A Tale of Three APIs: REST, Async, and gRPC Face Off

Transcript

1. All rights reserved by Postman Inc REST vs ASync vs

   gRPC An API Architecture Comparison W. Ian Douglas Sr Developer Advocate

2. Background on RESTful Standards Event-Driven APIs Low-latency Performance APIs 1

   2 3 TL;D(Listen) @getpostman @iandouglas736

3. The Most Popular API Type in Our Industry Today RESTful

   Standards @getpostman @iandouglas736 What do you call a wizard who is bad at rugby? Fumbledore.

4. • REpresentational The way you call the API is typically

   a “representation” of the action you want to take on a resource, like fetching/deleting data. • State HTTP is “stateless”, it doesn’t remember you from one action to the next, so we mimic state by using ID values or headers in our RESTful calls. • Transfer RESTful APIs typically work on a single request-response cycle – I connect, I ask for one action, I disconnect. What is REST – a brief history REST: REpresentational State Transfer @getpostman @iandouglas736 Image credit: https://dev.to/asdflkjh/restful-api-b4i

5. • Simplicity Using HTTP was well understood, and data packaging

   in JSON was more adaptable. • Scalable Clients can scale separately from Servers, allowing for easier expansion, and creation of microservices. • Flexibility Browsers as clients, data in various formats, combination of HTTP methods, Headers and Resource IDs allow for greater creativity. Why is RESTful so popular in our industry? Growth from 2005 to 2013 was greater than other API types, giving it a foothold @getpostman @iandouglas736 Where do I see myself in five years? I think we’ll still be using mirrors …

6. • Mostly rooted in HTTP version 1 HTTP v1/v1.1 is

   very sensitive to high-latency connections, and uses a single TCP entry point. • HTTP v1-and-done Clients connect, ask for a single action, then disconnect. Also, servers cannot interrupt clients if they try to send too much data. • Inefficiencies in Fetching RESTful APIs are prone to under-fetching or over-fetching data, resulting in more single-request calls, or discarded data. Why Look at Anything Else? If REST is so great, why do we even have other API types? @getpostman @iandouglas736

7. • HTTP/2 is Binary-Only Allows for more efficient packaging of

   data into “messages.” • Better Compression of Data HTTP/2 uses stronger compression when sending data, resulting in faster transfers. • HTTP Still Disconnects Afterward Clients and Servers still disconnect after transfers are complete, per HTTP. No way to “push” event-driven data. • HTTP/2 front-end Adoption is Low Browsers support HTTP/2, JS Fetch supports it, but most data transfers are still sending text-based JSON data. Can we fix any of that? Could we move RESTful APIs to HTTP v2 (aka HTTP/2) and just … fix these problems? @getpostman @iandouglas736 I would love to tell you a UDP joke, but you may not get it.

8. Automation, Webhooks and ASync, Oh My! EVENT-DRIVEN APIs @getpostman @iandouglas736

9. • Call Me Maybe Eventually Clients connect, make their request,

   provide a callback mechanism or external system to ping. Connections can also be held open indefinitely to stream data over time. • Promises, Promises Asynchronous clients, like JavaScript Promises, allow event loops to be notified when something is done. • A-Wait a Minute … You CAN tell your code to wait for an asynchronous API answer before continuing your other work. Event-Driven Architecture If THIS, then THAT … @getpostman @iandouglas736 I’ve been reading a book about anti-gravity – I can’t put it down!

10. • Platform to Platform (webhooks) Reposting Slack messages in Discord,

    or PayPal processed an incoming payment for you. • Making “Fetch” Happen (websockets) JavaScript fetch calls are great for processing responses whenever they happen. Really handy for eventual UI/UX patterns. • Lots of Choices Lots of protocols to choose from, like Webhooks, Websockets, GraphQL Subscriptions, Server-Sent Events. (Web)Hook, Line, and Sinker Where do we see ASync APIs used most? @getpostman @iandouglas736

11. • Design is harder to plan For both client-side and

    server-side, Async APIs can sometimes be more challenging to plan and design. • Are Webhooks just RESTful in reverse? Is your client acting like a server that the real server connects to to send data later? There can be confusion about the architecture and how event loops really work. • Some aspects are challenging Rate-limiting, throttling data, tracking analytics, even some aspects of security are more difficult with Async APIs. Disadvantages of Async APIs Are they better than RESTful? @getpostman @iandouglas736 shameless plug: now would be a great time to tweet to @getpostman about how great my talk is going.

