Client-Driven APIs

Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
| Client-Driven APIs Mark W. Foster Consulting Member of Technical Staff Oracle Cloud Infrastructure October 24, 2018

| Overview • API Evolution • Client-Driven APIs • Demo 2

| 3 And then there was…

| 4 And then there was… HTTP

| Distributed Computing on the Web • Web services – B2B portals, hodgepodge of middleware and adapters – Client-server Architecture, different middleware – Wild west, few standards beyond the initial HTTP spec 5

| 6 I like standards, let’s use mine.

| Distributed Computing on the Web • Simple Object Access Protocol (SOAP) was not so simple – WSDL, XSD, WS-* – Click and instantly build wonderfully brittle libraries – Every interface is different – Tunnels on HTTP and POSTs an envelope with all the RPC info – Web cannot cache responses – Remote objects are just like local objects right? (wrong) – Not mobile friendly 7

| Distributed Computing on the Web • Simple Object Access Protocol (SOAP) was not so simple – WSDL, XSD, WS-* – Click and instantly build wonderfully brittle libraries – Every interface is different – Tunnels on HTTP and POSTs an envelope with all the RPC info – Web cannot cache responses – Remote objects are just like local objects right? (wrong) – Not mobile friendly 8 “I want my, I want my RPC” – in Dire Straits

| 9

|

| Distributed Computing on the Web • Web 2.0 RPC-HTTP Hybrids – flickr: GET flickr.com/services/rest?method=flikr.photos.delete&tags=mine – del.ici.ous: GET api.del.icio.us./v1/tags/rename 12

| Distributed Computing on the Web • Web 2.0 RPC-HTTP Hybrids (tunneled through GET) – flickr: GET flickr.com/services/rest?method=flikr.photos.delete&tags=mine – del.ici.ous: GET api.del.icio.us./v1/tags/rename 13

| Distributed Computing on the Web • Ruby on Rails – That’s not RESTful, use HTTP verbs correctly and proper URIs – “If you can’t CRUD it, it’s not a resource” – DHH – “Learn to love the CRUD” – DHH • C == POST • R == GET • U == PUT • D == DELETE – And make sure you make good URIs (that look like your object model in your database) – Active Resource 14

| 15 Distributed Computing on the Web

| 16 Distributed Computing on the Web https://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven

| 17 Distributed Computing on the Web https://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven

| Distributed Computing on the Web • Protocol buffers and precursors to gRPC – TCP/IP inside google – RPC – Standardizing on this allowed google to scale – Client generation tools 18

| Distributed Computing on the Web • Google Service APIs – JSON-based Structured API definition and client-generation – Traded SOAP and WSDL for WADL and Schema RPC – Service Oriented RPC clients using “RESTful” routes – Dynamic Languages could discover the description and configure themselves at runtime 19

| Distributed Computing on the Web • Rise of RESTafarianism – REST religious wars: No HATEOAS == No REST (Damn the maturity model) 20 https://martinfowler.com/articles/richardsonMaturityModel.html

| In any case, REST is … 21 http://blog.steveklabnik.com/posts/2012-02-23-rest-is-over Yep. Sorry to have to inform you. REST is totally over. The cool kids are moving on. We're building "Hypermedia APIs" now. Such is life.

| Distributed Computing on the Web • Hypermedia APIs – Won’t break clients – Hypertext driven (links and forms) – Evolvable – How the web works – Actually REST (but we aren’t using that word) 22

| Distributed Computing on the Web • Hypermedia APIs – Won’t break clients – Hypertext driven (links and forms) – Evolvable – How the web works – Actually REST (but we aren’t using that word) – To date still relatively little tooling or understanding – REST is hard 23 “The Hypermedia Revolution…it’s just around the corner.”

