Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Client-Driven APIs

Mark W. Foster
October 24, 2018
160

Client-Driven APIs

Putting API clients in control of the API structure and data they want to consume will be the future of APIs. This is a basic concept behind GraphQL. This presentation discusses the evolution of APIs prior to GraphQL and lays the foundation for a demo ideas leveraging GraphQL as a description language to build custom HTTP APIs.

Mark W. Foster

October 24, 2018
Tweet

Transcript

  1. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | Client-Driven APIs Mark W. Foster Consulting Member of Technical Staff Oracle Cloud Infrastructure October 24, 2018
  2. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | Overview • API Evolution • Client-Driven APIs • Demo 2
  3. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | Distributed Computing on the Web • Web services – B2B portals, hodgepodge of middleware and adapters – Client-server Architecture, different middleware – Wild west, few standards beyond the initial HTTP spec 5
  4. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | Distributed Computing on the Web • Simple Object Access Protocol (SOAP) was not so simple – WSDL, XSD, WS-* – Click and instantly build wonderfully brittle libraries – Every interface is different – Tunnels on HTTP and POSTs an envelope with all the RPC info – Web cannot cache responses – Remote objects are just like local objects right? (wrong) – Not mobile friendly 7
  5. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | Distributed Computing on the Web • Simple Object Access Protocol (SOAP) was not so simple – WSDL, XSD, WS-* – Click and instantly build wonderfully brittle libraries – Every interface is different – Tunnels on HTTP and POSTs an envelope with all the RPC info – Web cannot cache responses – Remote objects are just like local objects right? (wrong) – Not mobile friendly 8 “I want my, I want my RPC” – in Dire Straits
  6. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | Distributed Computing on the Web • Web 2.0 RPC-HTTP Hybrids – flickr: GET flickr.com/services/rest?method=flikr.photos.delete&tags=mine – del.ici.ous: GET api.del.icio.us./v1/tags/rename 12
  7. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | Distributed Computing on the Web • Web 2.0 RPC-HTTP Hybrids (tunneled through GET) – flickr: GET flickr.com/services/rest?method=flikr.photos.delete&tags=mine – del.ici.ous: GET api.del.icio.us./v1/tags/rename 13
  8. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | Distributed Computing on the Web • Ruby on Rails – That’s not RESTful, use HTTP verbs correctly and proper URIs – “If you can’t CRUD it, it’s not a resource” – DHH – “Learn to love the CRUD” – DHH • C == POST • R == GET • U == PUT • D == DELETE – And make sure you make good URIs (that look like your object model in your database) – Active Resource 14
  9. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | 16 Distributed Computing on the Web https://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven
  10. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | 17 Distributed Computing on the Web https://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven
  11. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | Distributed Computing on the Web • Protocol buffers and precursors to gRPC – TCP/IP inside google – RPC – Standardizing on this allowed google to scale – Client generation tools 18
  12. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | Distributed Computing on the Web • Google Service APIs – JSON-based Structured API definition and client-generation – Traded SOAP and WSDL for WADL and Schema RPC – Service Oriented RPC clients using “RESTful” routes – Dynamic Languages could discover the description and configure themselves at runtime 19
  13. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | Distributed Computing on the Web • Rise of RESTafarianism – REST religious wars: No HATEOAS == No REST (Damn the maturity model) 20 https://martinfowler.com/articles/richardsonMaturityModel.html
  14. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | In any case, REST is … 21 http://blog.steveklabnik.com/posts/2012-02-23-rest-is-over Yep. Sorry to have to inform you. REST is totally over. The cool kids are moving on. We're building "Hypermedia APIs" now. Such is life.
  15. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | Distributed Computing on the Web • Hypermedia APIs – Won’t break clients – Hypertext driven (links and forms) – Evolvable – How the web works – Actually REST (but we aren’t using that word) 22
  16. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | Distributed Computing on the Web • Hypermedia APIs – Won’t break clients – Hypertext driven (links and forms) – Evolvable – How the web works – Actually REST (but we aren’t using that word) – To date still relatively little tooling or understanding – REST is hard 23 “The Hypermedia Revolution…it’s just around the corner.”
