SlideShare a Scribd company logo
1 of 57
PATTERNS FOR AUTOMATING
API PRODUCT DELIVERY
By Ikenna Nwaiwu
About me
• API Consultant @ Ikenna Consulting
• We help organisations increase the value of
their APIs and lower the cost of API delivery.
• Author, Automating API Delivery
(Manning, 2023)
• Let’s connect
https://www.linkedin.com/in/ikenna
(if at the conference, get free book code!)
Goal of this talk
• Show how to use four control patterns to reduce risk and
improve the value of your API.
Participate
• Content and code example repo
https://github.com/IkennaConsulting/patterns-for-api-
delivery
• Join at Slido.com #1443618
Agenda
Intro to the Pattern Format
1 – API Consistency Controls (API linting)
2 – Breaking Change Controls
3 – API Conformance Controls
4 – Code Generation Controls
Conclusion
Intro to the Pattern Format
Why these control
patterns?
At a high level, API development
processes face common problems
that have common solutions.
Why these control patterns?
Help improve the developer
experience of your API
Help improve your operational
efficiency
The pattern format I'll use for each pattern
Problem/Why?
Countermeasure
How it fits in the automated governance framework
Benefits
Code example
Challenges
Contraindications (when not to use it)
Tips + What to look out for when choosing a tool
Alternative patterns/practices
Pattern 1:
API Consistency Controls
(Linting)
The problem
When multiple teams in an org build APIs, standardisation and
inconsistency problems arise.
51% of the respondents to the 2023 Smartbear State of Software
Quality | API report sited standardisation as the biggest challenge in
API development.
The problem
There is no time to read, remember and apply all the details of
your API style guides.
43% of the respondents of the Postman State of API 2023 report
sited lack of time as the biggest obstacle to producing APIs.
The problem
Teams applying DevOps face a high cognitive load.
The 3rd highest obstacle to producing APIs in the Postman
survey is the lack of API design skills.
Countermeasures
Use API linting tools to
enforce API style guides
and standards.
Integrate the API linting
tool with your CI/CD
pipeline.
Automated
governance
framework
Benefits
Improved API consistency
and developer experience
for the API consumer.
Improved lead time in API
design.
Improved API security at the
design stage.
Reduce time, toil and mental
effort spent on design
debates and API reviews.
Code example
Redocly CLI
Optic
Vacuum
Spectral
AI-assisted linting with Anthropic
Specialist artefact linters
https://github.com/IkennaConsulting/patterns-for-api-
delivery/blob/main/.github/workflows/api-consistency.yml
Challenges with applying this pattern
No style guide on which to base the linting rules
API definitions not in version control
Writing rules takes effort
No API platform/governance team to support the rules
Contraindications
• The early part of product development
• Non-important API
Tips. When picking a linting tool, consider:
Speed!
Good error messages
Ease of writing rules
Extra features of CLIs: managing API definition files
(bundling, splitting, joining, etc.)
Tips
Do start linting even if you don't have a style guide
Lint in the pipeline.
Provide docs & tools for linting locally (editor, CLI) for fast feedback.
You may need more than one kind of linter
Alternatives
Manual API design reviews and checklists
Pattern 2:
Automated Breaking
Change Controls
The Problem
Breaking change: A change to an API that requires existing client integration
code to change.
Breaking changes can come from:
A change in the API definition.
A change in the code or API config not
reflected in the definition.
The Problem
Real customer quote 1: "You should
stop doing breaking changes to the
API ASAP. If you do not, as a
business, you will lose a massive
amount of customers and lose
reputation.”
Real customer quote 2: "The way
[company] handles API changes is
going to impact our business since
we consume the data in production.
We are left without any solutions or
guidelines. We found out a bit late
about the breaking change that is
going to happen tomorrow..."
Countermeasures
Have a clear API versioning strategy that minimises disruption to
existing client integrations.
Use breaking change detection tools.
Give visibility of changes with a comprehensive API change log.
Automated
governance
framework
Benefits
Better API adoption
Reduce customer
attrition
Reduced support and
rework costs
Lower cognitive load for
producers and
consumers
Code example
Tufin/Oasdiff
UseOptic/Optic
Pb33f OpenAPI-Changes
