Careful - APIs Inside: Testing and Monitoring for App Development

•

4 likes•3,275 views

This document discusses the importance of testing and monitoring APIs that power applications. It notes that apps often depend on backend APIs and problems with APIs can waste development time or even kill apps. It then provides recommendations for tools to help with API development and operations testing, including HTTP sniffers, OAuth libraries, documentation sites, monitoring services, and API-specific analytics platforms. The goal is to make working with APIs easier so developers and providers can have more fun and be more profitable.

Technology

Careful - APIs Inside
Testing and Monitoring for API Driven Apps
Steven Willmott
3scale Inc.
@njyx, @3scale

Behind (Almost) Every App
is a Great API

3scale is…
API
Infrastructure
Provider
!

Power 350+
APIs
!

110,000
Developers
writing Apps

(Selection)

!
API Tech Operations

API Business
Operations

Developer Support

3scale.net

Apps Depend on API Backends
Your App

Direct

Indirect

Proxy

Your Backend

Creates Problems
Development
Time

Run Time

OAuth

Bad Docs
Weird HTTP
Errors

Rate Limit
Problems

High Latency
Version
Changes

APIs Can Waste Time

Old Versions

Random
Failures

Poor SDKs

Rate
Limit Failures

APIs Can Kill Your App

Development Time Tools
HTTP Problems
•

•

•
•

!

HTTP is Easy until it’s not (Caching,
Verbs, Headers, Hashes, Media
Types)
Use HTTP Sniffers (HTTPScoop,
Fiddler) + network sniffers (e.g.
Wireshark)
Check & use caching headers
CORS, Cross Site Problems

HTTPScoop

Auth Problems
oAuth Libraries & Documentation
• beware oAuth “variants”
• Try:
• oAuthbible.com
• oauth.io
• Other Authentication:
• Try to use provided SDKs
• Unit Test heavily for custom
integrations
•

http://www.slideshare.net/synedra/demystifying-restruby

Development Time Tools
Provider Problems
•

•
•
•
•

!

Bad Documentation: look for
interactive docs (swagger active
docs, iodocs, apiary)
Unspeciﬁed Rate Limits (when do
they kick in?)
Old Versions
Different Production and Test
Environments
Unit test mocks

Pro Tip
How to ask An API Provider a
!
question
!
!

“I was doing the following with
you API, I was expecting this
… to happen, to my dismay,
this other thing happened
instead …”(*)

(* - credit Kirsten Hunter)

Active Docs

http://developer.ﬂightstats.com (via 3scale)

Operations Time Tools
The Old
•
•
•
•

Pingdom et. al. Provide standard
HTTP alerts,
Webmetrics: step by step test
execution primarily for SOAP APIs
Nagios, Monit, Munin, SENSU etc. in
your own infrastructure
Splunk et. al. for log analysis.
!

The New

!

How to ask An API Provider a
!
question
!

•
•
•

Runscope
Smartbear
3scale APITools

!
•

!

New tools: proxy transform, step by
step unit testing, authentication
tests, API speciﬁc analytics

!
!
!

http://www.soapui.org/Dojo/overview.html

Where is the Fun & Proﬁt?
API Testing is getting easier
APIs are more stable over time
Mocks & Proxies Help a Lot
Happy Users are More Fun
& Generate More Proﬁt!

Thank You
Contact:

http://www.3scale.net
@njyx - steve@3scale.net

APIs are everywhere. Any business with a mobile app, modern web apps (SPAs), using the cloud, doing a digital transformation, integrating with business partners, running microservices or using kubernetes has APIs. There's a good foundation of AppSec knowledge out there - thanks in part to OWASP but API Security isn't exactly the same as AppSec. Additional complexity is part of the landscape with multiple competing API technologies like REST, gRPC and GraphQL plus stakeholders spread across multiple parts of the business. How to do you make sense of API Security landscape? This talk will cover the three fundamental areas to consider, the various chess pieces and the many ways those pieces can be put on your API chessboard. The goal is for you to leave knowing how to map out your API Security landscape and reach a state of solid API Security.

