Tackling OpenAPI Drift

Transcript

1. Tackling OpenAPI Drift Lessons from the ‘AcmeFS’ Experience Ikenna Nwaiwu

   @ Ikenna Consulting Apidays Paris 2024

2. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

   About Me 2

3. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

   Author & Independent Consultant 3

4. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

   API Governance problems I help my clients solve: •API sprawl •API drift •High API delivery lead time 4 Advisory to API providers and API tool vendors.

5. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

   Agenda •Is API Drift a Problem? •The AcmeFS API Drift Problem •Countermeasures considered •AcmeFS’ implementation plan •The Result •Lessons learnt •Summary 5

6. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

   Is API Drift a problem? 6

7. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

   Survey question: Our published API documentation matches our API behaviour 30% 66% 4% Strongly disagree / Disagree / Neither Agree nor disagree Agree / Strongly Agree Not applicable 7 Results from Berlin API conferences in Belgium and Berlin.

8. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

   75% Non-Conformant endpoints Source: OpenAPI Specifications in the Real World, August 2024. 8 Credit: Ralfs Blumbergs

9. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

   25% Absolutely no endpoints in the API conform to docs Source: OpenAPI Specifications in the Real World, August 2024. 9 Credit: Borna Bevanda

10. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    100% 100% 89% 86% 67% 20% 0% 0% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% UK Legacy Banks Stripe GitHub Twilio Intercom Zoom Box Pivotal Tracker Selected API Endpoint Conformance Rate Source: OpenAPI Specifications in the Real World, August 2024. 10

11. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    So, if many popular APIs suffer API drift, is it really an issue? 11

12. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    The AcmeFS Drift Problem Story: 12

13. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    BigBank1 is a strong prospect. 13 Proof of Concept (PoC) stage.

14. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    AcmeFS Platform OpenAPI validation in BigBank1 API gateway BigBank1 services BigBank1 14

15. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    API Drift Detected! •Missing response schema fields and objects •Incorrect HTTP response codes •Incorrect data format in response schema •Incorrect data format in request schema 15

16. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    No Deal 16

17. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    What should AcmeFS do? Another prospect, BigBank2. PoC in two weeks. 30% of endpoints in the customer workflow had API drift. 17

18. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    Countermeasures Considered 18

19. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    #1: Generate OpenAPI descriptions from code. springdoc-openapi https://springdoc.org / 19

20. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    #2: Generate Spring Boot code from OpenAPI ? Possible Long-Term Solution Short-term solution? OpenAPI Generator 20

21. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    #3: Generate OpenAPI descriptions and code from Language-oriented API dev tools? TypeSpec 21

22. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    #4: Use consumer-driven contract (CDC) testing? Spring Cloud Contract 22

23. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    #5: Use bi-directional contract (BDC) testing? Pactflow 23

24. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    #6: Use provider-driven contract (PDC) testing with code-based schema tests? Rest Assured Atlassian swagger-request-validator https://bitbucket.org/atlassian/swagger-request-validator Possible Long-Term Solution 24 https://github.com/karatelabs/karate Short-term solution?

25. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    #7: Use provider-driven contract (PDC) testing with generated schema tests? Schemathesis Possible Long-Term Solution 25 Short-term solution?

26. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    #8: OpenAPI validation in API Gateway + OpenAPI Validation Policy / Plugin 26

27. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    #9: Use provider-driven contract (PDC) testing with a validating proxy? 27 https://github.com/pb33f/wiretap https://github.com/stoplightio/prism

28. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    Implementation Plan 28

29. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    AcmeFS Platform Processed OpenAPI file Existing User workflow Postman Collection 29

30. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    Join (combine) multiple OpenAPI files into one Inject additionalProperties=false Filter unused components Filter legacy endpoints 30

31. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    The Result 31

32. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    70% 100% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Before API Drift Fix After API Drift Fix API Conformance 32

33. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    BigBank2 PoC Successful. Deal signed. 33

34. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    Lessons Learnt 34

35. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    Use the Product and Client Solution (Dev Roles) roles to write user journey collections, which can be used in automated contract tests! 35 # 1

36. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    github.com/usebruno/bruno 36

37. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    When fixing API drift, consider starting from the most common user workflows 37 # 2

38. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    Pipeline to transform OpenAPI was crucial. Join (combine) multiple OpenAPI files into one Filter unused components Filter legacy endpoints Inject additionalProperties=false 38 # 3

39. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    Summary 39

40. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    • Many APIs suffer API drift • For some APIs, drift is a deal breaker • Request Collections + PDC + Transformed OpenAPI 40

41. Questions and feedback: Slido #2191713 API Drift Survey: Slido #3437921

    Q&A 41 Rate this talk Slido: 2191713 The End