Bump.sh
https://github.com/IkennaConsulting/patterns-for-api-
delivery/blob/main/.github/workflows/breaking-checks.yaml
Tips
Have well-defined breaking
change rules.
https://github.com/Tufin/oasdiff/blob/
main/BREAKING-CHANGES-
EXAMPLES.md
Generate and publish an API
change log in a standard format.
Example standard format
https://keepachangelog.com/en/1.0.0
Challenges with applying this pattern
The absence of a provider’s breaking change policy relegates the
decision to the tool used.
Handling deprecations
Contraindications
• New product
development - early
part of product life
cycle
Alternatives
Manually detect changes in API design reviews
For internal APIs - consumer-driven contract testing
Pattern 3:
API Conformance Controls -
Conformance tests
The Problem
The API reference can become inconsistent with the actual API
implementation.
52% of the respondents to the 2023 Smartbear State of Software Quality |
API report cited documentation being out of sync as the 2nd largest
hindrance to API documentation
The Problem
"It ain’t what you don't know that
gets you into trouble. It's what you
know for sure that just ain't so." –
Mark Twain
Countermeasure
Run conformance (also called contract tests) to ensure public API
reference (especially the schema) is in sync with implementation.
Better suited for public APIs, than for internal APIs whose evolution can
be managed with consumer-based contract testing techniques (e.g Pact)
Automated
governance
framework
Benefits
Reliable, trustworthy documentation
Better developer experience
More correct SDKs and other generated artefacts
Lower support costs from defects
My typology of conformance tests
Code-based end-to-end
schema test.
Code-based controller
schema test.
Fuzzer schema test: Auto-
generated end-to-end
schema test with a fuzzing
tool.
End-to-end schema testing
with validating proxy.
Code example
Pb33f Wiretap
Schemathesis
https://github.com/IkennaConsulting/patterns-for-api-
delivery/blob/main/.github/workflows/conformance-
checks.yaml
Challenges
• Conformance testing is expensive to run end-to-end as part of
regular test suite for a public API.
Tips
Run on PR changes (lightweight)
Minimise running large end-to-end conformance test suites (expensive)
Multiple controls helpful - testing conformance + generating code from specs
Aim to detect undocumented properties. Set additionalProperties:false before
test runs using: https://github.com/NickHeap2/add-props-flipflop
Contraindications
Code-first development
Good server stub code
generation minimises the
need for conformance tests
Alternatives
Generate code from
specs (API design-first)
Generate spec from
code (code-first)
Internal APIs -
consumer-driven
contract testing (but
not for public /
external APIs)
Pattern 4:
Code Generation Controls
Problem
OpenAPI
definitions that
cannot be used to
generate SDKs
01
No SDKs – long
time to first hello
world.
02
Drift between API
definition and
server code.
03
Countermeasures
• Use a code generation library to generate API client and server-
stub code from your API definition
Benefits
Lower cognitive load for API consumers 'SDK first experience'
Save development time for API consumers and API producers
Reduce API definition drift
Code example
Fern
Microsoft Kiota
OpenAPI Generator
https://github.com/IkennaConsulting/patterns-for-api-
delivery/blob/main/.github/workflows/code-generation.yaml
Challenges
• Poor quality API definitions
• Maintenance overhead. If multiple SDKs, cost of
• addressing specific issues for each SDK
• deployment pipeline, documentation for each
• Resource allocation
• Release management
• tracking SDK version and use by clients
• testing SDKs to avoid breaking changes
Tips
• Consider using SDK code generation as a service like Speakeasy and
Apimatic
Contraindications
• No budget / resources to support client SDKs
Alternatives
Client hand-
coded
integration
Provider hand-
coded client
SDKs
Provider hand-
coded server
stubs
Conclusion
Conclusion
If you are building lots of APIs, consider these four controls in your API delivery
process: API consistency controls / linting, breaking change controls, API
conformance controls and code generation controls.
You may need to use more than one tool for each control. Experiment with the
tools.
The goal is to reduce risk and improve the value of your API.
Questions ?
• Join at Slido.com #1443618
• Let’s connect https://www.linkedin.com/in/ikenna
(if at the conference, get free book code!)
• Content and code example repo
https://github.com/IkennaConsulting/patterns-for-api-delivery