Hacker Proof web app using Functional tests

Ankita Gupta

Automated Security Testingseleniumconf

Security testautomation

Linkesh Kanna Velu

Webhooks with Azure Functions - Live 360 Conference

SparkPost

Azure Functions make it easy to create and host webhook interfaces without maintaining a server. You can quickly setup an endpoint to receive data and act on it. Being able to ingest, process, and respond to data from a variety of sources without building out an infrastructure gives you time to focus on building functionality. In this presentation, Nick Zimmerman, Sr. Site Reliability Engineer at SparkPost, will show you how to setup an Azure Function, accept webhook data, process that data with C#, and integrate that data into an application in real time.

Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin

Matt Tesauro

Merging Security with DevOps - An AppSec Perspective

Abhay Bhargav

You’re tasked with ‘doing AppSec’ for your company and you’ve got more apps and issues than you know how to deal with. How do you make sense of the different tools outputs for all your different apps? DefectDojo can be your one source of truth and become the heart of your AppSec automation program. DefectDojo grew out of a Product Security program 8 years ago and was created by AppSec people for AppSec people. In this talk, you’ll learn about DefectDojo and how to make the most of the many features it offers including its REST-based API. DefectDojo can be your one source of truth for discovered security vulnerabilities, report generation, aggregation of over 80 different security tools, inventory of applications, tracking testing efforts and metrics on the AppSec program. DefectDojo was the heart of an AppSec automation effort that saw an increase in assessments from 44 to 414 in two years. Don't you want 9.4 times more output from your AppSec program? It's time to ditch spreadsheets and get DefectDojo.

Web and App Performance: Top Problems to avoid to keep you out of the News

Andreas Grabner

As presented at Boston and NYC Web Perf Meetup. Its time to level up Web Performance Optimization started by Steve Souders. We need to look beyond the rim of the browser as there are many problems happenig from browser to database. In this presentation I showed how Browser Diagnostics needs to evolve into End-to-End Application Diagnostics and Monitoring. Showing 5 real life examples on why applications failed and the metrics to look at to identify these problems early on

OWASP DefectDojo - Open Source Security Sanity

Matt Tesauro

Security as Code: DOES15

Ed Bellis

Optimize your delivery and quality with the right release methodology and too...

DroidConTLV

Speed upyourtest with_appium

VodqaBLR

The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...

DroidConTLV

Architecture of automated test cases for legacy applications

Mikhail Vasylchenko

OWASP WTE - Now in the Cloud!

Matt Tesauro

OWASP WTE, or OWASP Web Testing Environment, is a collection of application security tools and documentation available in multiple formats such as VMs, Linux distribution packages, Cloud-based installations and ISO images. This presentation provides an overview and history of OWASP WTE. Additionally, it shows new OWASP WTE developments including the the ability to use WTE remotely by installing it on a cloud-based server.

An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...

Abhay Bhargav

Serverless Technology (Functions as a Service) is fast becoming the next "big thing" in the world of distributed applications. Organizations are investing a great deal of resources in this technology as a force-multiplier, cost-saver and ops-simplification cure-all. Especially with widespread support from cloud vendors, this technology is going to only become more influential. However, like everything else, Serverless apps are subject to a a wide variety of attack possibilities, ranging from attacks against access control tech like Function Event Injection, JWTs, to NoSQL Injection, to exploits against the apps themselves (deserialization, etc) escalating privileges to other cloud component. On the other hand GraphQL (API Query Language) is the natural companion to serverless apps, where traditional REST APIs are replaced with GraphQL to provide greater flexibility, greater query parameterization and speed. GraphQL is slowly negating the need for REST APIs from being developed. Combined with Serverless tech/Reactive Front-end frameworks, GraphQL is very powerful for distributed apps. However, GraphQL can be abused with a variety of attacks including but not limited to Injection Attacks, Nested Resource Exhaustion attacks, Authorization Flaws among others. This talk presents a red-team perspective of the various ways in which testers can discover and exploit serverless and/or GraphQL driven applications to compromise sensitive information, and gain a deeper foothold into database services, IAM services and other other cloud components. The talk will have some demos that will demonstrate practical attacks and attack possibilities against Serverless and GraphQL applications.

