This document discusses service APIs and API quality. It provides background on Uchit Vyas and his experience in DevSecOps. It then shares statistics on API usage at companies like eBay, Salesforce, Google and Netflix. The document outlines key findings from an API survey, including most popular deployment methods, developer interests, and tools. It defines aspects of API quality like resilience, robustness, security, discoverability and consistency. Methods to achieve each quality are described, like chaos engineering, fuzz testing, security best practices and API documentation. The problem of siloed API contract design is discussed, along with potential solutions like standardized templates, design validation, and automated testing.

1. Service API
Design Validation

2. Uchit Vyas
• Technologist @ Heart
• DevSecOps Practitioner
• One of the top 50 DevSecOps influencer in the world
• Enterprise Solution Architect
• Infrastructure analyst
• Quality engineering enthusiastic
• Technical author and Speaker
• To know more
• Go to www.hellouchit.com

3. API Market Stats
• 60% ebay listings are via API
• 50% of SalesForce transactions
from APIs
• Google receives 5 billion API calls
daily
• Netflix receives 10 billion API calls
daily
Source & Credit: https://medium.com/pdf-generator-api/api-easy-understandable-and-quick-tutorial-for-everyone-2ba985633e1c

4. Key
Statements
about APIs
from Survey
• Companies are using more internal APIs than
external APIs.
• Internal API usage increases significantly with
company size.
• Coding experience correlates with API usage.
• VMs remain the most common API deployment,
with Serverless close behind.
• Developers are most interested in Serverless &
FaaS and GraphQL.
• AWS is the most popular API gateway, and
Postman is the most popular API design tool.
Source & Credit: https://rapidapi.com/wp-content/uploads/2020/10/2020DevSurvey-Report.pdf

5. What to measure in
API Quality?
Resilient
Robust
Secure
Discoverable
Consistent
Source & Credit: https://devops.com/why-api-quality-is-top-priority-for-developers/

6. How do I get
there?

7. Resilient
Chaos Engineering
Load Testing
Manual or Automated Quality
Assurance
Deployment of APIs on Cloud with
compelling SLA

8. Robust
“NOT” only automated test suites
• Edge cases
• Unexpected code branches
Fuzz Testing should be enabled
• To uncover hidden execution paths
Canary and Blue-Green Deployments
• can help further expose API for unexpected
requests

9. Secure
• Vulnerable dependencies
• OWASP guidance
• Attack mitigation strategies such
as CORS and CSRF protection
• Application logic must be well
tested for authorization and
authentication.

10. Discoverable
• Open API Initiatives
• Spring Boot frameworks to
generate OpenAPI
documentation directly from
your code
• gRPC-based APIs accessing the
API and building the clients to
communicate with it
• GraphQL allows developers to
connect multiple APIs together
with consistent tooling

11. Consistent
• Incompatible Changes & Code Reviews
• API Contract Testing and Integration Testing

12. Problem statements
• Teams are preparing service API
contracts in Silos
• Service API contract are verified &
Tested in SIT/UAT phases
• Troubleshooting is cumbersome
process to identify to root cause
• End-to-End (E2E) environment
issues

13. Ripple Effect
• Delay in realize cycles
• More and more production fixes (CRs)
• Loss of trust from
• Customers
• Management / Leadership
• Waste of manpower / bandwidth usage
for troubleshooting

14. Possible Solution
Approach
• Standardized templates to design
Specs
• Design gap detector process
• Centralized user management &
RBAC
• Integrated version control system
within Service Contract Design steps
• Auto generated API stubs, Test cases,
and pipelines trigger for verification
• E2E API contract mapping

15. State of the art
Implementation

16. Producer
Consumer
Service API
Contract
Service API
Repository
Orchestrator
Engine
Validate
Consumer
changes
against stub
Validate
Producer
changes
against stub
Environments
If all good,
changes are
ready to be
deployed
Service API Collaboration Workflow
1
1
2
3
4
4
5
5

17. Possible Benefits
• Early detection of API design gaps
• Failed result tells exactly what is causing
the break and which system it is coming
from
• More automated collaboration
• Transparent and Automated Service Contract
Verification using auto-stubs and Orchestration
services
• Failed testing result are due to real system
error and not because of the flaky
infrastructure
• Blameless culture adoption for E2E process
• Easy troubleshooting

18. Key impacts
• Fail fast for more collaboration
• Automated Verification and validations of designs
• Blameless culture adoption for E2E design process

19. Connect with me for
more…
contact@hellouchit.com
www.hellouchit.com

20. Thank You