More Related Content

Similar to Patterns for automating API delivery. API conference

API-Consumption compressed (1)
API-Consumption compressed (1)API-Consumption compressed (1)
API-Consumption compressed (1)
Rahul Ghai
 
Applying AI to API Testing across the lifecycle - Integration Tuesdays -Final...
Applying AI to API Testing across the lifecycle - Integration Tuesdays -Final...Applying AI to API Testing across the lifecycle - Integration Tuesdays -Final...
Applying AI to API Testing across the lifecycle - Integration Tuesdays -Final...
jparra9
 

Similar to Patterns for automating API delivery. API conference (20)

Pain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywherePain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re Everywhere
 
INTERFACE by apidays 2023 - API Design Governance, Nauman Ali, Stoplight
INTERFACE by apidays 2023 - API Design Governance, Nauman Ali, StoplightINTERFACE by apidays 2023 - API Design Governance, Nauman Ali, Stoplight
INTERFACE by apidays 2023 - API Design Governance, Nauman Ali, Stoplight
 
Getting Started with API Standardization in SwaggerHub
Getting Started with API Standardization in SwaggerHubGetting Started with API Standardization in SwaggerHub
Getting Started with API Standardization in SwaggerHub
 
Effective API Lifecycle Management
Effective API Lifecycle Management Effective API Lifecycle Management
Effective API Lifecycle Management
 
INTERFACE, by apidays - The 8 Key Components of a Modern API Stack by Iddo G...
INTERFACE, by apidays  - The 8 Key Components of a Modern API Stack by Iddo G...INTERFACE, by apidays  - The 8 Key Components of a Modern API Stack by Iddo G...
INTERFACE, by apidays - The 8 Key Components of a Modern API Stack by Iddo G...
 
Service api design validation & collaboration
Service api design validation & collaborationService api design validation & collaboration
Service api design validation & collaboration
 
apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMG
apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMGapidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMG
apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMG
 
Content Strategy and Developer Engagement for DevPortals
Content Strategy and Developer Engagement for DevPortalsContent Strategy and Developer Engagement for DevPortals
Content Strategy and Developer Engagement for DevPortals
 
Extend soa with api management Sangam18
Extend soa with api management Sangam18Extend soa with api management Sangam18
Extend soa with api management Sangam18
 
I am sorry Developer, your API just became a Product.pdf
I am sorry Developer, your API just became a Product.pdfI am sorry Developer, your API just became a Product.pdf
I am sorry Developer, your API just became a Product.pdf
 
What is Apigee.pdf
What is Apigee.pdfWhat is Apigee.pdf
What is Apigee.pdf
 
apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...
apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...
apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...
 
Standardizing APIs Across Your Organization with Swagger and OAS | A SmartBea...
Standardizing APIs Across Your Organization with Swagger and OAS | A SmartBea...Standardizing APIs Across Your Organization with Swagger and OAS | A SmartBea...
Standardizing APIs Across Your Organization with Swagger and OAS | A SmartBea...
 
API-Consumption compressed (1)
API-Consumption compressed (1)API-Consumption compressed (1)
API-Consumption compressed (1)
 
Effective API Design
Effective API DesignEffective API Design
Effective API Design
 
Applying AI to API Testing across the lifecycle - Integration Tuesdays -Final...
Applying AI to API Testing across the lifecycle - Integration Tuesdays -Final...Applying AI to API Testing across the lifecycle - Integration Tuesdays -Final...
Applying AI to API Testing across the lifecycle - Integration Tuesdays -Final...
 