Making security-agile matt-tesauro

Matt Tesauro

JavaOne 2015: Top Performance Patterns Deep Dive

Andreas Grabner

SauceCon 2017: Testing @ the Speed of Concurrency

Sauce Labs

SeleniumCamp 2015 Andrii Soldatenko

Andrii Soldatenko

“Time is at once the most valuable and the most perishable of all our possessions”. Correspondingly we must know how to improve a quality of the project in the limitted timeframes. The goal of my presentation is improving an execution time of automated functional tests based on Selenium Webdriver, by using, for instance, parallel execution, scaling by distributing tests on several machines, creating strategy for generation of big sets of test data for typical project. I am pleased to share with you my acquired experience in this field.

Spring insight what just happened

Boulder Java User's Group

Monitoring at Facebook - Ran Leibman, Facebook - DevOpsDays Tel Aviv 2015

DevOpsDays Tel Aviv

Using Machine Learning on K8s Logs to Find Root Cause Faster

LibbySchulze

Let's Jira do the work

Frank Ittermann

Metrics Driven DevOps - Automate Scalability and Performance Into your Pipeline

Andreas Grabner

Scaling with swagger

Tony Tam

Building A Great API - Evan Cooke, Cloudstock, December 2010

Twilio Inc

What's hot

DAST in CI/CD pipelines using Selenium & OWASP ZAP

srini0x00

Intro to DefectDojo at OWASP Switzerland

Matt Tesauro

Web and App Performance: Top Problems to avoid to keep you out of the News

Andreas Grabner

OWASP DefectDojo - Open Source Security Sanity

Matt Tesauro

Security as Code: DOES15

Ed Bellis

Optimize your delivery and quality with the right release methodology and too...

DroidConTLV

Speed upyourtest with_appium

VodqaBLR

The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...

DroidConTLV

Architecture of automated test cases for legacy applications

Mikhail Vasylchenko

OWASP WTE - Now in the Cloud!

Matt Tesauro

An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...

Abhay Bhargav

Making security-agile matt-tesauro

Matt Tesauro

JavaOne 2015: Top Performance Patterns Deep Dive

Andreas Grabner

SauceCon 2017: Testing @ the Speed of Concurrency

Sauce Labs

SeleniumCamp 2015 Andrii Soldatenko

Andrii Soldatenko

Spring insight what just happened

Boulder Java User's Group

Monitoring at Facebook - Ran Leibman, Facebook - DevOpsDays Tel Aviv 2015

DevOpsDays Tel Aviv

Using Machine Learning on K8s Logs to Find Root Cause Faster

LibbySchulze

Let's Jira do the work

Frank Ittermann

Metrics Driven DevOps - Automate Scalability and Performance Into your Pipeline

Andreas Grabner

What's hot (20)

DAST in CI/CD pipelines using Selenium & OWASP ZAP

Intro to DefectDojo at OWASP Switzerland

Web and App Performance: Top Problems to avoid to keep you out of the News

OWASP DefectDojo - Open Source Security Sanity

Security as Code: DOES15

Optimize your delivery and quality with the right release methodology and too...

Speed upyourtest with_appium

The Rounds Project: Growing from thousands to millions - Berry Ventura & Yoah...

Architecture of automated test cases for legacy applications

OWASP WTE - Now in the Cloud!

An Attacker's View of Serverless and GraphQL Apps - Abhay Bhargav - AppSec Ca...