12. What have we covered so far? RESTful APIs Async APIs

    Data Transfer HTTP 1.1 (usually) HTTP 2 (usually) Getting a Response Client waits for a response Client provides a means to respond later (webhooks) or event-loop listener Design Complexity Lower (usually) Medium (usually) Handling requests and responses in order Predictable Not Predictable Typical Use cases General-purpose, single transaction Messaging, social media, mobile games, banking Data Structure Text or Binary, but not both Text and Binary together if using HTTP/2 REST vs Async @getpostman @iandouglas736

13. When Milliseconds Matter (and they always do) LOW-LATENCY PERFORMANCE APIs

    @getpostman @iandouglas736 No, we can’t build streets out of LEGO bricks – too many road blocks!

14. • Yes, but … We CAN scale REST and Async

    APIs, but it’s often more complicated and presents other challenges. • Our Powers, Combined! Are technologies available that can take the better parts of REST and Async APIs? • Above and Beyond What if we could make an API that was faster for performance, allowed sync OR async, choose whether to be stateful, and MORE? Performance Architecture Can’t we just scale REST or Async APIs to make them faster/performant? @getpostman @iandouglas736

15. • Wow, this does a lot! gRPC provides a LOT

    of flexibility to incorporate most of the benefits of REST and Async APIs. • HTTP/2, binary messaging Compression, stateful, multi-message, sync or async, so many choices! • Built with performance in mind On average, 7x to 10x more performant, mostly from HTTP/2’s stronger compression, binary format, and multi-message “streams”. Gee … RPC Google to the rescue? @getpostman @iandouglas736 For sale: Used taxi cab. It's in fare condition.

16. • Adoption is low so far Complexity is higher, rigidity

    to message formatting is more difficult to plan. Not usually found in public-facing APIs. • Relies heavily on HTTP/2 HTTP/2 is great, but still has its own issues, which HTTP/3 will fix. (eventually…) • Third-party tooling is still new-ish Library and language support is still relatively new for various tech stacks. Some code generators exist, but tools are still in their infancy. Disadvantages of gRPC Because nothing’s perfect … @getpostman @iandouglas736

17. What have we covered so far? RESTful APIs gRPC APIs

    Data Transfer HTTP 1.1 (usually) HTTP 2 Getting a Response Client waits for a response Synchronous like REST, or Asynchronous like webhooks Design Complexity Lower (usually) Higher (usually) Handling requests and responses in order Predictable Depends on sync/async Typical Use cases General-purpose, single transaction Mobile apps, server-to-server communication, event logging Data Structure Text or Binary, but not both Binary (usually) using protocol buffer messages REST vs gRPC @getpostman @iandouglas736 When I worked in cybersecurity, my favorite snack food was phish sticks.

18. Can’t we just do all of the best of these

    in a RESTful API? BUT … @getpostman @iandouglas736

19. So How Do You Choose an API Type to Build?

    CONCLUSION @getpostman @iandouglas736 What kind of people never get angry? Nomads.

20. Team Execution vs Software I’m a HUGE fan of learning

    something new, but … • Does your team already know the technologies? • Do they already know how to design, build and consume that type of API? • Is your infrastructure already set up to support this? Or will your infra teams need to learn something new, too? • Is there an easier migration path for performance later without a total rewrite? PERFORMANCE COMES IN TWO FORMS @getpostman @iandouglas736

21. Trivia Time SWAG PACK @getpostman @iandouglas736 Learning how to collect

    litter wasn't all that hard. I just picked it up as I went along.

22. Thank You The best time of day to go see

    a dentist is tooth-hurty. @getpostman @iandouglas736