Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Operational API Design Anti-Patterns
Search
Jason Harmon
October 26, 2016
Technology
0
200
Operational API Design Anti-Patterns
Talk from Nordic APIs Platform Summit in Stockholm, Oct 2016
Jason Harmon
October 26, 2016
Tweet
Share
More Decks by Jason Harmon
See All by Jason Harmon
Pragmatists Guide to Hypermedia
jharmn
0
84
Other Decks in Technology
See All in Technology
よく聞くけど使ったことないソフトウェアNo.1 KafkaとSnowflake
foursue
4
360
Google Cloud Next '24でブログを10本書いた方法と勉強会を沸かせた方法
yasumuusan
0
290
JAWS-UG Bedrock Claude Night
yamahiro
3
600
Databricks における 『MLOps』
databricksjapan
2
170
アクセス制御にまつわる改善 / Improving access control
itkq
0
530
web-application-security
matsuihidetoshi
0
170
Kernel MemoryでAzure OpenAI Serviceとお手軽データソース連携
mitsuzono
1
250
自己改善からチームを動かす! 「セルフエンジニアリングマネージャー」のすゝめ
shoota
6
650
【NW X Security JAWS#3】L3-4:AWS環境のIPv6移行に向けて知っておきたいこと
shotashiratori
0
150
オーナーシップを持つ領域を明確にする
konifar
13
3.2k
チームでロジカルシンキングに改めて向き合っている話 〜学習環境と実践⽅法〜
sansantech
PRO
3
2.5k
Google Cloud の AI を支える裏側のインフラを垣間見る!
maroon1st
0
350
Featured
See All Featured
Imperfection Machines: The Place of Print at Facebook
scottboms
260
12k
Designing Experiences People Love
moore
136
23k
Rebuilding a faster, lazier Slack
samanthasiow
73
8.2k
A Philosophy of Restraint
colly
197
16k
Principles of Awesome APIs and How to Build Them.
keavy
121
16k
Ruby is Unlike a Banana
tanoku
96
10k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
187
16k
Typedesign – Prime Four
hannesfritz
36
2.1k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
9
8.3k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
244
20k
The Illustrated Children's Guide to Kubernetes
chrisshort
31
46k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
116
18k
Transcript
Operational API Design Anti-Patterns Jason Harmon @jharmn @typeform
Head of APIs @Typeform • Leading microservice replatform • Leading
developer focused initiatives Previous API experience: • PayPal/Braintree • uShip • Wayport / AT&T Jason Harmon • Old blogs at: ◦ APIUX.com ◦ Pragmaticapi.com
“API Design Anti-Patterns” talk from last year • https://www.youtube.com/watch?v=lotdj-ry8YA Design
issues don’t always cause operational issues. Haven’t we already talked about this?
Usability issues Operational issues
HTTP GET instead of POST
Landing GET /landing 200 OK { “Token”: “abc123” } User
Human
A Form User Human
Submit User Human
Submit User Human Click “Back” ? Submit needs to have
a landing (to derive “response rate”) POST /submissions (+landing_id in body)
Issue: GET Caches + HTTP GET GET /landing Caching Proxy
Or CDN Cached response X 200 OK { “Token”: “abc123” }
Landings: Better User Human POST /landing 200 OK { “Token”:
“abc123” }
• Identification: Unexpected cached API calls from browser/proxy/etc • Solution:
Use POST • Live already? ◦ Just add POST ◦ Add ?cache_buster=[random] to GET Summary: GET instead of POST
Polling APIs
Polling APIs Problem Identification: • Large dataset • Expensive queries
• Frequently changing data • Lots of clients Client app Every 5 mins Thousands of forms
Solution: Webhooks Client app Register URL New data = POST
Still needed for missing data
WHAT IF THIS IS ALREADY HAPPENING!!?! Client app Options: •
Launch webhooks! • Caching (if possible) • Read-only DB replica • Cheaper query to check for new data before retrieval
Rigid Hierarchy
Microservices structure: Forms
Issue: Many calls Microservices
Form Structure + Backend-for-Frontend Microservices B F F AKA •
Composition • Orchestration GraphQL is another potential option
• Problem: ◦ Client performance in UX ◦ N+1 calls
(client calls for parent, then calls for related/child items) • Identification: ◦ Data lacking in main resource, usually for UX devs. • Easy to add in live scenarios Summary: Rigid resource structure
Generic Actions
AKA RPC Commonly used in controlled state transitions: POST /forms/:id/publish
{ “comment”: “It’s the right time” } What’s an “action”
Perform multiple actions with one endpoint POST /forms/:id/change-status { “action”:
“publish”, “comment”: “My favorite version of this form” } Generic “action”
Product Owner - Any performance issues? Devs
Product owner: - So how many “publish” actions happened? Devs
TO THE LOGS!
Dear Product Owner. We need to build a new metrics
system to answer that question. - Yours truly, dev team. PO
Product Owner’s reply:
Cheap visibility is a good thing
Generic Actions • Identification: ◦ POST /resource/:id/generic-name + {action: process}
• Problem: “Protocol tunneling”: ◦ Lack of traceability, more work for metrics (vs cheaper HTTP logs method) • Solution: ◦ POST /resource/:id/action-name • Already live? ◦ ?action=name in optional query parameter
API Design Takeaways
Use cases first, then design.
Design can influence performance.
Structure is good, but be prepared to blur the lines.
Design can put out fires.
Don’t forget the logs.
That’s it!