Making security-agile matt-tesauro

JavaOne 2015: Top Performance Patterns Deep Dive

SauceCon 2017: Testing @ the Speed of Concurrency

SeleniumCamp 2015 Andrii Soldatenko

Spring insight what just happened

Monitoring at Facebook - Ran Leibman, Facebook - DevOpsDays Tel Aviv 2015

Using Machine Learning on K8s Logs to Find Root Cause Faster

Let's Jira do the work

Metrics Driven DevOps - Automate Scalability and Performance Into your Pipeline

Similar to Careful - APIs Inside: Testing and Monitoring for App Development

Scaling with swagger

Tony Tam

Building A Great API - Evan Cooke, Cloudstock, December 2010

Twilio Inc

API workshop: Introduction to APIs (TC Camp)

Tom Johnson

Api FUNdamentals #MHA2017

Api crash

Api crash

Api crash

Api crash

Api crash

Api crash

Api crash

Создание API, которое полюбят разработчики. Глубокое погружение

SQALab

Protecting Your APIs Against Attack & Hijack

CA API Management

Secure Enterprise APIs for Mobile, Cloud & Open Web APIs present enterprises with many business opportunities but they also create new attack vectors that hackers can potentially exploit. APIs share many of the same threats that plague the Web but APIs are fundamentally different from Web sites and have an entirely unique risk profile that must be addressed. By adopting a secure API architecture from the beginning, it is possible to address both old and new threats. In this webinar, Scott Morrison – CTO at Layer 7 Technologies – will explain in detail how an enterprise can pursue its API publishing strategy without compromising the security of its on-premise systems and data. You Will Learn How APIs increase the attack surface What key types of risk are introduced by APIs How enterprises can mitigate each of these risks Why it is crucial to separate API implementation and security into distinct tiers Presented By Scott Morrison, CTO, Layer 7 Technologies

Api fundamentals

AgileDenver

Applications increasingly talk to each other behind the scenes via APIs. Google’s recent acquisition of Apigee, an API management company, is an indicator of the continued importance of APIs. APIs are like building blocks, providing services and data that can be connected with other APIs to build powerful customized apps. However, developing and testing an API can be challenging because there is no built-in interface, breaking changes can cause widespread outages, sensitive data may be exposed or accessed, and accepted agile testing paradigms can be difficult to adapt to APIs. This session is an introduction to restful APIs and how to test them for security, performance, functionality, and backwards-compatibility risks.

Prometheus lightning talk (Devops Dublin March 2015)

Brian Brazil

An introduction to the API for OnTime for IBM

ontimesuite

Owin from spec to application

damian-h

VA Smalltalk Update

ESUG

Building a Great Web API - Evan Cooke - QCON 2011

Twilio Inc

Building a scalable API with Grails

Tanausu Cerdeña

Similar to Careful - APIs Inside: Testing and Monitoring for App Development (20)

Scaling with swagger

Building A Great API - Evan Cooke, Cloudstock, December 2010

API workshop: Introduction to APIs (TC Camp)

Api FUNdamentals #MHA2017

Api crash

Создание API, которое полюбят разработчики. Глубокое погружение

Protecting Your APIs Against Attack & Hijack

Api fundamentals

Prometheus lightning talk (Devops Dublin March 2015)

An introduction to the API for OnTime for IBM

Owin from spec to application

VA Smalltalk Update

Building a Great Web API - Evan Cooke - QCON 2011

Building a scalable API with Grails

More from 3scale

APISTRAT KEYNOTE: Surfing the Wave between Chaos and Innovation

3scale

A Connector, A Container and an API Walk into a Bar… Microservices Edition

3scale

A Connector, A Container and an API Walk Into a Bar: The Programmable World

3scale

How to Survive the API Copyright Apocalypse

3scale

Inside mind of a successful platform architect / Gartner APPS 2016

3scale

The Fundamentals of Platform Strategy: Creating Genuine Value with APIs

3scale

Build and Manage Serverless APIs (APIDays Nordic, May 19th 2016)

