...
CMG imPACt2016 - Mobile performance testing - Vendor training - Federico Tole...CMG imPACt2016 - Mobile performance testing - Vendor training - Federico Tole...
CMG imPACt2016 - Mobile performance testing - Vendor training - Federico Tole...
 
LDNSE: Testdroid for Mobile App and Web Testing (London Selenium Meetup)
LDNSE: Testdroid for Mobile App and Web Testing (London Selenium Meetup)LDNSE: Testdroid for Mobile App and Web Testing (London Selenium Meetup)
LDNSE: Testdroid for Mobile App and Web Testing (London Selenium Meetup)
 

Similar to Call for a better error handling in APIs

System insight without Interference
System insight without InterferenceSystem insight without Interference
System insight without Interference
Tony Tam
 
Android lessons you won't learn in school
Android lessons you won't learn in schoolAndroid lessons you won't learn in school
Android lessons you won't learn in school
Michael Galpin
 
Создание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружениеСоздание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружение
SQALab
 
Coding 100-session-slides
Coding 100-session-slidesCoding 100-session-slides
Coding 100-session-slides
Cisco DevNet
 
Embracing HTTP in the era of API’s
Embracing HTTP in the era of API’sEmbracing HTTP in the era of API’s
Embracing HTTP in the era of API’s
Visug
 
Architecture app
Architecture appArchitecture app
Architecture app
Ynon Perek
 
Api fundamentals
Api fundamentalsApi fundamentals
Api fundamentals
AgileDenver
 
Api FUNdamentals #MHA2017
Api FUNdamentals #MHA2017Api FUNdamentals #MHA2017
Api FUNdamentals #MHA2017
JoEllen Carter
 
Cross-platform logging and analytics
Cross-platform logging and analyticsCross-platform logging and analytics
Cross-platform logging and analytics
Drew Crawford
 
Spsbe2012 sessie start to-jquery
Spsbe2012 sessie start to-jquerySpsbe2012 sessie start to-jquery
Spsbe2012 sessie start to-jqueryMarijn Somers
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
CASCouncil
 
Hacking Wordpress Plugins
Hacking Wordpress PluginsHacking Wordpress Plugins
Hacking Wordpress Plugins
Larry Cashdollar
 
Php Debugging from the Trenches
Php Debugging from the TrenchesPhp Debugging from the Trenches
Php Debugging from the Trenches
Simon Jones
 
Swift meetup22june2015
Swift meetup22june2015Swift meetup22june2015
Swift meetup22june2015
Claire Townend Gee
 
CI/CD and Asset Serving for Single Page Apps
CI/CD and Asset Serving for Single Page AppsCI/CD and Asset Serving for Single Page Apps
CI/CD and Asset Serving for Single Page Apps
Mike North
 
Cross-Platform Desktop Apps with Electron (CodeStock Edition)
Cross-Platform Desktop Apps with Electron (CodeStock Edition)Cross-Platform Desktop Apps with Electron (CodeStock Edition)
Cross-Platform Desktop Apps with Electron (CodeStock Edition)
David Neal
 
Hacking Robots for Fun and Profit
Hacking Robots for Fun and ProfitHacking Robots for Fun and Profit
Hacking Robots for Fun and Profit
Chad Udell
 
Hacking Robots for Fun and Profit
Hacking Robots for Fun and ProfitHacking Robots for Fun and Profit
Hacking Robots for Fun and Profit
Chad Udell
 
Доклад Михаила Егорова на PHDays
Доклад Михаила Егорова на PHDaysДоклад Михаила Егорова на PHDays
Доклад Михаила Егорова на PHDays
ru_Parallels
 
Hacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sitesHacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sites
Mikhail Egorov
 

Similar to Call for a better error handling in APIs (20)

System insight without Interference
System insight without InterferenceSystem insight without Interference
System insight without Interference
 
Android lessons you won't learn in school
Android lessons you won't learn in schoolAndroid lessons you won't learn in school
Android lessons you won't learn in school
 
Создание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружениеСоздание API, которое полюбят разработчики. Глубокое погружение
Создание API, которое полюбят разработчики. Глубокое погружение
 
Coding 100-session-slides
Coding 100-session-slidesCoding 100-session-slides
Coding 100-session-slides
 
Embracing HTTP in the era of API’s
Embracing HTTP in the era of API’sEmbracing HTTP in the era of API’s
Embracing HTTP in the era of API’s
 
Architecture app
Architecture appArchitecture app
Architecture app
 
Api fundamentals
Api fundamentalsApi fundamentals
Api fundamentals
 
Api FUNdamentals #MHA2017
Api FUNdamentals #MHA2017Api FUNdamentals #MHA2017
Api FUNdamentals #MHA2017
 
Cross-platform logging and analytics
Cross-platform logging and analyticsCross-platform logging and analytics
Cross-platform logging and analytics
 
