Upgrade to Pro — share decks privately, control downloads, hide ads and more …

API Integrity

API Integrity

API Integrity is a Matter of Trust & Validation: A case study.

Rix Groenboom, Session, Discovery and Trust

API Strategy & Practice Amsterdam, 2014

More Decks by API Strategy & Practice Conference

Other Decks in Technology

Transcript

  1. Parasoft Proprietary and Confidential 1 2014-04-14 API Integrity is a

    Matter of Trust & Validation: A case study APIstrat, Amsterdam, March 27, 2014
  2. Parasoft Proprietary and Confidential 2 Parasoft Proprietary and Confidential 2

    Software Drives Innovation Switching costs associated with software are dramatically lower Software is the interface to business and the force behind innovation Damages associated with software failure are increasing and very real
  3. Parasoft Proprietary and Confidential 3 Software Failures = Headlines Financial

    Airlines/Aero Government Media Internet/Tel Automotive Technology Retail
  4. Parasoft Proprietary and Confidential 4 After a rash of software

    failures and security breaches left Sony’s gaming services down for weeks, analysts called for the ousting of the Sony CEO. Faulty Software Impacts the C-Level http://news.cnet.com/8301-13506_3-57369469-17/why-sony-needed-to-swap-out-its-ceo/
  5. Parasoft Proprietary and Confidential 5 System faults can impact credit

    ratings for stock exchanges and financial institutions. Financials must maintain adequate liquid capital to cover losses caused system disruptions. Liquid Capital to Cover System Outages http://www.standardandpoors.com/ratings/articles/en/us/?articleType=HTML&assetID=1245357558044
  6. Parasoft Proprietary and Confidential 6 The system used to price

    equity options delivered orders with inaccurate price limits to exchanges. After discovering that a programming error caused the issue, four senior programmers were placed on leave. Faulty Program = Employee Suspension http://www.bloomberg.com/news/2013-08-25/goldman-sachs-puts-four-on-leave-after-options-error-ft-reports.html
  7. Parasoft Proprietary and Confidential 8 Parasoft Proprietary and Confidential 8

    Survey about API Integrity  80% of the respondents have stopped using API because it was “too buggy”  90% of the respondents report that APIs failed to meet their expectations  93% will not use an API again if it failed in the past  Top issues:  68% Functionality / Reliability Issues  42% Security Issues  74% Performance Issues
  8. Parasoft Proprietary and Confidential 9 Parasoft Proprietary and Confidential 9

    So, what can we do ?!  Testing and QA technologies exist:  Internal: Code analysis technology  Syntactical and Semantic analysis of Source code  Unit-testing and Code Review  External: API testing technology  Technical and Functional validation  Security and Performance analysis  Eco-system: Service Virtualization  Efficient distributed test environments  Allows continuous deployment and integration  And can be applied on whole industry sector
  9. Parasoft Proprietary and Confidential 10 Parasoft Proprietary and Confidential 10

    API Integrity: Dutch Energy Market  Over 120 market party's, 3 different roles  Supplier, network, shipper  Peer-to-peer communication  Self organized, regulated market  Use EDI for gas-allocation messaging  New protocol based on XML and AS2  Increased security with SHA2 certificates  API integrity required for big bang migration  Challenge: Certify 120 parties for 80 use cases
  10. Parasoft Proprietary and Confidential 13 Parasoft Proprietary and Confidential 13

    API Integrity: Dutch Energy Market Required a Validation Environments that:  Behaves like arbitrary business partner  Context driven responses (“chameleon”)  More then schema and certificate validation:  Functional flows should be respected
  11. Parasoft Proprietary and Confidential 17 Parasoft Proprietary and Confidential 17

    API Integrity: Dutch Energy Market Developed Validation Environments consisting of:  ESB for technical connectivity (AS2 & SSL)  Service Virtualization handles Functional Flow  API testing tool validates the use-cases  Database for the certification process and GUI Architecture with clear Separation of Concerns
  12. Parasoft Proprietary and Confidential 19 API Integrity: Dutch Energy Market

    Certification Environment Async, JKS, XML Req/Res, Validation, DB, GUI
  13. Parasoft Proprietary and Confidential 23 Wrap up Rix Groenboom Solution

    Architect [email protected]  Quality and API Integrity matters  Tools and Methodology can enforce Integrity  Applied to whole industrial sectors