3scale

APIs and the Bot Revolution (APIDays Nordic, May 18)

3scale

Take Control of your APIs in a Microservice Architecture

3scale

Microservices are a new architectural approach to modularize systems into smaller units. The benefits include that services can be adapted more rapidly to changing business demands. Application programming interfaces (APIs) are crucial in every microservice architecture (MSA) as they link up the various microservices. Key challenges of MSA are getting API security, access control and analytics right in an environment that is constantly changing. This workshop talk will show how the features of the 3scale API management platforms in combination with the Red Hat OpenShift PaaS can be leveraged to overcome these challenges.

API workshop by AWS and 3scale

3scale

The Swagger Format becomes the Open API Specification: Standardizing descript...

3scale

Entering the Platform Age: How to create genuine value for internal and exter...

3scale

Keynote at APIDays Melbourne 2016, Steven Willmott - 3scale. Organizations have recognized that making available IT systems as APIs for both internal and external developers can create huge new opportunities for agility, products and ultimately revenue. However, while this "platform thinking" holds great potential, it can be extremely challenging to determine how to deliver on these opportunities. In this talk we'll look at how focusing on the value APIs can deliver helps underpin genuine success for an API program and an organization's platform initiatives as a whole.

APIs and the Creation of Wealth in the Digital Economy - APIDays Paris 2015 K...

3scale

API Model Canvas for successful API strategies and programs

3scale

Microservices in action: How to actually build them

3scale

The API-Application Semantic Gap

3scale

Integrating, exposing and managing distributed data with RESTful APIs and op...

3scale

Building Successful API Programs in Higher Education

3scale

APIs.JSON: Bootstrapping The Web of APIs

3scale

API Model Canvas (APIDays Mediterranea 2015)

3scale

Manfred presented the API Model Canvas at APIDays Mediterranea in Barcelona on May 6, 2015. Designing and running an API program successfully is difficult and goes far beyond technical challenges. In this talk, he covered several critical elements which make an API program successful -- or not. Examples include: objectives of the API, design, developer experience, partners, resources, cost, or generated value. He also demonstrated an interactive tool, which supports the thinking process for designing and running successful API programs: the API Model Canvas

More from 3scale (20)

APISTRAT KEYNOTE: Surfing the Wave between Chaos and Innovation

A Connector, A Container and an API Walk into a Bar… Microservices Edition

A Connector, A Container and an API Walk Into a Bar: The Programmable World

How to Survive the API Copyright Apocalypse

Inside mind of a successful platform architect / Gartner APPS 2016

The Fundamentals of Platform Strategy: Creating Genuine Value with APIs

Build and Manage Serverless APIs (APIDays Nordic, May 19th 2016)

APIs and the Bot Revolution (APIDays Nordic, May 18)

Take Control of your APIs in a Microservice Architecture

API workshop by AWS and 3scale

The Swagger Format becomes the Open API Specification: Standardizing descript...

Entering the Platform Age: How to create genuine value for internal and exter...

APIs and the Creation of Wealth in the Digital Economy - APIDays Paris 2015 K...

API Model Canvas for successful API strategies and programs

Microservices in action: How to actually build them

The API-Application Semantic Gap

Integrating, exposing and managing distributed data with RESTful APIs and op...

Building Successful API Programs in Higher Education

APIs.JSON: Bootstrapping The Web of APIs

API Model Canvas (APIDays Mediterranea 2015)

Recently uploaded

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf

Peter Spielvogel

Building better applications for business users with SAP Fiori. • What is SAP Fiori and why it matters to you • How a better user experience drives measurable business benefits • How to get started with SAP Fiori today • How SAP Fiori elements accelerates application development • How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities • How SAP Fiori paves the way for using AI in SAP apps

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Product School

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

Free Complete Python - A step towards Data Science

RinaMondal9

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Nexer Digital

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

Assure Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™

UiPathCommunity

In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni. 📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath: Autopilot per Studio Web Autopilot per Studio Autopilot per Apps Clipboard AI GenAI applicata alla Document Understanding 👨‍🏫👨‍💻 Speakers: Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath Andrei Tasca, RPA Solutions Team Lead @NTT Data

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

Recently uploaded (20)

Essentials of Automations: Optimizing FME Workflows with Parameters

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf

Elevating Tactical DDD Patterns Through Object Calisthenics

When stars align: studies in data quality, knowledge graphs, and machine lear...