| 24 Enter Structured API Description formats (again) – API Blueprint format – Design-first – Mock APIs – Documentation – Testing Tooling – Swagger format – Code-generated documentation – Code-generated developer tooling – RAML format – Fast follower – Documentation

| 25 Rise of the Developer Experience

| 26 Netflix Outgrows Its API Strategy https://medium.com/netflix-techblog/embracing-the-differences-inside-the-netflix-api-redesign-15fd8b3dc49d

| 27 Netflix Outgrows Its API Strategy https://medium.com/netflix-techblog/embracing-the-differences-inside-the-netflix-api-redesign-15fd8b3dc49d

| Netflix Outgrows It’s API Strategy 28 While effective, the problem with the (one-size-fits-all) approach is that its emphasis is to make it convenient for the API provider, not the API consumer. https://medium.com/netflix-techblog/embracing-the-differences-inside-the-netflix-api-redesign-15fd8b3dc49d

| 29 Netflix converts to Client-Driven APIs https://medium.com/netflix-techblog/embracing-the-differences-inside-the-netflix-api-redesign-15fd8b3dc49d

| 30 Netflix converts to Client-Driven APIs https://medium.com/netflix-techblog/embracing-the-differences-inside-the-netflix-api-redesign-15fd8b3dc49d

| 31 Netflix API Today https://www.slideshare.net/InfoQ/the-netflix-api-platform-for-serverside-scripting

| Distributed Computing on the Web • gRPC - Tunnels on POST - Uses protocol buffers - Web can’t cache responses - Designed to leverage HTTP/2 - Great for microservices running in clusters like Kubernetes 32

| 33 Did you notice the pattern? HTTP RPC Structured Descriptions

| The new kid on the block: GraphQL • Tunnels on POST • The web cannot cache its responses • Contract-driven • Discoverable • No free lunch – Resolvers for everything – You still have to work hard to design it correctly (deep graphs == not so scalable) – Write custom-caches using an identifier (though libraries do this now) • Tight-coupling – client code knows a lot about the API internals 34

| Client-Driven APIs 35 Giving consumers the ability to build (RESTful) APIs that are “just right” for them.

| 36

| 37 Client-Driven APIs $ curl -H "Content-Type: text/plain" \ -X POST \ -d 'SELECT * FROM *;'

| 38 Client-Driven APIs $ curl -H "Content-Type: text/plain" \ -X POST \ -d 'SELECT * FROM *;'

| Global DNS 39 Normal Flow to build APIs WAF API Gateway Developer Portal AD Subnets SVC A LB API Management Portal VCN CI/CD API Description SVC Code Configuration Consumer: • Discovery • Docs • Credentials • SDKs • Support Provider: • Edge/ Internal Analytics • Troubleshooting EXT SVC AD Subnets Fn A Fn B AD Node 1 Pool Subnets K8s Node µSVC A µSVC B LB/Ingress Mesh

| What if it could be… 40 Global DNS 40 WAF API Gateway Developer Portal API Management Portal AD Subnets SVC A LB VCN CI/CD API Description Consumer: • Discovery • Docs • Credentials • SDKs • Support Provider: • Edge/ Internal Analytics • Troubleshooting EXT SVC

| What if it could be… 41 Global DNS 41 WAF API Gateway Developer Portal API Management Portal AD Subnets SVC A LB VCN CI/CD API Description Consumer: • Discovery • Docs • Credentials • SDKs • Support Provider: • Edge/ Internal Analytics • Troubleshooting EXT SVC Proxy

| What if it could be… 42 Global DNS 42 WAF API Gateway Developer Portal API Management Portal AD Subnets SVC A LB VCN CI/CD Consumer: • Discovery • Docs • Credentials • SDKs • Support Provider: • Edge/ Internal Analytics • Troubleshooting EXT SVC API Description

| Demo 43

| Demo 44 44 Developer Portal GQL SVC API Description Proxy

| Client-Driven APIs • The history of APIs is about the shift from provider simplicity to consumer simplicity • Tooling in the API community is still nacent 45 The future will be empowering consumers not to understand and consume your API as you you see fit, but to customize their own variation of it as simply as possible.

| 46 @fosrias https://github.com/fosrias/apiql-express Q & A

Client-Driven APIs

Client-Driven APIs

More Decks by Mark W. Foster

Featured

Transcript