building enterprise grade, high transaction rate ......weblogic : content-type –> text/xml...
TRANSCRIPT
Building enterprise grade, high transaction rate,
resilient APIs
Developer Week, Austin 2019
Shobha Ramu Shivaiah
Development Manager, UPS APIs
1
Agenda
Where do Enterprise APIs fit and characteristics of Enterprise APIs
Evolution of APIs and Backward Compatibility
Scalability and Resilience
Devops applied to API Lifecycle Management
2
Inside an API developer’s mind
Where do APIs fit in an Enterprise
3
APIs
External/ Partner
APIs
Internal APIs
Micro Services
Orchestration APIs
Assets
Hardware Devices (BOT, Locker, Scanners)
Mobile App
B2B Customers
Market Places
Web applications
3rd Party Developers
Characteristics of Enterprise grade APIs
Support for large-scale usage
Backward compatibility and continue to evolve
Support diverse & geo-distributed customer-base
Higher expectations around uptime & need for faster time to market
Secure, compliant and respects privacy regulations
4
Evolution of APIs
SOAP over HTTPS Early 2000s
REST APIS 2010 +
Main Features
• Plain Old XML (POX) • Schema / DTD
• SOAP/UDDI • Service /function driven
• WSDL
• HTML, JSON, XML
• Resource / Data driven
• Optional WADL
Pros and Cons • Simple architecture
• Less backward compatibility issues
• No WSDL dependent client
code
• Heavy-duty approach
• Built in retry/security mechanism • Advantage of having message
meta data
• Lightweight approach • Flexible
• Better performance
• Simple and easy
XML over HTTPs Late 90s
GraphQL (2015/2018) Event Driven APIs
5
Sample Scenario - Supporting Multiple API styles
APIs with interface commonality
REST API Client
SOAP API
Client
POX API Client
REST API Gateway/
Custom Transformation POX API
SOAP API
Distinct APIs
REST API POX API SOAP API
Backend Systems
API Layer
APIs with common Business Logic but major interface difference
REST API
POX API
SOAP API Common Business Logic
6
Inside an API developer’s mind
Version or not to Version
Scalability, resiliency and latency reduction
Authentication methods to use
Emphasis on documentation and
wearing a consumer hat
Knowing your HTTP status codes
Legacy Support , Backward Compatibility
Consider Rate Limits and high volume support
API Style to choose
7
8
Validation
Response Elements
Element type
Backward Compatibility - Driving the API Truck
Look Forward :
• Look forward through the windshield for what's ahead
• Add new features, Support Rest, Graph QL, MicroServices
Look Back :
• Equally important to look back in the rear window and side mirrors
• Continue to support existing protocols
• Add features to existing APIs without breaking your customer
Request Elements
Backward Compatibility Best Practices
• Be backward compatible and avoid versioning unless it is absolutely needed
• When you retire old versions, be graceful and gradual on your consumer
• Follow excellent communication mechanism for unavoidable,
mandatory changes such as PCI, Tax and regulatory changes per government, TLS and Security updates
• If supporting multiple versions, offer new features only in new version as an incentive for consumers to move
• When you version, make sure you consider maintenance cost to keep up with multiple versions
• Don’t be surprised. Know your customers well • Log their payload (wiping the sensitive data) • Log their http headers • Use rich production sample to build your canary tests to put a
release with no impact to consumers
Happy Provider Happy Consumer
9
A dive into Backward Compatibility with Examples
• Changing the format of a field – filename MMDDYYYYHHmm to MMDDYYYYHHmmss
• Infrastructure changes around the APIs
• Default encoding in response content type Weblogic : Content-Type –> text/xml Tomcat : Content-Type –> text/xml;charset=ISO-8859-1
• Gateway layer in front of your API Check if API gateway is being restrictive on the http header contents like MIME TYPEs. Test with all possible HTTP request headers to compare before and after Compare the before and after HTTP Response headers
10
11
Versioning a Rest API - Through URI Path, query parameters, Custom headers, content negotiation
WSDL Namespace versioning, Versioning using an element in the XML or JSON body
Soft versioning: - Pair a response change with a request change when applicable
Documentation - Share information about your versioning strategy to stop clients from building fragile integration - Remove deprecated elements and versions from documentation
1
2
3
4
Versioning
Visualize the future changes when designing your API. - Be as restrictive as needed in the initial release - Use code values where needed to accommodate future new types
5
Scalability and Resillience
Processes Implementation Deployment Monitoring • Rich logging to pinpoint
the bottle necks in your APIs during issues
• Performance Test with
projected volume
• Trend your error codes not just HTTP status
• Add code to monitor around backend calls
• JMX pull model • Netcool push mode
• Not all backend failures need to cause your API to fail – Partial response
• Blind retry logic can add more stress to your APIs during issues
• Outside In monitoring – Have good optics into your APIs from external perspective
• Monitoring tools
• Ex CA APM
• Caching to avoid expensive calls
• 0 API downtime with blue
green failover deployment
• Use low API usage time as your deployment window
12
Design
Development
Integration
Validation Deploy
Monitor
Feedback
Des
ign &
Dev
elo
pm
ent
Instant visibility for parallel changes – Parallel API test plan from schema, JSON, swagger specs
Design and code for shorter & iterative API changes
All artifacts and dependencies are automated in version control – Bean objects, YAML, Swagger
files
DevOps applied to API Lifecycle
13
Design
Development
Integration
Validation Deploy
Monitor
Feedback
Inte
grat
ion
Check in code several times a day and do Daily Builds
Automate build to run a set of golden API Tests. Don’t depend on clients
Extended automated integration to API consumers (internal) where possible
DevOps applied to API Lifecycle
14
Val
idat
ion
Good API Tests
- Automate
- Measure interface coverage
Favor ongoing validation probes vs. one-time test runs to help keep the APIs deployment
ready. This includes performance testing
Run scripts to analyze logs, and monitors during testing
Design
Development
Integration
Validation Deploy
Monitor
Feedback
DevOps applied to API Lifecycle
15
Dep
loy
Makes sure your APIs are always in a release ready state.
Automate the API documentation deployment
Provide Staging for internal and Sandbox for external API consumer testing before promoting
to production
Staged API roll-outs using “Safe deployment practices” and Flighting
Design
Development
Integration
Validation Deploy
Monitor
Feedback
DevOps applied to API Lifecycle
16
Mo
nit
ori
ng
With Constant API releases, real time monitoring, historic details and visual representation of the
state of your APIs is extremely important
Monitoring APIs is not just for production environment
API Monitoring is different from traditional App monitoring - Interface Validation and SLA
satisfaction
Need both Synthetic and real user Monitoring
Design
Development
Integration
Validation Deploy
Monitor
Feedback
DevOps applied to API Lifecycle
17
If you think good API design is expensive, try a bad one 🙂
18
Thank You
(LinkedIn : Shobha Ramu)