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

UiPath Test Automation using UiPath Test Suite series, part 4

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

Leading Change strategies and insights for effective change management pdf 1.pdf

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Free Complete Python - A step towards Data Science

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Assure Contact Center Experiences for Your Customers With ThousandEyes

Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

Introduction to CHERI technology - Cybersecurity

Accelerate your Kubernetes clusters with Varnish Caching

Careful - APIs Inside: Testing and Monitoring for App Development

1. Careful - APIs Inside Testing and Monitoring for API Driven Apps Steven Willmott 3scale Inc. @njyx, @3scale

2. Behind (Almost) Every App is a Great API

3. 3scale is… API Infrastructure Provider ! Power 350+ APIs ! 110,000 Developers writing Apps (Selection) ! API Tech Operations API Business Operations Developer Support 3scale.net

4. Apps Depend on API Backends Your App Direct Indirect Proxy Your Backend

5. Creates Problems Development Time Run Time OAuth Bad Docs Weird HTTP Errors Rate Limit Problems High Latency Version Changes APIs Can Waste Time Old Versions Random Failures Poor SDKs Rate Limit Failures APIs Can Kill Your App

6. Development Time Tools HTTP Problems • • • • ! HTTP is Easy until it’s not (Caching, Verbs, Headers, Hashes, Media Types) Use HTTP Sniffers (HTTPScoop, Fiddler) + network sniffers (e.g. Wireshark) Check & use caching headers CORS, Cross Site Problems HTTPScoop Auth Problems oAuth Libraries & Documentation • beware oAuth “variants” • Try: • oAuthbible.com • oauth.io • Other Authentication: • Try to use provided SDKs • Unit Test heavily for custom integrations • http://www.slideshare.net/synedra/demystifying-restruby

7. Development Time Tools Provider Problems • • • • • ! Bad Documentation: look for interactive docs (swagger active docs, iodocs, apiary) Unspeciﬁed Rate Limits (when do they kick in?) Old Versions Different Production and Test Environments Unit test mocks Pro Tip How to ask An API Provider a ! question ! ! “I was doing the following with you API, I was expecting this … to happen, to my dismay, this other thing happened instead …”(*) (* - credit Kirsten Hunter)

8. Active Docs http://developer.ﬂightstats.com (via 3scale)

9. Operations Time Tools The Old • • • • Pingdom et. al. Provide standard HTTP alerts, Webmetrics: step by step test execution primarily for SOAP APIs Nagios, Monit, Munin, SENSU etc. in your own infrastructure Splunk et. al. for log analysis. ! The New ! How to ask An API Provider a ! question ! • • • Runscope Smartbear 3scale APITools ! • ! New tools: proxy transform, step by step unit testing, authentication tests, API speciﬁc analytics ! ! ! http://www.soapui.org/Dojo/overview.html

10. Where is the Fun & Proﬁt? API Testing is getting easier APIs are more stable over time Mocks & Proxies Help a Lot Happy Users are More Fun & Generate More Proﬁt!

11. Thank You Contact: http://www.3scale.net @njyx - steve@3scale.net

Careful - APIs Inside: Testing and Monitoring for App Development

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Careful - APIs Inside: Testing and Monitoring for App Development

Similar to Careful - APIs Inside: Testing and Monitoring for App Development (20)

More from 3scale

More from 3scale (20)

Recently uploaded

Recently uploaded (20)

Careful - APIs Inside: Testing and Monitoring for App Development