Spsbe2012 sessie start to-jquery
Spsbe2012 sessie start to-jquerySpsbe2012 sessie start to-jquery
Spsbe2012 sessie start to-jquery
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
 
Hacking Wordpress Plugins
Hacking Wordpress PluginsHacking Wordpress Plugins
Hacking Wordpress Plugins
 
Php Debugging from the Trenches
Php Debugging from the TrenchesPhp Debugging from the Trenches
Php Debugging from the Trenches
 
Swift meetup22june2015
Swift meetup22june2015Swift meetup22june2015
Swift meetup22june2015
 
CI/CD and Asset Serving for Single Page Apps
CI/CD and Asset Serving for Single Page AppsCI/CD and Asset Serving for Single Page Apps
CI/CD and Asset Serving for Single Page Apps
 
Cross-Platform Desktop Apps with Electron (CodeStock Edition)
Cross-Platform Desktop Apps with Electron (CodeStock Edition)Cross-Platform Desktop Apps with Electron (CodeStock Edition)
Cross-Platform Desktop Apps with Electron (CodeStock Edition)
 
Hacking Robots for Fun and Profit
Hacking Robots for Fun and ProfitHacking Robots for Fun and Profit
Hacking Robots for Fun and Profit
 
Hacking Robots for Fun and Profit
Hacking Robots for Fun and ProfitHacking Robots for Fun and Profit
Hacking Robots for Fun and Profit
 
Доклад Михаила Егорова на PHDays
Доклад Михаила Егорова на PHDaysДоклад Михаила Егорова на PHDays
Доклад Михаила Егорова на PHDays
 
Hacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sitesHacking Adobe Experience Manager sites
Hacking Adobe Experience Manager sites
 

Recently uploaded

Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 

Recently uploaded (20)

Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 

Call for a better error handling in APIs

  • 1. Call for a better error handling in APIs
  • 2. André Cedik · Developer Advocate shipcloud.io · andre@shipcloud.io shipcloud GmbH · Mittelweg 162 20148 Hamburg
  • 3. API v2 • Incoporate learnings from more than 5 years • Easier integration in existing shop- / ERP-software • I18n • Returning translated strings • White label • Design first approach using OpenAPI
  • 4. But most of all ...
  • 5. ... better error communication!
  • 8. Mariner 1 • Veered off course, because unscheduled maneuver • Steering unpossible • Missing hyphen in the code allowed transmission of incorrect guidance signals • Engineers hit self destruct button • $18 million error
  • 9. ESA Ariane 5 Flight 501 • Reused software from Ariane 4 • Ariane 5 had faster engines • Software tried to push a 64-bit float into a signed 16- bit integer • Engineers hit self destruct button at 37 sec. into its maiden launch • $8 billion error
  • 10. NASA Mars Climate Orbiter • Failed conversion from imperial units to metric • Send the orbiter too close to Mars‘ surface • $125 million error
  • 11. Y2K Bug • Year numbers where saved with 2 digits (98,99,00,01) • No one knew what will happen when the year 2000 sets in • Since ‘00‘ also meant 1900 • $500 billion error
  • 12. Pentium-FDIV-Bug • In 1994 Math Prof. Thomas R. Nicely reported the bug • Processor might return incorrect binary floating point results when dividing a number • Intel attributed error to missing entries in the lookup table • Tried to downplay the bug • Had to replace processors • $475 million error
  • 14. Mokusatsu - The World‘s Most Tragic Translation • Allied leaders called for Japan’s unconditional surrender • Japanese government said nothing while considering their options • PM Kantaro Suzuki was pressured for comment • said only one word "mokusatsu“ • Mistranslation leads to the dropping of the atomic bomb
  • 15. Hawaii Missle Strike • In Jan. 2018 citizens of Hawaii were warned of an inbound ballistic missile strike • Turned out to be a false alert • Recording over phone „EXERCISE“ • Message with „THIS IS NOT A DRILL“ • Same UI used for drill and real alerts • No safeguards were in place • It took 38 minutes to retract the alert, because there was no response protocol for a false alert
  • 16. Error handling in APIs Tools used at the moment
  • 17. "Building fault-tolerant software boils down to detecting errors and doing something when errors are detected" Joe Armstrong, inventor of Erlang
  • 18. http response status codes • Informational 1xx • Successful 2xx • 200 OK • Redirection 3xx • 301 Moved Permanently • Client Error 4xx • Server Error 5xx
  • 19. http response status codes 4xx & 5xx • 400 Bad Request • 402 Payment Required • 403 Forbidden • 404 Not Found • 500 Internal Server Error • 502 Bad Gateway • 504 Gateway Timeout
  • 20. Error handling in the body • Good: • Return complex structures • Get more specific about an error • Convey multiple errors • Bad: • Everyone has their own way of doing it • Therefore developers have to understand „the way“
  • 21. Error handling in APIs The bad
  • 23. Sabre Dev Studio – error attribute • „error“ is always a string • Sometimes all Uppercase - > seems to be like an error code
  • 24. Sabre Dev Studio – error attribute • „error“ is always a string • Sometimes all Uppercase - > seems to be like an error code • Sometimes it looks like an error trace
  • 25. Sabre Dev Studio – code attribute • Sometimes it looks like a http response status code • Sometimes like an internal code • Same code used more than once • different error text • 102 • 111 • 404 • 500 • 700101 • 050002 • 060016 • 700202
  • 26. Sabre Dev Studio – code attribute
  • 27. Pitney Bowes • Each validated field has its own error code
  • 28. Pitney Bowes • Each validated field has its own error code • "XXX is invalid, unsupported or missing“ • So what is it now?!?
  • 29. Google Maps Geocoding API • Has a „status“ attribute • OK, ZERO_RESULTS, OVER_DAILY_LIMIT, OVER_QUERY_LIMIT, REQUEST_DENIED, INVALID_REQUEST, UNKNOWN_ERROR • INVALID_REQUEST = 400 Bad Request • OVER_QUERY_LIMIT = 200 OK
  • 33. Error handling in APIs The good parts
  • 40. What we can do better
  • 41. What‘s the problem? • „API calls either fail or are successful“ – Phil Sturgeon • „Soft errors“ • Not an exception type „crash“ • More like a warning
  • 42.
  • 43. application/problem+json • RFC 7807 • Pros • Own content type • Predefined set of attributes • Extensible • Cons • Not encapsulated • Mixing with other content • Multi error handling just for one error type HTTP/1.1 403 Forbidden Content-Type: application/problem+json Content-Language: en { "type": "https://example.com/probs/out-of-credit", "title": "You do not have enough credit.", "detail": "Your current balance is 30, but that costs 50.", "instance": "/account/12345/msgs/abc", "balance": 30, "accounts": ["/account/12345", "/account/67890"] }
  • 44. Warning header • RFC 7234 • Pros • You could handle „soft errors“ • Multiple warning header for multiple different errors • Cons • Complex data can‘t be returned • It‘s just a string HTTP/1.1 200 OK Date: Sat, 25 Aug 2012 23:34:45 GMT Warning: 112 - "network down" "Sat, 25 Aug 2012 23:34:45 GMT"
  • 45. application/health+json • Internet Draft inadarei-api- health-check • Pros • „status“ attribute („pass“, „warn“, „error“) • Cons • Specific to health of an api • Overhead content HTTP/1.1 200 OK Content-Type: application/health+json { "status": "pass", "version": "1", "releaseId": "1.2.2", "notes": [""], "output": "", "serviceId": "f03e522f-1f44-4062-9b55-9587f91c9c41", "description": "health of authz service", "checks": { "cassandra:responseTime": [ { "componentId": "dfd6cf2b-1b6e-4412-a0b8-f6f7797a60d2", "componentType": "datastore", "observedValue": 250, "observedUnit": "ms", "status": "pass", "affectedEndpoints" : [ "/users/{userId}", "/customers/{customerId}/status", "/shopping/{anything}" ], "time": "2018-01-17T03:36:48Z", "output": "" }
  • 46. application/vnd.api+json • JSON:API standard • Pros • Errors array to handle multiple errors • JSON pointers to show devs where an error has occurred • Cons • Everything is in errors object • „soft errors“ not possible
  • 47. Best current practice • HTTP status code • Error object • Easy referencing of errors • „Code“ • „Subcode“ • Request IDs in the body • for easier request identification in support cases • Human readable message • In multiple languages
  • 48. "An excellent error message is precise and lets the user know about the nature of the error so that they can figure their way out of it." Guy Levin, RestCase
  • 49. Future of error handling in APIs A proposal
  • 50. A proposal – to be discussed
  • 51. A proposal – to be discussed • Responses in a new format • „data“ holds everything we‘d normally have in the root • „errors“ and „warnings“ give information about what happened • „errors“ and „warnings“ follow the RFC 7807 pattern
  • 52. A proposal – to be discussed • „data“ is empty since no resource was created • Warnings possible if api supports this use case
  • 54. Sources • Atlas Agena with Mariner 1: NASA, https://commons.wikimedia.org/wiki/File:Atlas_Agena_with_Mariner_1.jpg • Ariane 5: DLR German Aerospace Center, https://www.flickr.com/photos/48213136@N06/8958839420 • Mars Climate Orbiter: NASA/JPL/Corby Waste, https://commons.wikimedia.org/wiki/File:Mars_Climate_Orbiter_2.jpg • Bug de l'an 2000: https://commons.wikimedia.org/wiki/File:Bug_de_l%27an_2000.jpg • Pentium: Konstantin Lanzet, https://commons.wikimedia.org/wiki/File:KL_Intel_Pentium_A80501.jpg • Hawaii Missle Alert SMS: https://twitter.com/tulsigabbard/status/952243723525677056