university of washington - the new api pattern
TRANSCRIPT
Title TextFirst Lets Understand The Difference Between Centralized and Distributed Architectures…
Understanding The API Pattern
Owen Rubel [email protected]
Title Text
Centralized vs Distributed Architecture
Centralized Architecture (Unshared I/O)
Distributed Architecture (Shared I/O)
microservices
monolith application
monolith application
proxy MQappserver
Owen Rubel [email protected]
Client Client
ClientClient
(CORS,security) (caching,security)
Title Text
Owen Rubel [email protected]
• How many developers still use a centralized architecture vs a distributed architecture in their development?
Centralized vs Distributed Architecture
Title Text
Owen Rubel [email protected]
• How many developers still use a centralized architecture vs a distributed architecture in their development?
• How many developers used a centralized architecture for their development 5 years ago? 10 years ago?
Centralized vs Distributed Architecture
Title Text
Owen Rubel [email protected]
• How many developers still use a centralized architecture vs a distributed architecture in their development?
• How many developers used a centralized architecture for their development 5 years ago? 10 years ago?
• Over the last 20+ years, there has been a trend toward distributed architectures due to separation of services/concerns, micro services, and Aspect Oriented Programming
Centralized vs Distributed Architecture
Title Text“ An API is Standardized Input/Output (I/O) to/from a Separation of Concern (usually being Business Logic).”
In Short :
What Is An API? (1 OF 2)
Owen Rubel [email protected]
Title Text
“ In computer science, separation of concerns (SoC) is a design principle for separating a computer program into distinct sections, such that each section addresses a separate concern. A concern is a set of information that affects the code of a computer program” (ex HTML, CSS, JS)
- Source : Separation Of Concern, Wikipedia
What Is Separation of Concern? (1 of 2)
Owen Rubel [email protected]
Title Text
What Is Separation of Concern? (2 of 2)
Bound SecondaryConcern
(Communication Logic)
PrimaryConcern
(Business Logic)
Owen Rubel [email protected]
Title Text
API Pattern in Distributed Architecture
Bound I/O Dataand/or Functionality
Owen Rubel [email protected]
Title Text
!!!WARNING!!! CROSS CUTTING CONCERN
API Pattern in Distributed Architecture
Bound I/O Dataand/or Functionality
Duplicated I/O Dataand/or Functionality
Duplicated I/O Dataand/or Functionality
Owen Rubel [email protected]
Title Text
“Cross-cutting concerns can be directly responsible for tangling, or system inter-dependencies, within a program. Because procedural and functional language constructs consist entirely of procedure calling, there is no semantic through where two goals (the capability to be implemented and the related cross-cutting concern) can be addressed simultaneously.[3] As a result, the code addressing the cross-cutting concern must be scattered, or duplicated, across the various related locations, resulting in a loss of modularity.[2]”
- Source : Cross Cutting Concern, Wikipedia
What is a Cross Cutting Concern?
Owen Rubel [email protected]
Title Text
• Synchronization • Real-time constraints• Error detection and correction• Product features• Memory management• Data validation • Persistence • Transaction processing• Internationalization and localization which includes
Language localisation• Information security• Caching• Logging • Monitoring• Business rules • Code mobility• Domain-specific optimizations
Issues of a Cross Cutting Concern
Owen Rubel [email protected]
Title Text
• API’s were created in 70’s to standardize information exchanged between services
• 70’s api pattern was designed for centralized architecture; distributed architectures didn't exist.
• Web API’s were based on 70’s api pattern; Roy Fielding based his dissertation on this pre-existing pattern.
• Web API’s were integrated into MVC frameworks and tools; it is now used everywhere.
Why Did This Happen? (1 of 2)
Owen Rubel [email protected]
Title Text
• Distributed Architectures are a New Pattern. Old principles and patterns are often not re-examined unless an issue is discovered. In the case of API’s, they are a tried and true pattern and still work locally… but not ‘distributed’
• People ASSUMED the resource was the endpoint; The controller hands the resource OFF to the communication layer. The communication layer hands off I/O to other services in a distributed architecture. Hence, the communication layer is the endpoint.
Why Did This Happen? (2 of 2)
Owen Rubel [email protected]
Title Text
This allows:
• Central Piece of architecture (where REQUEST AND RESPONSE are handled) to be ‘Single Version of Truth’ (SOV) called ‘IO State’
• All services to sync data from SOV• Failure of SOV DOES NOT affect synchronization of data• Reload state on the fly at SOV and update ALL subscribed
services
Shared IO State
Owen Rubel [email protected]
Title Text
What is IO State?
• Caches Communications Data • Synchronizes Architectural Props (distribute rules of
communication)• Handles API Authorizations (access for communication)• Api Docs Definitions (how to communicate)
I/O State is data directly related to a request/response, normally separated from functionality. Handles all data associated with communication and communication access
[email protected] Rubel
Title Text
What Does IO State Contain
•all the data contained in annotations act as rules associated with the URI endpoint (not URL or the FQDN)
•by containing all those rules in one file and caching that data, we can share it with the other architectural components (and abstract data from functionality)
• this enables us to change it on the fly and reload without having to restart any services allowing subscribed services to get changes pushed to them through web hooks
[email protected] Rubel
Title Text
I/O State : Communications Properties
Owen Rubel [email protected]
Shared I/O State is ‘IO State’ data unbound from functionality so that it can be shared across architectural components. This is the approach used by distributed architectures.
Bound I/O State is ‘I/O State’ data bound to functionality which cannot be shared or synchronized with additional architectural components creating an ‘architectural cross cutting concern’. This is commonly found in centralized architectures.
Title Text
Shared I/O State
Owen Rubel [email protected]
• DOESN’T bind to the application• DOESN’T bind to functionality• DOESN’T bind to a resource
Title TextWhat Does It Look Like?
Title Text
Owen Rubel [email protected]
https://gist.github.com/orubel/7c4d0290c7b8896667a3
Title Text
Owen Rubel [email protected]
•Api Blueprint•not role based• confuses I/O state with content/resource•duplicitous; lack of separation
•Swagger•not role based•based on annotations and thus not sharable in distributed architecture•duplicitous; lack of separation• redundant functionality for docs; does not make use of OPTIONS
•RAML•not role based• limited to CRUD-based REST of 4 calls per class•duplicitous; lack of separation
Title Text
• Dramatic Code reduction By Reducing Duplication• Automation of nearly all aspects of API• Nearly 0% downtime for changes to endpoint data and rules• New API Patterns (ie API Chaining (tm) )
What Does It Improve?
Owen Rubel [email protected]
Title Text
Code Reduction (1 of 2)
Controller : Mixed Concerns (Duplication)@Secured(['ROLE_ADMIN', ‘ROLE_USER'])@RequestMapping(value="/create", method=RequestMethod.POST)@ResponseBodypublic ModelAndView createAddress(){
List authorities = springSecurityService.getPrincipal().getAuthorities() User user
if(authorities.contains(‘ROLE_ADMIN’)){if(params.id){
user = User.get(params.id.toLong())}else{
render(status:HttpServletResponse.SC_BAD_REQUEST)}}else if(authorities.contains(‘ROLE_USER’)){
user = User.get(principal.id)}Address address = new Address(params)
… address.user = user
…}Owen Rubel [email protected]
Title Text
Code Reduction (2 of 2)
Controller : Single Concernpublic ModelAndView createAddress(){ User user= (params.id)?User.get(params.id.toLong()): User.get(principal.id)
Address address = new Address(params) address.user = user
…}
Owen Rubel [email protected]