Can you trust your APIs - White Paper on API Testing
Can you trust your APIs - White Paper on API TestingCan you trust your APIs - White Paper on API Testing
Can you trust your APIs - White Paper on API Testing
 
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
 
2022 apidays LIVE Helsinki & North_How good are your APIs? Really?
2022 apidays LIVE Helsinki & North_How good are your APIs? Really?2022 apidays LIVE Helsinki & North_How good are your APIs? Really?
2022 apidays LIVE Helsinki & North_How good are your APIs? Really?
 
APIs In Action -Harnessing the Power of Azure API Management: Building Robust...
APIs In Action -Harnessing the Power of Azure API Management: Building Robust...APIs In Action -Harnessing the Power of Azure API Management: Building Robust...
APIs In Action -Harnessing the Power of Azure API Management: Building Robust...
 

Recently uploaded

Abortion Pill Prices Boksburg [(+27832195400*)] 🏥 Women's Abortion Clinic in ...
Abortion Pill Prices Boksburg [(+27832195400*)] 🏥 Women's Abortion Clinic in ...Abortion Pill Prices Boksburg [(+27832195400*)] 🏥 Women's Abortion Clinic in ...
Abortion Pill Prices Boksburg [(+27832195400*)] 🏥 Women's Abortion Clinic in ...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 

Recently uploaded (20)

WSO2Con2024 - Low-Code Integration Tooling
WSO2Con2024 - Low-Code Integration ToolingWSO2Con2024 - Low-Code Integration Tooling
WSO2Con2024 - Low-Code Integration Tooling
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
WSO2Con2024 - Navigating the Digital Landscape: Transforming Healthcare with ...
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public AdministrationWSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
WSO2CON 2024 - How CSI Piemonte Is Apifying the Public Administration
 
WSO2CON 2024 - Building a Digital Government in Uganda
WSO2CON 2024 - Building a Digital Government in UgandaWSO2CON 2024 - Building a Digital Government in Uganda
WSO2CON 2024 - Building a Digital Government in Uganda
 
WSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - KanchanaWSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - Kanchana
 
Abortion Pill Prices Boksburg [(+27832195400*)] 🏥 Women's Abortion Clinic in ...
Abortion Pill Prices Boksburg [(+27832195400*)] 🏥 Women's Abortion Clinic in ...Abortion Pill Prices Boksburg [(+27832195400*)] 🏥 Women's Abortion Clinic in ...
Abortion Pill Prices Boksburg [(+27832195400*)] 🏥 Women's Abortion Clinic in ...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
Evolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI EraEvolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI Era
 
BusinessGPT - Security and Governance for Generative AI
BusinessGPT  - Security and Governance for Generative AIBusinessGPT  - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AI
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2CON2024 - Why Should You Consider Ballerina for Your Next IntegrationWSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...
WSO2CON 2024 - Lessons from the Field: Legacy Platforms – It's Time to Let Go...
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 
WSO2Con2024 - Facilitating Broadband Switching Services for UK Telecoms Provi...
WSO2Con2024 - Facilitating Broadband Switching Services for UK Telecoms Provi...WSO2Con2024 - Facilitating Broadband Switching Services for UK Telecoms Provi...
WSO2Con2024 - Facilitating Broadband Switching Services for UK Telecoms Provi...
 
Novo Nordisk: When Knowledge Graphs meet LLMs
Novo Nordisk: When Knowledge Graphs meet LLMsNovo Nordisk: When Knowledge Graphs meet LLMs
Novo Nordisk: When Knowledge Graphs meet LLMs
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 

Patterns for automating API delivery. API conference

Editor's Notes

  1. "Automating API Delivery is my go-to source to help solution architects and API development teams understand how to introduce API governance processes" - Mark Body "When it comes to scaling the API practice for both speed and scale, this book goes deep into the details of how to manage APIs in an effective and scalable way" - Eric Wilde
  2. Even the most basic linting rules (e.g. the OpenAPI file is valid) can save a lot of time. It's easy to add more rules later. (e.g. for SDKs, documentation portal, gateway config, guide docs)