  17. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | 24 Enter Structured API Description formats (again) – API Blueprint format – Design-first – Mock APIs – Documentation – Testing Tooling – Swagger format – Code-generated documentation – Code-generated developer tooling – RAML format – Fast follower – Documentation
  18. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | 26 Netflix Outgrows Its API Strategy https://medium.com/netflix-techblog/embracing-the-differences-inside-the-netflix-api-redesign-15fd8b3dc49d
  19. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | 27 Netflix Outgrows Its API Strategy https://medium.com/netflix-techblog/embracing-the-differences-inside-the-netflix-api-redesign-15fd8b3dc49d
  20. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | Netflix Outgrows It’s API Strategy 28 While effective, the problem with the (one-size-fits-all) approach is that its emphasis is to make it convenient for the API provider, not the API consumer. https://medium.com/netflix-techblog/embracing-the-differences-inside-the-netflix-api-redesign-15fd8b3dc49d
  21. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | 29 Netflix converts to Client-Driven APIs https://medium.com/netflix-techblog/embracing-the-differences-inside-the-netflix-api-redesign-15fd8b3dc49d
  22. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | 30 Netflix converts to Client-Driven APIs https://medium.com/netflix-techblog/embracing-the-differences-inside-the-netflix-api-redesign-15fd8b3dc49d
  23. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | 31 Netflix API Today https://www.slideshare.net/InfoQ/the-netflix-api-platform-for-serverside-scripting
  24. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | Distributed Computing on the Web • gRPC - Tunnels on POST - Uses protocol buffers - Web can’t cache responses - Designed to leverage HTTP/2 - Great for microservices running in clusters like Kubernetes 32
  25. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | 33 Did you notice the pattern? HTTP RPC Structured Descriptions
  26. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | The new kid on the block: GraphQL • Tunnels on POST • The web cannot cache its responses • Contract-driven • Discoverable • No free lunch – Resolvers for everything – You still have to work hard to design it correctly (deep graphs == not so scalable) – Write custom-caches using an identifier (though libraries do this now) • Tight-coupling – client code knows a lot about the API internals 34
  27. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | Client-Driven APIs 35 Giving consumers the ability to build (RESTful) APIs that are “just right” for them.
  28. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | 37 Client-Driven APIs $ curl -H "Content-Type: text/plain" \ -X POST \ -d 'SELECT * FROM *;'
  29. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | 38 Client-Driven APIs $ curl -H "Content-Type: text/plain" \ -X POST \ -d 'SELECT * FROM *;'
  30. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | Global DNS 39 Normal Flow to build APIs WAF API Gateway Developer Portal AD Subnets SVC A LB API Management Portal VCN CI/CD API Description SVC Code Configuration Consumer: • Discovery • Docs • Credentials • SDKs • Support Provider: • Edge/ Internal Analytics • Troubleshooting EXT SVC AD Subnets Fn A Fn B AD Node 1 Pool Subnets K8s Node µSVC A µSVC B LB/Ingress Mesh
  31. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | What if it could be… 40 Global DNS 40 WAF API Gateway Developer Portal API Management Portal AD Subnets SVC A LB VCN CI/CD API Description Consumer: • Discovery • Docs • Credentials • SDKs • Support Provider: • Edge/ Internal Analytics • Troubleshooting EXT SVC
  32. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | What if it could be… 41 Global DNS 41 WAF API Gateway Developer Portal API Management Portal AD Subnets SVC A LB VCN CI/CD API Description Consumer: • Discovery • Docs • Credentials • SDKs • Support Provider: • Edge/ Internal Analytics • Troubleshooting EXT SVC Proxy
  33. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | What if it could be… 42 Global DNS 42 WAF API Gateway Developer Portal API Management Portal AD Subnets SVC A LB VCN CI/CD Consumer: • Discovery • Docs • Credentials • SDKs • Support Provider: • Edge/ Internal Analytics • Troubleshooting EXT SVC API Description
  34. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | Demo 44 44 Developer Portal GQL SVC API Description Proxy
  35. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | Client-Driven APIs • The history of APIs is about the shift from provider simplicity to consumer simplicity • Tooling in the API community is still nacent 45 The future will be empowering consumers not to understand and consume your API as you you see fit, but to customize their own variation of it as simply as possible.
  36. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.

    | 46 @fosrias https://github.com/fosrias/apiql-express Q & A