Successfully reported this slideshow.

More Related Content

Similar to Service api design validation & collaboration

Related Books

Free with a 14 day trial from Scribd

See all

Service api design validation & collaboration

  1. 1. Service API Design Validation
  2. 2. Uchit Vyas • Technologist @ Heart • DevSecOps Practitioner • One of the top 50 DevSecOps influencer in the world • Enterprise Solution Architect • Infrastructure analyst • Quality engineering enthusiastic • Technical author and Speaker • To know more • Go to www.hellouchit.com
  3. 3. API Market Stats • 60% ebay listings are via API • 50% of SalesForce transactions from APIs • Google receives 5 billion API calls daily • Netflix receives 10 billion API calls daily Source & Credit: https://medium.com/pdf-generator-api/api-easy-understandable-and-quick-tutorial-for-everyone-2ba985633e1c
  4. 4. Key Statements about APIs from Survey • Companies are using more internal APIs than external APIs. • Internal API usage increases significantly with company size. • Coding experience correlates with API usage. • VMs remain the most common API deployment, with Serverless close behind. • Developers are most interested in Serverless & FaaS and GraphQL. • AWS is the most popular API gateway, and Postman is the most popular API design tool. Source & Credit: https://rapidapi.com/wp-content/uploads/2020/10/2020DevSurvey-Report.pdf
  5. 5. What to measure in API Quality? Resilient Robust Secure Discoverable Consistent Source & Credit: https://devops.com/why-api-quality-is-top-priority-for-developers/
  6. 6. How do I get there?
  7. 7. Resilient Chaos Engineering Load Testing Manual or Automated Quality Assurance Deployment of APIs on Cloud with compelling SLA
  8. 8. Robust “NOT” only automated test suites • Edge cases • Unexpected code branches Fuzz Testing should be enabled • To uncover hidden execution paths Canary and Blue-Green Deployments • can help further expose API for unexpected requests
  9. 9. Secure • Vulnerable dependencies • OWASP guidance • Attack mitigation strategies such as CORS and CSRF protection • Application logic must be well tested for authorization and authentication.
  10. 10. Discoverable • Open API Initiatives • Spring Boot frameworks to generate OpenAPI documentation directly from your code • gRPC-based APIs accessing the API and building the clients to communicate with it • GraphQL allows developers to connect multiple APIs together with consistent tooling
  11. 11. Consistent • Incompatible Changes & Code Reviews • API Contract Testing and Integration Testing
  12. 12. Problem statements • Teams are preparing service API contracts in Silos • Service API contract are verified & Tested in SIT/UAT phases • Troubleshooting is cumbersome process to identify to root cause • End-to-End (E2E) environment issues
  13. 13. Ripple Effect • Delay in realize cycles • More and more production fixes (CRs) • Loss of trust from • Customers • Management / Leadership • Waste of manpower / bandwidth usage for troubleshooting
  14. 14. Possible Solution Approach • Standardized templates to design Specs • Design gap detector process • Centralized user management & RBAC • Integrated version control system within Service Contract Design steps • Auto generated API stubs, Test cases, and pipelines trigger for verification • E2E API contract mapping
  15. 15. State of the art Implementation
  16. 16. Producer Consumer Service API Contract Service API Repository Orchestrator Engine Validate Consumer changes against stub Validate Producer changes against stub Environments If all good, changes are ready to be deployed Service API Collaboration Workflow 1 1 2 3 4 4 5 5
  17. 17. Possible Benefits • Early detection of API design gaps • Failed result tells exactly what is causing the break and which system it is coming from • More automated collaboration • Transparent and Automated Service Contract Verification using auto-stubs and Orchestration services • Failed testing result are due to real system error and not because of the flaky infrastructure • Blameless culture adoption for E2E process • Easy troubleshooting
  18. 18. Key impacts • Fail fast for more collaboration • Automated Verification and validations of designs • Blameless culture adoption for E2E design process
  19. 19. Connect with me for more… contact@hellouchit.com www.hellouchit.com
  20. 20. Thank You

×